From 8084763678a2aba2633ac88aaba98c5215099bf3 Mon Sep 17 00:00:00 2001 From: Chengchang Tang Date: Fri, 8 Dec 2023 10:00:32 +0800 Subject: [PATCH] libhns: Fix possible overflow in cq clean [ Upstream commit 886b17cd973bb2abeed6a288f3df11f4edc9b303 ] The ci/pi of hns roce cq allows data to be flipped. but in __hns_roce_v2_cq_clean(), this flip may lead to an wrong number of loops. This patch fixes it by extending the data type to avoid data flipping. Fixes: 6fe30a1a705f ("libhns: Introduce QP operations referred to hip08 RoCE device") Signed-off-by: Chengchang Tang Signed-off-by: Junxian Huang Signed-off-by: Nicolas Morey --- providers/hns/hns_roce_u_hw_v2.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/providers/hns/hns_roce_u_hw_v2.c b/providers/hns/hns_roce_u_hw_v2.c index 08da48051..fffd5b72e 100644 --- a/providers/hns/hns_roce_u_hw_v2.c +++ b/providers/hns/hns_roce_u_hw_v2.c @@ -1435,20 +1435,21 @@ static int hns_roce_u_v2_post_recv(struct ibv_qp *ibvqp, struct ibv_recv_wr *wr, static void __hns_roce_v2_cq_clean(struct hns_roce_cq *cq, uint32_t qpn, struct hns_roce_srq *srq) { - int nfreed = 0; - bool is_recv_cqe; - uint8_t owner_bit; - uint16_t wqe_index; - uint32_t prod_index; - struct hns_roce_v2_cqe *cqe, *dest; struct hns_roce_context *ctx = to_hr_ctx(cq->verbs_cq.cq.context); + uint64_t cons_index = cq->cons_index; + uint64_t prod_index = cq->cons_index; + struct hns_roce_v2_cqe *cqe, *dest; + uint16_t wqe_index; + uint8_t owner_bit; + bool is_recv_cqe; + int nfreed = 0; - for (prod_index = cq->cons_index; get_sw_cqe_v2(cq, prod_index); - ++prod_index) - if (prod_index > cq->cons_index + cq->verbs_cq.cq.cqe) + for (; get_sw_cqe_v2(cq, prod_index); ++prod_index) + if (prod_index > cons_index + cq->verbs_cq.cq.cqe) break; - while ((int) --prod_index - (int) cq->cons_index >= 0) { + while (prod_index - cons_index > 0) { + prod_index--; cqe = get_cqe_v2(cq, prod_index & cq->verbs_cq.cq.cqe); if (hr_reg_read(cqe, CQE_LCL_QPN) == qpn) { is_recv_cqe = hr_reg_read(cqe, CQE_S_R);