Re: [PATCH net 4/8] net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Simon Horman <horms@kernel.org>
To: Tariq Toukan <tariqt@nvidia.com>
Cc: "David S. Miller" <davem@davemloft.net>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	Eric Dumazet <edumazet@google.com>,
	netdev@vger.kernel.org, Saeed Mahameed <saeedm@nvidia.com>,
	Gal Pressman <gal@nvidia.com>,
	Leon Romanovsky <leonro@nvidia.com>,
	Rahul Rameshbabu <rrameshbabu@nvidia.com>
Subject: Re: [PATCH net 4/8] net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules
Date: Thu, 23 May 2024 10:47:47 +0100	[thread overview]
Message-ID: <20240523094747.GG883722@kernel.org> (raw)
In-Reply-To: <20240522192659.840796-5-tariqt@nvidia.com>

On Wed, May 22, 2024 at 10:26:55PM +0300, Tariq Toukan wrote:
> From: Rahul Rameshbabu <rrameshbabu@nvidia.com>
> 
> rx_create no longer allocates a modify_hdr instance that needs to be
> cleaned up. The mlx5_modify_header_dealloc call will lead to a NULL pointer
> dereference. A leak in the rules also previously occurred since there are
> now two rules populated related to status.
> 
>   BUG: kernel NULL pointer dereference, address: 0000000000000000
>   #PF: supervisor read access in kernel mode
>   #PF: error_code(0x0000) - not-present page
>   PGD 109907067 P4D 109907067 PUD 116890067 PMD 0
>   Oops: 0000 [#1] SMP
>   CPU: 1 PID: 484 Comm: ip Not tainted 6.9.0-rc2-rrameshbabu+ #254
>   Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS Arch Linux 1.16.3-1-1 04/01/2014
>   RIP: 0010:mlx5_modify_header_dealloc+0xd/0x70
>   <snip>
>   Call Trace:
>    <TASK>
>    ? show_regs+0x60/0x70
>    ? __die+0x24/0x70
>    ? page_fault_oops+0x15f/0x430
>    ? free_to_partial_list.constprop.0+0x79/0x150
>    ? do_user_addr_fault+0x2c9/0x5c0
>    ? exc_page_fault+0x63/0x110
>    ? asm_exc_page_fault+0x27/0x30
>    ? mlx5_modify_header_dealloc+0xd/0x70
>    rx_create+0x374/0x590
>    rx_add_rule+0x3ad/0x500
>    ? rx_add_rule+0x3ad/0x500
>    ? mlx5_cmd_exec+0x2c/0x40
>    ? mlx5_create_ipsec_obj+0xd6/0x200
>    mlx5e_accel_ipsec_fs_add_rule+0x31/0xf0
>    mlx5e_xfrm_add_state+0x426/0xc00
>   <snip>
> 
> Fixes: 94af50c0a9bb ("net/mlx5e: Unify esw and normal IPsec status table creation/destruction")
> Signed-off-by: Rahul Rameshbabu <rrameshbabu@nvidia.com>
> Signed-off-by: Tariq Toukan <tariqt@nvidia.com>

Reviewed-by: Simon Horman <horms@kernel.org>

next prev parent reply	other threads:[~2024-05-23  9:47 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-22 19:26 [PATCH net 0/8] mlx5 fixes 24-05-22 Tariq Toukan
2024-05-22 19:26 ` [PATCH net 1/8] net/mlx5: Lag, do bond only if slaves agree on roce state Tariq Toukan
2024-05-23  9:45   ` Simon Horman
2024-05-22 19:26 ` [PATCH net 2/8] net/mlx5: Do not query MPIR on embedded CPU function Tariq Toukan
2024-05-23  9:46   ` Simon Horman
2024-05-22 19:26 ` [PATCH net 3/8] net/mlx5: Fix MTMP register capability offset in MCAM register Tariq Toukan
2024-05-23  9:47   ` Simon Horman
2024-05-22 19:26 ` [PATCH net 4/8] net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules Tariq Toukan
2024-05-23  9:47   ` Simon Horman [this message]
2024-05-22 19:26 ` [PATCH net 5/8] net/mlx5e: Fix IPsec tunnel mode offload feature check Tariq Toukan
2024-05-23  9:48   ` Simon Horman
2024-05-22 19:26 ` [PATCH net 6/8] net/mlx5e: Do not use ptp structure for tx ts stats when not initialized Tariq Toukan
2024-05-23  9:48   ` Simon Horman
2024-05-22 19:26 ` [PATCH net 7/8] net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion Tariq Toukan
2024-05-23  9:48   ` Simon Horman
2024-05-22 19:26 ` [PATCH net 8/8] net/mlx5e: Fix UDP GSO for encapsulated packets Tariq Toukan
2024-05-23  9:48   ` Simon Horman
2024-05-24 12:30 ` [PATCH net 0/8] mlx5 fixes 24-05-22 patchwork-bot+netdevbpf

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240523094747.GG883722@kernel.org \
    --to=horms@kernel.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=gal@nvidia.com \
    --cc=kuba@kernel.org \
    --cc=leonro@nvidia.com \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=rrameshbabu@nvidia.com \
    --cc=saeedm@nvidia.com \
    --cc=tariqt@nvidia.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.