| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20241030082117.1172634-1-wei.fang@nxp.com>
Date: Wed, 30 Oct 2024 16:21:17 +0800
From: Wei Fang <wei.fang@....com>
To: davem@...emloft.net,
edumazet@...gle.com,
kuba@...nel.org,
pabeni@...hat.com,
andrew+netdev@...n.ch,
claudiu.manoil@....com,
vladimir.oltean@....com
Cc: netdev@...r.kernel.org,
linux-kernel@...r.kernel.org,
imx@...ts.linux.dev
Subject: [PATCH net] net: enetc: prevent VF from configuring preemptiable TCs
Both ENETC PF and VF drivers share enetc_setup_tc_mqprio() to configure
MQPRIO. And enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs()
to configure preemptible TCs. However, only PF is able to configure
preemptible TCs. Because only PF has related registers, while VF does not
have these registers. So for VF, its hw->port pointer is NULL. Therefore,
VF will access an invalid pointer when accessing a non-existent register,
which will cause a call trace issue. The call trace log is shown below.
root@...028ardb:~# tc qdisc add dev eno0vf0 parent root handle 100: \
mqprio num_tc 4 map 0 0 1 1 2 2 3 3 queues 1@0 1@1 1@2 1@3 hw 1
[ 187.290775] Unable to handle kernel paging request at virtual address 0000000000001f00
[ 187.298760] Mem abort info:
[ 187.301607] ESR = 0x0000000096000004
[ 187.305373] EC = 0x25: DABT (current EL), IL = 32 bits
[ 187.310714] SET = 0, FnV = 0
[ 187.313778] EA = 0, S1PTW = 0
[ 187.316923] FSC = 0x04: level 0 translation fault
[ 187.321818] Data abort info:
[ 187.324701] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 187.330207] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 187.335278] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 187.340610] user pgtable: 4k pages, 48-bit VAs, pgdp=0000002084b71000
[ 187.347076] [0000000000001f00] pgd=0000000000000000, p4d=0000000000000000
[ 187.353900] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[ 187.360188] Modules linked in: xt_conntrack xt_addrtype cfg80211 rfkill snd_soc_hdmi_codec fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_descp
[ 187.406320] CPU: 0 PID: 1117 Comm: tc Not tainted 6.6.52-gfbb48d8e2ddb #1
[ 187.413131] Hardware name: LS1028A RDB Board (DT)
[ 187.417846] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 187.424831] pc : enetc_mm_commit_preemptible_tcs+0x1c4/0x400
[ 187.430518] lr : enetc_mm_commit_preemptible_tcs+0x30c/0x400
[ 187.436195] sp : ffff800084a4b400
[ 187.439515] x29: ffff800084a4b400 x28: 0000000000000004 x27: ffff6a58c5229808
[ 187.446679] x26: 0000000080000203 x25: ffff800085218600 x24: 0000000000000004
[ 187.453842] x23: ffff6a58c42e4a00 x22: ffff6a58c5229808 x21: ffff6a58c42e4980
[ 187.461004] x20: ffff6a58c5229800 x19: 0000000000001f00 x18: 0000000000000001
[ 187.468167] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
[ 187.475328] x14: 00000000000003f8 x13: 0000000000000400 x12: 0000000000065feb
[ 187.482491] x11: 0000000000000000 x10: ffff6a593f6f9918 x9 : 0000000000000000
[ 187.489653] x8 : ffff800084a4b668 x7 : 0000000000000003 x6 : 0000000000000001
[ 187.496815] x5 : 0000000000001f00 x4 : 0000000000000000 x3 : 0000000000000000
[ 187.503977] x2 : 0000000000000000 x1 : 0000000000000200 x0 : ffffd2fbd8497460
[ 187.511140] Call trace:
[ 187.513588] enetc_mm_commit_preemptible_tcs+0x1c4/0x400
[ 187.518918] enetc_setup_tc_mqprio+0x180/0x214
[ 187.523374] enetc_vf_setup_tc+0x1c/0x30
[ 187.527306] mqprio_enable_offload+0x144/0x178
[ 187.531766] mqprio_init+0x3ec/0x668
[ 187.535351] qdisc_create+0x15c/0x488
[ 187.539023] tc_modify_qdisc+0x398/0x73c
[ 187.542958] rtnetlink_rcv_msg+0x128/0x378
[ 187.547064] netlink_rcv_skb+0x60/0x130
[ 187.550910] rtnetlink_rcv+0x18/0x24
[ 187.554492] netlink_unicast+0x300/0x36c
[ 187.558425] netlink_sendmsg+0x1a8/0x420
[ 187.562358] ____sys_sendmsg+0x214/0x26c
[ 187.566292] ___sys_sendmsg+0xb0/0x108
[ 187.570050] __sys_sendmsg+0x88/0xe8
[ 187.573634] __arm64_sys_sendmsg+0x24/0x30
[ 187.577742] invoke_syscall+0x48/0x114
[ 187.581503] el0_svc_common.constprop.0+0x40/0xe0
[ 187.586222] do_el0_svc+0x1c/0x28
[ 187.589544] el0_svc+0x40/0xe4
[ 187.592607] el0t_64_sync_handler+0x120/0x12c
[ 187.596976] el0t_64_sync+0x190/0x194
[ 187.600648] Code: d65f03c0 d283e005 8b050273 14000050 (b9400273)
[ 187.606759] ---[ end trace 0000000000000000 ]---
Fixes: 827145392a4a ("net: enetc: only commit preemptible TCs to hardware when MM TX is active")
Signed-off-by: Wei Fang <wei.fang@....com>
---
drivers/net/ethernet/freescale/enetc/enetc.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/freescale/enetc/enetc.c b/drivers/net/ethernet/freescale/enetc/enetc.c
index c09370eab319..c9f7b7b4445f 100644
--- a/drivers/net/ethernet/freescale/enetc/enetc.c
+++ b/drivers/net/ethernet/freescale/enetc/enetc.c
@@ -28,6 +28,9 @@ EXPORT_SYMBOL_GPL(enetc_port_mac_wr);
static void enetc_change_preemptible_tcs(struct enetc_ndev_priv *priv,
u8 preemptible_tcs)
{
+ if (!enetc_si_is_pf(priv->si))
+ return;
+
priv->preemptible_tcs = preemptible_tcs;
enetc_mm_commit_preemptible_tcs(priv);
}
--
2.34.1
Powered by blists - more mailing lists