From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 10 Dec 2021 16:41:55 +0000 (+0100)
Subject: 4.9-stable patches
X-Git-Tag: v4.4.295~52
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6219be609702b3932bf388c1dae56d4644f88812;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	ib-hfi1-correct-guard-on-eager-buffer-deallocation.patch
---

diff --git a/queue-4.9/ib-hfi1-correct-guard-on-eager-buffer-deallocation.patch b/queue-4.9/ib-hfi1-correct-guard-on-eager-buffer-deallocation.patch
new file mode 100644
index 00000000000..78a5e748ab4
--- /dev/null
+++ b/queue-4.9/ib-hfi1-correct-guard-on-eager-buffer-deallocation.patch
@@ -0,0 +1,35 @@
+From 9292f8f9a2ac42eb320bced7153aa2e63d8cc13a Mon Sep 17 00:00:00 2001
+From: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
+Date: Mon, 29 Nov 2021 14:19:52 -0500
+Subject: IB/hfi1: Correct guard on eager buffer deallocation
+
+From: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
+
+commit 9292f8f9a2ac42eb320bced7153aa2e63d8cc13a upstream.
+
+The code tests the dma address which legitimately can be 0.
+
+The code should test the kernel logical address to avoid leaking eager
+buffer allocations that happen to map to a dma address of 0.
+
+Fixes: 60368186fd85 ("IB/hfi1: Fix user-space buffers mapping with IOMMU enabled")
+Link: https://lore.kernel.org/r/20211129191952.101968.17137.stgit@awfm-01.cornelisnetworks.com
+Signed-off-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
+Signed-off-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
+Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/infiniband/hw/hfi1/init.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/drivers/infiniband/hw/hfi1/init.c
++++ b/drivers/infiniband/hw/hfi1/init.c
+@@ -955,7 +955,7 @@ void hfi1_free_ctxtdata(struct hfi1_devd
+ 	kfree(rcd->egrbufs.rcvtids);
+ 
+ 	for (e = 0; e < rcd->egrbufs.alloced; e++) {
+-		if (rcd->egrbufs.buffers[e].dma)
++		if (rcd->egrbufs.buffers[e].addr)
+ 			dma_free_coherent(&dd->pcidev->dev,
+ 					  rcd->egrbufs.buffers[e].len,
+ 					  rcd->egrbufs.buffers[e].addr,
diff --git a/queue-4.9/series b/queue-4.9/series
index 55bb82f373c..70be2f00a96 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -7,3 +7,4 @@ hid-wacom-fix-problems-when-device-is-not-a-valid-usb-device.patch
 hid-check-for-valid-usb-device-for-many-hid-drivers.patch
 can-sja1000-fix-use-after-free-in-ems_pcmcia_add_card.patch
 nfc-fix-potential-null-pointer-deref-in-nfc_genl_dump_ses_done.patch
+ib-hfi1-correct-guard-on-eager-buffer-deallocation.patch