Merge branch 'nfp-protect-from-theoretical-size-overflows-and-SR-IOV-errors'

Jakub Kicinski says:

====================
nfp: protect from theoretical size overflows and SR-IOV errors

This small set changes the handling of pci_sriov_set_totalvfs() errors.
nfp is the only driver which fails probe on pci_sriov_set_totalvfs()
errors.  It turns out some BIOS configurations may break SR-IOV and
users who don't use that feature should not suffer.

Remaining patches makes sure we use overflow-safe function for ring
allocation, even though ring sizes are limited.  It won't hurt and
we can also enable fallback to vmalloc() if memory is tight while
at it.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2018-07-25 22:17:45 -07:00
commit f537530584
3 changed files with 30 additions and 24 deletions

View File

@ -236,16 +236,20 @@ static int nfp_pcie_sriov_read_nfd_limit(struct nfp_pf *pf)
int err; int err;
pf->limit_vfs = nfp_rtsym_read_le(pf->rtbl, "nfd_vf_cfg_max_vfs", &err); pf->limit_vfs = nfp_rtsym_read_le(pf->rtbl, "nfd_vf_cfg_max_vfs", &err);
if (!err) if (err) {
return pci_sriov_set_totalvfs(pf->pdev, pf->limit_vfs); /* For backwards compatibility if symbol not found allow all */
pf->limit_vfs = ~0;
if (err == -ENOENT)
return 0;
pf->limit_vfs = ~0; nfp_warn(pf->cpp, "Warning: VF limit read failed: %d\n", err);
/* Allow any setting for backwards compatibility if symbol not found */ return err;
if (err == -ENOENT) }
return 0;
nfp_warn(pf->cpp, "Warning: VF limit read failed: %d\n", err); err = pci_sriov_set_totalvfs(pf->pdev, pf->limit_vfs);
return err; if (err)
nfp_warn(pf->cpp, "Failed to set VF count in sysfs: %d\n", err);
return 0;
} }
static int nfp_pcie_sriov_enable(struct pci_dev *pdev, int num_vfs) static int nfp_pcie_sriov_enable(struct pci_dev *pdev, int num_vfs)

View File

@ -250,7 +250,7 @@ struct nfp_net_tx_ring {
struct nfp_net_tx_desc *txds; struct nfp_net_tx_desc *txds;
dma_addr_t dma; dma_addr_t dma;
unsigned int size; size_t size;
bool is_xdp; bool is_xdp;
} ____cacheline_aligned; } ____cacheline_aligned;
@ -350,9 +350,9 @@ struct nfp_net_rx_buf {
* @qcp_fl: Pointer to base of the QCP freelist queue * @qcp_fl: Pointer to base of the QCP freelist queue
* @rxbufs: Array of transmitted FL/RX buffers * @rxbufs: Array of transmitted FL/RX buffers
* @rxds: Virtual address of FL/RX ring in host memory * @rxds: Virtual address of FL/RX ring in host memory
* @xdp_rxq: RX-ring info avail for XDP
* @dma: DMA address of the FL/RX ring * @dma: DMA address of the FL/RX ring
* @size: Size, in bytes, of the FL/RX ring (needed to free) * @size: Size, in bytes, of the FL/RX ring (needed to free)
* @xdp_rxq: RX-ring info avail for XDP
*/ */
struct nfp_net_rx_ring { struct nfp_net_rx_ring {
struct nfp_net_r_vector *r_vec; struct nfp_net_r_vector *r_vec;
@ -364,14 +364,15 @@ struct nfp_net_rx_ring {
u32 idx; u32 idx;
int fl_qcidx; int fl_qcidx;
unsigned int size;
u8 __iomem *qcp_fl; u8 __iomem *qcp_fl;
struct nfp_net_rx_buf *rxbufs; struct nfp_net_rx_buf *rxbufs;
struct nfp_net_rx_desc *rxds; struct nfp_net_rx_desc *rxds;
dma_addr_t dma;
struct xdp_rxq_info xdp_rxq; struct xdp_rxq_info xdp_rxq;
dma_addr_t dma;
size_t size;
} ____cacheline_aligned; } ____cacheline_aligned;
/** /**

View File

@ -53,6 +53,8 @@
#include <linux/interrupt.h> #include <linux/interrupt.h>
#include <linux/ip.h> #include <linux/ip.h>
#include <linux/ipv6.h> #include <linux/ipv6.h>
#include <linux/mm.h>
#include <linux/overflow.h>
#include <linux/page_ref.h> #include <linux/page_ref.h>
#include <linux/pci.h> #include <linux/pci.h>
#include <linux/pci_regs.h> #include <linux/pci_regs.h>
@ -1120,7 +1122,7 @@ nfp_net_tx_ring_reset(struct nfp_net_dp *dp, struct nfp_net_tx_ring *tx_ring)
tx_ring->rd_p++; tx_ring->rd_p++;
} }
memset(tx_ring->txds, 0, sizeof(*tx_ring->txds) * tx_ring->cnt); memset(tx_ring->txds, 0, tx_ring->size);
tx_ring->wr_p = 0; tx_ring->wr_p = 0;
tx_ring->rd_p = 0; tx_ring->rd_p = 0;
tx_ring->qcp_rd_p = 0; tx_ring->qcp_rd_p = 0;
@ -1300,7 +1302,7 @@ static void nfp_net_rx_ring_reset(struct nfp_net_rx_ring *rx_ring)
rx_ring->rxbufs[last_idx].dma_addr = 0; rx_ring->rxbufs[last_idx].dma_addr = 0;
rx_ring->rxbufs[last_idx].frag = NULL; rx_ring->rxbufs[last_idx].frag = NULL;
memset(rx_ring->rxds, 0, sizeof(*rx_ring->rxds) * rx_ring->cnt); memset(rx_ring->rxds, 0, rx_ring->size);
rx_ring->wr_p = 0; rx_ring->wr_p = 0;
rx_ring->rd_p = 0; rx_ring->rd_p = 0;
} }
@ -2126,7 +2128,7 @@ static void nfp_net_tx_ring_free(struct nfp_net_tx_ring *tx_ring)
struct nfp_net_r_vector *r_vec = tx_ring->r_vec; struct nfp_net_r_vector *r_vec = tx_ring->r_vec;
struct nfp_net_dp *dp = &r_vec->nfp_net->dp; struct nfp_net_dp *dp = &r_vec->nfp_net->dp;
kfree(tx_ring->txbufs); kvfree(tx_ring->txbufs);
if (tx_ring->txds) if (tx_ring->txds)
dma_free_coherent(dp->dev, tx_ring->size, dma_free_coherent(dp->dev, tx_ring->size,
@ -2150,18 +2152,17 @@ static int
nfp_net_tx_ring_alloc(struct nfp_net_dp *dp, struct nfp_net_tx_ring *tx_ring) nfp_net_tx_ring_alloc(struct nfp_net_dp *dp, struct nfp_net_tx_ring *tx_ring)
{ {
struct nfp_net_r_vector *r_vec = tx_ring->r_vec; struct nfp_net_r_vector *r_vec = tx_ring->r_vec;
int sz;
tx_ring->cnt = dp->txd_cnt; tx_ring->cnt = dp->txd_cnt;
tx_ring->size = sizeof(*tx_ring->txds) * tx_ring->cnt; tx_ring->size = array_size(tx_ring->cnt, sizeof(*tx_ring->txds));
tx_ring->txds = dma_zalloc_coherent(dp->dev, tx_ring->size, tx_ring->txds = dma_zalloc_coherent(dp->dev, tx_ring->size,
&tx_ring->dma, GFP_KERNEL); &tx_ring->dma, GFP_KERNEL);
if (!tx_ring->txds) if (!tx_ring->txds)
goto err_alloc; goto err_alloc;
sz = sizeof(*tx_ring->txbufs) * tx_ring->cnt; tx_ring->txbufs = kvcalloc(tx_ring->cnt, sizeof(*tx_ring->txbufs),
tx_ring->txbufs = kzalloc(sz, GFP_KERNEL); GFP_KERNEL);
if (!tx_ring->txbufs) if (!tx_ring->txbufs)
goto err_alloc; goto err_alloc;
@ -2275,7 +2276,7 @@ static void nfp_net_rx_ring_free(struct nfp_net_rx_ring *rx_ring)
if (dp->netdev) if (dp->netdev)
xdp_rxq_info_unreg(&rx_ring->xdp_rxq); xdp_rxq_info_unreg(&rx_ring->xdp_rxq);
kfree(rx_ring->rxbufs); kvfree(rx_ring->rxbufs);
if (rx_ring->rxds) if (rx_ring->rxds)
dma_free_coherent(dp->dev, rx_ring->size, dma_free_coherent(dp->dev, rx_ring->size,
@ -2298,7 +2299,7 @@ static void nfp_net_rx_ring_free(struct nfp_net_rx_ring *rx_ring)
static int static int
nfp_net_rx_ring_alloc(struct nfp_net_dp *dp, struct nfp_net_rx_ring *rx_ring) nfp_net_rx_ring_alloc(struct nfp_net_dp *dp, struct nfp_net_rx_ring *rx_ring)
{ {
int sz, err; int err;
if (dp->netdev) { if (dp->netdev) {
err = xdp_rxq_info_reg(&rx_ring->xdp_rxq, dp->netdev, err = xdp_rxq_info_reg(&rx_ring->xdp_rxq, dp->netdev,
@ -2308,14 +2309,14 @@ nfp_net_rx_ring_alloc(struct nfp_net_dp *dp, struct nfp_net_rx_ring *rx_ring)
} }
rx_ring->cnt = dp->rxd_cnt; rx_ring->cnt = dp->rxd_cnt;
rx_ring->size = sizeof(*rx_ring->rxds) * rx_ring->cnt; rx_ring->size = array_size(rx_ring->cnt, sizeof(*rx_ring->rxds));
rx_ring->rxds = dma_zalloc_coherent(dp->dev, rx_ring->size, rx_ring->rxds = dma_zalloc_coherent(dp->dev, rx_ring->size,
&rx_ring->dma, GFP_KERNEL); &rx_ring->dma, GFP_KERNEL);
if (!rx_ring->rxds) if (!rx_ring->rxds)
goto err_alloc; goto err_alloc;
sz = sizeof(*rx_ring->rxbufs) * rx_ring->cnt; rx_ring->rxbufs = kvcalloc(rx_ring->cnt, sizeof(*rx_ring->rxbufs),
rx_ring->rxbufs = kzalloc(sz, GFP_KERNEL); GFP_KERNEL);
if (!rx_ring->rxbufs) if (!rx_ring->rxbufs)
goto err_alloc; goto err_alloc;