diff mbox series

[for-rc] RDMA/vmw_pvrdma: Correctly set and check device ib_active status

Message ID 20200918023859.22181-1-vdasa@vmware.com
State New
Headers show
Series [for-rc] RDMA/vmw_pvrdma: Correctly set and check device ib_active status | expand

Commit Message

Vishnu Dasa Sept. 18, 2020, 2:38 a.m. UTC
Avoid calling ib_dispatch_event on an inactive device in order to
prevent writing to invalid I/O mapped addresses which could cause a
guest crash.

Also, set the ib_active status to 'false' in pvrdma_pci_remove and
in the failure path of pvrdma_pci_probe.

Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver")
Acked-by: Adit Ranadive <aditr@vmware.com>
Signed-off-by: Vishnu Dasa <vdasa@vmware.com>
---
 drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

Comments

Jason Gunthorpe Sept. 21, 2020, 2:16 p.m. UTC | #1
On Fri, Sep 18, 2020 at 02:38:59AM +0000, Vishnu Dasa wrote:
> Avoid calling ib_dispatch_event on an inactive device in order to

> prevent writing to invalid I/O mapped addresses which could cause a

> guest crash.

> 

> Also, set the ib_active status to 'false' in pvrdma_pci_remove and

> in the failure path of pvrdma_pci_probe.

> 

> Fixes: 29c8d9eba550 ("IB: Add vmw_pvrdma driver")

> Acked-by: Adit Ranadive <aditr@vmware.com>

> Signed-off-by: Vishnu Dasa <vdasa@vmware.com>

> ---

>  drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c | 12 ++++++++++++

>  1 file changed, 12 insertions(+)


To fix this bug you need to change pvrdma_netdevice_event to use
ib_device_get_by_netdev() instead of the pvrdma_device_list global

And then use ib_device_put in the pvrdma_netdevice_event_work() once
the pointer is no longer needed.

The core code handles all the required locking

Jason
diff mbox series

Patch

diff --git a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c
index 780fd2dfc07e..ff4fd6e078e7 100644
--- a/drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c
+++ b/drivers/infiniband/hw/vmw_pvrdma/pvrdma_main.c
@@ -692,6 +692,16 @@  static void pvrdma_netdevice_event_handle(struct pvrdma_dev *dev,
 	struct pci_dev *pdev_net;
 	unsigned int slot;
 
+	/*
+	 * Do not dispatch events if the device is inactive.  Otherwise
+	 * we'll try to ib_dispatch_event() on an invalid device.
+	 */
+	if (!dev->ib_active) {
+		dev_dbg(&dev->pdev->dev, "ignore netdev event %ld on %s\n",
+			event, dev->ib_dev.name);
+		return;
+	}
+
 	switch (event) {
 	case NETDEV_REBOOT:
 	case NETDEV_DOWN:
@@ -1049,6 +1059,7 @@  static int pvrdma_pci_probe(struct pci_dev *pdev,
 	return 0;
 
 err_unreg_ibdev:
+	dev->ib_active = false;
 	ib_unregister_device(&dev->ib_dev);
 err_disable_intr:
 	pvrdma_disable_intrs(dev);
@@ -1108,6 +1119,7 @@  static void pvrdma_pci_remove(struct pci_dev *pdev)
 	}
 
 	/* Unregister ib device */
+	dev->ib_active = false;
 	ib_unregister_device(&dev->ib_dev);
 
 	mutex_lock(&pvrdma_device_list_lock);