tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma

Pull rdma fixes from Jason Gunthorpe:
"Seems bigger than usual, a number of things were posted near/during
the merg window:

- Fix some compilation regressions related to the new DMABUF code

- Close a race with ib_register_device() vs netdev events that causes
GID table corruption

- Compilation warnings with some compilers in bng_re

- Correct error unwind in bng_re and the umem pinned dmabuf

- Avoid NULL pointer crash in ionic during query_port()

- Check the size for uAPI validation checks in EFA

- Several system call stack leaks in drivers found with AI

- Fix the new restricted_node_type so it works with wildcard listens
too"

* tag 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma:
RDMA/uverbs: Import DMA-BUF module in uverbs_std_types_dmabuf file
RDMA/umem: Fix double dma_buf_unpin in failure path
RDMA/core: Check id_priv->restricted_node_type in cma_listen_on_dev()
RDMA/ionic: Fix kernel stack leak in ionic_create_cq()
RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah()
IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq()
RDMA/efa: Fix typo in efa_alloc_mr()
RDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port
RDMA/bng_re: Unwind bng_re_dev_init properly
RDMA/bng_re: Remove unnessary validity checks
RDMA/core: Fix stale RoCE GIDs during netdev events at registration
RDMA/uverbs: select CONFIG_DMA_SHARED_BUFFER

Linus Torvalds e3c81bae b9c8fc2c

+86 -48
+1
drivers/infiniband/Kconfig
··· 6 6 depends on INET 7 7 depends on m || IPV6 != m 8 8 depends on !ALPHA 9 + select DMA_SHARED_BUFFER 9 10 select IRQ_POLL 10 11 select DIMLIB 11 12 help
+13
drivers/infiniband/core/cache.c
··· 926 926 if (err) 927 927 return err; 928 928 929 + /* 930 + * Mark the device as ready for GID cache updates. This allows netdev 931 + * event handlers to update the GID cache even before the device is 932 + * fully registered. 933 + */ 934 + ib_device_enable_gid_updates(ib_dev); 935 + 929 936 rdma_roce_rescan_device(ib_dev); 930 937 931 938 return err; ··· 1644 1637 1645 1638 void ib_cache_cleanup_one(struct ib_device *device) 1646 1639 { 1640 + /* 1641 + * Clear the GID updates mark first to prevent event handlers from 1642 + * accessing the device while it's being torn down. 1643 + */ 1644 + ib_device_disable_gid_updates(device); 1645 + 1647 1646 /* The cleanup function waits for all in-progress workqueue 1648 1647 * elements and cleans up the GID cache. This function should be 1649 1648 * called after the device was removed from the devices list and
+5 -1
drivers/infiniband/core/cma.c
··· 2729 2729 *to_destroy = NULL; 2730 2730 if (cma_family(id_priv) == AF_IB && !rdma_cap_ib_cm(cma_dev->device, 1)) 2731 2731 return 0; 2732 + if (id_priv->restricted_node_type != RDMA_NODE_UNSPECIFIED && 2733 + id_priv->restricted_node_type != cma_dev->device->node_type) 2734 + return 0; 2732 2735 2733 2736 dev_id_priv = 2734 2737 __rdma_create_id(net, cma_listen_handler, id_priv, ··· 2739 2736 if (IS_ERR(dev_id_priv)) 2740 2737 return PTR_ERR(dev_id_priv); 2741 2738 2739 + dev_id_priv->restricted_node_type = id_priv->restricted_node_type; 2742 2740 dev_id_priv->state = RDMA_CM_ADDR_BOUND; 2743 2741 memcpy(cma_src_addr(dev_id_priv), cma_src_addr(id_priv), 2744 2742 rdma_addr_size(cma_src_addr(id_priv))); ··· 4198 4194 } 4199 4195 4200 4196 mutex_lock(&lock); 4201 - if (id_priv->cma_dev) 4197 + if (READ_ONCE(id_priv->state) != RDMA_CM_IDLE) 4202 4198 ret = -EALREADY; 4203 4199 else 4204 4200 id_priv->restricted_node_type = node_type;
+3
drivers/infiniband/core/core_priv.h
··· 100 100 roce_netdev_callback cb, 101 101 void *cookie); 102 102 103 + void ib_device_enable_gid_updates(struct ib_device *device); 104 + void ib_device_disable_gid_updates(struct ib_device *device); 105 + 103 106 typedef int (*nldev_callback)(struct ib_device *device, 104 107 struct sk_buff *skb, 105 108 struct netlink_callback *cb,
+33 -1
drivers/infiniband/core/device.c
··· 93 93 static DEFINE_XARRAY_FLAGS(devices, XA_FLAGS_ALLOC); 94 94 static DECLARE_RWSEM(devices_rwsem); 95 95 #define DEVICE_REGISTERED XA_MARK_1 96 + #define DEVICE_GID_UPDATES XA_MARK_2 96 97 97 98 static u32 highest_client_id; 98 99 #define CLIENT_REGISTERED XA_MARK_1 ··· 2413 2412 unsigned long index; 2414 2413 2415 2414 down_read(&devices_rwsem); 2416 - xa_for_each_marked (&devices, index, dev, DEVICE_REGISTERED) 2415 + xa_for_each_marked(&devices, index, dev, DEVICE_GID_UPDATES) 2417 2416 ib_enum_roce_netdev(dev, filter, filter_cookie, cb, cookie); 2418 2417 up_read(&devices_rwsem); 2418 + } 2419 + 2420 + /** 2421 + * ib_device_enable_gid_updates - Mark device as ready for GID cache updates 2422 + * @device: Device to mark 2423 + * 2424 + * Called after GID table is allocated and initialized. After this mark is set, 2425 + * netdevice event handlers can update the device's GID cache. This allows 2426 + * events that arrive during device registration to be processed, avoiding 2427 + * stale GID entries when netdev properties change during the device 2428 + * registration process. 2429 + */ 2430 + void ib_device_enable_gid_updates(struct ib_device *device) 2431 + { 2432 + down_write(&devices_rwsem); 2433 + xa_set_mark(&devices, device->index, DEVICE_GID_UPDATES); 2434 + up_write(&devices_rwsem); 2435 + } 2436 + 2437 + /** 2438 + * ib_device_disable_gid_updates - Clear the GID updates mark 2439 + * @device: Device to unmark 2440 + * 2441 + * Called before GID table cleanup to prevent event handlers from accessing 2442 + * the device while it's being torn down. 2443 + */ 2444 + void ib_device_disable_gid_updates(struct ib_device *device) 2445 + { 2446 + down_write(&devices_rwsem); 2447 + xa_clear_mark(&devices, device->index, DEVICE_GID_UPDATES); 2448 + up_write(&devices_rwsem); 2419 2449 } 2420 2450 2421 2451 /*
+1 -3
drivers/infiniband/core/umem_dmabuf.c
··· 218 218 219 219 err = ib_umem_dmabuf_map_pages(umem_dmabuf); 220 220 if (err) 221 - goto err_unpin; 221 + goto err_release; 222 222 dma_resv_unlock(umem_dmabuf->attach->dmabuf->resv); 223 223 224 224 return umem_dmabuf; 225 225 226 - err_unpin: 227 - dma_buf_unpin(umem_dmabuf->attach); 228 226 err_release: 229 227 dma_resv_unlock(umem_dmabuf->attach->dmabuf->resv); 230 228 ib_umem_release(&umem_dmabuf->umem);
+2
drivers/infiniband/core/uverbs_std_types_dmabuf.c
··· 10 10 #include "rdma_core.h" 11 11 #include "uverbs.h" 12 12 13 + MODULE_IMPORT_NS("DMA_BUF"); 14 + 13 15 static int uverbs_dmabuf_attach(struct dma_buf *dmabuf, 14 16 struct dma_buf_attachment *attachment) 15 17 {
+19 -37
drivers/infiniband/hw/bng_re/bng_dev.c
··· 54 54 { 55 55 struct bng_re_chip_ctx *chip_ctx; 56 56 57 - if (!rdev->chip_ctx) 58 - return; 59 - 60 57 kfree(rdev->dev_attr); 61 58 rdev->dev_attr = NULL; 62 59 ··· 121 124 struct bnge_fw_msg fw_msg = {}; 122 125 int rc = -EINVAL; 123 126 124 - if (!rdev) 125 - return rc; 126 - 127 - if (!aux_dev) 128 - return rc; 129 - 130 127 bng_re_init_hwrm_hdr((void *)&req, HWRM_RING_FREE); 131 128 req.ring_type = type; 132 129 req.ring_id = cpu_to_le16(fw_ring_id); ··· 141 150 struct hwrm_ring_alloc_input req = {}; 142 151 struct hwrm_ring_alloc_output resp; 143 152 struct bnge_fw_msg fw_msg = {}; 144 - int rc = -EINVAL; 145 - 146 - if (!aux_dev) 147 - return rc; 153 + int rc; 148 154 149 155 bng_re_init_hwrm_hdr((void *)&req, HWRM_RING_ALLOC); 150 156 req.enables = 0; ··· 172 184 struct hwrm_stat_ctx_free_input req = {}; 173 185 struct hwrm_stat_ctx_free_output resp = {}; 174 186 struct bnge_fw_msg fw_msg = {}; 175 - int rc = -EINVAL; 176 - 177 - if (!aux_dev) 178 - return rc; 187 + int rc; 179 188 180 189 bng_re_init_hwrm_hdr((void *)&req, HWRM_STAT_CTX_FREE); 181 190 req.stat_ctx_id = cpu_to_le32(rdev->stats_ctx.fw_id); ··· 193 208 struct hwrm_stat_ctx_alloc_output resp = {}; 194 209 struct hwrm_stat_ctx_alloc_input req = {}; 195 210 struct bnge_fw_msg fw_msg = {}; 196 - int rc = -EINVAL; 211 + int rc; 197 212 198 213 stats->fw_id = BNGE_INVALID_STATS_CTX_ID; 199 - 200 - if (!aux_dev) 201 - return rc; 202 214 203 215 bng_re_init_hwrm_hdr((void *)&req, HWRM_STAT_CTX_ALLOC); 204 216 req.update_period_ms = cpu_to_le32(1000); ··· 285 303 if (rc) { 286 304 ibdev_err(&rdev->ibdev, 287 305 "Failed to register with netedev: %#x\n", rc); 288 - return -EINVAL; 306 + goto reg_netdev_fail; 289 307 } 290 308 291 309 set_bit(BNG_RE_FLAG_NETDEV_REGISTERED, &rdev->flags); ··· 294 312 ibdev_err(&rdev->ibdev, 295 313 "RoCE requires minimum 2 MSI-X vectors, but only %d reserved\n", 296 314 rdev->aux_dev->auxr_info->msix_requested); 297 - bnge_unregister_dev(rdev->aux_dev); 298 - clear_bit(BNG_RE_FLAG_NETDEV_REGISTERED, &rdev->flags); 299 - return -EINVAL; 315 + rc = -EINVAL; 316 + goto msix_ctx_fail; 300 317 } 301 318 ibdev_dbg(&rdev->ibdev, "Got %d MSI-X vectors\n", 302 319 rdev->aux_dev->auxr_info->msix_requested); 303 320 304 321 rc = bng_re_setup_chip_ctx(rdev); 305 322 if (rc) { 306 - bnge_unregister_dev(rdev->aux_dev); 307 - clear_bit(BNG_RE_FLAG_NETDEV_REGISTERED, &rdev->flags); 308 323 ibdev_err(&rdev->ibdev, "Failed to get chip context\n"); 309 - return -EINVAL; 324 + goto msix_ctx_fail; 310 325 } 311 326 312 327 bng_re_query_hwrm_version(rdev); ··· 312 333 if (rc) { 313 334 ibdev_err(&rdev->ibdev, 314 335 "Failed to allocate RCFW Channel: %#x\n", rc); 315 - goto fail; 336 + goto alloc_fw_chl_fail; 316 337 } 317 338 318 339 /* Allocate nq record memory */ 319 340 rdev->nqr = kzalloc_obj(*rdev->nqr); 320 341 if (!rdev->nqr) { 321 - bng_re_destroy_chip_ctx(rdev); 322 - bnge_unregister_dev(rdev->aux_dev); 323 - clear_bit(BNG_RE_FLAG_NETDEV_REGISTERED, &rdev->flags); 324 - return -ENOMEM; 342 + rc = -ENOMEM; 343 + goto nq_alloc_fail; 325 344 } 326 345 327 346 rdev->nqr->num_msix = rdev->aux_dev->auxr_info->msix_requested; ··· 388 411 free_ring: 389 412 bng_re_net_ring_free(rdev, rdev->rcfw.creq.ring_id, type); 390 413 free_rcfw: 414 + kfree(rdev->nqr); 415 + nq_alloc_fail: 391 416 bng_re_free_rcfw_channel(&rdev->rcfw); 392 - fail: 393 - bng_re_dev_uninit(rdev); 417 + alloc_fw_chl_fail: 418 + bng_re_destroy_chip_ctx(rdev); 419 + msix_ctx_fail: 420 + bnge_unregister_dev(rdev->aux_dev); 421 + clear_bit(BNG_RE_FLAG_NETDEV_REGISTERED, &rdev->flags); 422 + reg_netdev_fail: 394 423 return rc; 395 424 } 396 425 ··· 469 486 470 487 rdev = dev_info->rdev; 471 488 472 - if (rdev) 473 - bng_re_remove_device(rdev, adev); 489 + bng_re_remove_device(rdev, adev); 474 490 kfree(dev_info); 475 491 } 476 492
+1 -1
drivers/infiniband/hw/efa/efa_verbs.c
··· 1661 1661 struct efa_mr *mr; 1662 1662 1663 1663 if (udata && udata->inlen && 1664 - !ib_is_udata_cleared(udata, 0, sizeof(udata->inlen))) { 1664 + !ib_is_udata_cleared(udata, 0, udata->inlen)) { 1665 1665 ibdev_dbg(&dev->ibdev, 1666 1666 "Incompatible ABI params, udata not cleared\n"); 1667 1667 return ERR_PTR(-EINVAL);
+1 -1
drivers/infiniband/hw/ionic/ionic_controlpath.c
··· 1218 1218 rdma_udata_to_drv_context(udata, struct ionic_ctx, ibctx); 1219 1219 struct ionic_vcq *vcq = to_ionic_vcq(ibcq); 1220 1220 struct ionic_tbl_buf buf = {}; 1221 - struct ionic_cq_resp resp; 1221 + struct ionic_cq_resp resp = {}; 1222 1222 struct ionic_cq_req req; 1223 1223 int udma_idx = 0, rc; 1224 1224
+2
drivers/infiniband/hw/ionic/ionic_ibdev.c
··· 81 81 return -EINVAL; 82 82 83 83 ndev = ib_device_get_netdev(ibdev, port); 84 + if (!ndev) 85 + return -ENODEV; 84 86 85 87 if (netif_running(ndev) && netif_carrier_ok(ndev)) { 86 88 attr->state = IB_PORT_ACTIVE;
+1 -1
drivers/infiniband/hw/irdma/verbs.c
··· 5212 5212 #define IRDMA_CREATE_AH_MIN_RESP_LEN offsetofend(struct irdma_create_ah_resp, rsvd) 5213 5213 struct irdma_ah *ah = container_of(ibah, struct irdma_ah, ibah); 5214 5214 struct irdma_device *iwdev = to_iwdev(ibah->pd->device); 5215 - struct irdma_create_ah_resp uresp; 5215 + struct irdma_create_ah_resp uresp = {}; 5216 5216 struct irdma_ah *parent_ah; 5217 5217 int err; 5218 5218
+3 -2
drivers/infiniband/hw/mthca/mthca_provider.c
··· 428 428 429 429 if (context && ib_copy_to_udata(udata, &srq->srqn, sizeof(__u32))) { 430 430 mthca_free_srq(to_mdev(ibsrq->device), srq); 431 + mthca_unmap_user_db(to_mdev(ibsrq->device), &context->uar, 432 + context->db_tab, ucmd.db_index); 431 433 return -EFAULT; 432 434 } 433 435 ··· 438 436 439 437 static int mthca_destroy_srq(struct ib_srq *srq, struct ib_udata *udata) 440 438 { 439 + mthca_free_srq(to_mdev(srq->device), to_msrq(srq)); 441 440 if (udata) { 442 441 struct mthca_ucontext *context = 443 442 rdma_udata_to_drv_context( ··· 449 446 mthca_unmap_user_db(to_mdev(srq->device), &context->uar, 450 447 context->db_tab, to_msrq(srq)->db_index); 451 448 } 452 - 453 - mthca_free_srq(to_mdev(srq->device), to_msrq(srq)); 454 449 return 0; 455 450 } 456 451
+1 -1
include/rdma/rdma_cm.h
··· 181 181 * 182 182 * It needs to be called before the RDMA identifier is bound 183 183 * to an device, which mean it should be called before 184 - * rdma_bind_addr(), rdma_bind_addr() and rdma_listen(). 184 + * rdma_bind_addr(), rdma_resolve_addr() and rdma_listen(). 185 185 */ 186 186 int rdma_restrict_node_type(struct rdma_cm_id *id, u8 node_type); 187 187