* [PATCH v1] gve: fix the wrong AdminQ buffer overflow check
@ 2021-07-14 7:34 Haiyue Wang
2021-07-14 22:45 ` Catherine Sullivan
2021-07-16 17:50 ` patchwork-bot+netdevbpf
0 siblings, 2 replies; 3+ messages in thread
From: Haiyue Wang @ 2021-07-14 7:34 UTC (permalink / raw)
To: netdev
Cc: Haiyue Wang, Catherine Sullivan, Sagi Shahar, Jon Olson,
David S. Miller, Jakub Kicinski, David Awogbemila, Yangchun Fu,
Willem de Bruijn, Bailey Forrest, Kuo Zhao, open list
The 'tail' pointer is also free-running count, so it needs to be masked
as 'adminq_prod_cnt' does, to become an index value of AdminQ buffer.
Fixes: 5cdad90de62c ("gve: Batch AQ commands for creating and destroying queues.")
Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
---
drivers/net/ethernet/google/gve/gve_adminq.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/google/gve/gve_adminq.c b/drivers/net/ethernet/google/gve/gve_adminq.c
index 5bb56b454541..f089d33dd48e 100644
--- a/drivers/net/ethernet/google/gve/gve_adminq.c
+++ b/drivers/net/ethernet/google/gve/gve_adminq.c
@@ -322,7 +322,8 @@ static int gve_adminq_issue_cmd(struct gve_priv *priv,
tail = ioread32be(&priv->reg_bar0->adminq_event_counter);
// Check if next command will overflow the buffer.
- if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) == tail) {
+ if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) ==
+ (tail & priv->adminq_mask)) {
int err;
// Flush existing commands to make room.
@@ -332,7 +333,8 @@ static int gve_adminq_issue_cmd(struct gve_priv *priv,
// Retry.
tail = ioread32be(&priv->reg_bar0->adminq_event_counter);
- if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) == tail) {
+ if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) ==
+ (tail & priv->adminq_mask)) {
// This should never happen. We just flushed the
// command queue so there should be enough space.
return -ENOMEM;
--
2.32.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH v1] gve: fix the wrong AdminQ buffer overflow check
2021-07-14 7:34 [PATCH v1] gve: fix the wrong AdminQ buffer overflow check Haiyue Wang
@ 2021-07-14 22:45 ` Catherine Sullivan
2021-07-16 17:50 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: Catherine Sullivan @ 2021-07-14 22:45 UTC (permalink / raw)
To: Haiyue Wang
Cc: netdev, Sagi Shahar, Jon Olson, David S. Miller, Jakub Kicinski,
David Awogbemila, Yangchun Fu, Willem de Bruijn, Bailey Forrest,
Kuo Zhao, open list
On Wed, Jul 14, 2021 at 12:58 AM Haiyue Wang <haiyue.wang@intel.com> wrote:
>
> The 'tail' pointer is also free-running count, so it needs to be masked
> as 'adminq_prod_cnt' does, to become an index value of AdminQ buffer.
>
> Fixes: 5cdad90de62c ("gve: Batch AQ commands for creating and destroying queues.")
> Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
Reviewed-by: Catherine Sullivan <csully@google.com>
> ---
> drivers/net/ethernet/google/gve/gve_adminq.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/google/gve/gve_adminq.c b/drivers/net/ethernet/google/gve/gve_adminq.c
> index 5bb56b454541..f089d33dd48e 100644
> --- a/drivers/net/ethernet/google/gve/gve_adminq.c
> +++ b/drivers/net/ethernet/google/gve/gve_adminq.c
> @@ -322,7 +322,8 @@ static int gve_adminq_issue_cmd(struct gve_priv *priv,
> tail = ioread32be(&priv->reg_bar0->adminq_event_counter);
>
> // Check if next command will overflow the buffer.
> - if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) == tail) {
> + if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) ==
> + (tail & priv->adminq_mask)) {
> int err;
>
> // Flush existing commands to make room.
> @@ -332,7 +333,8 @@ static int gve_adminq_issue_cmd(struct gve_priv *priv,
>
> // Retry.
> tail = ioread32be(&priv->reg_bar0->adminq_event_counter);
> - if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) == tail) {
> + if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) ==
> + (tail & priv->adminq_mask)) {
> // This should never happen. We just flushed the
> // command queue so there should be enough space.
> return -ENOMEM;
> --
> 2.32.0
>
Thanks!
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH v1] gve: fix the wrong AdminQ buffer overflow check
2021-07-14 7:34 [PATCH v1] gve: fix the wrong AdminQ buffer overflow check Haiyue Wang
2021-07-14 22:45 ` Catherine Sullivan
@ 2021-07-16 17:50 ` patchwork-bot+netdevbpf
1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-07-16 17:50 UTC (permalink / raw)
To: Haiyue Wang
Cc: netdev, csully, sagis, jonolson, davem, kuba, awogbemila,
yangchun, willemb, bcf, kuozhao, linux-kernel
Hello:
This patch was applied to netdev/net-next.git (refs/heads/master):
On Wed, 14 Jul 2021 15:34:59 +0800 you wrote:
> The 'tail' pointer is also free-running count, so it needs to be masked
> as 'adminq_prod_cnt' does, to become an index value of AdminQ buffer.
>
> Fixes: 5cdad90de62c ("gve: Batch AQ commands for creating and destroying queues.")
> Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
> ---
> drivers/net/ethernet/google/gve/gve_adminq.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
Here is the summary with links:
- [v1] gve: fix the wrong AdminQ buffer overflow check
https://git.kernel.org/netdev/net-next/c/63a9192b8fa1
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2021-07-16 17:50 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-14 7:34 [PATCH v1] gve: fix the wrong AdminQ buffer overflow check Haiyue Wang
2021-07-14 22:45 ` Catherine Sullivan
2021-07-16 17:50 ` patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).