korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-12-13 14:04:05 +08:00
Code Issues Packages Projects Releases Wiki Activity
f8ade8e242
linux/drivers/infiniband/core
History
Yishai Hadas f8ade8e242 IB/uverbs: Fix ioctl query port to consider device disassociation 
Methods cannot peak into the ufile, the only way to get a ucontext and
hence a device is via the ib_uverbs_get_ucontext() call or inspecing a
locked uobject.

Otherwise during/after disassociation the pointers may be null or free'd.

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000078
 PGD 800000005ece6067 P4D 800000005ece6067 PUD 5ece7067 PMD 0
 Oops: 0000 [#1] SMP PTI
 CPU: 0 PID: 10631 Comm: ibv_ud_pingpong Tainted: GW  OE     4.20.0-rc6+ #3
 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
 RIP: 0010:ib_uverbs_handler_UVERBS_METHOD_QUERY_PORT+0x53/0x191 [ib_uverbs]
 Code: 80 00 00 00 31 c0 48 8b 47 40 48 8d 5c 24 38 48 8d 6c 24
               08 48 89 df 48 8b 40 08 4c 8b a0 18 03 00 00 31 c0 f3 48 ab 48 89
               ef <49> 83 7c 24 78 00 b1 06 f3 48 ab 0f 84 89 00 00 00 45 31  c9 31 d2
 RSP: 0018:ffffb54802ccfb10 EFLAGS: 00010246
 RAX: 0000000000000000 RBX: ffffb54802ccfb48 RCX:0000000000000000
 RDX: fffffffffffffffa RSI: ffffb54802ccfcf8 RDI:ffffb54802ccfb18
 RBP: ffffb54802ccfb18 R08: ffffb54802ccfd18 R09:0000000000000000
 R10: 0000000000000000 R11: 00000000000000d0 R12:0000000000000000
 R13: ffffb54802ccfcb0 R14: ffffb54802ccfc48 R15:ffff9f736e0059a0
 FS:  00007f55a6bd7740(0000) GS:ffff9f737ba00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000078 CR3: 0000000064214000 CR4:00000000000006f0
 Call Trace:
  ib_uverbs_cmd_verbs.isra.5+0x94d/0xa60 [ib_uverbs]
  ? copy_port_attr_to_resp+0x120/0x120 [ib_uverbs]
  ? arch_tlb_finish_mmu+0x16/0xc0
  ? tlb_finish_mmu+0x1f/0x30
  ? unmap_region+0xd9/0x120
  ib_uverbs_ioctl+0xbc/0x120 [ib_uverbs]
  do_vfs_ioctl+0xa9/0x620
  ? __do_munmap+0x29f/0x3a0
  ksys_ioctl+0x60/0x90
  __x64_sys_ioctl+0x16/0x20
  do_syscall_64+0x5b/0x180
  entry_SYSCALL_64_after_hwframe+0x44/0xa9
 RIP: 0033:0x7f55a62cb567

Fixes: 641d1207d2 ("IB/core: Move query port to ioctl")
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2019-01-25 11:58:06 -07:00
..
addr.c RDMA/core: Annotate timeout as unsigned long 2018-10-16 13:34:01 -04:00
agent.c RDMA: Mark if destroy address handle is in a sleepable context 2018-12-19 16:28:03 -07:00
agent.h
cache.c RDMA/core: Delete RoCE GID in hw when corresponding IP is deleted 2018-12-18 14:16:44 -07:00
cgroup.c IB/core: added support to use rdma cgroup controller 2017-01-10 11:14:27 -05:00
cm_msgs.h IB/cm: Remove unused and erroneous msg sequence encoding 2018-07-09 11:39:28 -06:00
cm.c RDMA: Mark if destroy address handle is in a sleepable context 2018-12-19 16:28:03 -07:00
cma_configfs.c RDMA/cma: Move cma module specific functions to cma_priv.h 2018-11-22 11:57:33 -07:00
cma_priv.h RDMA/cma: Move cma module specific functions to cma_priv.h 2018-11-22 11:57:33 -07:00
cma.c RDMA/cma: Add cm_id restrack resource based on kernel or user cm_id type 2019-01-08 17:12:33 -07:00
core_priv.h RDMA/device: Expose ib_device_try_get(() 2019-01-21 14:33:08 -07:00
cq.c RDMA/restrack: Resource-tracker should not use uobject pointers 2018-12-18 15:38:26 -07:00
device.c RDMA/device: Expose ib_device_try_get(() 2019-01-21 14:33:08 -07:00
fmr_pool.c RDMA: Start use ib_device_ops 2018-12-12 07:40:16 -07:00
iwcm.c RDMA/iwcm: Don't copy past the end of dev_name() string 2018-12-20 20:45:56 -07:00
iwcm.h iw_cm: free cm_id resources on the last deref 2016-08-02 13:15:18 -04:00
iwpm_msg.c RDMA/iwpm: Properly mark end of NL messages 2017-09-29 11:32:42 -04:00
iwpm_util.c treewide: kzalloc() -> kcalloc() 2018-06-12 16:19:22 -07:00
iwpm_util.h iwpm: crash fix for large connections test 2016-03-16 13:48:32 -04:00
mad_priv.h RDMA/core: Annotate timeout as unsigned long 2018-10-16 13:34:01 -04:00
mad_rmpp.c RDMA: Mark if destroy address handle is in a sleepable context 2018-12-19 16:28:03 -07:00
mad_rmpp.h
mad.c RDMA: Start use ib_device_ops 2018-12-12 07:40:16 -07:00
Makefile RDMA/uverbs: Implement an ioctl that can call write and write_ex handlers 2018-12-18 14:12:48 -05:00
mr_pool.c IB/core: add a simple MR pool 2016-05-13 13:37:18 -04:00
multicast.c IB: Make ib_init_ah_from_mcmember set sgid_attr 2018-06-25 14:19:56 -06:00
netlink.c RDMA/netlink: Simplify netlink listener existence check 2018-10-03 16:06:07 -06:00
nldev.c RDMA/nldev: Don't expose unsafe global rkey to regular user 2019-01-07 13:35:57 -07:00
opa_smi.h RDMA: Start use ib_device_ops 2018-12-12 07:40:16 -07:00
packer.c IB/core: trivial prink cleanup. 2016-03-03 10:20:25 -05:00
rdma_core.c RDMA: Start use ib_device_ops 2018-12-12 07:40:16 -07:00
rdma_core.h RDMA/uverbs: Mark ioctl responses with UVERBS_ATTR_F_VALID_OUTPUT 2019-01-14 14:02:22 -07:00
restrack.c RDMA/restrack: Resource-tracker should not use uobject pointers 2018-12-18 15:38:26 -07:00
roce_gid_mgmt.c IB/core: Fix oops in netdev_next_upper_dev_rcu() 2018-12-12 12:14:49 -05:00
rw.c IB/core: Ensure we map P2P memory correctly in rdma_rw_ctx_[init|destroy]() 2018-10-17 12:18:20 -05:00
sa_query.c RDMA: Mark if destroy address handle is in a sleepable context 2018-12-19 16:28:03 -07:00
sa.h RDMA/core: Annotate timeout as unsigned long 2018-10-16 13:34:01 -04:00
security.c RDMA: Start use ib_device_ops 2018-12-12 07:40:16 -07:00
smi.c IB: Add rdma_cap_ib_switch helper and use where appropriate 2015-07-14 13:20:08 -04:00
smi.h RDMA: Start use ib_device_ops 2018-12-12 07:40:16 -07:00
sysfs.c RDMA: Start use ib_device_ops 2018-12-12 07:40:16 -07:00
ucm.c RDMA: Start use ib_device_ops 2018-12-12 07:40:16 -07:00
ucma.c RDMA/ucma: Fix Spectre v1 vulnerability 2018-10-16 12:47:40 -04:00
ud_header.c IB/core: trivial prink cleanup. 2016-03-03 10:20:25 -05:00
umem_odp.c RDMA/umem: Add missing initialization of owning_mm 2019-01-25 09:55:48 -07:00
umem.c RDMA/core: Acquire and release mmap_sem on page range 2018-09-27 12:40:20 -06:00
user_mad.c IB/umad: Start using dev_groups of class 2018-12-21 11:39:41 -07:00
uverbs_cmd.c RDMA/uverbs: Mark ioctl responses with UVERBS_ATTR_F_VALID_OUTPUT 2019-01-14 14:02:22 -07:00
uverbs_ioctl.c RDMA/uverbs: Mark ioctl responses with UVERBS_ATTR_F_VALID_OUTPUT 2019-01-14 14:02:22 -07:00
uverbs_main.c IB/uverbs: Fix OOPs upon device disassociation 2019-01-25 11:58:06 -07:00
uverbs_marshall.c IB/cm: Replace members of sa_path_rec with 'struct sgid_attr *' 2018-06-25 14:19:57 -06:00
uverbs_std_types_counters.c RDMA: Start use ib_device_ops 2018-12-12 07:40:16 -07:00
uverbs_std_types_cq.c RDMA/restrack: Resource-tracker should not use uobject pointers 2018-12-18 15:38:26 -07:00
uverbs_std_types_device.c IB/uverbs: Fix ioctl query port to consider device disassociation 2019-01-25 11:58:06 -07:00
uverbs_std_types_dm.c RDMA: Start use ib_device_ops 2018-12-12 07:40:16 -07:00
uverbs_std_types_flow_action.c RDMA: Start use ib_device_ops 2018-12-12 07:40:16 -07:00
uverbs_std_types_mr.c IB/uverbs: Signedness bug in UVERBS_HANDLER() 2018-12-22 16:07:13 -07:00
uverbs_std_types.c RDMA: Mark if destroy address handle is in a sleepable context 2018-12-19 16:28:03 -07:00
uverbs_uapi.c RDMA/uverbs: Implement an ioctl that can call write and write_ex handlers 2018-12-18 14:12:48 -05:00
uverbs.h IB/core: Move query port to ioctl 2018-12-20 15:18:24 -07:00
verbs.c RDMA: Mark if destroy address handle is in a sleepable context 2018-12-19 16:28:03 -07:00