net/rds: dma_map_sg is entitled to merge entries

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Function "dma_map_sg" is entitled to merge adjacent entries
and return a value smaller than what was passed as "nents".

Subsequently "ib_map_mr_sg" needs to work with this value ("sg_dma_len")
rather than the original "nents" parameter ("sg_len").

This old RDS bug was exposed and reliably causes kernel panics
(using RDMA operations "rds-stress -D") on x86_64 starting with:
commit c588072bba6b ("iommu/vt-d: Convert intel iommu driver to the iommu ops")

Simply put: Linux 5.11 and later.

Signed-off-by: Gerd Rausch <gerd.rausch@oracle.com>
Acked-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Link: https://lore.kernel.org/r/60efc69f-1f35-529d-a7ef-da0549cad143@oracle.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Gerd Rausch and committed by

Jakub Kicinski 4 years ago fb4b1373 c1930148

+2 -2

1 changed file

expand all

net

rds

ib_frmr.c

+2 -2

net/rds/ib_frmr.c

··· 131 131 cpu_relax(); 132 132 } 133 133 134 - ret = ib_map_mr_sg_zbva(frmr->mr, ibmr->sg, ibmr->sg_len, 134 + ret = ib_map_mr_sg_zbva(frmr->mr, ibmr->sg, ibmr->sg_dma_len, 135 135 &off, PAGE_SIZE); 136 - if (unlikely(ret != ibmr->sg_len)) 136 + if (unlikely(ret != ibmr->sg_dma_len)) 137 137 return ret < 0 ? ret : -EINVAL; 138 138 139 139 if (cmpxchg(&frmr->fr_state,