releases/3.10.94/net-mlx4-copy-set-only-sizeof-struct-mlx4_eqe-bytes.patch

   1 From foo@baz Sat Dec  5 21:18:34 PST 2015
   2 From: Carol L Soto <clsoto@linux.vnet.ibm.com>
   3 Date: Tue, 27 Oct 2015 17:36:20 +0200
   4 Subject: net/mlx4: Copy/set only sizeof struct mlx4_eqe bytes
   5
   6 From: Carol L Soto <clsoto@linux.vnet.ibm.com>
   7
   8 [ Upstream commit c02b05011fadf8e409e41910217ca689f2fc9d91 ]
   9
  10 When doing memcpy/memset of EQEs, we should use sizeof struct
  11 mlx4_eqe as the base size and not caps.eqe_size which could be bigger.
  12
  13 If caps.eqe_size is bigger than the struct mlx4_eqe then we corrupt
  14 data in the master context.
  15
  16 When using a 64 byte stride, the memcpy copied over 63 bytes to the
  17 slave_eq structure.  This resulted in copying over the entire eqe of
  18 interest, including its ownership bit -- and also 31 bytes of garbage
  19 into the next WQE in the slave EQ -- which did NOT include the ownership
  20 bit (and therefore had no impact).
  21
  22 However, once the stride is increased to 128, we are overwriting the
  23 ownership bits of *three* eqes in the slave_eq struct.  This results
  24 in an incorrect ownership bit for those eqes, which causes the eq to
  25 seem to be full. The issue therefore surfaced only once 128-byte EQEs
  26 started being used in SRIOV and (overarchitectures that have 128/256
  27 byte cache-lines such as PPC) - e.g after commit 77507aa249ae
  28 "net/mlx4_core: Enable CQE/EQE stride support".
  29
  30 Fixes: 08ff32352d6f ('mlx4: 64-byte CQE/EQE support')
  31 Signed-off-by: Carol L Soto <clsoto@linux.vnet.ibm.com>
  32 Signed-off-by: Jack Morgenstein <jackm@dev.mellanox.co.il>
  33 Signed-off-by: Or Gerlitz <ogerlitz@mellanox.com>
  34 Signed-off-by: David S. Miller <davem@davemloft.net>
  35 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  36 ---
  37  drivers/net/ethernet/mellanox/mlx4/cmd.c |    2 +-
  38  drivers/net/ethernet/mellanox/mlx4/eq.c  |    2 +-
  39  2 files changed, 2 insertions(+), 2 deletions(-)
  40
  41 --- a/drivers/net/ethernet/mellanox/mlx4/cmd.c
  42 +++ b/drivers/net/ethernet/mellanox/mlx4/cmd.c
  43 @@ -1836,7 +1836,7 @@ int mlx4_multi_func_init(struct mlx4_dev
  44                         spin_lock_init(&s_state->lock);
  45                 }
  46
  47 -               memset(&priv->mfunc.master.cmd_eqe, 0, dev->caps.eqe_size);
  48 +               memset(&priv->mfunc.master.cmd_eqe, 0, sizeof(struct mlx4_eqe));
  49                 priv->mfunc.master.cmd_eqe.type = MLX4_EVENT_TYPE_CMD;
  50                 INIT_WORK(&priv->mfunc.master.comm_work,
  51                           mlx4_master_comm_channel);
  52 --- a/drivers/net/ethernet/mellanox/mlx4/eq.c
  53 +++ b/drivers/net/ethernet/mellanox/mlx4/eq.c
  54 @@ -183,7 +183,7 @@ static void slave_event(struct mlx4_dev
  55                 return;
  56         }
  57
  58 -       memcpy(s_eqe, eqe, dev->caps.eqe_size - 1);
  59 +       memcpy(s_eqe, eqe, sizeof(struct mlx4_eqe) - 1);
  60         s_eqe->slave_id = slave;
  61         /* ensure all information is written before setting the ownersip bit */
  62         wmb();