[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20221019083315.249347163@linuxfoundation.org>
Date: Wed, 19 Oct 2022 10:30:59 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Bob Pearson <rpearsonhpe@...il.com>,
Li Zhijian <lizhijian@...itsu.com>,
Jason Gunthorpe <jgg@...dia.com>,
Sasha Levin <sashal@...nel.org>
Subject: [PATCH 6.0 572/862] RDMA/rxe: Fix resize_finish() in rxe_queue.c
From: Bob Pearson <rpearsonhpe@...il.com>
[ Upstream commit fda5d0cf8aef12f0a4f714a96a4b2fce039a3e55 ]
Currently in resize_finish() in rxe_queue.c there is a loop which copies
the entries in the original queue into a newly allocated queue. The
termination logic for this loop is incorrect. The call to
queue_next_index() updates cons but has no effect on whether the queue is
empty. So if the queue starts out empty nothing is copied but if it is not
then the loop will run forever. This patch changes the loop to compare the
value of cons to the original producer index.
Fixes: ae6e843fe08d0 ("RDMA/rxe: Add memory barriers to kernel queues")
Link: https://lore.kernel.org/r/20220825221446.6512-1-rpearsonhpe@gmail.com
Signed-off-by: Bob Pearson <rpearsonhpe@...il.com>
Reviewed-by: Li Zhijian <lizhijian@...itsu.com>
Signed-off-by: Jason Gunthorpe <jgg@...dia.com>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
drivers/infiniband/sw/rxe/rxe_queue.c | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/drivers/infiniband/sw/rxe/rxe_queue.c b/drivers/infiniband/sw/rxe/rxe_queue.c
index dbd4971039c0..d6dbf5a0058d 100644
--- a/drivers/infiniband/sw/rxe/rxe_queue.c
+++ b/drivers/infiniband/sw/rxe/rxe_queue.c
@@ -112,23 +112,25 @@ static int resize_finish(struct rxe_queue *q, struct rxe_queue *new_q,
unsigned int num_elem)
{
enum queue_type type = q->type;
+ u32 new_prod;
u32 prod;
u32 cons;
if (!queue_empty(q, q->type) && (num_elem < queue_count(q, type)))
return -EINVAL;
- prod = queue_get_producer(new_q, type);
+ new_prod = queue_get_producer(new_q, type);
+ prod = queue_get_producer(q, type);
cons = queue_get_consumer(q, type);
- while (!queue_empty(q, type)) {
- memcpy(queue_addr_from_index(new_q, prod),
+ while ((prod - cons) & q->index_mask) {
+ memcpy(queue_addr_from_index(new_q, new_prod),
queue_addr_from_index(q, cons), new_q->elem_size);
- prod = queue_next_index(new_q, prod);
+ new_prod = queue_next_index(new_q, new_prod);
cons = queue_next_index(q, cons);
}
- new_q->buf->producer_index = prod;
+ new_q->buf->producer_index = new_prod;
q->buf->consumer_index = cons;
/* update private index copies */
--
2.35.1
Powered by blists - more mailing lists