RDMA/bnxt_re: Fix driver crash on unaligned PSN entry address

[ Upstream commit 934d0ac9a64d21523e3ad03ea4098da7826bc788 ]

When computing the first psn entry, driver checks for page alignment. If
this address is not page aligned,it attempts to compute the offset in that
page for later use by using ALIGN macro. ALIGN macro does not return
offset bytes but the requested aligned address and hence cannot be used
directly to store as offset.  Since driver was using the address itself
instead of offset, it resulted in invalid address when filling the psn
buffer.

Fixed driver to use PAGE_MASK macro to calculate the offset.

Fixes: fddcbbb02af4 ("RDMA/bnxt_re: Simplify obtaining queue entry from hw ring")
Link: https://lore.kernel.org/r/1598292876-26529-7-git-send-email-selvin.xavier@broadcom.com
Signed-off-by: Naresh Kumar PBS <nareshkumar.pbs@broadcom.com>
Signed-off-by: Selvin Xavier <selvin.xavier@broadcom.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/drivers/infiniband/hw/bnxt_re/qplib_fp.c b/drivers/infiniband/hw/bnxt_re/qplib_fp.c
index b217208f6bccea3267c27d64b22ef64d5d295f96..4b53f79b91d1da40f003f41d391cd446536d32d6 100644 (file)
--- a/drivers/infiniband/hw/bnxt_re/qplib_fp.c
+++ b/drivers/infiniband/hw/bnxt_re/qplib_fp.c
@@ -922,10 +922,10 @@ static void bnxt_qplib_init_psn_ptr(struct bnxt_qplib_qp *qp, int size)
        sq = &qp->sq;
        hwq = &sq->hwq;
 
+       /* First psn entry */
        fpsne = (u64)bnxt_qplib_get_qe(hwq, hwq->max_elements, &psn_pg);
        if (!IS_ALIGNED(fpsne, PAGE_SIZE))
-               indx_pad = ALIGN(fpsne, PAGE_SIZE) / size;
-
+               indx_pad = (fpsne & ~PAGE_MASK) / size;
        page = (u64 *)psn_pg;
        for (indx = 0; indx < hwq->max_elements; indx++) {
                pg_num = (indx + indx_pad) / (PAGE_SIZE / size);