lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20171026234636.GA18898@felix-thinkpad.cavium.com>
Date:   Thu, 26 Oct 2017 16:46:36 -0700
From:   Felix Manlunas <felix.manlunas@...ium.com>
To:     davem@...emloft.net
Cc:     netdev@...r.kernel.org, raghu.vatsavayi@...ium.com,
        derek.chickles@...ium.com, satananda.burla@...ium.com
Subject: [PATCH net-next] liquidio: fix kernel panic in VF driver

Doing ifconfig down on VF driver in the middle of receiving line rate
traffic causes a kernel panic:

    LiquidIO_VF 0000:02:00.3: should not come here should not get rx when poll mode = 0 for vf
    BUG: unable to handle kernel NULL pointer dereference at           (null)
    .
    .
    .
    Call Trace:
     <IRQ>
     ? tasklet_action+0x102/0x120
     __do_softirq+0x91/0x292
     irq_exit+0xb6/0xc0
     do_IRQ+0x4f/0xd0
     common_interrupt+0x93/0x93
     </IRQ>
    RIP: 0010:cpuidle_enter_state+0x142/0x2f0
    RSP: 0018:ffffffffa6403e20 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff59
    RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001f
    RDX: 0000000000000000 RSI: 000000002ab7519f RDI: 0000000000000000
    RBP: ffffffffa6403e58 R08: 0000000000000084 R09: 0000000000000018
    R10: ffffffffa6403df0 R11: 00000000000003c7 R12: 0000000000000003
    R13: ffffd27ebd806800 R14: ffffffffa64d40d8 R15: 0000007be072823f
     cpuidle_enter+0x17/0x20
     call_cpuidle+0x23/0x40
     do_idle+0x18c/0x1f0
     cpu_startup_entry+0x64/0x70
     rest_init+0xa5/0xb0
     start_kernel+0x45e/0x46b
     x86_64_start_reservations+0x24/0x26
     x86_64_start_kernel+0x6f/0x72
     secondary_startup_64+0xa5/0xa5
    Code:  Bad RIP value.
    RIP:           (null) RSP: ffff9246ed003f28
    CR2: 0000000000000000
    ---[ end trace 92731e80f31b7d7d ]---
    Kernel panic - not syncing: Fatal exception in interrupt
    Kernel Offset: 0x24000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff)
    ---[ end Kernel panic - not syncing: Fatal exception in interrupt

Reason is:  in the function assigned to net_device_ops->ndo_stop, the steps
for bringing down the interface are done in the wrong order.  The step that
notifies the NIC firmware to stop forwarding packets to host is done too
late.  Fix it by moving that step to the beginning.

Signed-off-by: Felix Manlunas <felix.manlunas@...ium.com>
Signed-off-by: Raghu Vatsavayi <raghu.vatsavayi@...ium.com>
---
 drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/net/ethernet/cavium/liquidio/lio_vf_main.c b/drivers/net/ethernet/cavium/liquidio/lio_vf_main.c
index 4c3b568..ed1f073 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_vf_main.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_vf_main.c
@@ -1288,6 +1288,9 @@ static int liquidio_stop(struct net_device *netdev)
 	struct octeon_device *oct = lio->oct_dev;
 	struct napi_struct *napi, *n;
 
+	/* tell Octeon to stop forwarding packets to host */
+	send_rx_ctrl_cmd(lio, 0);
+
 	if (oct->props[lio->ifidx].napi_enabled) {
 		list_for_each_entry_safe(napi, n, &netdev->napi_list, dev_list)
 			napi_disable(napi);
@@ -1305,9 +1308,6 @@ static int liquidio_stop(struct net_device *netdev)
 	netif_carrier_off(netdev);
 	lio->link_changes++;
 
-	/* tell Octeon to stop forwarding packets to host */
-	send_rx_ctrl_cmd(lio, 0);
-
 	ifstate_reset(lio, LIO_IFSTATE_RUNNING);
 
 	txqs_stop(netdev);

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ