| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241203215521.1646668-4-anthony.l.nguyen@intel.com>
Date: Tue, 3 Dec 2024 13:55:12 -0800
From: Tony Nguyen <anthony.l.nguyen@...el.com>
To: davem@...emloft.net,
kuba@...nel.org,
pabeni@...hat.com,
edumazet@...gle.com,
andrew+netdev@...n.ch,
netdev@...r.kernel.org
Cc: Wojciech Drewek <wojciech.drewek@...el.com>,
anthony.l.nguyen@...el.com,
jiri@...nulli.us,
Przemek Kitszel <przemyslaw.kitszel@...el.com>,
Michal Swiatkowski <michal.swiatkowski@...ux.intel.com>,
Simon Horman <horms@...nel.org>,
Sujai Buvaneswaran <sujai.buvaneswaran@...el.com>
Subject: [PATCH net 3/9] ice: Fix NULL pointer dereference in switchdev
From: Wojciech Drewek <wojciech.drewek@...el.com>
Commit 608a5c05c39b ("virtchnl: support queue rate limit and quanta
size configuration") introduced new virtchnl ops:
- get_qos_caps
- cfg_q_bw
- cfg_q_quanta
New ops were added to ice_virtchnl_dflt_ops, in
commit 015307754a19 ("ice: Support VF queue rate limit and quanta
size configuration"), but not to the ice_virtchnl_repr_ops. Because
of that, if we get one of those messages in switchdev mode we end up
with NULL pointer dereference:
[ 1199.794701] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 1199.794804] Workqueue: ice ice_service_task [ice]
[ 1199.794878] RIP: 0010:0x0
[ 1199.795027] Call Trace:
[ 1199.795033] <TASK>
[ 1199.795039] ? __die+0x20/0x70
[ 1199.795051] ? page_fault_oops+0x140/0x520
[ 1199.795064] ? exc_page_fault+0x7e/0x270
[ 1199.795074] ? asm_exc_page_fault+0x22/0x30
[ 1199.795086] ice_vc_process_vf_msg+0x6e5/0xd30 [ice]
[ 1199.795165] __ice_clean_ctrlq+0x734/0x9d0 [ice]
[ 1199.795207] ice_service_task+0xccf/0x12b0 [ice]
[ 1199.795248] process_one_work+0x21a/0x620
[ 1199.795260] worker_thread+0x18d/0x330
[ 1199.795269] ? __pfx_worker_thread+0x10/0x10
[ 1199.795279] kthread+0xec/0x120
[ 1199.795288] ? __pfx_kthread+0x10/0x10
[ 1199.795296] ret_from_fork+0x2d/0x50
[ 1199.795305] ? __pfx_kthread+0x10/0x10
[ 1199.795312] ret_from_fork_asm+0x1a/0x30
[ 1199.795323] </TASK>
Fixes: 015307754a19 ("ice: Support VF queue rate limit and quanta size configuration")
Reviewed-by: Przemek Kitszel <przemyslaw.kitszel@...el.com>
Reviewed-by: Michal Swiatkowski <michal.swiatkowski@...ux.intel.com>
Signed-off-by: Wojciech Drewek <wojciech.drewek@...el.com>
Reviewed-by: Simon Horman <horms@...nel.org>
Tested-by: Sujai Buvaneswaran <sujai.buvaneswaran@...el.com>
Signed-off-by: Tony Nguyen <anthony.l.nguyen@...el.com>
---
drivers/net/ethernet/intel/ice/ice_virtchnl.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/ethernet/intel/ice/ice_virtchnl.c b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
index f445e33b2028..ff4ad788d96a 100644
--- a/drivers/net/ethernet/intel/ice/ice_virtchnl.c
+++ b/drivers/net/ethernet/intel/ice/ice_virtchnl.c
@@ -4128,6 +4128,9 @@ static const struct ice_virtchnl_ops ice_virtchnl_dflt_ops = {
.get_qos_caps = ice_vc_get_qos_caps,
.cfg_q_bw = ice_vc_cfg_q_bw,
.cfg_q_quanta = ice_vc_cfg_q_quanta,
+ /* If you add a new op here please make sure to add it to
+ * ice_virtchnl_repr_ops as well.
+ */
};
/**
@@ -4258,6 +4261,9 @@ static const struct ice_virtchnl_ops ice_virtchnl_repr_ops = {
.dis_vlan_stripping_v2_msg = ice_vc_dis_vlan_stripping_v2_msg,
.ena_vlan_insertion_v2_msg = ice_vc_ena_vlan_insertion_v2_msg,
.dis_vlan_insertion_v2_msg = ice_vc_dis_vlan_insertion_v2_msg,
+ .get_qos_caps = ice_vc_get_qos_caps,
+ .cfg_q_bw = ice_vc_cfg_q_bw,
+ .cfg_q_quanta = ice_vc_cfg_q_quanta,
};
/**
--
2.42.0
Powered by blists - more mailing lists