From: Greg Kroah-Hartman Date: Thu, 22 Mar 2018 21:21:15 +0000 (+0100) Subject: 4.14-stable patches X-Git-Tag: v3.18.102~4 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1ed1845451547cf280aadc175c6b7a3582e538eb;p=thirdparty%2Fkernel%2Fstable-queue.git 4.14-stable patches added patches: rdma-vmw_pvrdma-fix-usage-of-user-response-structures-in-abi-file.patch --- diff --git a/queue-4.14/rdma-vmw_pvrdma-fix-usage-of-user-response-structures-in-abi-file.patch b/queue-4.14/rdma-vmw_pvrdma-fix-usage-of-user-response-structures-in-abi-file.patch new file mode 100644 index 00000000000..82423b61a33 --- /dev/null +++ b/queue-4.14/rdma-vmw_pvrdma-fix-usage-of-user-response-structures-in-abi-file.patch @@ -0,0 +1,77 @@ +From 1f5a6c47aabc4606f91ad2e6ef71a1ff1924101c Mon Sep 17 00:00:00 2001 +From: Adit Ranadive +Date: Thu, 15 Feb 2018 12:36:46 -0800 +Subject: RDMA/vmw_pvrdma: Fix usage of user response structures in ABI file + +From: Adit Ranadive + +commit 1f5a6c47aabc4606f91ad2e6ef71a1ff1924101c upstream. + +This ensures that we return the right structures back to userspace. +Otherwise, it looks like the reserved fields in the response structures +in userspace might have uninitialized data in them. + +Fixes: 8b10ba783c9d ("RDMA/vmw_pvrdma: Add shared receive queue support") +Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver") +Suggested-by: Jason Gunthorpe +Reviewed-by: Bryan Tan +Reviewed-by: Aditya Sarwade +Reviewed-by: Jorgen Hansen +Signed-off-by: Adit Ranadive +Signed-off-by: Jason Gunthorpe +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/infiniband/hw/vmw_pvrdma/pvrdma_cq.c | 4 +++- + drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c | 4 +++- + 2 files changed, 6 insertions(+), 2 deletions(-) + +--- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_cq.c ++++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_cq.c +@@ -114,6 +114,7 @@ struct ib_cq *pvrdma_create_cq(struct ib + union pvrdma_cmd_resp rsp; + struct pvrdma_cmd_create_cq *cmd = &req.create_cq; + struct pvrdma_cmd_create_cq_resp *resp = &rsp.create_cq_resp; ++ struct pvrdma_create_cq_resp cq_resp = {0}; + struct pvrdma_create_cq ucmd; + + BUILD_BUG_ON(sizeof(struct pvrdma_cqe) != 64); +@@ -198,6 +199,7 @@ struct ib_cq *pvrdma_create_cq(struct ib + + cq->ibcq.cqe = resp->cqe; + cq->cq_handle = resp->cq_handle; ++ cq_resp.cqn = resp->cq_handle; + spin_lock_irqsave(&dev->cq_tbl_lock, flags); + dev->cq_tbl[cq->cq_handle % dev->dsr->caps.max_cq] = cq; + spin_unlock_irqrestore(&dev->cq_tbl_lock, flags); +@@ -206,7 +208,7 @@ struct ib_cq *pvrdma_create_cq(struct ib + cq->uar = &(to_vucontext(context)->uar); + + /* Copy udata back. */ +- if (ib_copy_to_udata(udata, &cq->cq_handle, sizeof(__u32))) { ++ if (ib_copy_to_udata(udata, &cq_resp, sizeof(cq_resp))) { + dev_warn(&dev->pdev->dev, + "failed to copy back udata\n"); + pvrdma_destroy_cq(&cq->ibcq); +--- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c ++++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_verbs.c +@@ -444,6 +444,7 @@ struct ib_pd *pvrdma_alloc_pd(struct ib_ + union pvrdma_cmd_resp rsp; + struct pvrdma_cmd_create_pd *cmd = &req.create_pd; + struct pvrdma_cmd_create_pd_resp *resp = &rsp.create_pd_resp; ++ struct pvrdma_alloc_pd_resp pd_resp = {0}; + int ret; + void *ptr; + +@@ -472,9 +473,10 @@ struct ib_pd *pvrdma_alloc_pd(struct ib_ + pd->privileged = !context; + pd->pd_handle = resp->pd_handle; + pd->pdn = resp->pd_handle; ++ pd_resp.pdn = resp->pd_handle; + + if (context) { +- if (ib_copy_to_udata(udata, &pd->pdn, sizeof(__u32))) { ++ if (ib_copy_to_udata(udata, &pd_resp, sizeof(pd_resp))) { + dev_warn(&dev->pdev->dev, + "failed to copy back protection domain\n"); + pvrdma_dealloc_pd(&pd->ibpd); diff --git a/queue-4.14/series b/queue-4.14/series index 0685d509399..128ed93e596 100644 --- a/queue-4.14/series +++ b/queue-4.14/series @@ -74,3 +74,4 @@ clk-migrate-the-count-of-orphaned-clocks-at-init.patch rdma-ucma-fix-access-to-non-initialized-cm_id-object.patch rdma-ucma-don-t-allow-join-attempts-for-unsupported-af-family.patch kbuild-fix-linker-feature-test-macros-when-cross-compiling-with-clang.patch +rdma-vmw_pvrdma-fix-usage-of-user-response-structures-in-abi-file.patch