This is a fix for possible memory corruption when too short buffer for received packet is posted. Now the buffer lenght is posted to HW. As a result of too large packet reception is a status with error in CQ.
Signed-off-by: Mirek Walukiewicz <[email protected]> --- kernel_patches/fixes/nes_0046_ima_mem_crash.patch | 27 +++++++++++++++++++++ 1 files changed, 27 insertions(+), 0 deletions(-) create mode 100644 kernel_patches/fixes/nes_0046_ima_mem_crash.patch diff --git a/kernel_patches/fixes/nes_0046_ima_mem_crash.patch b/kernel_patches/fixes/nes_0046_ima_mem_crash.patch new file mode 100644 index 0000000..43236f6 --- /dev/null +++ b/kernel_patches/fixes/nes_0046_ima_mem_crash.patch @@ -0,0 +1,27 @@ +diff -Naurp a/drivers/infiniband/hw/nes/nes_ud.c b/drivers/infiniband/hw/nes/nes_ud.c +--- a/drivers/infiniband/hw/nes/nes_ud.c 2010-09-14 13:10:24.000000000 +0200 ++++ b/drivers/infiniband/hw/nes/nes_ud.c 2010-09-14 13:30:45.000000000 +0200 +@@ -1599,6 +1599,8 @@ int nes_ud_post_recv(struct nes_ud_file + page_offset = nes_ud_wr->sg_list[i].addr & ~PAGE_MASK; + page_id = ((mr->va & ~PAGE_MASK) + mr_offset) >> PAGE_SHIFT; + ++ nic_rqe->wqe_words[NES_NIC_RQ_WQE_LENGTH_3_2_IDX] = 0; ++ + wqe_fragment_length = + (u16 *)&nic_rqe->wqe_words[NES_NIC_RQ_WQE_LENGTH_1_0_IDX]; + +@@ -1615,8 +1617,12 @@ int nes_ud_post_recv(struct nes_ud_file + NES_NIC_RQ_WQE_FRAG0_LOW_IDX + 2*wqe_fragment_index, + mr->addrs[page_id]+page_offset); + +- wqe_fragment_length[wqe_fragment_index] = +- cpu_to_le16(PAGE_SIZE - page_offset); ++ if (remaining_length >= PAGE_SIZE) ++ wqe_fragment_length[wqe_fragment_index] = ++ cpu_to_le16(PAGE_SIZE - page_offset); ++ else ++ wqe_fragment_length[wqe_fragment_index] = ++ cpu_to_le16(remaining_length); + + remaining_length -= PAGE_SIZE - page_offset; + page_offset = 0; _______________________________________________ ewg mailing list [email protected] http://lists.openfabrics.org/cgi-bin/mailman/listinfo/ewg
