Skip to content

Commit 31ccd1b

Browse files
Nick Childgregkh
Nick Child
authored and
gregkh
committed
ibmvnic: Handle DMA unmapping of login buffs in release functions
commit d78a671 upstream. Rather than leaving the DMA unmapping of the login buffers to the login response handler, move this work into the login release functions. Previously, these functions were only used for freeing the allocated buffers. This could lead to issues if there are more than one outstanding login buffer requests, which is possible if a login request times out. If a login request times out, then there is another call to send login. The send login function makes a call to the login buffer release function. In the past, this freed the buffers but did not DMA unmap. Therefore, the VIOS could still write to the old login (now freed) buffer. It is for this reason that it is a good idea to leave the DMA unmap call to the login buffers release function. Since the login buffer release functions now handle DMA unmapping, remove the duplicate DMA unmapping in handle_login_rsp(). Fixes: dff515a ("ibmvnic: Harden device login requests") Signed-off-by: Nick Child <nnac123@linux.ibm.com> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://lore.kernel.org/r/20230809221038.51296-3-nnac123@linux.ibm.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
1 parent 24556c1 commit 31ccd1b

File tree

1 file changed

+10
-5
lines changed

1 file changed

+10
-5
lines changed

drivers/net/ethernet/ibm/ibmvnic.c

Lines changed: 10 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1397,12 +1397,22 @@ static int ibmvnic_login(struct net_device *netdev)
13971397

13981398
static void release_login_buffer(struct ibmvnic_adapter *adapter)
13991399
{
1400+
if (!adapter->login_buf)
1401+
return;
1402+
1403+
dma_unmap_single(&adapter->vdev->dev, adapter->login_buf_token,
1404+
adapter->login_buf_sz, DMA_TO_DEVICE);
14001405
kfree(adapter->login_buf);
14011406
adapter->login_buf = NULL;
14021407
}
14031408

14041409
static void release_login_rsp_buffer(struct ibmvnic_adapter *adapter)
14051410
{
1411+
if (!adapter->login_rsp_buf)
1412+
return;
1413+
1414+
dma_unmap_single(&adapter->vdev->dev, adapter->login_rsp_buf_token,
1415+
adapter->login_rsp_buf_sz, DMA_FROM_DEVICE);
14061416
kfree(adapter->login_rsp_buf);
14071417
adapter->login_rsp_buf = NULL;
14081418
}
@@ -5207,11 +5217,6 @@ static int handle_login_rsp(union ibmvnic_crq *login_rsp_crq,
52075217
}
52085218
adapter->login_pending = false;
52095219

5210-
dma_unmap_single(dev, adapter->login_buf_token, adapter->login_buf_sz,
5211-
DMA_TO_DEVICE);
5212-
dma_unmap_single(dev, adapter->login_rsp_buf_token,
5213-
adapter->login_rsp_buf_sz, DMA_FROM_DEVICE);
5214-
52155220
/* If the number of queues requested can't be allocated by the
52165221
* server, the login response will return with code 1. We will need
52175222
* to resend the login buffer with fewer queues requested.

0 commit comments

Comments
 (0)