[PATCH 4.9 061/329] ntb_transport: Fix bug with max_mw_size parameter

From: Greg Kroah-Hartman
Date: Mon May 28 2018 - 10:50:45 EST


4.9-stable review patch. If anyone has any objections, please let me know.

------------------

From: Logan Gunthorpe <logang@xxxxxxxxxxxx>

[ Upstream commit cbd27448faff4843ac4b66cc71445a10623ff48d ]

When using the max_mw_size parameter of ntb_transport to limit the size of
the Memory windows, communication cannot be established and the queues
freeze.

This is because the mw_size that's reported to the peer is correctly
limited but the size used locally is not. So the MW is initialized
with a buffer smaller than the window but the TX side is using the
full window. This means the TX side will be writing to a region of the
window that points nowhere.

This is easily fixed by applying the same limit to tx_size in
ntb_transport_init_queue().

Fixes: e26a5843f7f5 ("NTB: Split ntb_hw_intel and ntb_transport drivers")
Signed-off-by: Logan Gunthorpe <logang@xxxxxxxxxxxx>
Acked-by: Allen Hubbe <Allen.Hubbe@xxxxxxxx>
Cc: Dave Jiang <dave.jiang@xxxxxxxxx>
Signed-off-by: Jon Mason <jdmason@xxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/ntb/ntb_transport.c | 3 +++
1 file changed, 3 insertions(+)

--- a/drivers/ntb/ntb_transport.c
+++ b/drivers/ntb/ntb_transport.c
@@ -996,6 +996,9 @@ static int ntb_transport_init_queue(stru
mw_base = nt->mw_vec[mw_num].phys_addr;
mw_size = nt->mw_vec[mw_num].phys_size;

+ if (max_mw_size && mw_size > max_mw_size)
+ mw_size = max_mw_size;
+
tx_size = (unsigned int)mw_size / num_qps_mw;
qp_offset = tx_size * (qp_num / mw_count);