korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-11 04:18:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
linux-6.5.y
linux/drivers
History
Rahul Rameshbabu a9d6c0c5a6 net/mlx5e: Track xmit submission to PTP WQ after populating metadata map 
commit 7e3f3ba97e upstream.

Ensure the skb is available in metadata mapping to skbs before tracking the
metadata index for detecting undelivered CQEs. If the metadata index is put
in the tracking list before putting the skb in the map, the metadata index
might be used for detecting undelivered CQEs before the relevant skb is
available in the map, which can lead to a null-ptr-deref.

Log:
    general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN
    KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
    CPU: 0 PID: 1243 Comm: kworker/0:2 Not tainted 6.6.0-rc4+ #108
    Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
    Workqueue: events mlx5e_rx_dim_work [mlx5_core]
    RIP: 0010:mlx5e_ptp_napi_poll+0x9a4/0x2290 [mlx5_core]
    Code: 8c 24 38 cc ff ff 4c 8d 3c c1 4c 89 f9 48 c1 e9 03 42 80 3c 31 00 0f 85 97 0f 00 00 4d 8b 3f 49 8d 7f 28 48 89 f9 48 c1 e9 03 <42> 80 3c 31 00 0f 85 8b 0f 00 00 49 8b 47 28 48 85 c0 0f 84 05 07
    RSP: 0018:ffff8884d3c09c88 EFLAGS: 00010206
    RAX: 0000000000000069 RBX: ffff8881160349d8 RCX: 0000000000000005
    RDX: ffffed10218f48cf RSI: 0000000000000004 RDI: 0000000000000028
    RBP: ffff888122707700 R08: 0000000000000001 R09: ffffed109a781383
    R10: 0000000000000003 R11: 0000000000000003 R12: ffff88810c7a7a40
    R13: ffff888122707700 R14: dffffc0000000000 R15: 0000000000000000
    FS:  0000000000000000(0000) GS:ffff8884d3c00000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 00007f4f878dd6e0 CR3: 000000014d108002 CR4: 0000000000370eb0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    Call Trace:
    <IRQ>
    ? die_addr+0x3c/0xa0
    ? exc_general_protection+0x144/0x210
    ? asm_exc_general_protection+0x22/0x30
    ? mlx5e_ptp_napi_poll+0x9a4/0x2290 [mlx5_core]
    ? mlx5e_ptp_napi_poll+0x8f6/0x2290 [mlx5_core]
    __napi_poll.constprop.0+0xa4/0x580
    net_rx_action+0x460/0xb80
    ? _raw_spin_unlock_irqrestore+0x32/0x60
    ? __napi_poll.constprop.0+0x580/0x580
    ? tasklet_action_common.isra.0+0x2ef/0x760
    __do_softirq+0x26c/0x827
    irq_exit_rcu+0xc2/0x100
    common_interrupt+0x7f/0xa0
    </IRQ>
    <TASK>
    asm_common_interrupt+0x22/0x40
    RIP: 0010:__kmem_cache_alloc_node+0xb/0x330
    Code: 41 5d 41 5e 41 5f c3 8b 44 24 14 8b 4c 24 10 09 c8 eb d5 e8 b7 43 ca 01 0f 1f 80 00 00 00 00 0f 1f 44 00 00 55 48 89 e5 41 57 <41> 56 41 89 d6 41 55 41 89 f5 41 54 49 89 fc 53 48 83 e4 f0 48 83
    RSP: 0018:ffff88812c4079c0 EFLAGS: 00000246
    RAX: 1ffffffff083c7fe RBX: ffff888100042dc0 RCX: 0000000000000218
    RDX: 00000000ffffffff RSI: 0000000000000dc0 RDI: ffff888100042dc0
    RBP: ffff88812c4079c8 R08: ffffffffa0289f96 R09: ffffed1025880ea9
    R10: ffff888138839f80 R11: 0000000000000002 R12: 0000000000000dc0
    R13: 0000000000000100 R14: 000000000000008c R15: ffff8881271fc450
    ? cmd_exec+0x796/0x2200 [mlx5_core]
    kmalloc_trace+0x26/0xc0
    cmd_exec+0x796/0x2200 [mlx5_core]
    mlx5_cmd_do+0x22/0xc0 [mlx5_core]
    mlx5_cmd_exec+0x17/0x30 [mlx5_core]
    mlx5_core_modify_cq_moderation+0x139/0x1b0 [mlx5_core]
    ? mlx5_add_cq_to_tasklet+0x280/0x280 [mlx5_core]
    ? lockdep_set_lock_cmp_fn+0x190/0x190
    ? process_one_work+0x659/0x1220
    mlx5e_rx_dim_work+0x9d/0x100 [mlx5_core]
    process_one_work+0x730/0x1220
    ? lockdep_hardirqs_on_prepare+0x400/0x400
    ? max_active_store+0xf0/0xf0
    ? assign_work+0x168/0x240
    worker_thread+0x70f/0x12d0
    ? __kthread_parkme+0xd1/0x1d0
    ? process_one_work+0x1220/0x1220
    kthread+0x2d9/0x3b0
    ? kthread_complete_and_exit+0x20/0x20
    ret_from_fork+0x2d/0x70
    ? kthread_complete_and_exit+0x20/0x20
    ret_from_fork_asm+0x11/0x20
    </TASK>
    Modules linked in: xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay mlx5_ib ib_uverbs ib_core zram zsmalloc mlx5_core fuse
    ---[ end trace 0000000000000000 ]---

Fixes: 3178308ad4 ("net/mlx5e: Make tx_port_ts logic resilient to out-of-order CQEs")
Signed-off-by: Rahul Rameshbabu <rrameshbabu@nvidia.com>
Reviewed-by: Tariq Toukan <tariqt@nvidia.com>
Signed-off-by: Saeed Mahameed <saeedm@nvidia.com>
Link: https://lore.kernel.org/r/20231114215846.5902-11-saeed@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-11-28 17:15:19 +00:00
..
accel accel/habanalabs/gaudi2: Fix incorrect string length computation in gaudi2_psoc_razwi_get_engines() 2023-11-20 11:57:01 +01:00
accessibility
acpi ACPI: FPDT: properly handle invalid FPDT subtables 2023-11-28 17:15:06 +00:00
amba amba: bus: fix refcount leak 2023-09-13 09:53:44 +02:00
android binder: fix memory leaks of spam and pending work 2023-10-19 23:11:04 +02:00
ata ata: pata_parport: fit3: implement IDE command set registers 2023-11-08 14:08:57 +01:00
atm atm: iphase: Do PCI error checks on own line 2023-11-28 17:14:48 +00:00
auxdisplay
base driver core: Release all resources during unbind before updating device links 2023-11-28 17:15:07 +00:00
bcma
block virtio-blk: fix implicit overflow on virtio_max_dma_size 2023-11-28 17:14:50 +00:00
bluetooth Bluetooth: btusb: Add date->evt_skb is NULL check 2023-11-28 17:14:43 +00:00
bus bus: ti-sysc: Fix SYSC_QUIRK_SWSUP_SIDLE_ACT handling for uart wake-up 2023-10-06 13:16:03 +02:00
cdrom
cdx
char parisc/agp: Use 64-bit LE values in SBA IOMMU PDIR table 2023-11-28 17:15:03 +00:00
clk clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks 2023-11-28 17:15:04 +00:00
clocksource clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware 2023-11-28 17:14:41 +00:00
comedi Revert "comedi: add HAS_IOPORT dependencies" 2023-09-23 11:14:37 +02:00
connector
counter counter: microchip-tcb-capture: Fix the use of internal GCLK logic 2023-10-19 23:11:07 +02:00
cpufreq cpufreq: stats: Fix buffer overflow detection in trans_stats() 2023-11-28 17:15:03 +00:00
cpuidle powerpc/pseries: Rework lppaca_shared_proc() to avoid DEBUG_PREEMPT 2023-09-13 09:53:32 +02:00
crypto crypto: hisilicon/qm - prevent soft lockup in receive loop 2023-11-28 17:14:49 +00:00
cxl cxl/port: Fix delete_endpoint() vs parent unregistration race 2023-11-28 17:15:09 +00:00
dax
dca
devfreq PM / devfreq: rockchip-dfi: Make pmu regmap mandatory 2023-11-20 11:56:51 +01:00
dio
dma dmaengine: stm32-mdma: correct desc prep when channel running 2023-11-28 17:15:08 +00:00
dma-buf dma-buf: add dma_fence_timestamp helper 2023-10-19 23:11:07 +02:00
edac EDAC/igen6: Fix the issue of no error events 2023-09-13 09:53:29 +02:00
eisa
extcon extcon: cht_wc: add POWER_SUPPLY dependency 2023-09-13 09:53:38 +02:00
firewire scsi: sd: Introduce manage_shutdown device flag 2023-11-02 09:36:55 +01:00
firmware firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit 2023-11-28 17:15:05 +00:00
fpga
fsi fsi: aspeed: Reset master errors after CFAM reset 2023-09-13 09:53:40 +02:00
gnss
gpio gpiolib: of: Add quirk for mt2701-cs42448 ASoC sound 2023-11-28 17:14:47 +00:00
gpu drm/amd/display: Change the DMCUB mailbox memory location from FB to inbox 2023-11-28 17:15:19 +00:00
greybus
hid hid: lenovo: Resend all settings on reset_resume for compact keyboards 2023-11-28 17:15:07 +00:00
hsi
hte hte: tegra: Fix missing error code in tegra_hte_test_probe() 2023-11-20 11:56:58 +01:00
hv Drivers: hv: vmbus: Don't dereference ACPI root object handle 2023-09-13 09:53:48 +02:00
hwmon hwmon: (sch5627) Disallow write access if virtual registers are locked 2023-11-20 11:56:58 +01:00
hwspinlock hwspinlock: qcom: add missing regmap config for SFPB MMIO implementation 2023-09-19 12:30:23 +02:00
hwtracing coresight: tmc-etr: Disable warnings for allocation failures 2023-11-08 14:08:55 +01:00
i2c i2c: i801: fix potential race in i801_block_transaction_byte_by_byte 2023-11-28 17:15:13 +00:00
i3c i3c: master: svc: fix random hot join failure since timeout error 2023-11-28 17:15:09 +00:00
idle
iio iio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe() 2023-11-28 17:14:49 +00:00
infiniband RDMA/hfi1: Use FIELD_GET() to extract Link Width 2023-11-28 17:14:47 +00:00
input Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() 2023-11-20 11:57:21 +01:00
interconnect interconnect: fix error handling in qnoc_probe() 2023-11-20 11:57:16 +01:00
iommu iommufd: Fix missing update of domains_itree after splitting iopt_area 2023-11-28 17:15:01 +00:00
ipack
irqchip irqchip/sifive-plic: Fix syscore registration for multi-socket systems 2023-11-20 11:56:45 +01:00
isdn mISDN: Update parameter type of dsp_cmx_send() 2023-08-03 18:08:32 -07:00
leds leds: trigger: netdev: Move size check in set_device_name 2023-11-28 17:15:06 +00:00
macintosh
mailbox mailbox: qcom-ipcc: fix incorrect num_chans counting 2023-09-19 12:30:13 +02:00
mcb mcb: fix error handling for different scenarios when parsing 2023-11-28 17:15:08 +00:00
md dm-verity: don't use blocking calls from tasklets 2023-11-28 17:15:14 +00:00
media media: qcom: camss: Fix csid-gen2 for test pattern generator 2023-11-28 17:15:16 +00:00
memory memory: tegra: Set BPMP msg flags to reset IPC channels 2023-11-20 11:57:06 +01:00
memstick
message
mfd mfd: qcom-spmi-pmic: Fix revid implementation 2023-11-28 17:15:06 +00:00
misc misc: pci_endpoint_test: Add Device ID for R-Car S4-8 PCIe controller 2023-11-28 17:14:48 +00:00
mmc mmc: sdhci-pci-gli: GL9750: Mask the replay timer timeout of AER 2023-11-28 17:15:15 +00:00
most
mtd mtd: cfi_cmdset_0001: Byte swap OTP info 2023-11-28 17:15:08 +00:00
mux
net net/mlx5e: Track xmit submission to PTP WQ after populating metadata map 2023-11-28 17:15:19 +00:00
nfc
ntb ntb: Fix calculation ntb_transport_tx_free_entry() 2023-09-13 09:53:53 +02:00
nubus
nvdimm nd_btt: Make BTT lanes preemptible 2023-11-20 11:57:08 +01:00
nvme nvme: fix error-handling for io_uring nvme-passthrough 2023-11-20 11:57:23 +01:00
nvmem nvmem: imx: correct nregs for i.MX6UL 2023-11-02 09:36:58 +01:00
of of: address: Fix address translation when address-size is greater than 2 2023-11-28 17:14:43 +00:00
opp OPP: Fix passing 0 to PTR_ERR in _opp_attach_genpd() 2023-09-13 09:52:59 +02:00
parisc parisc/power: Fix power soft-off when running on qemu 2023-11-28 17:15:10 +00:00
parport parport: gsc: remove DMA leftover code 2023-08-03 14:40:37 +02:00
pci PCI: Lengthen reset delay for VideoPropulsion Torrent QN16e card 2023-11-28 17:15:09 +00:00
pcmcia pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() 2023-11-20 11:57:19 +01:00
peci
perf drivers: perf: Check find_first_bit() return value 2023-11-28 17:14:58 +00:00
phy phy: qualcomm: phy-qcom-eusb2-repeater: Zero out untouched tuning regs 2023-11-28 17:14:49 +00:00
pinctrl pinctrl: renesas: rzg2l: Make reverse order of enable() for disable() 2023-11-20 11:57:13 +01:00
platform platform/x86: thinkpad_acpi: Add battery quirk for Thinkpad X120e 2023-11-28 17:14:43 +00:00
pnp
power power: supply: core: Use blocking_notifier_call_chain to avoid RCU complaint 2023-11-08 14:09:04 +01:00
powercap powercap: intel_rapl: Downgrade BIOS locked limits pr_warn() to pr_debug() 2023-11-28 17:15:03 +00:00
pps
ps3
ptp ptp: annotate data-race around q->head and q->tail 2023-11-28 17:14:55 +00:00
pwm pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume 2023-11-20 11:57:21 +01:00
rapidio
ras
regulator regulator: qcom-rpmh: Fix smps4 regulator for pm8550ve 2023-11-20 11:56:57 +01:00
remoteproc remoteproc: stm32: fix incorrect optional pointers 2023-09-13 09:53:48 +02:00
reset
rpmsg rpmsg: glink: Add check for kstrdup 2023-09-13 09:53:46 +02:00
rtc rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call 2023-11-20 11:57:18 +01:00
s390 s390/ap: fix AP bus crash on early config change callback invocation 2023-11-28 17:15:12 +00:00
sbus
scsi scsi: qla2xxx: Fix system crash due to bad pointer access 2023-11-28 17:14:59 +00:00
sh
siox
slimbus
soc pmdomain: imx: Make imx pgc power domain also set the fwnode 2023-11-28 17:15:09 +00:00
soundwire soundwire: dmi-quirks: update HP Omen match 2023-11-28 17:14:49 +00:00
spi spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies 2023-11-20 11:57:25 +01:00
spmi
ssb
staging media: cedrus: Fix clock/reset sequence 2023-11-20 11:57:20 +01:00
target scsi: target: core: Fix deadlock due to recursive locking 2023-10-10 22:03:00 +02:00
tc
tee tee: amdtee: fix use-after-free vulnerability in amdtee_close_session 2023-10-19 23:11:06 +02:00
thermal thermal: intel: powerclamp: fix mismatch in get function for max_idle 2023-11-28 17:15:05 +00:00
thunderbolt thunderbolt: Apply USB 3.x bandwidth quirk only in software connection manager 2023-11-28 17:14:49 +00:00
tty hvc/xen: fix event channel handling for secondary consoles 2023-11-28 17:15:00 +00:00
ufs scsi: ufs: core: Fix racing issue between ufshcd_mcq_abort() and ISR 2023-11-28 17:14:59 +00:00
uio
usb xhci: Enable RPM on controllers that support low-power states 2023-11-28 17:15:10 +00:00
vdpa vdpa_sim_blk: allocate the buffer zeroed 2023-11-28 17:14:53 +00:00
vfio vfio/mdev: Fix a null-ptr-deref bug for mdev_unregister_parent() 2023-10-06 13:16:01 +02:00
vhost vhost-vdpa: fix use after free in vhost_vdpa_probe() 2023-11-28 17:14:53 +00:00
video fbdev: fsl-diu-fb: mark wr_reg_wa() static 2023-11-20 11:57:25 +01:00
virt virt: sevguest: Fix passing a stack buffer as a scatterlist target 2023-11-20 11:57:18 +01:00
virtio virtio_pci: fix the common cfg map size 2023-11-02 09:36:46 +01:00
vlynq
w1
watchdog sbsa_gwdt: Calculate timeout with 64-bit math 2023-11-28 17:15:12 +00:00
xen xen/events: fix delayed eoi list handling 2023-11-28 17:14:55 +00:00
zorro
Kconfig
Makefile