Commit 8db02e49 authored by Sean Anderson's avatar Sean Anderson Committed by Zheng Yejian
Browse files

soc: fsl: qbman: Always disable interrupts when taking cgr_lock 

stable inclusion
from stable-v5.10.215
commit dd199e5b759ffe349622a4b8fbcafc51fc51b1ec
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9Q970
CVE: CVE-2024-35806

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=dd199e5b759ffe349622a4b8fbcafc51fc51b1ec



--------------------------------

[ Upstream commit 584c2a9184a33a40fceee838f856de3cffa19be3 ]

smp_call_function_single disables IRQs when executing the callback. To
prevent deadlocks, we must disable IRQs when taking cgr_lock elsewhere.
This is already done by qman_update_cgr and qman_delete_cgr; fix the
other lockers.

Fixes: 96f413f4 ("soc/fsl/qbman: fix issue in qman_delete_cgr_safe()")
CC: stable@vger.kernel.org
Signed-off-by: default avatarSean Anderson <sean.anderson@linux.dev>
Reviewed-by: default avatarCamelia Groza <camelia.groza@nxp.com>
Tested-by: default avatarVladimir Oltean <vladimir.oltean@nxp.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarZheng Yejian <zhengyejian1@huawei.com>
parent f300accf

drivers/soc/fsl/qbman/qman.c

+5 −5
Original line number Diff line number Diff line
@@ -1456,11 +1456,11 @@ static void qm_congestion_task(struct work_struct *work) 
	union qm_mc_result *mcr;

	struct qman_cgr *cgr;



	spin_lock(&p->cgr_lock);

	spin_lock_irq(&p->cgr_lock);

	qm_mc_start(&p->p);

	qm_mc_commit(&p->p, QM_MCC_VERB_QUERYCONGESTION);

	if (!qm_mc_result_timeout(&p->p, &mcr)) {

		spin_unlock(&p->cgr_lock);

		spin_unlock_irq(&p->cgr_lock);

		dev_crit(p->config->dev, "QUERYCONGESTION timeout\n");

		qman_p_irqsource_add(p, QM_PIRQ_CSCI);

		return;
@@ -1476,7 +1476,7 @@ static void qm_congestion_task(struct work_struct *work) 
	list_for_each_entry(cgr, &p->cgr_cbs, node)

		if (cgr->cb && qman_cgrs_get(&c, cgr->cgrid))

			cgr->cb(p, cgr, qman_cgrs_get(&rr, cgr->cgrid));

	spin_unlock(&p->cgr_lock);

	spin_unlock_irq(&p->cgr_lock);

	qman_p_irqsource_add(p, QM_PIRQ_CSCI);

}
@@ -2440,7 +2440,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags, 
	preempt_enable();



	cgr->chan = p->config->channel;

	spin_lock(&p->cgr_lock);

	spin_lock_irq(&p->cgr_lock);



	if (opts) {

		struct qm_mcc_initcgr local_opts = *opts;
@@ -2477,7 +2477,7 @@ int qman_create_cgr(struct qman_cgr *cgr, u32 flags, 
	    qman_cgrs_get(&p->cgrs[1], cgr->cgrid))

		cgr->cb(p, cgr, 1);

out:

	spin_unlock(&p->cgr_lock);

	spin_unlock_irq(&p->cgr_lock);

	put_affine_portal();

	return ret;

}