From patchwork Fri Jan 24 09:33:06 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Greg KH X-Patchwork-Id: 232868 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-9.8 required=3.0 tests=DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_PATCH, MAILING_LIST_MULTI, SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D5A6C2D0DB for ; Fri, 24 Jan 2020 11:36:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id E996C214AF for ; Fri, 24 Jan 2020 11:36:12 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579865773; bh=+PXbwDiudaVGICJcW9K7f8hU1Y36cPzlHj6uTliGLNE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=orU7HK1iZDnZQCvt6BvT9jWG7As7O2rKM73hfoKWgKM3qMjPQBQPmS9HH5mmBba4O ugTjDFZUsb+B9Dl04Lhg1w3WX1KfW57vT5Dv6RAQoNPp55a55vra90POuK/4TmtrFL eoaM0hHFBh2ibCSnl+ZwyzXVbaLgCCmuChksPWVg= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404739AbgAXLgL (ORCPT ); Fri, 24 Jan 2020 06:36:11 -0500 Received: from mail.kernel.org ([198.145.29.99]:56340 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2404887AbgAXLgK (ORCPT ); Fri, 24 Jan 2020 06:36:10 -0500 Received: from localhost (ip-213-127-102-57.ip.prioritytelecom.net [213.127.102.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0A917214AF; Fri, 24 Jan 2020 11:36:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1579865769; bh=+PXbwDiudaVGICJcW9K7f8hU1Y36cPzlHj6uTliGLNE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=O7ClZKTz9/gXQxXIvlTsO+oTp8Wc1DQGxPU1/iPz7ZgFady8vQG0Dktx3nPvTlbSB Pyhh6UW+gwFkRM8odd5KSyDJY3hZc2qNf2qBJw5rmFVQ3CAE4ZyV1BldIP+ZYljmdK wumHXzKnRbl8HofsfASOG2uAz1zW4OOdc2Nb6FjM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Haiyang Zhang , "David S. Miller" , Sasha Levin Subject: [PATCH 4.19 616/639] hv_netvsc: Fix send_table offset in case of a host bug Date: Fri, 24 Jan 2020 10:33:06 +0100 Message-Id: <20200124093206.751764426@linuxfoundation.org> X-Mailer: git-send-email 2.25.0 In-Reply-To: <20200124093047.008739095@linuxfoundation.org> References: <20200124093047.008739095@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Haiyang Zhang [ Upstream commit 171c1fd98df3d5948d9a9eb755274850fa5e59c6 ] If negotiated NVSP version <= NVSP_PROTOCOL_VERSION_6, the offset may be wrong (too small) due to a host bug. This can cause missing the end of the send indirection table, and add multiple zero entries from leading zeros before the data region. This bug adds extra burden on channel 0. So fix the offset by computing it from the data structure sizes. This will ensure netvsc driver runs normally on unfixed hosts, and future fixed hosts. Fixes: 5b54dac856cb ("hyperv: Add support for virtual Receive Side Scaling (vRSS)") Signed-off-by: Haiyang Zhang Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- drivers/net/hyperv/netvsc.c | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/drivers/net/hyperv/netvsc.c b/drivers/net/hyperv/netvsc.c index 68c23a64e565f..dbfd3a0c97d3b 100644 --- a/drivers/net/hyperv/netvsc.c +++ b/drivers/net/hyperv/netvsc.c @@ -1182,6 +1182,7 @@ static int netvsc_receive(struct net_device *ndev, } static void netvsc_send_table(struct net_device *ndev, + struct netvsc_device *nvscdev, const struct nvsp_message *nvmsg, u32 msglen) { @@ -1197,6 +1198,16 @@ static void netvsc_send_table(struct net_device *ndev, return; } + /* If negotiated version <= NVSP_PROTOCOL_VERSION_6, the offset may be + * wrong due to a host bug. So fix the offset here. + */ + if (nvscdev->nvsp_version <= NVSP_PROTOCOL_VERSION_6 && + msglen >= sizeof(struct nvsp_message_header) + + sizeof(union nvsp_6_message_uber) + count * sizeof(u32)) + offset = sizeof(struct nvsp_message_header) + + sizeof(union nvsp_6_message_uber); + + /* Boundary check for all versions */ if (offset > msglen - count * sizeof(u32)) { netdev_err(ndev, "Received send-table offset too big:%u\n", offset); @@ -1222,12 +1233,13 @@ static void netvsc_send_vf(struct net_device *ndev, } static void netvsc_receive_inband(struct net_device *ndev, + struct netvsc_device *nvscdev, const struct nvsp_message *nvmsg, u32 msglen) { switch (nvmsg->hdr.msg_type) { case NVSP_MSG5_TYPE_SEND_INDIRECTION_TABLE: - netvsc_send_table(ndev, nvmsg, msglen); + netvsc_send_table(ndev, nvscdev, nvmsg, msglen); break; case NVSP_MSG4_TYPE_SEND_VF_ASSOCIATION: @@ -1260,7 +1272,7 @@ static int netvsc_process_raw_pkt(struct hv_device *device, break; case VM_PKT_DATA_INBAND: - netvsc_receive_inband(ndev, nvmsg, msglen); + netvsc_receive_inband(ndev, net_device, nvmsg, msglen); break; default: