leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
c87b4ecdbe
linux/drivers
History
Lorenzo Bianconi 2ec1ed2aa6 net: thunderx: fix NULL pointer dereference in nicvf_open/nicvf_stop 
When a bpf program is uploaded, the driver computes the number of
xdp tx queues resulting in the allocation of additional qsets.
Starting from commit '2ecbe4f4a027 ("net: thunderx: replace global
nicvf_rx_mode_wq work queue for all VFs to private for each of them")'
the driver runs link state polling for each VF resulting in the
following NULL pointer dereference:

[   56.169256] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020
[   56.178032] Mem abort info:
[   56.180834]   ESR = 0x96000005
[   56.183877]   Exception class = DABT (current EL), IL = 32 bits
[   56.189792]   SET = 0, FnV = 0
[   56.192834]   EA = 0, S1PTW = 0
[   56.195963] Data abort info:
[   56.198831]   ISV = 0, ISS = 0x00000005
[   56.202662]   CM = 0, WnR = 0
[   56.205619] user pgtable: 64k pages, 48-bit VAs, pgdp = 0000000021f0c7a0
[   56.212315] [0000000000000020] pgd=0000000000000000, pud=0000000000000000
[   56.219094] Internal error: Oops: 96000005 [#1] SMP
[   56.260459] CPU: 39 PID: 2034 Comm: ip Not tainted 5.1.0-rc3+ #3
[   56.266452] Hardware name: GIGABYTE R120-T33/MT30-GS1, BIOS T49 02/02/2018
[   56.273315] pstate: 80000005 (Nzcv daif -PAN -UAO)
[   56.278098] pc : __ll_sc___cmpxchg_case_acq_64+0x4/0x20
[   56.283312] lr : mutex_lock+0x2c/0x50
[   56.286962] sp : ffff0000219af1b0
[   56.290264] x29: ffff0000219af1b0 x28: ffff800f64de49a0
[   56.295565] x27: 0000000000000000 x26: 0000000000000015
[   56.300865] x25: 0000000000000000 x24: 0000000000000000
[   56.306165] x23: 0000000000000000 x22: ffff000011117000
[   56.311465] x21: ffff800f64dfc080 x20: 0000000000000020
[   56.316766] x19: 0000000000000020 x18: 0000000000000001
[   56.322066] x17: 0000000000000000 x16: ffff800f2e077080
[   56.327367] x15: 0000000000000004 x14: 0000000000000000
[   56.332667] x13: ffff000010964438 x12: 0000000000000002
[   56.337967] x11: 0000000000000000 x10: 0000000000000c70
[   56.343268] x9 : ffff0000219af120 x8 : ffff800f2e077d50
[   56.348568] x7 : 0000000000000027 x6 : 000000062a9d6a84
[   56.353869] x5 : 0000000000000000 x4 : ffff800f2e077480
[   56.359169] x3 : 0000000000000008 x2 : ffff800f2e077080
[   56.364469] x1 : 0000000000000000 x0 : 0000000000000020
[   56.369770] Process ip (pid: 2034, stack limit = 0x00000000c862da3a)
[   56.376110] Call trace:
[   56.378546]  __ll_sc___cmpxchg_case_acq_64+0x4/0x20
[   56.383414]  drain_workqueue+0x34/0x198
[   56.387247]  nicvf_open+0x48/0x9e8 [nicvf]
[   56.391334]  nicvf_open+0x898/0x9e8 [nicvf]
[   56.395507]  nicvf_xdp+0x1bc/0x238 [nicvf]
[   56.399595]  dev_xdp_install+0x68/0x90
[   56.403333]  dev_change_xdp_fd+0xc8/0x240
[   56.407333]  do_setlink+0x8e0/0xbe8
[   56.410810]  __rtnl_newlink+0x5b8/0x6d8
[   56.414634]  rtnl_newlink+0x54/0x80
[   56.418112]  rtnetlink_rcv_msg+0x22c/0x2f8
[   56.422199]  netlink_rcv_skb+0x60/0x120
[   56.426023]  rtnetlink_rcv+0x28/0x38
[   56.429587]  netlink_unicast+0x1c8/0x258
[   56.433498]  netlink_sendmsg+0x1b4/0x350
[   56.437410]  sock_sendmsg+0x4c/0x68
[   56.440887]  ___sys_sendmsg+0x240/0x280
[   56.444711]  __sys_sendmsg+0x68/0xb0
[   56.448275]  __arm64_sys_sendmsg+0x2c/0x38
[   56.452361]  el0_svc_handler+0x9c/0x128
[   56.456186]  el0_svc+0x8/0xc
[   56.459056] Code: 35ffff91 2a1003e0 d65f03c0 f9800011 (c85ffc10)
[   56.465166] ---[ end trace 4a57fdc27b0a572c ]---
[   56.469772] Kernel panic - not syncing: Fatal exception

Fix it by checking nicvf_rx_mode_wq pointer in nicvf_open and nicvf_stop

Fixes: 2ecbe4f4a0 ("net: thunderx: replace global nicvf_rx_mode_wq work queue for all VFs to private for each of them")
Fixes: 2c632ad8bc ("net: thunderx: move link state polling function to VF")
Reported-by: Matteo Croce <mcroce@redhat.com>
Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@redhat.com>
Tested-by: Matteo Croce <mcroce@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-04 10:44:03 -07:00
..
accessibility
acpi ACPI / utils: Drop reference in test for device presence 2019-03-19 22:34:21 +01:00
amba ARM: 8836/1: drivers: amba: Update component matching to use the CoreSight UCI values. 2019-02-26 11:23:49 +00:00
android
ata SCSI misc on 20190306 2019-03-09 16:53:47 -08:00
atm
auxdisplay auxdisplay: charlcd: make backlight initial state configurable 2019-03-17 08:48:45 +01:00
base Device properties framework fix for 5.1-rc2 2019-03-22 12:08:52 -07:00
bcma
block for-linus-20190323 2019-03-23 10:14:42 -07:00
bluetooth Bluetooth: mediatek: add support for MediaTek MT7663U and MT7668U UART devices 2019-03-02 19:51:23 +01:00
bus ARM: SoC driver updates for 5.1 2019-03-06 09:41:12 -08:00
cdrom
char Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-03-10 17:37:29 -07:00
clk We have a fairly balanced mix of clk driver updates and clk framework 2019-03-14 08:46:17 -07:00
clocksource clocksource/drivers/clps711x: Remove board support 2019-03-24 11:30:11 +01:00
connector connector: fix unsafe usage of ->real_parent 2019-03-08 15:06:38 -08:00
cpufreq cpufreq: intel_pstate: Fix up iowait_boost computation 2019-03-12 09:47:30 +01:00
cpuidle cpuidle: governor: Add new governors to cpuidle_governors again 2019-03-12 23:46:55 +01:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2019-03-13 09:51:17 -07:00
dax device-dax for 5.1 2019-03-16 13:05:32 -07:00
dca
devfreq
dio
dma dmaengine updates for v5.1-rc1 2019-03-14 09:11:54 -07:00
dma-buf
edac Merge branch 'ras-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-08 09:11:39 -08:00
eisa
extcon
firewire
firmware memblock: drop memblock_alloc_*_nopanic() variants 2019-03-12 10:04:02 -07:00
fmc
fpga
fsi
gnss
gpio pci-v5.1-changes 2019-03-09 14:57:08 -08:00
gpu Merge branch 'drm-fixes-5.1' of git://people.freedesktop.org/~agd5f/linux into drm-fixes 2019-03-22 12:08:44 +10:00
hid Merge branch 'for-5.1/wacom' into for-linus 2019-03-05 15:43:05 +01:00
hsi
hv Char/Misc driver patches for 5.1-rc1 2019-03-06 14:18:59 -08:00
hwmon hwmon: (ad7418) Add device tree probing 2019-02-25 09:06:00 -08:00
hwspinlock
hwtracing ARM updates for 5.1-rc1 2019-03-15 14:37:46 -07:00
i2c i2c: i2c-designware-platdrv: Always use a dynamic adapter number 2019-03-13 18:07:10 +01:00
i3c - Add a /* fall-through */ comment in the dw-i3c-master driver 2019-03-04 19:05:02 -08:00
ide Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/ide 2019-03-11 09:34:00 -07:00
idle
iio - New Drivers 2019-03-08 10:02:58 -08:00
infiniband i40iw: Avoid panic when handling the inetdev event 2019-03-17 21:40:40 -03:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2019-03-11 10:57:11 -07:00
interconnect
iommu iommu/vt-d: Save the right domain ID used by hardware 2019-03-22 12:02:27 +01:00
ipack
irqchip irqchip/irq-mvebu-sei: Make mvebu_sei_ap806_caps static 2019-03-21 16:43:00 +01:00
isdn mISDN: hfcpci: Test both vendor & device ID for Digium HFC4S 2019-03-18 18:32:44 -07:00
leds platform-drivers-x86 for v5.1-1 2019-03-10 13:16:37 -07:00
lightnvm pblk: fix max_io calculation 2019-03-07 08:59:26 -07:00
macintosh treewide: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
mailbox mailbox: imx: keep MU irq working during suspend/resume 2019-03-11 02:51:43 -05:00
mcb
md for-5.1/block-post-20190315 2019-03-16 12:36:39 -07:00
media DMA mapping updates for 5.1 2019-03-10 11:54:48 -07:00
memory
memstick
message
mfd DMA mapping updates for 5.1 2019-03-10 11:54:48 -07:00
misc 5.1 Merge Window Pull Request 2019-03-09 15:53:03 -08:00
mmc mmc: renesas_sdhi: limit block count to 16 bit for old revisions 2019-03-21 11:41:46 +01:00
mtd This pull request contains updates for both UBI and UBIFS: 2019-03-13 09:34:35 -07:00
mux
net net: thunderx: fix NULL pointer dereference in nicvf_open/nicvf_stop 2019-04-04 10:44:03 -07:00
nfc
ntb Fixes for switchtec debugability and mapping table entries, NTB 2019-03-15 14:32:59 -07:00
nubus
nvdimm device-dax for 5.1 2019-03-16 13:05:32 -07:00
nvme for-5.1/block-post-20190315 2019-03-16 12:36:39 -07:00
nvmem Char/Misc driver patches for 5.1-rc1 2019-03-06 14:18:59 -08:00
of of: fix kmemleak crash caused by imbalance in early memory reservation 2019-03-12 10:04:02 -07:00
opp PM / OPP: Update performance state when freq == old_freq 2019-03-12 09:45:56 +01:00
oprofile
parisc DMA mapping updates for 5.1 2019-03-10 11:54:48 -07:00
parport Revert "parport: daisy: use new parport device model" 2019-03-25 14:49:00 -07:00
pci IOMMU Updates for Linux v5.1 2019-03-10 12:29:52 -07:00
pcmcia
perf arm64 updates for 5.1: 2019-03-10 10:17:23 -07:00
phy drm next pull request for 5.1 2019-03-08 08:23:15 -08:00
pinctrl This is the bulk of pin control changes for the v5.1 kernel cycle. 2019-03-11 11:12:50 -07:00
platform Chrome Platform fixes for v5.1-rc2 2019-03-19 11:28:15 -07:00
pnp ACPI/ACPICA: Trivial: fix spelling mistakes and fix whitespace formatting 2019-02-24 21:12:01 +01:00
power power: reset: at91-reset: add support for sam9x60 SoC 2019-02-20 00:41:01 +01:00
powercap
pps
ps3
ptp Merge branch 'timers-2038-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-05 14:08:26 -08:00
pwm pwm: atmel: Remove useless symbolic definitions 2019-03-04 12:52:49 +01:00
rapidio rapidio/mport_cdev: mark expected switch fall-through 2019-03-07 18:32:02 -08:00
ras
regulator regulator: mc13xxx: Constify regulator_ops variables 2019-03-04 00:01:08 +00:00
remoteproc remoteproc updates for v5.1 2019-03-14 09:00:06 -07:00
reset
rpmsg rpmsg: virtio: change header file sort style 2019-02-20 21:15:54 -08:00
rtc chrome platform changes for v5.1 2019-03-12 09:46:32 -07:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-03-27 12:22:57 -07:00
sbus
scsi scsi: ibmvscsi: Fix empty event pool access during host removal 2019-03-20 20:13:17 -04:00
sfi
sh
siox
slimbus
sn
soc ARM: SoC driver updates for 5.1 2019-03-06 09:41:12 -08:00
soundwire
spi pci-v5.1-changes 2019-03-09 14:57:08 -08:00
spmi
ssb
staging media updates for v5.1-rc1 2019-03-09 14:45:54 -08:00
target SCSI misc on 20190315 2019-03-16 12:51:50 -07:00
tc
tee ARM: SoC driver updates for 5.1 2019-03-06 09:41:12 -08:00
thermal Merge branches 'fixes' and 'thermal-intel' into next 2019-03-18 22:37:44 +08:00
thunderbolt
tty dmaengine updates for v5.1-rc1 2019-03-14 09:11:54 -07:00
uio
usb memblock: drop memblock_alloc_*_nopanic() variants 2019-03-12 10:04:02 -07:00
uwb
vfio powerpc updates for 5.1 2019-03-07 12:56:26 -08:00
vhost virtio: fixes, cleanups 2019-03-10 12:47:57 -07:00
video fbdev changes for v5.1: 2019-03-15 14:22:59 -07:00
virt virt: vbox: Mark expected switch fall-through 2019-02-27 16:00:20 +01:00
virtio virtio: hint if callbacks surprisingly might sleep 2019-03-06 11:19:57 -05:00
visorbus
vlynq
vme
w1
watchdog linux-watchdog 5.1-rc1 tag 2019-03-11 11:22:15 -07:00
xen xen/balloon: Fix mapping PG_offline pages to user space 2019-03-15 15:35:35 +01:00
zorro
Kconfig
Makefile IOMMU Updates for Linux v5.1 2019-03-10 12:29:52 -07:00