From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Ivan Vecera <ivecera@redhat.com>,
Tony Nguyen <anthony.l.nguyen@intel.com>,
Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>,
Arpana Arland <arpanax.arland@intel.com>
Subject: [PATCH 5.4 20/60] i40e: Fix kernel crash during reboot when adapter is in recovery mode
Date: Mon, 20 Mar 2023 15:54:29 +0100 [thread overview]
Message-ID: <20230320145431.734412765@linuxfoundation.org> (raw)
In-Reply-To: <20230320145430.861072439@linuxfoundation.org>
From: Ivan Vecera <ivecera@redhat.com>
[ Upstream commit 7e4f8a0c495413a50413e8c9f1032ce1bc633bae ]
If the driver detects during probe that firmware is in recovery
mode then i40e_init_recovery_mode() is called and the rest of
probe function is skipped including pci_set_drvdata(). Subsequent
i40e_shutdown() called during shutdown/reboot dereferences NULL
pointer as pci_get_drvdata() returns NULL.
To fix call pci_set_drvdata() also during entering to recovery mode.
Reproducer:
1) Lets have i40e NIC with firmware in recovery mode
2) Run reboot
Result:
[ 139.084698] i40e: Intel(R) Ethernet Connection XL710 Network Driver
[ 139.090959] i40e: Copyright (c) 2013 - 2019 Intel Corporation.
[ 139.108438] i40e 0000:02:00.0: Firmware recovery mode detected. Limiting functionality.
[ 139.116439] i40e 0000:02:00.0: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode.
[ 139.129499] i40e 0000:02:00.0: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a]
[ 139.215932] i40e 0000:02:00.0 enp2s0f0: renamed from eth0
[ 139.223292] i40e 0000:02:00.1: Firmware recovery mode detected. Limiting functionality.
[ 139.231292] i40e 0000:02:00.1: Refer to the Intel(R) Ethernet Adapters and Devices User Guide for details on firmware recovery mode.
[ 139.244406] i40e 0000:02:00.1: fw 8.3.64775 api 1.13 nvm 8.30 0x8000b78d 1.3106.0 [8086:1583] [15d9:084a]
[ 139.329209] i40e 0000:02:00.1 enp2s0f1: renamed from eth0
...
[ 156.311376] BUG: kernel NULL pointer dereference, address: 00000000000006c2
[ 156.318330] #PF: supervisor write access in kernel mode
[ 156.323546] #PF: error_code(0x0002) - not-present page
[ 156.328679] PGD 0 P4D 0
[ 156.331210] Oops: 0002 [#1] PREEMPT SMP NOPTI
[ 156.335567] CPU: 26 PID: 15119 Comm: reboot Tainted: G E 6.2.0+ #1
[ 156.343126] Hardware name: Abacus electric, s.r.o. - servis@abacus.cz Super Server/H12SSW-iN, BIOS 2.4 04/13/2022
[ 156.353369] RIP: 0010:i40e_shutdown+0x15/0x130 [i40e]
[ 156.358430] Code: c1 fc ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 0f 1f 44 00 00 55 48 89 fd 53 48 8b 9f 48 01 00 00 <f0> 80 8b c2 06 00 00 04 f0 80 8b c0 06 00 00 08 48 8d bb 08 08 00
[ 156.377168] RSP: 0018:ffffb223c8447d90 EFLAGS: 00010282
[ 156.382384] RAX: ffffffffc073ee70 RBX: 0000000000000000 RCX: 0000000000000001
[ 156.389510] RDX: 0000000080000001 RSI: 0000000000000246 RDI: ffff95db49988000
[ 156.396634] RBP: ffff95db49988000 R08: ffffffffffffffff R09: ffffffff8bd17d40
[ 156.403759] R10: 0000000000000001 R11: ffffffff8a5e3d28 R12: ffff95db49988000
[ 156.410882] R13: ffffffff89a6fe17 R14: ffff95db49988150 R15: 0000000000000000
[ 156.418007] FS: 00007fe7c0cc3980(0000) GS:ffff95ea8ee80000(0000) knlGS:0000000000000000
[ 156.426083] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 156.431819] CR2: 00000000000006c2 CR3: 00000003092fc005 CR4: 0000000000770ee0
[ 156.438944] PKRU: 55555554
[ 156.441647] Call Trace:
[ 156.444096] <TASK>
[ 156.446199] pci_device_shutdown+0x38/0x60
[ 156.450297] device_shutdown+0x163/0x210
[ 156.454215] kernel_restart+0x12/0x70
[ 156.457872] __do_sys_reboot+0x1ab/0x230
[ 156.461789] ? vfs_writev+0xa6/0x1a0
[ 156.465362] ? __pfx_file_free_rcu+0x10/0x10
[ 156.469635] ? __call_rcu_common.constprop.85+0x109/0x5a0
[ 156.475034] do_syscall_64+0x3e/0x90
[ 156.478611] entry_SYSCALL_64_after_hwframe+0x72/0xdc
[ 156.483658] RIP: 0033:0x7fe7bff37ab7
Fixes: 4ff0ee1af016 ("i40e: Introduce recovery mode support")
Signed-off-by: Ivan Vecera <ivecera@redhat.com>
Tested-by: Arpana Arland <arpanax.arland@intel.com> (A Contingent worker at Intel)
Signed-off-by: Tony Nguyen <anthony.l.nguyen@intel.com>
Link: https://lore.kernel.org/r/20230309184509.984639-1-anthony.l.nguyen@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/intel/i40e/i40e_main.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c
index 3f983d69f10eb..05f2f5637d3df 100644
--- a/drivers/net/ethernet/intel/i40e/i40e_main.c
+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
@@ -14823,6 +14823,7 @@ static int i40e_init_recovery_mode(struct i40e_pf *pf, struct i40e_hw *hw)
int err;
int v_idx;
+ pci_set_drvdata(pf->pdev, pf);
pci_save_state(pf->pdev);
/* set up periodic task facility */
--
2.39.2
next prev parent reply other threads:[~2023-03-20 15:00 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-03-20 14:54 [PATCH 5.4 00/60] 5.4.238-rc1 review Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 01/60] ext4: fix cgroup writeback accounting with fs-layer encryption Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 02/60] xfrm: Allow transport-mode states with AF_UNSPEC selector Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 03/60] drm/panfrost: Dont sync rpm suspension after mmu flushing Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 04/60] cifs: Move the in_send statistic to __smb_send_rqst() Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 05/60] drm/meson: fix 1px pink line on GXM when scaling video overlay Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 06/60] clk: HI655X: select REGMAP instead of depending on it Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 07/60] docs: Correct missing "d_" prefix for dentry_operations member d_weak_revalidate Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 08/60] scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 09/60] ALSA: hda - add Intel DG1 PCI and HDMI ids Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 10/60] ALSA: hda - controller is in GPU on the DG1 Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 11/60] ALSA: hda: Add Alderlake-S PCI ID and HDMI codec vid Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 12/60] ALSA: hda: Add Intel DG2 " Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 13/60] ALSA: hda: Match only Intel devices with CONTROLLER_IN_GPU() Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 14/60] netfilter: nft_redir: correct value of inet type `.maxattrs` Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 15/60] scsi: core: Fix a comment in function scsi_host_dev_release() Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 16/60] scsi: core: Fix a procfs host directory removal regression Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 17/60] tcp: tcp_make_synack() can be called from process context Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 18/60] nfc: pn533: initialize struct pn533_out_arg properly Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 19/60] ipvlan: Make skb->skb_iif track skb->dev for l3s mode Greg Kroah-Hartman
2023-03-20 14:54 ` Greg Kroah-Hartman [this message]
2023-03-20 14:54 ` [PATCH 5.4 21/60] qed/qed_dev: guard against a possible division by zero Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 22/60] net: tunnels: annotate lockless accesses to dev->needed_headroom Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 23/60] net: phy: smsc: bail out in lan87xx_read_status if genphy_read_status fails Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 24/60] nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 25/60] net: usb: smsc75xx: Limit packet length to skb->len Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 26/60] nvmet: avoid potential UAF in nvmet_req_complete() Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 27/60] block: sunvdc: add check for mdesc_grab() returning NULL Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 28/60] ipv4: Fix incorrect table ID in IOCTL path Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 29/60] net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 30/60] net/iucv: Fix size of interrupt data Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 31/60] ethernet: sun: add check for the mdesc_grab() Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 32/60] hwmon: (adt7475) Display smoothing attributes in correct order Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 33/60] hwmon: (adt7475) Fix masking of hysteresis registers Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 34/60] hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 35/60] hwmon: (ina3221) return prober error code Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 36/60] media: m5mols: fix off-by-one loop termination error Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 37/60] mmc: atmel-mci: fix race between stop command and start of next command Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 38/60] jffs2: correct logic when creating a hole in jffs2_write_begin Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 39/60] rust: arch/um: Disable FP/SIMD instruction to match x86 Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 40/60] ext4: fail ext4_iget if special inode unallocated Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 41/60] ext4: fix task hung in ext4_xattr_delete_inode Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 42/60] drm/amdkfd: Fix an illegal memory access Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 43/60] sh: intc: Avoid spurious sizeof-pointer-div warning Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 44/60] ext4: fix possible double unlock when moving a directory Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 45/60] tty: serial: fsl_lpuart: skip waiting for transmission complete when UARTCTRL_SBK is asserted Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 46/60] interconnect: fix mem leak when freeing nodes Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 47/60] tracing: Check field value in hist_field_name() Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 48/60] tracing: Make tracepoint lockdep check actually test something Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 49/60] KVM: nVMX: add missing consistency checks for CR0 and CR4 Greg Kroah-Hartman
2023-03-20 14:54 ` [PATCH 5.4 50/60] ftrace: Fix invalid address access in lookup_rec() when index is 0 Greg Kroah-Hartman
2023-03-20 14:55 ` [PATCH 5.4 51/60] fbdev: stifb: Provide valid pixelclock and add fb_check_var() checks Greg Kroah-Hartman
2023-03-20 14:55 ` [PATCH 5.4 52/60] x86/mm: Fix use of uninitialized buffer in sme_enable() Greg Kroah-Hartman
2023-03-20 14:55 ` [PATCH 5.4 53/60] Revert "treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD()" Greg Kroah-Hartman
2023-03-20 14:55 ` [PATCH 5.4 54/60] treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD() Greg Kroah-Hartman
2023-03-20 17:40 ` Tom Saeger
2023-03-20 14:55 ` [PATCH 5.4 55/60] drm/i915: Dont use stolen memory for ring buffers with LLC Greg Kroah-Hartman
2023-03-20 14:55 ` [PATCH 5.4 56/60] serial: 8250_em: Fix UART port type Greg Kroah-Hartman
2023-03-20 14:55 ` [PATCH 5.4 57/60] s390/ipl: add missing intersection check to ipl_report handling Greg Kroah-Hartman
2023-03-20 14:55 ` [PATCH 5.4 58/60] PCI: Unify delay handling for reset and resume Greg Kroah-Hartman
2023-03-20 14:55 ` [PATCH 5.4 59/60] HID: core: Provide new max_buffer_size attribute to over-ride the default Greg Kroah-Hartman
2023-03-20 14:55 ` [PATCH 5.4 60/60] HID: uhid: Over-ride the default maximum data buffer value with our own Greg Kroah-Hartman
2023-03-20 17:19 ` [PATCH 5.4 00/60] 5.4.238-rc1 review Chris Paterson
2023-03-20 18:46 ` Florian Fainelli
2023-03-20 20:36 ` Naresh Kamboju
2023-03-20 23:14 ` Shuah Khan
2023-03-20 23:37 ` Shuah Khan
2023-03-21 5:07 ` Harshit Mogalapalli
2023-03-21 11:54 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230320145431.734412765@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=anthony.l.nguyen@intel.com \
--cc=arpanax.arland@intel.com \
--cc=ivecera@redhat.com \
--cc=kuba@kernel.org \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).