From: Greg Kroah-Hartman Date: Sat, 12 Aug 2023 18:43:08 +0000 (+0200) Subject: 4.19-stable patches X-Git-Tag: v4.14.323~36 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ee1c4b8a48e29741b73a03db34ce7a5f012a4a31;p=thirdparty%2Fkernel%2Fstable-queue.git 4.19-stable patches added patches: ibmvnic-handle-dma-unmapping-of-login-buffs-in-release-functions.patch --- diff --git a/queue-4.19/ibmvnic-handle-dma-unmapping-of-login-buffs-in-release-functions.patch b/queue-4.19/ibmvnic-handle-dma-unmapping-of-login-buffs-in-release-functions.patch new file mode 100644 index 00000000000..cfa0ad38071 --- /dev/null +++ b/queue-4.19/ibmvnic-handle-dma-unmapping-of-login-buffs-in-release-functions.patch @@ -0,0 +1,73 @@ +From d78a671eb8996af19d6311ecdee9790d2fa479f0 Mon Sep 17 00:00:00 2001 +From: Nick Child +Date: Wed, 9 Aug 2023 17:10:36 -0500 +Subject: ibmvnic: Handle DMA unmapping of login buffs in release functions + +From: Nick Child + +commit d78a671eb8996af19d6311ecdee9790d2fa479f0 upstream. + +Rather than leaving the DMA unmapping of the login buffers to the +login response handler, move this work into the login release functions. +Previously, these functions were only used for freeing the allocated +buffers. This could lead to issues if there are more than one +outstanding login buffer requests, which is possible if a login request +times out. + +If a login request times out, then there is another call to send login. +The send login function makes a call to the login buffer release +function. In the past, this freed the buffers but did not DMA unmap. +Therefore, the VIOS could still write to the old login (now freed) +buffer. It is for this reason that it is a good idea to leave the DMA +unmap call to the login buffers release function. + +Since the login buffer release functions now handle DMA unmapping, +remove the duplicate DMA unmapping in handle_login_rsp(). + +Fixes: dff515a3e71d ("ibmvnic: Harden device login requests") +Signed-off-by: Nick Child +Reviewed-by: Simon Horman +Link: https://lore.kernel.org/r/20230809221038.51296-3-nnac123@linux.ibm.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/ibm/ibmvnic.c | 15 ++++++++++----- + 1 file changed, 10 insertions(+), 5 deletions(-) + +--- a/drivers/net/ethernet/ibm/ibmvnic.c ++++ b/drivers/net/ethernet/ibm/ibmvnic.c +@@ -884,12 +884,22 @@ static int ibmvnic_login(struct net_devi + + static void release_login_buffer(struct ibmvnic_adapter *adapter) + { ++ if (!adapter->login_buf) ++ return; ++ ++ dma_unmap_single(&adapter->vdev->dev, adapter->login_buf_token, ++ adapter->login_buf_sz, DMA_TO_DEVICE); + kfree(adapter->login_buf); + adapter->login_buf = NULL; + } + + static void release_login_rsp_buffer(struct ibmvnic_adapter *adapter) + { ++ if (!adapter->login_rsp_buf) ++ return; ++ ++ dma_unmap_single(&adapter->vdev->dev, adapter->login_rsp_buf_token, ++ adapter->login_rsp_buf_sz, DMA_FROM_DEVICE); + kfree(adapter->login_rsp_buf); + adapter->login_rsp_buf = NULL; + } +@@ -4061,11 +4071,6 @@ static int handle_login_rsp(union ibmvni + struct ibmvnic_login_buffer *login = adapter->login_buf; + int i; + +- dma_unmap_single(dev, adapter->login_buf_token, adapter->login_buf_sz, +- DMA_TO_DEVICE); +- dma_unmap_single(dev, adapter->login_rsp_buf_token, +- adapter->login_rsp_buf_sz, DMA_FROM_DEVICE); +- + /* If the number of queues requested can't be allocated by the + * server, the login response will return with code 1. We will need + * to resend the login buffer with fewer queues requested. diff --git a/queue-4.19/series b/queue-4.19/series index 22b6cace8d4..7326a33d7a9 100644 --- a/queue-4.19/series +++ b/queue-4.19/series @@ -21,3 +21,4 @@ dccp-fix-data-race-around-dp-dccps_mss_cache.patch drivers-net-prevent-tun_build_skb-to-exceed-the-packet-size-limit.patch ib-hfi1-fix-possible-panic-during-hotplug-remove.patch wifi-cfg80211-fix-sband-iftype-data-lookup-for-ap_vlan.patch +ibmvnic-handle-dma-unmapping-of-login-buffs-in-release-functions.patch