| From c47b9eb6973dc055abec524095dbee90a0873657 Mon Sep 17 00:00:00 2001 |
| From: Noa Osherovich <noaos@mellanox.com> |
| Date: Sun, 25 Feb 2018 13:39:51 +0200 |
| Subject: IB/mlx5: Avoid passing an invalid QP type to firmware |
| |
| [ Upstream commit e7b169f34403becd3c9fd3b6e46614ab788f2187 ] |
| |
| During QP creation, the mlx5 driver translates the QP type to an |
| internal value which is passed on to FW. There was no check to make |
| sure that the translated value is valid, and -EINVAL was coerced into |
| the mailbox command. |
| |
| Current firmware refuses this as an invalid QP type, but future/past |
| firmware may do something else. |
| |
| Fixes: 09a7d9eca1a6c ('{net,IB}/mlx5: QP/XRCD commands via mlx5 ifc') |
| Reviewed-by: Ilya Lesokhin <ilyal@mellanox.com> |
| Signed-off-by: Noa Osherovich <noaos@mellanox.com> |
| Signed-off-by: Leon Romanovsky <leon@kernel.org> |
| Signed-off-by: Jason Gunthorpe <jgg@mellanox.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/infiniband/hw/mlx5/qp.c | 7 ++++++- |
| 1 file changed, 6 insertions(+), 1 deletion(-) |
| |
| diff --git a/drivers/infiniband/hw/mlx5/qp.c b/drivers/infiniband/hw/mlx5/qp.c |
| index abb47e780070..f8f7a2191b98 100644 |
| --- a/drivers/infiniband/hw/mlx5/qp.c |
| +++ b/drivers/infiniband/hw/mlx5/qp.c |
| @@ -1523,6 +1523,7 @@ static int create_qp_common(struct mlx5_ib_dev *dev, struct ib_pd *pd, |
| u32 uidx = MLX5_IB_DEFAULT_UIDX; |
| struct mlx5_ib_create_qp ucmd; |
| struct mlx5_ib_qp_base *base; |
| + int mlx5_st; |
| void *qpc; |
| u32 *in; |
| int err; |
| @@ -1538,6 +1539,10 @@ static int create_qp_common(struct mlx5_ib_dev *dev, struct ib_pd *pd, |
| spin_lock_init(&qp->sq.lock); |
| spin_lock_init(&qp->rq.lock); |
| |
| + mlx5_st = to_mlx5_st(init_attr->qp_type); |
| + if (mlx5_st < 0) |
| + return -EINVAL; |
| + |
| if (init_attr->rwq_ind_tbl) { |
| if (!udata) |
| return -ENOSYS; |
| @@ -1665,7 +1670,7 @@ static int create_qp_common(struct mlx5_ib_dev *dev, struct ib_pd *pd, |
| |
| qpc = MLX5_ADDR_OF(create_qp_in, in, qpc); |
| |
| - MLX5_SET(qpc, qpc, st, to_mlx5_st(init_attr->qp_type)); |
| + MLX5_SET(qpc, qpc, st, mlx5_st); |
| MLX5_SET(qpc, qpc, pm_state, MLX5_QP_PM_MIGRATED); |
| |
| if (init_attr->qp_type != MLX5_IB_QPT_REG_UMR) |
| -- |
| 2.17.1 |
| |