i386 ABI disagree with most other ABIs regarding alignment
of data type larger than 4 bytes: on most ABIs a padding must
be added at end of the structures, while it is not
required on i386.
Such ABI disagreement will make an x86_64 kernel try to read
past a buffer provided by an i386 binary, as the latter will
not have the expected padding for struct mlx5_create_cq and
mlx5_create_srq.
On kernel side, these structures were added for kernel v3.11-rc1
by following commit:
Commit e126ba97dba9edeb6fafa3665b5f8497fc9cdf8c
Author: Eli Cohen <eli@xxxxxxxxxxxx>
Date: Sun Jul 7 17:25:49 2013 +0300
mlx5: Add driver for Mellanox Connect-IB adapters
If future kernel is to use the padding for extension, on a
x86_64 unpatched kernel, it might read garbage as it would
read past the i386 provided buffer.
In this other hand, if boundary check is implemented on kernel
side, the x86_64 kernel will refuse to read past the i386
userspace provided buffer for struct mlx5_create_cq and
mlx5_create_srq, making the uverbs fail.
To address all these issues, this patch add an explicit padding
at end of structures and initialize it so that i386 and others ABI
share the same structure layout.
With this patch, libmlx5 will run on older kernel and
newer patched kernel.
Link: http://marc.info/?i=cover.1399216475.git.ydroneaud@xxxxxxxxxx
Signed-off-by: Yann Droneaud <ydroneaud@xxxxxxxxxx>
---
src/mlx5-abi.h | 2 ++
src/verbs.c | 6 ++++--
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/mlx5-abi.h b/src/mlx5-abi.h
index 6f98e62c59d5..980b24910403 100644
--- a/src/mlx5-abi.h
+++ b/src/mlx5-abi.h
@@ -83,6 +83,7 @@ struct mlx5_create_cq {
__u64 buf_addr;
__u64 db_addr;
__u32 cqe_size;
+ __u32 reserved;
};
struct mlx5_create_cq_resp {
@@ -95,6 +96,7 @@ struct mlx5_create_srq {
__u64 buf_addr;
__u64 db_addr;
__u32 flags;
+ __u32 reserved;
};
struct mlx5_create_srq_resp {
diff --git a/src/verbs.c b/src/verbs.c
index 7201e94925c5..1de8692e5264 100644
--- a/src/verbs.c
+++ b/src/verbs.c
@@ -261,7 +261,6 @@ struct ibv_cq *mlx5_create_cq(struct ibv_context *context, int cqe,
return NULL;
}
- memset(&cmd, 0, sizeof cmd);
cq->cons_index = 0;
if (mlx5_spinlock_init(&cq->lock))
@@ -307,6 +306,7 @@ struct ibv_cq *mlx5_create_cq(struct ibv_context *context, int cqe,
cmd.buf_addr = (uintptr_t) cq->buf_a.buf;
cmd.db_addr = (uintptr_t) cq->dbrec;
cmd.cqe_size = cqe_sz;
+ cmd.reserved = 0;
ret = ibv_cmd_create_cq(context, ncqe - 1, channel, comp_vector,
&cq->ibv_cq, &cmd.ibv_cmd, sizeof cmd,
@@ -442,7 +442,6 @@ struct ibv_srq *mlx5_create_srq(struct ibv_pd *pd,
}
ibsrq = &srq->srq;
- memset(&cmd, 0, sizeof cmd);
if (mlx5_spinlock_init(&srq->lock)) {
fprintf(stderr, "%s-%d:\n", __func__, __LINE__);
goto err;
@@ -490,6 +489,9 @@ struct ibv_srq *mlx5_create_srq(struct ibv_pd *pd,
srq->wq_sig = srq_sig_enabled();
if (srq->wq_sig)
cmd.flags = MLX5_SRQ_FLAG_SIGNATURE;
+ else
+ cmd.flags = 0;
+ cmd.reserved = 0;
attr->attr.max_sge = srq->max_gs;
pthread_mutex_lock(&ctx->srq_table_mutex);
--
1.9.0
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
