!15198 CVE-2024-57857

 */

#define SIW_IRQ_MAXBURST_SQ_ACTIVE 4

/* There is always only a port 1 per siw device */

#define SIW_PORT 1

struct siw_dev_cap {

	int max_qp;

	int max_qp_wr;

struct siw_device {

	struct ib_device base_dev;

	struct net_device *netdev;

	struct siw_dev_cap attrs;

	u32 vendor_part_id;

	int numa_node;

	/* physical port state (only one port per device) */

	enum ib_port_state state;

	char raw_gid[ETH_ALEN];

	spinlock_t lock;

{

	struct socket *s;

	struct siw_cep *cep = NULL;

	struct net_device *ndev = NULL;

	struct siw_device *sdev = to_siw_dev(id->device);

	int addr_family = id->local_addr.ss_family;

	int rv = 0;

		struct sockaddr_in *laddr = &to_sockaddr_in(id->local_addr);

		/* For wildcard addr, limit binding to current device only */

		if (ipv4_is_zeronet(laddr->sin_addr.s_addr))

			s->sk->sk_bound_dev_if = sdev->netdev->ifindex;

		if (ipv4_is_zeronet(laddr->sin_addr.s_addr)) {

			ndev = ib_device_get_netdev(id->device, SIW_PORT);

			if (ndev) {

				s->sk->sk_bound_dev_if = ndev->ifindex;

			} else {

				rv = -ENODEV;

				goto error;

			}

		}

		rv = s->ops->bind(s, (struct sockaddr *)laddr,

				  sizeof(struct sockaddr_in));

	} else {

		struct sockaddr_in6 *laddr = &to_sockaddr_in6(id->local_addr);

		/* For wildcard addr, limit binding to current device only */

		if (ipv6_addr_any(&laddr->sin6_addr))

			s->sk->sk_bound_dev_if = sdev->netdev->ifindex;

		if (ipv6_addr_any(&laddr->sin6_addr)) {

			ndev = ib_device_get_netdev(id->device, SIW_PORT);

			if (ndev) {

				s->sk->sk_bound_dev_if = ndev->ifindex;

			} else {

				rv = -ENODEV;

				goto error;

			}

		}

		rv = s->ops->bind(s, (struct sockaddr *)laddr,

				  sizeof(struct sockaddr_in6));

	}

	}

	list_add_tail(&cep->listenq, (struct list_head *)id->provider_data);

	cep->state = SIW_EPSTATE_LISTENING;

	dev_put(ndev);

	siw_dbg(id->device, "Listen at laddr %pISp\n", &id->local_addr);

		siw_cep_put(cep);

	}

	sock_release(s);

	dev_put(ndev);

	return rv;

}

		return rv;

	}

	siw_dbg(base_dev, "HWaddr=%pM\n", sdev->netdev->dev_addr);

	siw_dbg(base_dev, "HWaddr=%pM\n", sdev->raw_gid);

	return 0;

}

	 * <linux/if_arp.h> for type identifiers.

	 */

	if (netdev->type == ARPHRD_ETHER || netdev->type == ARPHRD_IEEE802 ||

	    netdev->type == ARPHRD_NONE ||

	    (netdev->type == ARPHRD_LOOPBACK && loopback_enabled))

		return 1;

	base_dev = &sdev->base_dev;

	sdev->netdev = netdev;

	if (netdev->type != ARPHRD_LOOPBACK) {

		addrconf_addr_eui48((unsigned char *)&base_dev->node_guid,

				    netdev->dev_addr);

	if (netdev->addr_len) {

		memcpy(sdev->raw_gid, netdev->dev_addr,

		       min_t(unsigned int, netdev->addr_len, ETH_ALEN));

	} else {

		/*

		 * The loopback device does not have a HW address,

		 * but connection mangagement lib expects gid != 0

		 * This device does not have a HW address, but

		 * connection mangagement requires a unique gid.

		 */

		size_t len = min_t(size_t, strlen(base_dev->name), 6);

		char addr[6] = { };

		memcpy(addr, base_dev->name, len);

		addrconf_addr_eui48((unsigned char *)&base_dev->node_guid,

				    addr);

		eth_random_addr(sdev->raw_gid);

	}

	addrconf_addr_eui48((u8 *)&base_dev->node_guid, sdev->raw_gid);

	base_dev->uverbs_cmd_mask =

		(1ull << IB_USER_VERBS_CMD_QUERY_DEVICE) |

		(1ull << IB_USER_VERBS_CMD_QUERY_PORT) |

	switch (event) {

	case NETDEV_UP:

		sdev->state = IB_PORT_ACTIVE;

		siw_port_event(sdev, 1, IB_EVENT_PORT_ACTIVE);

		break;

		break;

	case NETDEV_DOWN:

		sdev->state = IB_PORT_DOWN;

		siw_port_event(sdev, 1, IB_EVENT_PORT_ERR);

		break;

		siw_port_event(sdev, 1, IB_EVENT_LID_CHANGE);

		break;

	/*

	 * Todo: Below netdev events are currently not handled.

	 * All other events are not handled

	 */

	case NETDEV_CHANGEMTU:

	case NETDEV_CHANGE:

		break;

	default:

		break;

	}

	if (sdev) {

		dev_dbg(&netdev->dev, "siw: new device\n");

		if (netif_running(netdev) && netif_carrier_ok(netdev))

			sdev->state = IB_PORT_ACTIVE;

		else

			sdev->state = IB_PORT_DOWN;

		rv = siw_device_register(sdev, basedev_name);

		if (rv)

			ib_dealloc_device(&sdev->base_dev);

#include <linux/uaccess.h>

#include <linux/vmalloc.h>

#include <linux/xarray.h>

#include <net/addrconf.h>

#include <rdma/iw_cm.h>

#include <rdma/ib_verbs.h>

	attr->vendor_id = SIW_VENDOR_ID;

	attr->vendor_part_id = sdev->vendor_part_id;

	memcpy(&attr->sys_image_guid, sdev->netdev->dev_addr, 6);

	addrconf_addr_eui48((u8 *)&attr->sys_image_guid,

			    sdev->raw_gid);

	return 0;

}

int siw_query_port(struct ib_device *base_dev, u8 port,

		   struct ib_port_attr *attr)

{

	struct siw_device *sdev = to_siw_dev(base_dev);

	struct net_device *ndev;

	int rv;

	memset(attr, 0, sizeof(*attr));

	rv = ib_get_eth_speed(base_dev, port, &attr->active_speed,

			 &attr->active_width);

	if (rv)

		return rv;

	ndev = ib_device_get_netdev(base_dev, SIW_PORT);

	if (!ndev)

		return -ENODEV;

	attr->gid_tbl_len = 1;

	attr->max_msg_sz = -1;

	attr->max_mtu = ib_mtu_int_to_enum(sdev->netdev->mtu);

	attr->active_mtu = ib_mtu_int_to_enum(sdev->netdev->mtu);

	attr->phys_state = sdev->state == IB_PORT_ACTIVE ?

	attr->max_mtu = ib_mtu_int_to_enum(ndev->max_mtu);

	attr->active_mtu = ib_mtu_int_to_enum(READ_ONCE(ndev->mtu));

	attr->phys_state = (netif_running(ndev) && netif_carrier_ok(ndev)) ?

		IB_PORT_PHYS_STATE_LINK_UP : IB_PORT_PHYS_STATE_DISABLED;

	attr->state = attr->phys_state == IB_PORT_PHYS_STATE_LINK_UP ?

		IB_PORT_ACTIVE : IB_PORT_DOWN;

	attr->port_cap_flags = IB_PORT_CM_SUP | IB_PORT_DEVICE_MGMT_SUP;

	attr->state = sdev->state;

	/*

	 * All zero

	 *

	 * attr->subnet_timeout = 0;

	 * attr->init_type_repy = 0;

	 */

	dev_put(ndev);

	return rv;

}

	/* subnet_prefix == interface_id == 0; */

	memset(gid, 0, sizeof(*gid));

	memcpy(&gid->raw[0], sdev->netdev->dev_addr, 6);

	memcpy(gid->raw, sdev->raw_gid, ETH_ALEN);

	return 0;

}

		 int qp_attr_mask, struct ib_qp_init_attr *qp_init_attr)

{

	struct siw_qp *qp;

	struct siw_device *sdev;

	struct net_device *ndev;

	if (base_qp && qp_attr && qp_init_attr) {

	if (base_qp && qp_attr && qp_init_attr)

		qp = to_siw_qp(base_qp);

		sdev = to_siw_dev(base_qp->device);

	} else {

	else

		return -EINVAL;

	}

	ndev = ib_device_get_netdev(base_qp->device, SIW_PORT);

	if (!ndev)

		return -ENODEV;

	qp_attr->cap.max_inline_data = SIW_MAX_INLINE;

	qp_attr->cap.max_send_wr = qp->attrs.sq_size;

	qp_attr->cap.max_send_sge = qp->attrs.sq_max_sges;

	qp_attr->cap.max_recv_wr = qp->attrs.rq_size;

	qp_attr->cap.max_recv_sge = qp->attrs.rq_max_sges;

	qp_attr->path_mtu = ib_mtu_int_to_enum(sdev->netdev->mtu);

	qp_attr->path_mtu = ib_mtu_int_to_enum(READ_ONCE(ndev->mtu));

	qp_attr->max_rd_atomic = qp->attrs.irq_size;

	qp_attr->max_dest_rd_atomic = qp->attrs.orq_size;

	qp_init_attr->cap = qp_attr->cap;

	dev_put(ndev);

	return 0;

}