From patchwork Sun May  4 21:31:52 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Yann Droneaud <ydroneaud@opteya.com>
X-Patchwork-Id: 4110851
Return-Path: <linux-rdma-owner@kernel.org>
X-Original-To: patchwork-linux-rdma@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id B3F43BFF02
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Sun,  4 May 2014 21:32:44 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id D8D102024D
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Sun,  4 May 2014 21:32:43 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 0762D2022A
	for <patchwork-linux-rdma@patchwork.kernel.org>;
	Sun,  4 May 2014 21:32:43 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753309AbaEDVcm (ORCPT
	<rfc822;patchwork-linux-rdma@patchwork.kernel.org>);
	Sun, 4 May 2014 17:32:42 -0400
Received: from smtp2-g21.free.fr ([212.27.42.2]:53670 "EHLO
	smtp2-g21.free.fr"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1752534AbaEDVcm (ORCPT <rfc822;linux-rdma@vger.kernel.org>);
	Sun, 4 May 2014 17:32:42 -0400
Received: from localhost.localdomain (unknown
	[IPv6:2a01:e35:2e9f:6ac0:cd98:86ba:f22:4471])
	by smtp2-g21.free.fr (Postfix) with ESMTP id 92B2E4B0042;
	Sun,  4 May 2014 23:31:40 +0200 (CEST)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by localhost.localdomain (8.14.8/8.14.7) with ESMTP id s44LWZsE013563;
	Sun, 4 May 2014 23:32:35 +0200
Received: (from ydroneaud@localhost)
	by localhost.localdomain (8.14.8/8.14.8/Submit) id s44LWZCB013562;
	Sun, 4 May 2014 23:32:35 +0200
From: Yann Droneaud <ydroneaud@opteya.com>
To: Steve Wise <swise@opengridcomputing.com>
Cc: linux-rdma@vger.kernel.org, Yann Droneaud <ydroneaud@opteya.com>
Subject: [PATCH libcxgb4 2/2] kernel abi: adds explicit padding in struct
	c4iw_alloc_ucontext_resp
Date: Sun,  4 May 2014 23:31:52 +0200
Message-Id: 
 <b2bbdebb50e91f6007484059460ba1ebf06626db.1399235229.git.ydroneaud@opteya.com>
X-Mailer: git-send-email 1.9.0
In-Reply-To: <cover.1399235229.git.ydroneaud@opteya.com>
References: <cover.1399235229.git.ydroneaud@opteya.com>
In-Reply-To: <cover.1399235229.git.ydroneaud@opteya.com>
References: <cover.1399216475.git.ydroneaud@opteya.com>
	<cover.1399235229.git.ydroneaud@opteya.com>
Sender: linux-rdma-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-rdma.vger.kernel.org>
X-Mailing-List: linux-rdma@vger.kernel.org
X-Spam-Status: No, score=-7.5 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

i386 ABI disagree with most other ABIs regarding alignment
of data type larger than 4 bytes: on most ABIs a padding must
be added at end of the structures, while it is not
required on i386.

Such ABI disagreement will make an x86_64 kernel try to write past
the struct c4iw_alloc_ucontext_resp buffer provided by an i386
userspace binary. As struct c4iw_alloc_ucontext_resp is likely
on stack, see function c4iw_alloc_context(), side effects are
expected.

On kernel side, this structure was modified for kernel v3.15-rc1
by following commit:

  Commit 05eb23893c2cf9502a9cec0c32e7f1d1ed2895c8
  Author: Steve Wise <swise@opengridcomputing.com>
  Date:   Fri Mar 14 21:52:08 2014 +0530

      cxgb4/iw_cxgb4: Doorbell Drop Avoidance Bug Fixes

If boundary check is implemented on kernel side, the x86_64
kernel will instead refuse to write past the i386 userspace
provided buffer and the uverbs will fail.

To fix these issues, this patch adds an explicit padding at end
of structure so that i386 and others ABI share the same structure
layout. This patch makes c4iw_alloc_context() check for a value
in the padding field to detect newer kernel using the field for
a future purpose (only activated in debug).

With this patch, libcxgb4 will work against older kernel and
newer patched kernel.

Link: http://marc.info/?i=cover.1399216475.git.ydroneaud@opteya.com
Signed-off-by: Yann Droneaud <ydroneaud@opteya.com>
---
 src/cxgb4-abi.h | 1 +
 src/dev.c       | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/src/cxgb4-abi.h b/src/cxgb4-abi.h
index 23870f66dc0d..0b9f4d99d0e7 100644
--- a/src/cxgb4-abi.h
+++ b/src/cxgb4-abi.h
@@ -38,6 +38,7 @@ struct c4iw_alloc_ucontext_resp {
 	struct ibv_get_context_resp ibv_resp;
 	__u64 status_page_key;
 	__u32 status_page_size;
+	__u32 reserved;
 };
 
 struct c4iw_alloc_pd_resp {
diff --git a/src/dev.c b/src/dev.c
index 3236e6b2db6d..f66df71105e5 100644
--- a/src/dev.c
+++ b/src/dev.c
@@ -125,10 +125,15 @@ static struct ibv_context *c4iw_alloc_context(struct ibv_device *ibdev,
 	context->ibv_ctx.cmd_fd = cmd_fd;
 
 	resp.status_page_size = 0;
+	resp.reserved = 0;
 	if (ibv_cmd_get_context(&context->ibv_ctx, &cmd, sizeof cmd,
 				&resp.ibv_resp, sizeof resp))
 		goto err_free;
 
+	if (resp.reserved)
+		PDBG("%s c4iw_alloc_ucontext_resp reserved field modified by kernel\n",
+		     __FUNCTION__);
+
 	context->status_page_size = resp.status_page_size;
 	if (resp.status_page_size) {
 		context->status_page = mmap(NULL, resp.status_page_size,