[PATCH 4.4 045/268] ntb_transport: Fix bug with max_mw_size parameter
From: Greg Kroah-Hartman
Date: Mon May 28 2018 - 11:41:55 EST
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Logan Gunthorpe <logang@xxxxxxxxxxxx>
[ Upstream commit cbd27448faff4843ac4b66cc71445a10623ff48d ]
When using the max_mw_size parameter of ntb_transport to limit the size of
the Memory windows, communication cannot be established and the queues
freeze.
This is because the mw_size that's reported to the peer is correctly
limited but the size used locally is not. So the MW is initialized
with a buffer smaller than the window but the TX side is using the
full window. This means the TX side will be writing to a region of the
window that points nowhere.
This is easily fixed by applying the same limit to tx_size in
ntb_transport_init_queue().
Fixes: e26a5843f7f5 ("NTB: Split ntb_hw_intel and ntb_transport drivers")
Signed-off-by: Logan Gunthorpe <logang@xxxxxxxxxxxx>
Acked-by: Allen Hubbe <Allen.Hubbe@xxxxxxxx>
Cc: Dave Jiang <dave.jiang@xxxxxxxxx>
Signed-off-by: Jon Mason <jdmason@xxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/ntb/ntb_transport.c | 3 +++
1 file changed, 3 insertions(+)
--- a/drivers/ntb/ntb_transport.c
+++ b/drivers/ntb/ntb_transport.c
@@ -955,6 +955,9 @@ static int ntb_transport_init_queue(stru
mw_base = nt->mw_vec[mw_num].phys_addr;
mw_size = nt->mw_vec[mw_num].phys_size;
+ if (max_mw_size && mw_size > max_mw_size)
+ mw_size = max_mw_size;
+
tx_size = (unsigned int)mw_size / num_qps_mw;
qp_offset = tx_size * (qp_num / mw_count);