From: Simon Horman <simon.horman@corigine.com>
To: Leon Romanovsky <leon@kernel.org>
Cc: Jakub Kicinski <kuba@kernel.org>,
Leon Romanovsky <leonro@nvidia.com>,
Emeel Hakim <ehakim@nvidia.com>,
Eric Dumazet <edumazet@google.com>,
netdev@vger.kernel.org, Paolo Abeni <pabeni@redhat.com>,
Raed Salem <raeds@nvidia.com>, Saeed Mahameed <saeedm@nvidia.com>,
Steffen Klassert <steffen.klassert@secunet.com>
Subject: Re: [PATCH net-next 4/5] net/mlx5e: Properly release work data structure
Date: Thu, 20 Apr 2023 13:23:53 +0200 [thread overview]
Message-ID: <ZEEgyYU6GK15Ap6Z@corigine.com> (raw)
In-Reply-To: <f6c4092e54ab1e3c88a172ae08eab86297f9a9b3.1681976818.git.leon@kernel.org>
On Thu, Apr 20, 2023 at 11:02:50AM +0300, Leon Romanovsky wrote:
> From: Leon Romanovsky <leonro@nvidia.com>
>
> There are some flows in which work structure is not allocated at all
> and it is needed to be checked prior release of data structure.
>
> general protection fault, probably for non-canonical address 0xdffffc000000000a: 0000 [#1] SMP KASAN
> KASAN: null-ptr-deref in range [0x0000000000000050-0x0000000000000057]
> CPU: 6 PID: 3486 Comm: kworker/6:0 Not tainted 6.3.0-rc5_for_upstream_debug_2023_04_06_11_01 #1
> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
> Workqueue: events xfrm_state_gc_task
> RIP: 0010:mlx5e_xfrm_free_state+0x177/0x260 [mlx5_core]
> Code: c1 ea 03 80 3c 02 00 0f 85 f5 00 00 00 4c 8b a5 08 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 50 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 b7 00 00 00 49 8b 7c 24 50 e8 85 7c 09 e0 4c 89
> RSP: 0018:ffff888137a8fc50 EFLAGS: 00010206
> RAX: dffffc0000000000 RBX: ffff888180398000 RCX: 0000000000000000
> RDX: 000000000000000a RSI: ffffffffa1878227 RDI: 0000000000000050
> RBP: ffff88812a0c8000 R08: ffff888137a8fb60 R09: 0000000000000000
> R10: fffffbfff09aba0c R11: 0000000000000001 R12: 0000000000000000
> R13: ffff88812a0c8108 R14: ffffffff84c63480 R15: ffff8881acb63118
> FS: 0000000000000000(0000) GS:ffff88881eb00000(0000) knlGS:0000000000000000
> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: 00007f667e8bc000 CR3: 0000000004693006 CR4: 0000000000370ea0
> DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> Call Trace:
>
> ___xfrm_state_destroy+0x3c8/0x5e0
> xfrm_state_gc_task+0xf6/0x140
> ? ___xfrm_state_destroy+0x5e0/0x5e0
> process_one_work+0x7c2/0x1340
> ? lockdep_hardirqs_on_prepare+0x3f0/0x3f0
> ? pwq_dec_nr_in_flight+0x230/0x230
> ? spin_bug+0x1d0/0x1d0
> worker_thread+0x59d/0xec0
> ? __kthread_parkme+0xd9/0x1d0
> ? process_one_work+0x1340/0x1340
> kthread+0x28f/0x330
> ? kthread_complete_and_exit+0x20/0x20
> ret_from_fork+0x1f/0x30
>
> Modules linked in: sch_ingress openvswitch nsh mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi rdma_cm iw_cm ib_umad ib_ipoib ib_cm ib_uverbs ib_core vfio_pci vfio_pci_core vfio_iommu_type1 vfio cuse overlay zram zsmalloc fuse [last unloaded: mlx5_core]
> ---[ end trace 0000000000000000 ]---
>
> Fixes: 4562116f8a56 ("net/mlx5e: Generalize IPsec work structs")
> Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
next prev parent reply other threads:[~2023-04-20 11:25 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-20 8:02 [PATCH net-next 0/5] Fixes to mlx5 IPsec implementation Leon Romanovsky
2023-04-20 8:02 ` [PATCH net-next 1/5] net/mlx5e: Fix FW error while setting IPsec policy block action Leon Romanovsky
2023-04-20 11:23 ` Simon Horman
2023-04-20 8:02 ` [PATCH net-next 2/5] net/mlx5e: Don't overwrite extack message returned from IPsec SA validator Leon Romanovsky
2023-04-20 11:24 ` Simon Horman
2023-04-20 8:02 ` [PATCH net-next 3/5] net/mlx5e: Compare all fields in IPv6 address Leon Romanovsky
2023-04-20 11:09 ` Simon Horman
2023-04-20 11:52 ` Leon Romanovsky
2023-04-20 12:05 ` Simon Horman
2023-04-20 14:35 ` Simon Horman
2023-04-20 17:13 ` Leon Romanovsky
2023-04-21 9:04 ` Simon Horman
2023-04-20 8:02 ` [PATCH net-next 4/5] net/mlx5e: Properly release work data structure Leon Romanovsky
2023-04-20 11:23 ` Simon Horman [this message]
2023-04-20 8:02 ` [PATCH net-next 5/5] net/mlx5e: Refactor duplicated code in mlx5e_ipsec_init_macs Leon Romanovsky
2023-04-20 11:22 ` Simon Horman
2023-04-21 11:00 ` [PATCH net-next 0/5] Fixes to mlx5 IPsec implementation patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZEEgyYU6GK15Ap6Z@corigine.com \
--to=simon.horman@corigine.com \
--cc=edumazet@google.com \
--cc=ehakim@nvidia.com \
--cc=kuba@kernel.org \
--cc=leon@kernel.org \
--cc=leonro@nvidia.com \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=raeds@nvidia.com \
--cc=saeedm@nvidia.com \
--cc=steffen.klassert@secunet.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.