Netdev Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH v1] gve: fix the wrong AdminQ buffer overflow check
@ 2021-07-14  7:34 Haiyue Wang
  2021-07-14 22:45 ` Catherine Sullivan
  2021-07-16 17:50 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 3+ messages in thread
From: Haiyue Wang @ 2021-07-14  7:34 UTC (permalink / raw)
  To: netdev
  Cc: Haiyue Wang, Catherine Sullivan, Sagi Shahar, Jon Olson,
	David S. Miller, Jakub Kicinski, David Awogbemila, Yangchun Fu,
	Willem de Bruijn, Bailey Forrest, Kuo Zhao, open list

The 'tail' pointer is also free-running count, so it needs to be masked
as 'adminq_prod_cnt' does, to become an index value of AdminQ buffer.

Fixes: 5cdad90de62c ("gve: Batch AQ commands for creating and destroying queues.")
Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
---
 drivers/net/ethernet/google/gve/gve_adminq.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/net/ethernet/google/gve/gve_adminq.c b/drivers/net/ethernet/google/gve/gve_adminq.c
index 5bb56b454541..f089d33dd48e 100644
--- a/drivers/net/ethernet/google/gve/gve_adminq.c
+++ b/drivers/net/ethernet/google/gve/gve_adminq.c
@@ -322,7 +322,8 @@ static int gve_adminq_issue_cmd(struct gve_priv *priv,
 	tail = ioread32be(&priv->reg_bar0->adminq_event_counter);
 
 	// Check if next command will overflow the buffer.
-	if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) == tail) {
+	if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) ==
+	    (tail & priv->adminq_mask)) {
 		int err;
 
 		// Flush existing commands to make room.
@@ -332,7 +333,8 @@ static int gve_adminq_issue_cmd(struct gve_priv *priv,
 
 		// Retry.
 		tail = ioread32be(&priv->reg_bar0->adminq_event_counter);
-		if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) == tail) {
+		if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) ==
+		    (tail & priv->adminq_mask)) {
 			// This should never happen. We just flushed the
 			// command queue so there should be enough space.
 			return -ENOMEM;
-- 
2.32.0


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v1] gve: fix the wrong AdminQ buffer overflow check
  2021-07-14  7:34 [PATCH v1] gve: fix the wrong AdminQ buffer overflow check Haiyue Wang
@ 2021-07-14 22:45 ` Catherine Sullivan
  2021-07-16 17:50 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: Catherine Sullivan @ 2021-07-14 22:45 UTC (permalink / raw)
  To: Haiyue Wang
  Cc: netdev, Sagi Shahar, Jon Olson, David S. Miller, Jakub Kicinski,
	David Awogbemila, Yangchun Fu, Willem de Bruijn, Bailey Forrest,
	Kuo Zhao, open list

On Wed, Jul 14, 2021 at 12:58 AM Haiyue Wang <haiyue.wang@intel.com> wrote:
>
> The 'tail' pointer is also free-running count, so it needs to be masked
> as 'adminq_prod_cnt' does, to become an index value of AdminQ buffer.
>
> Fixes: 5cdad90de62c ("gve: Batch AQ commands for creating and destroying queues.")
> Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>

Reviewed-by: Catherine Sullivan <csully@google.com>

> ---
>  drivers/net/ethernet/google/gve/gve_adminq.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/net/ethernet/google/gve/gve_adminq.c b/drivers/net/ethernet/google/gve/gve_adminq.c
> index 5bb56b454541..f089d33dd48e 100644
> --- a/drivers/net/ethernet/google/gve/gve_adminq.c
> +++ b/drivers/net/ethernet/google/gve/gve_adminq.c
> @@ -322,7 +322,8 @@ static int gve_adminq_issue_cmd(struct gve_priv *priv,
>         tail = ioread32be(&priv->reg_bar0->adminq_event_counter);
>
>         // Check if next command will overflow the buffer.
> -       if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) == tail) {
> +       if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) ==
> +           (tail & priv->adminq_mask)) {
>                 int err;
>
>                 // Flush existing commands to make room.
> @@ -332,7 +333,8 @@ static int gve_adminq_issue_cmd(struct gve_priv *priv,
>
>                 // Retry.
>                 tail = ioread32be(&priv->reg_bar0->adminq_event_counter);
> -               if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) == tail) {
> +               if (((priv->adminq_prod_cnt + 1) & priv->adminq_mask) ==
> +                   (tail & priv->adminq_mask)) {
>                         // This should never happen. We just flushed the
>                         // command queue so there should be enough space.
>                         return -ENOMEM;
> --
> 2.32.0
>

Thanks!

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v1] gve: fix the wrong AdminQ buffer overflow check
  2021-07-14  7:34 [PATCH v1] gve: fix the wrong AdminQ buffer overflow check Haiyue Wang
  2021-07-14 22:45 ` Catherine Sullivan
@ 2021-07-16 17:50 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 3+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-07-16 17:50 UTC (permalink / raw)
  To: Haiyue Wang
  Cc: netdev, csully, sagis, jonolson, davem, kuba, awogbemila,
	yangchun, willemb, bcf, kuozhao, linux-kernel

Hello:

This patch was applied to netdev/net-next.git (refs/heads/master):

On Wed, 14 Jul 2021 15:34:59 +0800 you wrote:
> The 'tail' pointer is also free-running count, so it needs to be masked
> as 'adminq_prod_cnt' does, to become an index value of AdminQ buffer.
> 
> Fixes: 5cdad90de62c ("gve: Batch AQ commands for creating and destroying queues.")
> Signed-off-by: Haiyue Wang <haiyue.wang@intel.com>
> ---
>  drivers/net/ethernet/google/gve/gve_adminq.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)

Here is the summary with links:
  - [v1] gve: fix the wrong AdminQ buffer overflow check
    https://git.kernel.org/netdev/net-next/c/63a9192b8fa1

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-07-16 17:50 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-14  7:34 [PATCH v1] gve: fix the wrong AdminQ buffer overflow check Haiyue Wang
2021-07-14 22:45 ` Catherine Sullivan
2021-07-16 17:50 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).