2
0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-23 04:34:11 +08:00
linux-next/drivers
Yonatan Cohen 1454ca3a97 IB/rxe: Fix kernel panic in UDP tunnel with GRO and RX checksum
Missing initialization of udp_tunnel_sock_cfg causes to following
kernel panic, while kernel tries to execute gro_receive().

While being there, we converted udp_port_cfg to use the same
initialization scheme as udp_tunnel_sock_cfg.

------------[ cut here ]------------
kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
BUG: unable to handle kernel paging request at ffffffffa0588c50
IP: [<ffffffffa0588c50>] __this_module+0x50/0xffffffffffff8400 [ib_rxe]
PGD 1c09067 PUD 1c0a063 PMD bb394067 PTE 80000000ad5e8163
Oops: 0011 [#1] SMP
Modules linked in: ib_rxe ip6_udp_tunnel udp_tunnel
CPU: 5 PID: 0 Comm: swapper/5 Not tainted 4.7.0-rc3+ #2
Hardware name: Red Hat KVM, BIOS Bochs 01/01/2011
task: ffff880235e4e680 ti: ffff880235e68000 task.ti: ffff880235e68000
RIP: 0010:[<ffffffffa0588c50>]
[<ffffffffa0588c50>] __this_module+0x50/0xffffffffffff8400 [ib_rxe]
RSP: 0018:ffff880237343c80  EFLAGS: 00010282
RAX: 00000000dffe482d RBX: ffff8800ae330900 RCX: 000000002001b712
RDX: ffff8800ae330900 RSI: ffff8800ae102578 RDI: ffff880235589c00
RBP: ffff880237343cb0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800ae33e262
R13: ffff880235589c00 R14: 0000000000000014 R15: ffff8800ae102578
FS:  0000000000000000(0000) GS:ffff880237340000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffa0588c50 CR3: 0000000001c06000 CR4: 00000000000006e0
Stack:
ffffffff8160860e ffff8800ae330900 ffff8800ae102578 0000000000000014
000000000000004e ffff8800ae102578 ffff880237343ce0 ffffffff816088fb
0000000000000000 ffff8800ae330900 0000000000000000 00000000ffad0000
Call Trace:
<IRQ>
[<ffffffff8160860e>] ? udp_gro_receive+0xde/0x130
[<ffffffff816088fb>] udp4_gro_receive+0x10b/0x2d0
[<ffffffff81611373>] inet_gro_receive+0x1d3/0x270
[<ffffffff81594e29>] dev_gro_receive+0x269/0x3b0
[<ffffffff81595188>] napi_gro_receive+0x38/0x120
[<ffffffffa011caee>] mlx5e_handle_rx_cqe+0x27e/0x340 [mlx5_core]
[<ffffffffa011d076>] mlx5e_poll_rx_cq+0x66/0x6d0 [mlx5_core]
[<ffffffffa011d7ae>] mlx5e_napi_poll+0x8e/0x400 [mlx5_core]
[<ffffffff815949a0>] net_rx_action+0x160/0x380
[<ffffffff816a9197>] __do_softirq+0xd7/0x2c5
[<ffffffff81085c35>] irq_exit+0xf5/0x100
[<ffffffff816a8f16>] do_IRQ+0x56/0xd0
[<ffffffff816a6dcc>] common_interrupt+0x8c/0x8c
<EOI>
[<ffffffff81061f96>] ? native_safe_halt+0x6/0x10
[<ffffffff81037ade>] default_idle+0x1e/0xd0
[<ffffffff8103828f>] arch_cpu_idle+0xf/0x20
[<ffffffff810c37dc>] default_idle_call+0x3c/0x50
[<ffffffff810c3b13>] cpu_startup_entry+0x323/0x3c0
[<ffffffff81050d8c>] start_secondary+0x15c/0x1a0
RIP  [<ffffffffa0588c50>] __this_module+0x50/0xffffffffffff8400 [ib_rxe]
RSP <ffff880237343c80>
CR2: ffffffffa0588c50
---[ end trace 489ee31fa7614ac5 ]---
Kernel panic - not syncing: Fatal exception in interrupt
Kernel Offset: disabled
---[ end Kernel panic - not syncing: Fatal exception in interrupt
------------[ cut here ]------------

Fixes: 8700e3e7c4 ("Soft RoCE driver")
Signed-off-by: Yonatan Cohen <yonatanc@mellanox.com>
Reviewed-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2016-11-16 20:03:44 -05:00
..
accessibility
acpi Merge branches 'acpica-fixes', 'acpi-pci-fixes' and 'acpi-apei-fixes' 2016-10-29 01:58:03 +02:00
amba
android ANDROID: binder: Clear binder and cookie when setting handle in flat binder struct 2016-10-24 19:37:48 +02:00
ata ahci: fix the single MSI-X case in ahci_init_one 2016-10-25 11:43:07 -04:00
atm
auxdisplay auxdisplay: img-ascii-lcd: driver for simple ASCII LCD displays 2016-10-06 17:03:41 +02:00
base driver core: Make Kconfig text for DEBUG_TEST_DRIVER_REMOVE stronger 2016-10-27 17:47:12 +02:00
bcma
block block: DAC960: print a hex number after a 0x prefix 2016-10-27 18:43:43 -07:00
bluetooth Bluetooth: btusb: Fix atheros firmware download error 2016-10-07 09:46:56 +02:00
bus bus: qcom-ebi2: depend on ARCH_QCOM or COMPILE_TEST 2016-10-17 13:46:09 -07:00
cdrom
char Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2016-10-24 21:34:13 -07:00
clk clk: at91: Fix a return value in case of error 2016-10-20 16:37:56 -07:00
clocksource Revert "clocksource/drivers/timer_sun5i: Replace code by clocksource_mmio_init" 2016-10-20 21:58:58 +02:00
connector
cpufreq Merge branches 'pm-cpufreq-fixes' and 'pm-sleep-fixes' 2016-10-29 01:29:17 +02:00
cpuidle Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2016-10-15 09:26:12 -07:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2016-10-10 14:04:16 -07:00
dax device-dax: fix percpu_ref_exit ordering 2016-10-27 17:04:05 -07:00
dca
devfreq PM / devfreq: Skip status update on uninitialized previous_freq 2016-10-11 00:01:20 +02:00
dio
dma dmaengine updates for 4.8-rc1 2016-10-06 17:13:54 -07:00
dma-buf Merge tag 'drm-for-v4.9' of git://people.freedesktop.org/~airlied/linux 2016-10-11 18:12:22 -07:00
edac * Altera Arria10 enablement of NAND, DMA, USB, QSPI and SD-MMC FIFO 2016-10-04 12:06:26 -07:00
eisa
extcon extcon: qcom-spmi-misc: Sync the extcon state on interrupt 2016-10-26 16:04:29 +09:00
firewire firewire: nosy: do not ignore errors in ioremap_nocache() 2016-10-09 11:38:11 +02:00
firmware efi/arm: Fix absolute relocation detection for older toolchains 2016-10-19 14:49:44 +02:00
fmc
fpga
gpio gpio: mpc8xxx: Correct irq handler function 2016-10-24 02:20:40 +02:00
gpu drm/drivers: add support for using the arch wc mapping API. 2016-10-26 16:48:01 +10:00
hid HID: add quirk for Akai MIDImix. 2016-10-10 10:58:22 +02:00
hsi
hv hv: do not lose pending heartbeat vmbus packets 2016-10-25 08:52:10 +02:00
hwmon hwmon: (max31790) potential ERR_PTR dereference 2016-10-17 10:16:20 -07:00
hwspinlock
hwtracing
i2c i2c: imx: defer probe if bus recovery GPIOs are not ready 2016-10-25 12:15:00 +02:00
ide
idle nmi_backtrace: generate one-line reports for idle cpus 2016-10-07 18:46:30 -07:00
iio First set of IIO fixes for the 4.9 cycle. 2016-10-24 10:50:13 +02:00
infiniband IB/rxe: Fix kernel panic in UDP tunnel with GRO and RX checksum 2016-11-16 20:03:44 -05:00
input Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/dtor/input 2016-10-14 13:19:30 -07:00
iommu IOMMU Updates for Linux v4.9 2016-10-11 12:52:41 -07:00
ipack ipack: print a hex number after a 0x prefix 2016-10-27 18:43:43 -07:00
irqchip GIC updates for Linux 4.9-rc2 2016-10-21 21:40:29 +02:00
isdn
leds
lguest
lightnvm Merge branch 'for-4.9/block' of git://git.kernel.dk/linux-block 2016-10-07 14:42:05 -07:00
macintosh
mailbox Merge branch 'mailbox-for-next' of git://git.linaro.org/landing-teams/working/fujitsu/integration 2016-10-06 17:36:53 -07:00
mcb mcb: Add a dma_device to mcb_device 2016-09-27 12:33:47 +02:00
md - A couple DM raid and DM mirror fixes 2016-10-28 09:27:58 -07:00
media Merge branch 'gup_flag-cleanups' 2016-10-19 08:39:47 -07:00
memory ARM: SoC driver updates for v4.9 2016-10-07 21:23:40 -07:00
memstick memstick: rtsx_usb_ms: Manage runtime PM when accessing the device 2016-10-17 15:43:05 +02:00
message
mfd - Core Frameworks 2016-10-07 08:35:35 -07:00
misc Char/Misc driver fixes for 4.9-rc3 2016-10-29 11:19:02 -07:00
mmc mmc: rtsx_usb_sdmmc: Handle runtime PM while changing the led 2016-10-17 15:43:03 +02:00
mtd ubi: fastmap: Fix add_vol() return value test in ubi_attach_fastmap() 2016-10-28 14:48:18 +02:00
net Merge of the qedr RoCE driver 2016-10-14 13:43:08 -07:00
nfc
ntb
nubus
nvdimm nvdimm: make CONFIG_NVDIMM_DAX 'bool' 2016-10-27 16:16:21 -07:00
nvme Merge branch 'for-linus' of git://git.kernel.dk/linux-block 2016-10-21 10:54:01 -07:00
nvmem ARM: SoC driver updates for v4.9 2016-10-07 21:23:40 -07:00
of Merge branch 'upstream' of git://git.linux-mips.org/pub/scm/ralf/upstream-linus 2016-10-15 09:26:12 -07:00
oprofile Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2016-10-10 20:16:43 -07:00
parisc
parport
pci doc: Add missing parameter for msi_setup 2016-10-26 12:05:34 +02:00
pcmcia
perf perf: xgene: Remove bogus IS_ERR() check 2016-10-17 15:50:07 +01:00
phy
pinctrl pinctrl: intel: Only restore pins that are used by the driver 2016-10-18 14:38:16 +02:00
platform platform-drivers-x86 for 4.9-2 2016-10-19 11:45:06 -07:00
pnp
power power supply and reset changes for the v4.9 series 2016-10-06 18:21:15 -07:00
powercap
pps pps: kc: fix non-tickless system config dependency 2016-10-11 15:06:32 -07:00
ps3
ptp drivers/ptp: Fix kernel memory disclosure 2016-10-13 10:20:06 -04:00
pwm
rapidio mm: replace get_user_pages() write/force parameters with gup_flags 2016-10-19 08:11:43 -07:00
ras
regulator Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2016-10-12 11:05:23 -07:00
remoteproc rpmsg updates for v4.9 2016-10-06 17:03:49 -07:00
reset reset: uniphier: rename MIO reset to SD reset for Pro5, PXs2, LD20 SoCs 2016-10-22 18:31:42 +09:00
rpmsg
rtc RTC for 4.9 2016-10-14 13:13:44 -07:00
s390 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/s390/linux 2016-10-27 14:16:30 -07:00
sbus
scsi SCSI fixes on 20161027 2016-10-27 10:08:58 -07:00
sfi
sh
sn
soc powerpc updates for 4.9 #2 2016-10-14 11:07:42 -07:00
spi kthread: kthread worker API cleanup 2016-10-11 15:06:33 -07:00
spmi spmi: pmic-arb: Return an error code if sanity check fails 2016-09-27 12:43:34 +02:00
ssb
staging Staging/IIO driver fixes for 4.9-rc3 2016-10-29 10:20:59 -07:00
target target/tcm_fc: use CPU affinity for responses 2016-10-21 01:19:44 -07:00
tc
thermal thermal/powerclamp: correct cpu support check 2016-10-20 14:15:44 +08:00
thunderbolt
tty tty: serial_core: fix NULL struct tty pointer access in uart_write_wakeup 2016-10-28 08:13:07 -04:00
uio
usb usb: chipidea: host: fix NULL ptr dereference during shutdown 2016-10-25 16:14:32 +08:00
uwb
vfio vfio_pci: use pci_alloc_irq_vectors 2016-09-29 13:36:38 -06:00
vhost
video Merge branch 'gup_flag-cleanups' 2016-10-19 08:39:47 -07:00
virt mm: replace get_user_pages() write/force parameters with gup_flags 2016-10-19 08:11:43 -07:00
virtio
vlynq
vme vme: vme_get_size potentially returning incorrect value on failure 2016-10-28 08:25:18 -04:00
w1
watchdog Merge branches 'acpi-wdat' and 'acpi-cppc' 2016-10-21 22:24:23 +02:00
xen xen: fixes for 4.9-rc2 2016-10-24 19:52:24 -07:00
zorro
Kconfig
Makefile A small bug fix and a new driver for acting as an IPMI device. 2016-10-23 15:56:23 -07:00