From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-qk1-f201.google.com (mail-qk1-f201.google.com [209.85.222.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9293C3CDBDD for ; Mon, 29 Jun 2026 23:25:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782775551; cv=none; b=oh2T2WjSvUd0hYX1ggNsA3HN8T0oHV2Ual3IQlGYebUo+9tYeeiLnM/PccHL87m+V0ZDsfViiV6jpNbcI2NZ8NCmOkydzc67igfk/UdMkz/KUAnkeT2ZVp2m0IvuO+Advg2pD8fu+CCpijhD5DTr0PyYlvOSfGStF5pVOC2fQfU= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1782775551; c=relaxed/simple; bh=e/o1ghByfAdyys1Zt0S08HYk/2Vyjl/IWa6d0WD3rkA=; h=Date:In-Reply-To:Mime-Version:References:Message-ID:Subject:From: To:Cc:Content-Type; b=WLHosTNW4ZYAPzjy8E+zDJ8vaL/+DPng3qh9WHJX3qp/uLmDEn9ebEA0qTpHSjOckapBs+emyjAHVIOBKBtHAeNxXxDV1Z4Fjm6F8Xdvl+Ja+Ceq04wtjPfYh8RsqPYB/iG4FtvmlJsbvdyWC53+NfjKN/XGitXAUgLKpyEg54U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com; spf=pass smtp.mailfrom=flex--jmoroni.bounces.google.com; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b=K9pbQpId; arc=none smtp.client-ip=209.85.222.201 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=flex--jmoroni.bounces.google.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="K9pbQpId" Received: by mail-qk1-f201.google.com with SMTP id af79cd13be357-92e5e38fbc5so204306885a.2 for ; Mon, 29 Jun 2026 16:25:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20251104; t=1782775550; x=1783380350; darn=vger.kernel.org; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:from:to:cc:subject:date:message-id:reply-to; bh=yW+tqPLKalV/78oR9qoDsHJxbuHNYTGcsfHXVgZar64=; b=K9pbQpIdeXe8ppowEtLB8hlye7jgX/SQBzPb4OnYBBYQbA9BX/LmYgQkd4teTa1Ahz mX4CGKW7qgOe6E4fvJlq2l034LLrGabh0j1ySYssV+wBggVvb7XVBRIXbdSRsbIPqRl8 wS/2SIHxhGHYGD4769Sccq6ctcpQMibZmgqrMX6jAvRt64E/kYeHLBb7gL1csPLQQk+n pWuGDq8MOljOFhhc7UsDBN4BERsxCYik7qhW3E2x70qlub3RI02XuKLbnJ9pKKvzVXq7 wvjR31qMiuhBhiNmD179KGimEy7oRNvpR6rxI7Vr9mivvJL2QkPsa7WBGrkHBi/u3dwV 1gEg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1782775550; x=1783380350; h=cc:to:from:subject:message-id:references:mime-version:in-reply-to :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=yW+tqPLKalV/78oR9qoDsHJxbuHNYTGcsfHXVgZar64=; b=C2Y8CFOfa2yTRBXDIksz1dnvuBfyFzLsYX1AW+oA14OqO5nsOrLF1xasw+Dm7ue9/Z s1wWL5d0OBn5SaGZ3i+iIN7LHuU6B52PZyHpVJHRZKODugXOCD1KOZQEKK2nhnw8R7O4 c3FNNrJuswWP6QJuLAub081lXWEyNEhj2eazFowjOi2tqSm7oS7l7g5N/J4FvVTCcR+2 9aTWEZnEr/ionj+fBO4lHq8pAVYScoIye8UxhU5FCO0yzVZpw+F9SdUPYg95zppaOr6q QOx3zorXsDEQ/YyN8EQVkAQ2N88jjfw/Cl3nnyUJMO524cv68vN7Uj7g2Yx5KIal+JpZ XsBA== X-Gm-Message-State: AOJu0Yzg0dl9fJEhTyVkTK1iE8kdkDml+zknomynhGTsfR+oIFBjwmgc aUiiJL3N5Ws/+EPYzdMjrl6/mbNb1E412UkfsbPhnUWjDxdOEkGOGeiehCYsts5kBd1OX3DrQQa 53HkoXhKASg== X-Received: from qkax11-n2.prod.google.com ([2002:a05:620a:224b:20b0:915:885d:f9af]) (user=jmoroni job=prod-delivery.src-stubby-dispatcher) by 2002:a05:620a:1981:b0:92e:45e0:2588 with SMTP id af79cd13be357-92e627eb67fmr272997385a.55.1782775549382; Mon, 29 Jun 2026 16:25:49 -0700 (PDT) Date: Mon, 29 Jun 2026 23:25:31 +0000 In-Reply-To: <20260629232532.2057423-1-jmoroni@google.com> Precedence: bulk X-Mailing-List: linux-rdma@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 References: <20260629232532.2057423-1-jmoroni@google.com> X-Mailer: git-send-email 2.55.0.rc0.799.gd6f94ed593-goog Message-ID: <20260629232532.2057423-5-jmoroni@google.com> Subject: [PATCH rdma-next v2 4/5] RDMA/irdma: Use robust udata helper for QP creation From: Jacob Moroni To: tatyana.e.nikolova@intel.com, jgg@ziepe.ca, leon@kernel.org Cc: linux-rdma@vger.kernel.org, Jacob Moroni Content-Type: text/plain; charset="UTF-8" Replace the manual udata input copy and validation during QP creation with the robust helper. The irdma driver is backwards compatible with the legacy i40iw userspace provider. The current create_qp ABI contains two 8 byte fields. The legacy i40iw ABI was the same but also contained two additional fields which were never actually used. Furthermore, the i40iw userspace provider never explicitly zero-initialized those extra fields, so there is a chance that existing binaries are passing non-zero garbage values down to the kernel. Previously, the irdma driver only copied out the first 16 bytes and did not have any check for the rest of the buffer being zero, so that additional garbage didn't matter. By switching to ib_copy_validate_udata_in(), we will now be checking to ensure that data beyond the kernel's definition of the request is all zero. In order to avoid breaking legacy binaries, we therefore need to increase the request structure size to cover those garbage fields. - Legacy binaries will continue to pass down a 32 byte request, with the driver copying the entire 32 bytes out but ignoring the second 16 bytes, just as before. - Newer binaries will pass down the normal 16 byte request. The ib_copy_validate_udata_in() call will allow this to succeed because we use user_compl_ctx as our minimum length (16 bytes). - If the request is ever extended, the new fields would be added after the "don't use" fields and would work as per the normal uAPI mechanism. Signed-off-by: Jacob Moroni --- drivers/infiniband/hw/irdma/verbs.c | 44 +++++++++++++++-------------- include/uapi/rdma/irdma-abi.h | 1 + 2 files changed, 24 insertions(+), 21 deletions(-) diff --git a/drivers/infiniband/hw/irdma/verbs.c b/drivers/infiniband/hw/irdma/verbs.c index c1df9ca1b86b..30f2483bdc33 100644 --- a/drivers/infiniband/hw/irdma/verbs.c +++ b/drivers/infiniband/hw/irdma/verbs.c @@ -627,37 +627,29 @@ static void irdma_setup_virt_qp(struct irdma_device *iwdev, /** * irdma_setup_umode_qp - setup sq and rq size in user mode qp - * @udata: udata + * @ucontext: user context + * @req: user request pointer * @iwdev: iwarp device * @iwqp: qp ptr (user or kernel) * @info: initialize info to return * @init_attr: Initial QP create attributes */ -static int irdma_setup_umode_qp(struct ib_udata *udata, +static int irdma_setup_umode_qp(struct irdma_ucontext *ucontext, + struct irdma_create_qp_req *req, struct irdma_device *iwdev, struct irdma_qp *iwqp, struct irdma_qp_init_info *info, struct ib_qp_init_attr *init_attr) { - struct irdma_ucontext *ucontext = rdma_udata_to_drv_context(udata, - struct irdma_ucontext, ibucontext); struct irdma_qp_uk_init_info *ukinfo = &info->qp_uk_init_info; - struct irdma_create_qp_req req; unsigned long flags; int ret; - ret = ib_copy_from_udata(&req, udata, - min(sizeof(req), udata->inlen)); - if (ret) { - ibdev_dbg(&iwdev->ibdev, "VERBS: ib_copy_from_data fail\n"); - return ret; - } - - iwqp->ctx_info.qp_compl_ctx = req.user_compl_ctx; + iwqp->ctx_info.qp_compl_ctx = req->user_compl_ctx; iwqp->user_mode = 1; - if (req.user_wqe_bufs) { + if (req->user_wqe_bufs) { spin_lock_irqsave(&ucontext->qp_reg_mem_list_lock, flags); - iwqp->iwpbl = irdma_get_pbl((unsigned long)req.user_wqe_bufs, + iwqp->iwpbl = irdma_get_pbl((unsigned long)req->user_wqe_bufs, &ucontext->qp_reg_mem_list); spin_unlock_irqrestore(&ucontext->qp_reg_mem_list_lock, flags); @@ -970,7 +962,6 @@ static int irdma_create_qp(struct ib_qp *ibqp, struct ib_qp_init_attr *init_attr, struct ib_udata *udata) { -#define IRDMA_CREATE_QP_MIN_REQ_LEN offsetofend(struct irdma_create_qp_req, user_compl_ctx) #define IRDMA_CREATE_QP_MIN_RESP_LEN offsetofend(struct irdma_create_qp_resp, rsvd) struct ib_pd *ibpd = ibqp->pd; struct irdma_pd *iwpd = to_iwpd(ibpd); @@ -985,6 +976,7 @@ static int irdma_create_qp(struct ib_qp *ibqp, struct irdma_uk_attrs *uk_attrs = &dev->hw_attrs.uk_attrs; struct irdma_qp_init_info init_info = {}; struct irdma_qp_host_ctx_info *ctx_info; + struct irdma_create_qp_req ureq = {}; struct irdma_srq *iwsrq; bool srq_valid = false; u32 srq_id = 0; @@ -1002,9 +994,14 @@ static int irdma_create_qp(struct ib_qp *ibqp, if (err_code) return err_code; - if (udata && (udata->inlen < IRDMA_CREATE_QP_MIN_REQ_LEN || - udata->outlen < IRDMA_CREATE_QP_MIN_RESP_LEN)) - return -EINVAL; + if (udata) { + if (udata->outlen < IRDMA_CREATE_QP_MIN_RESP_LEN) + return -EINVAL; + + err_code = ib_copy_validate_udata_in(udata, ureq, user_compl_ctx); + if (err_code) + return err_code; + } init_info.vsi = &iwdev->vsi; init_info.qp_uk_init_info.uk_attrs = uk_attrs; @@ -1063,9 +1060,14 @@ static int irdma_create_qp(struct ib_qp *ibqp, init_waitqueue_head(&iwqp->mod_qp_waitq); if (udata) { + struct irdma_ucontext *ucontext = + rdma_udata_to_drv_context(udata, + struct irdma_ucontext, + ibucontext); + init_info.qp_uk_init_info.abi_ver = iwpd->sc_pd.abi_ver; - err_code = irdma_setup_umode_qp(udata, iwdev, iwqp, &init_info, - init_attr); + err_code = irdma_setup_umode_qp(ucontext, &ureq, iwdev, iwqp, + &init_info, init_attr); } else { INIT_DELAYED_WORK(&iwqp->dwork_flush, irdma_flush_worker); init_info.qp_uk_init_info.abi_ver = IRDMA_ABI_VER; diff --git a/include/uapi/rdma/irdma-abi.h b/include/uapi/rdma/irdma-abi.h index 36f20802bcc8..38155affc8b4 100644 --- a/include/uapi/rdma/irdma-abi.h +++ b/include/uapi/rdma/irdma-abi.h @@ -88,6 +88,7 @@ struct irdma_create_srq_resp { struct irdma_create_qp_req { __aligned_u64 user_wqe_bufs; __aligned_u64 user_compl_ctx; + __aligned_u64 legacy_dontuse[2]; }; struct irdma_mem_reg_req { -- 2.55.0.rc0.799.gd6f94ed593-goog