[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CACKFLimcM8i1gA8LvAV3ny+mw-6GvjYRUYue-rkje1aobdFtvQ@mail.gmail.com>
Date: Fri, 10 Jul 2020 10:01:10 -0700
From: Michael Chan <michael.chan@...adcom.com>
To: Davide Caratti <dcaratti@...hat.com>
Cc: "David S. Miller" <davem@...emloft.net>,
Netdev <netdev@...r.kernel.org>,
Jonathan Toppins <jtoppins@...hat.com>, feliu@...hat.com
Subject: Re: [PATCH net] bnxt_en: fix NULL dereference in case SR-IOV
configuration fails
On Fri, Jul 10, 2020 at 3:55 AM Davide Caratti <dcaratti@...hat.com> wrote:
>
> we need to set 'active_vfs' back to 0, if something goes wrong during the
> allocation of SR-IOV resources: otherwise, further VF configurations will
> wrongly assume that bp->pf.vf[x] are valid memory locations, and commands
> like the ones in the following sequence:
>
> # echo 2 >/sys/bus/pci/devices/${ADDR}/sriov_numvfs
> # ip link set dev ens1f0np0 up
> # ip link set dev ens1f0np0 vf 0 trust on
>
> will cause a kernel crash similar to this:
>
> bnxt_en 0000:3b:00.0: not enough MMIO resources for SR-IOV
> BUG: kernel NULL pointer dereference, address: 0000000000000014
> #PF: supervisor read access in kernel mode
> #PF: error_code(0x0000) - not-present page
> PGD 0 P4D 0
> Oops: 0000 [#1] SMP PTI
> CPU: 43 PID: 2059 Comm: ip Tainted: G I 5.8.0-rc2.upstream+ #871
> Hardware name: Dell Inc. PowerEdge R740/08D89F, BIOS 2.2.11 06/13/2019
> RIP: 0010:bnxt_set_vf_trust+0x5b/0x110 [bnxt_en]
> Code: 44 24 58 31 c0 e8 f5 fb ff ff 85 c0 0f 85 b6 00 00 00 48 8d 1c 5b 41 89 c6 b9 0b 00 00 00 48 c1 e3 04 49 03 9c 24 f0 0e 00 00 <8b> 43 14 89 c2 83 c8 10 83 e2 ef 45 84 ed 49 89 e5 0f 44 c2 4c 89
> RSP: 0018:ffffac6246a1f570 EFLAGS: 00010246
> RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000b
> RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff98b28f538900
> RBP: ffff98b28f538900 R08: 0000000000000000 R09: 0000000000000008
> R10: ffffffffb9515be0 R11: ffffac6246a1f678 R12: ffff98b28f538000
> R13: 0000000000000001 R14: 0000000000000000 R15: ffffffffc05451e0
> FS: 00007fde0f688800(0000) GS:ffff98baffd40000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 0000000000000014 CR3: 000000104bb0a003 CR4: 00000000007606e0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> PKRU: 55555554
> Call Trace:
> do_setlink+0x994/0xfe0
> __rtnl_newlink+0x544/0x8d0
> rtnl_newlink+0x47/0x70
> rtnetlink_rcv_msg+0x29f/0x350
> netlink_rcv_skb+0x4a/0x110
> netlink_unicast+0x21d/0x300
> netlink_sendmsg+0x329/0x450
> sock_sendmsg+0x5b/0x60
> ____sys_sendmsg+0x204/0x280
> ___sys_sendmsg+0x88/0xd0
> __sys_sendmsg+0x5e/0xa0
> do_syscall_64+0x47/0x80
> entry_SYSCALL_64_after_hwframe+0x44/0xa9
>
> Fixes: c0c050c58d840 ("bnxt_en: New Broadcom ethernet driver.")
> Reported-by: Fei Liu <feliu@...hat.com>
> CC: Jonathan Toppins <jtoppins@...hat.com>
> CC: Michael Chan <michael.chan@...adcom.com>
> Signed-off-by: Davide Caratti <dcaratti@...hat.com>
Reviewed-by: Michael Chan <michael.chan@...adcom.com>
Thanks.
Powered by blists - more mailing lists