Re: [PATCH rc] RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jason Gunthorpe <jgg@ziepe.ca>
To: linux-rdma@vger.kernel.org
Cc: syzbot+da615ac67d4dbea32cbc@syzkaller.appspotmail.com
Subject: Re: [PATCH rc] RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET
Date: Fri, 13 Mar 2020 10:31:14 -0300	[thread overview]
Message-ID: <20200313133114.GA18232@ziepe.ca> (raw)
In-Reply-To: <20200309191648.GA30852@ziepe.ca>

On Mon, Mar 09, 2020 at 04:16:48PM -0300, Jason Gunthorpe wrote:
> Empty device names cannot be added to sysfs and crash with:
> 
>   kobject: (00000000f9de3792): attempted to be registered with empty name!
>   WARNING: CPU: 1 PID: 10856 at lib/kobject.c:234 kobject_add_internal+0x7ac/0x9a0 lib/kobject.c:234
>   Kernel panic - not syncing: panic_on_warn set ...
>   CPU: 1 PID: 10856 Comm: syz-executor459 Not tainted 5.6.0-rc3-syzkaller #0
>   Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
>   Call Trace:
>    __dump_stack lib/dump_stack.c:77 [inline]
>    dump_stack+0x197/0x210 lib/dump_stack.c:118
>    panic+0x2e3/0x75c kernel/panic.c:221
>    __warn.cold+0x2f/0x3e kernel/panic.c:582
>    report_bug+0x289/0x300 lib/bug.c:195
>    fixup_bug arch/x86/kernel/traps.c:174 [inline]
>    fixup_bug arch/x86/kernel/traps.c:169 [inline]
>    do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267
>    do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286
>    invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
>   RIP: 0010:kobject_add_internal+0x7ac/0x9a0 lib/kobject.c:234
>   Code: 7a ca ca f9 e9 f0 f8 ff ff 4c 89 f7 e8 cd ca ca f9 e9 95 f9 ff ff e8 13 25 8c f9 4c 89 e6 48 c7 c7 a0 08 1a 89 e8 a3 76 5c f9 <0f> 0b 41 bd ea ff ff ff e9 52 ff ff ff e8 f2 24 8c f9 0f 0b e8 eb
>   RSP: 0018:ffffc90002006eb0 EFLAGS: 00010286
>   RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
>   RDX: 0000000000000000 RSI: ffffffff815eae46 RDI: fffff52000400dc8
>   RBP: ffffc90002006f08 R08: ffff8880972ac500 R09: ffffed1015d26659
>   R10: ffffed1015d26658 R11: ffff8880ae9332c7 R12: ffff888093034668
>   R13: 0000000000000000 R14: ffff8880a69d7600 R15: 0000000000000001
>    kobject_add_varg lib/kobject.c:390 [inline]
>    kobject_add+0x150/0x1c0 lib/kobject.c:442
>    device_add+0x3be/0x1d00 drivers/base/core.c:2412
>    ib_register_device drivers/infiniband/core/device.c:1371 [inline]
>    ib_register_device+0x93e/0xe40 drivers/infiniband/core/device.c:1343
>    rxe_register_device+0x52e/0x655 drivers/infiniband/sw/rxe/rxe_verbs.c:1231
>    rxe_add+0x122b/0x1661 drivers/infiniband/sw/rxe/rxe.c:302
>    rxe_net_add+0x91/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:539
>    rxe_newlink+0x39/0x90 drivers/infiniband/sw/rxe/rxe.c:318
>    nldev_newlink+0x28a/0x430 drivers/infiniband/core/nldev.c:1538
>    rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:195 [inline]
>    rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
>    rdma_nl_rcv+0x5d9/0x980 drivers/infiniband/core/netlink.c:259
>    netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
>    netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1329
>    netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1918
>    sock_sendmsg_nosec net/socket.c:652 [inline]
>    sock_sendmsg+0xd7/0x130 net/socket.c:672
>    ____sys_sendmsg+0x753/0x880 net/socket.c:2343
>    ___sys_sendmsg+0x100/0x170 net/socket.c:2397
>    __sys_sendmsg+0x105/0x1d0 net/socket.c:2430
>    __do_sys_sendmsg net/socket.c:2439 [inline]
>    __se_sys_sendmsg net/socket.c:2437 [inline]
>    __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
>    do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
>    entry_SYSCALL_64_after_hwframe+0x49/0xbe
> 
> Prevent empty names when checking the name provided from userspace during
> newlink and rename.
> 
> Cc: stable@kernel.org
> Fixes: 3856ec4b93c9 ("RDMA/core: Add RDMA_NLDEV_CMD_NEWLINK/DELLINK support")
> Fixes: 05d940d3a3ec ("RDMA/nldev: Allow IB device rename through RDMA netlink")
> Reported-by: syzbot+da615ac67d4dbea32cbc@syzkaller.appspotmail.com
> Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
> ---
>  drivers/infiniband/core/nldev.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Applied to for-rc

Jason

     prev parent reply	other threads:[~2020-03-13 13:31 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-03-09 19:16 [PATCH rc] RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET Jason Gunthorpe
2020-03-09 19:20 ` Jason Gunthorpe
2020-03-09 20:38 ` WARNING: kobject bug in ib_register_device syzbot
2020-03-13 13:31 ` Jason Gunthorpe [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200313133114.GA18232@ziepe.ca \
    --to=jgg@ziepe.ca \
    --cc=linux-rdma@vger.kernel.org \
    --cc=syzbot+da615ac67d4dbea32cbc@syzkaller.appspotmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.