lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 27 Apr 2021 22:40:10 +0000
From:   patchwork-bot+netdevbpf@...nel.org
To:     Ignat Korchagin <ignat@...udflare.com>
Cc:     ecree.xilinx@...il.com, habetsm.xilinx@...il.com,
        davem@...emloft.net, kuba@...nel.org, netdev@...r.kernel.org,
        kernel-team@...udflare.com, stable@...r.kernel.org
Subject: Re: [PATCH] sfc: adjust efx->xdp_tx_queue_count with the real number of
 initialized queues

Hello:

This patch was applied to netdev/net-next.git (refs/heads/master):

On Tue, 27 Apr 2021 22:09:38 +0100 you wrote:
> efx->xdp_tx_queue_count is initially initialized to num_possible_cpus() and is
> later used to allocate and traverse efx->xdp_tx_queues lookup array. However,
> we may end up not initializing all the array slots with real queues during
> probing. This results, for example, in a NULL pointer dereference, when running
> "# ethtool -S <iface>", similar to below
> 
> [2570283.664955][T4126959] BUG: kernel NULL pointer dereference, address: 00000000000000f8
> [2570283.681283][T4126959] #PF: supervisor read access in kernel mode
> [2570283.695678][T4126959] #PF: error_code(0x0000) - not-present page
> [2570283.710013][T4126959] PGD 0 P4D 0
> [2570283.721649][T4126959] Oops: 0000 [#1] SMP PTI
> [2570283.734108][T4126959] CPU: 23 PID: 4126959 Comm: ethtool Tainted: G           O      5.10.20-cloudflare-2021.3.1 #1
> [2570283.752641][T4126959] Hardware name: <redacted>
> [2570283.781408][T4126959] RIP: 0010:efx_ethtool_get_stats+0x2ca/0x330 [sfc]
> [2570283.796073][T4126959] Code: 00 85 c0 74 39 48 8b 95 a8 0f 00 00 48 85 d2 74 2d 31 c0 eb 07 48 8b 95 a8 0f 00 00 48 63 c8 49 83 c4 08 83 c0 01 48 8b 14 ca <48> 8b 92 f8 00 00 00 49 89 54 24 f8 39 85 a0 0f 00 00 77 d7 48 8b
> [2570283.831259][T4126959] RSP: 0018:ffffb79a77657ce8 EFLAGS: 00010202
> [2570283.845121][T4126959] RAX: 0000000000000019 RBX: ffffb799cd0c9280 RCX: 0000000000000018
> [2570283.860872][T4126959] RDX: 0000000000000000 RSI: ffff96dd970ce000 RDI: 0000000000000005
> [2570283.876525][T4126959] RBP: ffff96dd86f0a000 R08: ffff96dd970ce480 R09: 000000000000005f
> [2570283.892014][T4126959] R10: ffffb799cd0c9fff R11: ffffb799cd0c9000 R12: ffffb799cd0c94f8
> [2570283.907406][T4126959] R13: ffffffffc11b1090 R14: ffff96dd970ce000 R15: ffffffffc11cd66c
> [2570283.922705][T4126959] FS:  00007fa7723f8740(0000) GS:ffff96f51fac0000(0000) knlGS:0000000000000000
> [2570283.938848][T4126959] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> [2570283.952524][T4126959] CR2: 00000000000000f8 CR3: 0000001a73e6e006 CR4: 00000000007706e0
> [2570283.967529][T4126959] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> [2570283.982400][T4126959] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> [2570283.997308][T4126959] PKRU: 55555554
> [2570284.007649][T4126959] Call Trace:
> [2570284.017598][T4126959]  dev_ethtool+0x1832/0x2830
> 
> [...]

Here is the summary with links:
  - sfc: adjust efx->xdp_tx_queue_count with the real number of initialized queues
    https://git.kernel.org/netdev/net-next/c/99ba0ea616aa

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ