Hi Doug and Jason,
Here are two patches that should probably land in the RC. The first one ensures we don't index beyond the end of an array. The other is more subtle but arguably more important. The bug it fixes results in incorrect IRQ bits to be set and the result is we do not get an interrupt for an error and have to wait for another interrupt to fire to see said error.
---
Dennis Dalessandro (1): IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds
Michael J. Ruhl (1): IB/hfi1: set_intr_bits uses incorrect source for register modification
drivers/infiniband/hw/hfi1/chip.c | 2 +- drivers/infiniband/ulp/opa_vnic/opa_vnic_encap.c | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-)
-- -Denny
The dlid assignment made by looking into the u_ucast_dlid array does not do an explicit check for the size of the array. The code path to arrive at def_port, the index value is long and complicated and its best to just have an explicit check here.
Cc: stable@vger.kernel.org Fixes: 7d6f728c677e ("IB/opa-vnic: Virtual Network Interface Controller (VNIC) netdev") Signed-off-by: Dennis Dalessandro dennis.dalessandro@intel.com --- drivers/infiniband/ulp/opa_vnic/opa_vnic_encap.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/drivers/infiniband/ulp/opa_vnic/opa_vnic_encap.c b/drivers/infiniband/ulp/opa_vnic/opa_vnic_encap.c index 267da82..31cd361 100644 --- a/drivers/infiniband/ulp/opa_vnic/opa_vnic_encap.c +++ b/drivers/infiniband/ulp/opa_vnic/opa_vnic_encap.c @@ -351,7 +351,8 @@ static uint32_t opa_vnic_get_dlid(struct opa_vnic_adapter *adapter, if (unlikely(!dlid)) v_warn("Null dlid in MAC address\n"); } else if (def_port != OPA_VNIC_INVALID_PORT) { - dlid = info->vesw.u_ucast_dlid[def_port]; + if (def_port < OPA_VESW_MAX_NUM_DEF_PORT) + dlid = info->vesw.u_ucast_dlid[def_port]; } }
On Mon, Sep 10, 2018 at 07:53:44AM -0700, Dennis Dalessandro wrote:
Hi Doug and Jason,
Here are two patches that should probably land in the RC. The first one ensures we don't index beyond the end of an array. The other is more subtle but arguably more important. The bug it fixes results in incorrect IRQ bits to be set and the result is we do not get an interrupt for an error and have to wait for another interrupt to fire to see said error.
Dennis Dalessandro (1): IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds
Michael J. Ruhl (1): IB/hfi1: set_intr_bits uses incorrect source for register modification
These don't apply to current for-rc:
Applying: IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds Applying: IB/hfi1: set_intr_bits uses incorrect source for register modification Using index info to reconstruct a base tree... M drivers/infiniband/hw/hfi1/chip.c Falling back to patching base and 3-way merge... Auto-merging drivers/infiniband/hw/hfi1/chip.c CONFLICT (content): Merge conflict in drivers/infiniband/hw/hfi1/chip.c error: Failed to merge in the changes. Patch failed at 0002 IB/hfi1: set_intr_bits uses incorrect source for register modification Use 'git am --show-current-patch' to see the failed patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort".
Jason
On 9/11/2018 11:17 AM, Jason Gunthorpe wrote:
On Mon, Sep 10, 2018 at 07:53:44AM -0700, Dennis Dalessandro wrote:
Hi Doug and Jason,
Here are two patches that should probably land in the RC. The first one ensures we don't index beyond the end of an array. The other is more subtle but arguably more important. The bug it fixes results in incorrect IRQ bits to be set and the result is we do not get an interrupt for an error and have to wait for another interrupt to fire to see said error.
Dennis Dalessandro (1): IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds
Michael J. Ruhl (1): IB/hfi1: set_intr_bits uses incorrect source for register modification
These don't apply to current for-rc:
Applying: IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds Applying: IB/hfi1: set_intr_bits uses incorrect source for register modification Using index info to reconstruct a base tree... M drivers/infiniband/hw/hfi1/chip.c Falling back to patching base and 3-way merge... Auto-merging drivers/infiniband/hw/hfi1/chip.c CONFLICT (content): Merge conflict in drivers/infiniband/hw/hfi1/chip.c error: Failed to merge in the changes. Patch failed at 0002 IB/hfi1: set_intr_bits uses incorrect source for register modification Use 'git am --show-current-patch' to see the failed patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort".
Ah, I think I got my wires crossed. Mike's patch should land in for-next. It fixes one of his earlier patches that Doug pulled in. Can you just apply this there or do you want me to re-send? My patch can still go to -rc though.
-Denny
On Tue, Sep 11, 2018 at 12:25:11PM -0400, Dennis Dalessandro wrote:
On 9/11/2018 11:17 AM, Jason Gunthorpe wrote:
On Mon, Sep 10, 2018 at 07:53:44AM -0700, Dennis Dalessandro wrote:
Hi Doug and Jason,
Here are two patches that should probably land in the RC. The first one ensures we don't index beyond the end of an array. The other is more subtle but arguably more important. The bug it fixes results in incorrect IRQ bits to be set and the result is we do not get an interrupt for an error and have to wait for another interrupt to fire to see said error.
Dennis Dalessandro (1): IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds
Michael J. Ruhl (1): IB/hfi1: set_intr_bits uses incorrect source for register modification
These don't apply to current for-rc:
Applying: IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds Applying: IB/hfi1: set_intr_bits uses incorrect source for register modification Using index info to reconstruct a base tree... M drivers/infiniband/hw/hfi1/chip.c Falling back to patching base and 3-way merge... Auto-merging drivers/infiniband/hw/hfi1/chip.c CONFLICT (content): Merge conflict in drivers/infiniband/hw/hfi1/chip.c error: Failed to merge in the changes. Patch failed at 0002 IB/hfi1: set_intr_bits uses incorrect source for register modification Use 'git am --show-current-patch' to see the failed patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort".
Ah, I think I got my wires crossed. Mike's patch should land in for-next. It fixes one of his earlier patches that Doug pulled in. Can you just apply this there or do you want me to re-send? My patch can still go to -rc though.
I'll take Michael's patch, to for-next, but the other one needs a better commit message. You can't fix 'theoretical bugs' in -stable.
Jason
On 9/11/2018 1:38 PM, Jason Gunthorpe wrote:
On Tue, Sep 11, 2018 at 12:25:11PM -0400, Dennis Dalessandro wrote:
On 9/11/2018 11:17 AM, Jason Gunthorpe wrote:
On Mon, Sep 10, 2018 at 07:53:44AM -0700, Dennis Dalessandro wrote:
Hi Doug and Jason,
Here are two patches that should probably land in the RC. The first one ensures we don't index beyond the end of an array. The other is more subtle but arguably more important. The bug it fixes results in incorrect IRQ bits to be set and the result is we do not get an interrupt for an error and have to wait for another interrupt to fire to see said error.
Dennis Dalessandro (1): IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds
Michael J. Ruhl (1): IB/hfi1: set_intr_bits uses incorrect source for register modification
These don't apply to current for-rc:
Applying: IB/hfi1: Ensure ucast_dlid access doesnt exceed bounds Applying: IB/hfi1: set_intr_bits uses incorrect source for register modification Using index info to reconstruct a base tree... M drivers/infiniband/hw/hfi1/chip.c Falling back to patching base and 3-way merge... Auto-merging drivers/infiniband/hw/hfi1/chip.c CONFLICT (content): Merge conflict in drivers/infiniband/hw/hfi1/chip.c error: Failed to merge in the changes. Patch failed at 0002 IB/hfi1: set_intr_bits uses incorrect source for register modification Use 'git am --show-current-patch' to see the failed patch When you have resolved this problem, run "git am --continue". If you prefer to skip this patch, run "git am --skip" instead. To restore the original branch and stop patching, run "git am --abort".
Ah, I think I got my wires crossed. Mike's patch should land in for-next. It fixes one of his earlier patches that Doug pulled in. Can you just apply this there or do you want me to re-send? My patch can still go to -rc though.
I'll take Michael's patch, to for-next, but the other one needs a better commit message. You can't fix 'theoretical bugs' in -stable.
Let me revise. Will drop the stable tag and touch up commit message and it can just go to for-next. As you said it's a theoretical bug.
-Denny
linux-stable-mirror@lists.linaro.org
-
Dennis Dalessandro -
Jason Gunthorpe