From patchwork Sun May  4 21:31:51 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yann Droneaud <ydroneaud@opteya.com>
X-Patchwork-Id: 4110841
Return-Path: <linux-rdma-owner@kernel.org>
X-Original-To: patchwork-linux-rdma@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id 0C29A9F271
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Sun,  4 May 2014 21:32:30 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 216332024D
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Sun,  4 May 2014 21:32:29 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 02ECA2022A
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Sun,  4 May 2014 21:32:28 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752884AbaEDVc1 (ORCPT
	<rfc822;patchwork-linux-rdma@patchwork.kernel.org>);
	Sun, 4 May 2014 17:32:27 -0400
Received: from smtp2-g21.free.fr ([212.27.42.2]:53183 "EHLO
	smtp2-g21.free.fr"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752534AbaEDVc0 (ORCPT <rfc822;linux-rdma@vger.kernel.org>);
	Sun, 4 May 2014 17:32:26 -0400
Received: from localhost.localdomain (unknown
	[IPv6:2a01:e35:2e9f:6ac0:cd98:86ba:f22:4471])
	by smtp2-g21.free.fr (Postfix) with ESMTP id 77A034B0042;
	Sun,  4 May 2014 23:31:25 +0200 (CEST)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by localhost.localdomain (8.14.8/8.14.7) with ESMTP id s44LWKlX013547;
	Sun, 4 May 2014 23:32:20 +0200
Received: (from ydroneaud@localhost)
	by localhost.localdomain (8.14.8/8.14.8/Submit) id s44LWJqC013546;
	Sun, 4 May 2014 23:32:19 +0200
From: Yann Droneaud <ydroneaud@opteya.com>
To: Steve Wise <swise@opengridcomputing.com>
Cc: linux-rdma@vger.kernel.org, Yann Droneaud <ydroneaud@opteya.com>
Subject: [PATCH libcxgb4 1/2] kernel abi: adds explicit padding in struct
	c4iw_create_cq_resp
Date: Sun,  4 May 2014 23:31:51 +0200
Message-Id: 
 <85f6638383276563046cdf45daa81a19ac4c621e.1399235229.git.ydroneaud@opteya.com>
X-Mailer: git-send-email 1.9.0
In-Reply-To: <cover.1399235229.git.ydroneaud@opteya.com>
References: <cover.1399235229.git.ydroneaud@opteya.com>
In-Reply-To: <cover.1399235229.git.ydroneaud@opteya.com>
References: <cover.1399216475.git.ydroneaud@opteya.com>
	<cover.1399235229.git.ydroneaud@opteya.com>
Sender: linux-rdma-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org
X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

i386 ABI disagree with most other ABIs regarding alignment
of data type larger than 4 bytes: on most ABIs a padding must
be added at end of the structures, while it is not required
on i386.

Such ABI disagreement will make an x86_64 kernel try to write past
the struct c4iw_create_cq_resp buffer provided by an i386
userspace binary. As struct c4iw_create_cq_resp is likely
on stack, see function c4iw_create_cq(), side effects are
expected.

On kernel side, this structure was added for kernel v2.6.35-rc1
by following commit.

  Commit cfdda9d764362ab77b11a410bb928400e6520d57
  Author: Steve Wise <swise@opengridcomputing.com>
  Date:   Wed Apr 21 15:30:06 2010 -0700

      RDMA/cxgb4: Add driver for Chelsio T4 RNIC

If boundary check is implemented on kernel side, the x86_64 kernel
will refuse to write past the i386 userspace provided buffer and the
uverbs will fail.

To fix these issues, this patch adds an explicit padding at end
of structure so that i386 and others ABI share the same structure
layout. This patch makes c4iw_create_cq() check for a value in the
padding field to detect newer kernel using the field for a future
purpose (only activated in debug).

With this patch, libcxgb4 will work against older kernel and
newer patched kernel.

Link: http://marc.info/?i=cover.1399216475.git.ydroneaud@opteya.com
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
---
 src/cxgb4-abi.h | 1 +
 src/verbs.c     | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/src/cxgb4-abi.h b/src/cxgb4-abi.h
index d70b0f132a7f..23870f66dc0d 100644
--- a/src/cxgb4-abi.h
+++ b/src/cxgb4-abi.h
@@ -53,6 +53,7 @@ struct c4iw_create_cq_resp {
 	__u32 cqid;
 	__u32 size;
 	__u32 qid_mask;
+	__u32 reserved;
 };
 
 enum {
diff --git a/src/verbs.c b/src/verbs.c
index ab4a45d7cdbc..4a6c1b47bc9e 100644
--- a/src/verbs.c
+++ b/src/verbs.c
@@ -181,12 +181,17 @@ struct ibv_cq *c4iw_create_cq(struct ibv_context *context, int cqe,
 		return NULL;
 	}
 
+	resp.reserved = 0;
 	ret = ibv_cmd_create_cq(context, cqe, channel, comp_vector,
 				&chp->ibv_cq, &cmd, sizeof cmd,
 				&resp.ibv_resp, sizeof resp);
 	if (ret)
 		goto err1;
 
+	if (resp.reserved)
+		PDBG("%s c4iw_create_cq_resp reserved field modified by kernel\n",
+		     __FUNCTION__);
+
 	pthread_spin_init(&chp->lock, PTHREAD_PROCESS_PRIVATE);
 #ifdef STALL_DETECTION
 	gettimeofday(&chp->time, NULL);