iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers
History
Leon Romanovsky 75a4598209 RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs 
mlx5 modify_qp() relies on FW that the error will be thrown if wrong
state is supplied. The missing check in FW causes the following crash
while using XRC_TGT QPs.

[   14.769632] BUG: unable to handle kernel NULL pointer dereference at (null)
[   14.771085] IP: mlx5_ib_modify_qp+0xf60/0x13f0
[   14.771894] PGD 800000001472e067 P4D 800000001472e067 PUD 14529067 PMD 0
[   14.773126] Oops: 0002 [#1] SMP PTI
[   14.773763] CPU: 0 PID: 365 Comm: ubsan Not tainted 4.16.0-rc1-00038-g8151138c0793 #119
[   14.775192] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
[   14.777522] RIP: 0010:mlx5_ib_modify_qp+0xf60/0x13f0
[   14.778417] RSP: 0018:ffffbf48001c7bd8 EFLAGS: 00010246
[   14.779346] RAX: 0000000000000000 RBX: ffff9a8f9447d400 RCX: 0000000000000000
[   14.780643] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000000
[   14.781930] RBP: 0000000000000000 R08: 00000000000217b0 R09: ffffffffbc9c1504
[   14.783214] R10: fffff4a180519480 R11: ffff9a8f94523600 R12: ffff9a8f9493e240
[   14.784507] R13: ffff9a8f9447d738 R14: 000000000000050a R15: 0000000000000000
[   14.785800] FS:  00007f545b466700(0000) GS:ffff9a8f9fc00000(0000) knlGS:0000000000000000
[   14.787073] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   14.787792] CR2: 0000000000000000 CR3: 00000000144be000 CR4: 00000000000006b0
[   14.788689] Call Trace:
[   14.789007]  _ib_modify_qp+0x71/0x120
[   14.789475]  modify_qp.isra.20+0x207/0x2f0
[   14.790010]  ib_uverbs_modify_qp+0x90/0xe0
[   14.790532]  ib_uverbs_write+0x1d2/0x3c0
[   14.791049]  ? __handle_mm_fault+0x93c/0xe40
[   14.791644]  __vfs_write+0x36/0x180
[   14.792096]  ? handle_mm_fault+0xc1/0x210
[   14.792601]  vfs_write+0xad/0x1e0
[   14.793018]  SyS_write+0x52/0xc0
[   14.793422]  do_syscall_64+0x75/0x180
[   14.793888]  entry_SYSCALL_64_after_hwframe+0x21/0x86
[   14.794527] RIP: 0033:0x7f545ad76099
[   14.794975] RSP: 002b:00007ffd78787468 EFLAGS: 00000287 ORIG_RAX: 0000000000000001
[   14.795958] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f545ad76099
[   14.797075] RDX: 0000000000000078 RSI: 0000000020009000 RDI: 0000000000000003
[   14.798140] RBP: 00007ffd78787470 R08: 00007ffd78787480 R09: 00007ffd78787480
[   14.799207] R10: 00007ffd78787480 R11: 0000000000000287 R12: 00005599ada98760
[   14.800277] R13: 00007ffd78787560 R14: 0000000000000000 R15: 0000000000000000
[   14.801341] Code: 4c 8b 1c 24 48 8b 83 70 02 00 00 48 c7 83 cc 02 00
00 00 00 00 00 48 c7 83 24 03 00 00 00 00 00 00 c7 83 2c 03 00 00 00 00
00 00 <c7> 00 00 00 00 00 48 8b 83 70 02 00 00 c7 40 04 00 00 00 00 4c
[   14.804012] RIP: mlx5_ib_modify_qp+0xf60/0x13f0 RSP: ffffbf48001c7bd8
[   14.804838] CR2: 0000000000000000
[   14.805288] ---[ end trace 3f1da0df5c8b7c37 ]---

Cc: syzkaller <syzkaller@googlegroups.com>
Reported-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
2018-03-14 15:34:25 -04:00
..
accessibility
acpi
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
amba
android
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
ata
pci-v4.16-changes
2018-02-06 09:59:40 -08:00
atm
atm: he: use 64-bit arithmetic instead of 32-bit
2018-02-08 15:05:16 -05:00
auxdisplay
base
More power management updates for v4.16-rc1
2018-02-09 09:40:33 -08:00
bcma
block
Things have been very quiet on the rbd side, as work continues on the
2018-02-08 11:38:59 -08:00
bluetooth
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
bus
ARM: SoC driver updates for 4.16
2018-02-01 16:35:31 -08:00
cdrom
char
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
clk
MIPS changes for 4.16
2018-02-07 11:22:44 -08:00
clocksource
connector
cpufreq
arm: imx: Add MODULE_ALIAS for cpufreq
2018-02-08 10:21:39 +01:00
cpuidle
powerpc updates for 4.16
2018-02-02 10:01:04 -08:00
crypto
KVM changes for 4.16
2018-02-10 13:16:35 -08:00
dax
Merge branch 'for-4.16/dax' into libnvdimm-for-next
2018-02-03 00:26:10 -07:00
dca
devfreq
dio
dma
Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm
2018-02-02 09:50:51 -08:00
dma-buf
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
edac
eisa
EISA: Delete error message for a failed memory allocation in eisa_probe()
2018-01-23 09:04:10 +01:00
extcon
firewire
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
firmware
2nd set of arm64 updates for 4.16:
2018-02-08 10:44:25 -08:00
fmc
fpga
fsi
gpio
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
gpu
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
hid
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
hsi
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
hv
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
hwmon
hwmon: (dell-smm) Disable fan support for Dell Vostro 3360
2018-01-27 09:34:22 -08:00
hwspinlock
hwtracing
Char/Misc driver patches for 4.16-rc1
2018-02-01 10:31:17 -08:00
i2c
Merge branch 'i2c/for-4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux
2018-02-04 10:57:43 -08:00
ide
pci-v4.16-changes
2018-02-06 09:59:40 -08:00
idle
iio
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
infiniband
RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs
2018-03-14 15:34:25 -04:00
input
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
iommu
IOMMU Updates for Linux v4.16
2018-02-08 12:03:54 -08:00
ipack
irqchip
pci-v4.16-changes
2018-02-06 09:59:40 -08:00
isdn
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
leds
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
lightnvm
macintosh
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
mailbox
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
mcb
md
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
media
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
memory
ARM: SoC driver updates for 4.16
2018-02-01 16:35:31 -08:00
memstick
message
mfd
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
misc
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
mmc
Kbuild updates for v4.16 (2nd)
2018-02-09 19:32:41 -08:00
mtd
dma mapping changes for Linux 4.16:
2018-01-31 11:32:27 -08:00
mux
Char/Misc driver patches for 4.16-rc1
2018-02-01 10:31:17 -08:00
net
net/mlx5: Fix wrongly assigned CQ reference counter
2018-03-07 15:54:36 -08:00
nfc
ntb
NTB: ntb_perf: fix cast to restricted __le32
2018-01-28 22:17:24 -05:00
nubus
nvdimm
Merge branch 'for-4.16/nfit' into libnvdimm-for-next
2018-02-03 00:26:26 -07:00
nvme
for-linus-20180204
2018-02-04 11:16:35 -08:00
nvmem
of
pci-v4.16-changes
2018-02-06 09:59:40 -08:00
opp
oprofile
parisc
parport
pci
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
pcmcia
Merge branch 'pcmcia' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia
2018-02-08 11:48:49 -08:00
perf
bitmap: replace bitmap_{from,to}_u32array
2018-02-06 18:32:44 -08:00
phy
USB/PHY updates for 4.16-rc1
2018-02-01 09:40:49 -08:00
pinctrl
This is the bulk of pin control changes for the v4.16 kernel cycle:
2018-02-02 14:22:53 -08:00
platform
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
pnp
power
power supply and reset changes for the v4.16 series
2018-01-31 12:55:31 -08:00
powercap
pps
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
ps3
ptp
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
pwm
rapidio
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
ras
mm/memory_failure: Remove unused trapno from memory_failure
2018-01-23 12:17:42 -06:00
regulator
regulator: Fix suspend to idle
2018-01-30 12:25:59 +00:00
remoteproc
remoteproc updates for v4.16
2018-02-05 10:07:40 -08:00
reset
rpmsg
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
rtc
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
s390
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
sbus
pci-v4.16-changes
2018-02-06 09:59:40 -08:00
scsi
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
sfi
sh
cpufreq: Add and use cpufreq_for_each_{valid_,}entry_idx()
2018-02-08 10:21:39 +01:00
siox
slimbus
sn
soc
ARM: SoC driver updates for 4.16
2018-02-01 16:35:31 -08:00
soundwire
spi
Merge remote-tracking branch 'spi/topic/xilinx' into spi-next
2018-01-26 17:57:34 +00:00
spmi
ssb
Merge git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git
2018-02-01 10:37:39 +02:00
staging
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
target
Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
2018-02-09 14:49:46 -08:00
tc
tee
thermal
Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux
2018-02-06 15:04:58 -08:00
thunderbolt
tty
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
uio
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
usb
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
uwb
vfio
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
vhost
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
video
Kbuild updates for v4.16 (2nd)
2018-02-09 19:32:41 -08:00
virt
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
virtio
virtio_pci: don't kfree device on register failure
2018-02-01 16:26:45 +02:00
visorbus
vlynq
vme
w1
Documentation updates for 4.16. New stuff includes refcount_t
2018-01-31 19:25:25 -08:00
watchdog
linux-watchdog 4.16-rc1 merge window tag
2018-02-07 11:54:34 -08:00
xen
vfs: do bulk POLL* -> EPOLL* replacement
2018-02-11 14:34:03 -08:00
zorro
Kconfig
Char/Misc driver patches for 4.16-rc1
2018-02-01 10:31:17 -08:00
Makefile
pci-v4.16-changes
2018-02-06 09:59:40 -08:00