From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Yonatan Cohen <yonatanc@mellanox.com>,
Moni Shoua <monis@mellanox.com>,
Leon Romanovsky <leon@kernel.org>,
Doug Ledford <dledford@redhat.com>
Subject: [PATCH 4.8 51/67] IB/rxe: Fix kernel panic in UDP tunnel with GRO and RX checksum
Date: Thu, 24 Nov 2016 16:27:45 +0100 [thread overview]
Message-ID: <20161124145500.024079940@linuxfoundation.org> (raw)
In-Reply-To: <20161124145457.061710350@linuxfoundation.org>
4.8-stable review patch. If anyone has any objections, please let me know.
------------------
From: Yonatan Cohen <yonatanc@mellanox.com>
commit 1454ca3a97e147bb91e98b087446c39cf6692a48 upstream.
Missing initialization of udp_tunnel_sock_cfg causes to following
kernel panic, while kernel tries to execute gro_receive().
While being there, we converted udp_port_cfg to use the same
initialization scheme as udp_tunnel_sock_cfg.
------------[ cut here ]------------
kernel tried to execute NX-protected page - exploit attempt? (uid: 0)
BUG: unable to handle kernel paging request at ffffffffa0588c50
IP: [<ffffffffa0588c50>] __this_module+0x50/0xffffffffffff8400 [ib_rxe]
PGD 1c09067 PUD 1c0a063 PMD bb394067 PTE 80000000ad5e8163
Oops: 0011 [#1] SMP
Modules linked in: ib_rxe ip6_udp_tunnel udp_tunnel
CPU: 5 PID: 0 Comm: swapper/5 Not tainted 4.7.0-rc3+ #2
Hardware name: Red Hat KVM, BIOS Bochs 01/01/2011
task: ffff880235e4e680 ti: ffff880235e68000 task.ti: ffff880235e68000
RIP: 0010:[<ffffffffa0588c50>]
[<ffffffffa0588c50>] __this_module+0x50/0xffffffffffff8400 [ib_rxe]
RSP: 0018:ffff880237343c80 EFLAGS: 00010282
RAX: 00000000dffe482d RBX: ffff8800ae330900 RCX: 000000002001b712
RDX: ffff8800ae330900 RSI: ffff8800ae102578 RDI: ffff880235589c00
RBP: ffff880237343cb0 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff8800ae33e262
R13: ffff880235589c00 R14: 0000000000000014 R15: ffff8800ae102578
FS: 0000000000000000(0000) GS:ffff880237340000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffa0588c50 CR3: 0000000001c06000 CR4: 00000000000006e0
Stack:
ffffffff8160860e ffff8800ae330900 ffff8800ae102578 0000000000000014
000000000000004e ffff8800ae102578 ffff880237343ce0 ffffffff816088fb
0000000000000000 ffff8800ae330900 0000000000000000 00000000ffad0000
Call Trace:
<IRQ>
[<ffffffff8160860e>] ? udp_gro_receive+0xde/0x130
[<ffffffff816088fb>] udp4_gro_receive+0x10b/0x2d0
[<ffffffff81611373>] inet_gro_receive+0x1d3/0x270
[<ffffffff81594e29>] dev_gro_receive+0x269/0x3b0
[<ffffffff81595188>] napi_gro_receive+0x38/0x120
[<ffffffffa011caee>] mlx5e_handle_rx_cqe+0x27e/0x340 [mlx5_core]
[<ffffffffa011d076>] mlx5e_poll_rx_cq+0x66/0x6d0 [mlx5_core]
[<ffffffffa011d7ae>] mlx5e_napi_poll+0x8e/0x400 [mlx5_core]
[<ffffffff815949a0>] net_rx_action+0x160/0x380
[<ffffffff816a9197>] __do_softirq+0xd7/0x2c5
[<ffffffff81085c35>] irq_exit+0xf5/0x100
[<ffffffff816a8f16>] do_IRQ+0x56/0xd0
[<ffffffff816a6dcc>] common_interrupt+0x8c/0x8c
<EOI>
[<ffffffff81061f96>] ? native_safe_halt+0x6/0x10
[<ffffffff81037ade>] default_idle+0x1e/0xd0
[<ffffffff8103828f>] arch_cpu_idle+0xf/0x20
[<ffffffff810c37dc>] default_idle_call+0x3c/0x50
[<ffffffff810c3b13>] cpu_startup_entry+0x323/0x3c0
[<ffffffff81050d8c>] start_secondary+0x15c/0x1a0
RIP [<ffffffffa0588c50>] __this_module+0x50/0xffffffffffff8400 [ib_rxe]
RSP <ffff880237343c80>
CR2: ffffffffa0588c50
---[ end trace 489ee31fa7614ac5 ]---
Kernel panic - not syncing: Fatal exception in interrupt
Kernel Offset: disabled
---[ end Kernel panic - not syncing: Fatal exception in interrupt
------------[ cut here ]------------
Fixes: 8700e3e7c485 ("Soft RoCE driver")
Signed-off-by: Yonatan Cohen <yonatanc@mellanox.com>
Reviewed-by: Moni Shoua <monis@mellanox.com>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Doug Ledford <dledford@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/sw/rxe/rxe_net.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
--- a/drivers/infiniband/sw/rxe/rxe_net.c
+++ b/drivers/infiniband/sw/rxe/rxe_net.c
@@ -243,10 +243,8 @@ static struct socket *rxe_setup_udp_tunn
{
int err;
struct socket *sock;
- struct udp_port_cfg udp_cfg;
- struct udp_tunnel_sock_cfg tnl_cfg;
-
- memset(&udp_cfg, 0, sizeof(udp_cfg));
+ struct udp_port_cfg udp_cfg = {0};
+ struct udp_tunnel_sock_cfg tnl_cfg = {0};
if (ipv6) {
udp_cfg.family = AF_INET6;
@@ -264,10 +262,8 @@ static struct socket *rxe_setup_udp_tunn
return ERR_PTR(err);
}
- tnl_cfg.sk_user_data = NULL;
tnl_cfg.encap_type = 1;
tnl_cfg.encap_rcv = rxe_udp_encap_recv;
- tnl_cfg.encap_destroy = NULL;
/* Setup UDP tunnel */
setup_udp_tunnel_sock(net, sock, &tnl_cfg);
next prev parent reply other threads:[~2016-11-24 15:41 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-24 15:26 [PATCH 4.8 00/67] 4.8.11-stable review Greg Kroah-Hartman
2016-11-24 15:26 ` [PATCH 4.8 01/67] x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems Greg Kroah-Hartman
2016-11-24 15:26 ` [PATCH 4.8 04/67] arm64: KVM: pmu: Fix AArch32 cycle counter access Greg Kroah-Hartman
2016-11-24 15:26 ` [PATCH 4.8 05/67] KVM: arm64: Fix the issues when guest PMCCFILTR is configured Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 06/67] ftrace: Ignore FTRACE_FL_DISABLED while walking dyn_ftrace records Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 07/67] ftrace: Add more checks for FTRACE_FL_DISABLED in processing ip records Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 08/67] genirq: Use irq type from irqdata instead of irqdesc Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 09/67] fuse: fix fuse_write_end() if zero bytes were copied Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 10/67] IB/rdmavt: rdmavt can handle non aligned page maps Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 11/67] IB/hfi1: Fix rnr_timer addition Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 12/67] mfd: intel-lpss: Do not put device in reset state on suspend Greg Kroah-Hartman
2016-11-24 15:30 ` Shaikh, Azhar
2016-11-24 15:27 ` [PATCH 4.8 13/67] mfd: stmpe: Fix RESET regression on STMPE2401 Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 14/67] can: bcm: fix warning in bcm_connect/proc_register Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 15/67] gpio: do not double-check direction on sleeping chips Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 16/67] ALSA: usb-audio: Fix use-after-free of usb_device at disconnect Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 17/67] ALSA: hda - add a new condition to check if it is thinkpad Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 18/67] ALSA: hda - Fix mic regression by ASRock mobo fixup Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 19/67] i2c: mux: fix up dependencies Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 20/67] i2c: i2c-mux-pca954x: fix deselect enabling for device-tree Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 21/67] Disable the __builtin_return_address() warning globally after all Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 23/67] scripts/has-stack-protector: add -fno-PIE Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 24/67] x86/kexec: " Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 25/67] kbuild: Steal gccs pie from the very beginning Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 26/67] ext4: sanity check the block and cluster size at mount time Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 27/67] ARM: dts: imx53-qsb: Fix regulator constraints Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 29/67] powerpc/64: Fix setting of AIL in hypervisor mode Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 33/67] virtio-net: drop legacy features in virtio 1 mode Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 34/67] clk: mmp: pxa910: fix return value check in pxa910_clk_init() Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 35/67] clk: mmp: pxa168: fix return value check in pxa168_clk_init() Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 36/67] clk: mmp: mmp2: fix return value check in mmp2_clk_init() Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 37/67] clk: imx: fix integer overflow in AV PLL round rate Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 38/67] rtc: omap: Fix selecting external osc Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 39/67] iwlwifi: pcie: fix SPLC structure parsing Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 40/67] iwlwifi: pcie: mark command queue lock with separate lockdep class Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 41/67] iwlwifi: mvm: fix netdetect starting/stopping for unified images Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 42/67] iwlwifi: mvm: fix d3_test with unified D0/D3 images Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 43/67] iwlwifi: mvm: wake the wait queue when the RX sync counter is zero Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 44/67] mfd: core: Fix device reference leak in mfd_clone_cell Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 45/67] sunrpc: svc_age_temp_xprts_now should not call setsockopt non-tcp transports Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 46/67] uwb: fix device reference leaks Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 47/67] PM / sleep: fix device reference leak in test_suspend Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 48/67] PM / sleep: dont suspend parent when async child suspend_{noirq, late} fails Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 49/67] perf hists: Fix column length on --hierarchy Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 50/67] IB/rxe: Update qp state for user query Greg Kroah-Hartman
2016-11-24 15:27 ` Greg Kroah-Hartman [this message]
2016-11-24 15:27 ` [PATCH 4.8 52/67] IB/rxe: Fix handling of erroneous WR Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 53/67] IB/rxe: Clear queue buffer when modifying QP to reset Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 54/67] IB/mlx4: Check gid_index return value Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 55/67] IB/mlx4: Fix create CQ error flow Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 56/67] IB/mlx5: Validate requested RQT size Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 57/67] IB/mlx5: Use cache line size to select CQE stride Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 58/67] IB/mlx5: Fix memory leak in query device Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 59/67] IB/mlx5: Fix fatal error dispatching Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 60/67] IB/mlx5: Fix NULL pointer dereference on debug print Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 61/67] IB/core: Avoid unsigned int overflow in sg_alloc_table Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 62/67] IB/hfi1: Remove incorrect IS_ERR check Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 63/67] IB/uverbs: Fix leak of XRC target QPs Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 64/67] IB/cm: Mark stale CM ids whenever the mad agent was unregistered Greg Kroah-Hartman
2016-11-24 15:27 ` [PATCH 4.8 65/67] netfilter: nft_dynset: fix element timeout for HZ != 1000 Greg Kroah-Hartman
2016-11-24 15:28 ` [PATCH 4.8 66/67] gpio: pca953x: Move memcpy into mutex lock for set multiple Greg Kroah-Hartman
2016-11-24 15:28 ` [PATCH 4.8 67/67] gpio: pca953x: Fix corruption of other gpios in set_multiple Greg Kroah-Hartman
2016-11-25 0:48 ` [PATCH 4.8 00/67] 4.8.11-stable review Guenter Roeck
2016-11-25 9:43 ` Greg Kroah-Hartman
[not found] ` <5837ca28.52301c0a.d82bc.07dd@mx.google.com>
2016-11-25 9:46 ` Greg Kroah-Hartman
[not found] ` <m2mvgjtr7m.fsf@baylibre.com>
2016-11-28 19:22 ` Javier Martinez Canillas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161124145500.024079940@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dledford@redhat.com \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=monis@mellanox.com \
--cc=stable@vger.kernel.org \
--cc=yonatanc@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.