From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Yonglong Liu <liuyonglong@huawei.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.0 48/66] net: hns: Fix probabilistic memory overwrite when HNS driver initialized
Date: Wed, 24 Apr 2019 10:33:22 -0400 [thread overview]
Message-ID: <20190424143341.27665-48-sashal@kernel.org> (raw)
In-Reply-To: <20190424143341.27665-1-sashal@kernel.org>
From: Yonglong Liu <liuyonglong@huawei.com>
[ Upstream commit c0b0984426814f3a9251873b689e67d34d8ccd84 ]
When reboot the system again and again, may cause a memory
overwrite.
[ 15.638922] systemd[1]: Reached target Swap.
[ 15.667561] tun: Universal TUN/TAP device driver, 1.6
[ 15.676756] Bridge firewalling registered
[ 17.344135] Unable to handle kernel paging request at virtual address 0000000200000040
[ 17.352179] Mem abort info:
[ 17.355007] ESR = 0x96000004
[ 17.358105] Exception class = DABT (current EL), IL = 32 bits
[ 17.364112] SET = 0, FnV = 0
[ 17.367209] EA = 0, S1PTW = 0
[ 17.370393] Data abort info:
[ 17.373315] ISV = 0, ISS = 0x00000004
[ 17.377206] CM = 0, WnR = 0
[ 17.380214] user pgtable: 4k pages, 48-bit VAs, pgdp = (____ptrval____)
[ 17.386926] [0000000200000040] pgd=0000000000000000
[ 17.391878] Internal error: Oops: 96000004 [#1] SMP
[ 17.396824] CPU: 23 PID: 95 Comm: kworker/u130:0 Tainted: G E 4.19.25-1.2.78.aarch64 #1
[ 17.414175] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.54 08/16/2018
[ 17.425615] Workqueue: events_unbound async_run_entry_fn
[ 17.435151] pstate: 00000005 (nzcv daif -PAN -UAO)
[ 17.444139] pc : __mutex_lock.isra.1+0x74/0x540
[ 17.453002] lr : __mutex_lock.isra.1+0x3c/0x540
[ 17.461701] sp : ffff000100d9bb60
[ 17.469146] x29: ffff000100d9bb60 x28: 0000000000000000
[ 17.478547] x27: 0000000000000000 x26: ffff802fb8945000
[ 17.488063] x25: 0000000000000000 x24: ffff802fa32081a8
[ 17.497381] x23: 0000000000000002 x22: ffff801fa2b15220
[ 17.506701] x21: ffff000009809000 x20: ffff802fa23a0888
[ 17.515980] x19: ffff801fa2b15220 x18: 0000000000000000
[ 17.525272] x17: 0000000200000000 x16: 0000000200000000
[ 17.534511] x15: 0000000000000000 x14: 0000000000000000
[ 17.543652] x13: ffff000008d95db8 x12: 000000000000000d
[ 17.552780] x11: ffff000008d95d90 x10: 0000000000000b00
[ 17.561819] x9 : ffff000100d9bb90 x8 : ffff802fb89d6560
[ 17.570829] x7 : 0000000000000004 x6 : 00000004a1801d05
[ 17.579839] x5 : 0000000000000000 x4 : 0000000000000000
[ 17.588852] x3 : ffff802fb89d5a00 x2 : 0000000000000000
[ 17.597734] x1 : 0000000200000000 x0 : 0000000200000000
[ 17.606631] Process kworker/u130:0 (pid: 95, stack limit = 0x(____ptrval____))
[ 17.617438] Call trace:
[ 17.623349] __mutex_lock.isra.1+0x74/0x540
[ 17.630927] __mutex_lock_slowpath+0x24/0x30
[ 17.638602] mutex_lock+0x50/0x60
[ 17.645295] drain_workqueue+0x34/0x198
[ 17.652623] __sas_drain_work+0x7c/0x168
[ 17.659903] sas_drain_work+0x60/0x68
[ 17.666947] hisi_sas_scan_finished+0x30/0x40 [hisi_sas_main]
[ 17.676129] do_scsi_scan_host+0x70/0xb0
[ 17.683534] do_scan_async+0x20/0x228
[ 17.690586] async_run_entry_fn+0x4c/0x1d0
[ 17.697997] process_one_work+0x1b4/0x3f8
[ 17.705296] worker_thread+0x54/0x470
Every time the call trace is not the same, but the overwrite address
is always the same:
Unable to handle kernel paging request at virtual address 0000000200000040
The root cause is, when write the reg XGMAC_MAC_TX_LF_RF_CONTROL_REG,
didn't use the io_base offset.
Signed-off-by: Yonglong Liu <liuyonglong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin (Microsoft) <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c
index ba4316910dea..a60f207768fc 100644
--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c
+++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c
@@ -129,7 +129,7 @@ static void hns_xgmac_lf_rf_control_init(struct mac_driver *mac_drv)
dsaf_set_bit(val, XGMAC_UNIDIR_EN_B, 0);
dsaf_set_bit(val, XGMAC_RF_TX_EN_B, 1);
dsaf_set_field(val, XGMAC_LF_RF_INSERT_M, XGMAC_LF_RF_INSERT_S, 0);
- dsaf_write_reg(mac_drv, XGMAC_MAC_TX_LF_RF_CONTROL_REG, val);
+ dsaf_write_dev(mac_drv, XGMAC_MAC_TX_LF_RF_CONTROL_REG, val);
}
/**
--
2.19.1
next prev parent reply other threads:[~2019-04-24 14:35 UTC|newest]
Thread overview: 76+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-24 14:32 [PATCH AUTOSEL 5.0 01/66] arm64: dts: rockchip: fix rk3328-roc-cc gmac2io tx/rx_delay Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 02/66] HID: Increase maximum report size allowed by hid_field_extract() Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 03/66] HID: logitech: check the return value of create_singlethread_workqueue Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 04/66] HID: debug: fix race condition with between rdesc_show() and device removal Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 05/66] rtc: cros-ec: Fail suspend/resume if wake IRQ can't be configured Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 06/66] rtc: sh: Fix invalid alarm warning for non-enabled alarm Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 07/66] ARM: OMAP2+: add missing of_node_put after of_device_is_available Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 08/66] batman-adv: Reduce claim hash refcnt only for removed entry Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 09/66] batman-adv: Reduce tt_local " Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 10/66] batman-adv: Reduce tt_global " Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 11/66] batman-adv: fix warning in function batadv_v_elp_get_throughput Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 12/66] ARM: dts: rockchip: Fix gpu opp node names for rk3288 Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 13/66] reset: meson-audio-arb: Fix missing .owner setting of reset_controller_dev Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 14/66] ARM: dts: Fix dcan clkctrl clock for am3 Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 15/66] i40e: fix i40e_ptp_adjtime when given a negative delta Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 16/66] igb: Fix WARN_ONCE on runtime suspend Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 17/66] ixgbe: fix mdio bus registration Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 18/66] i40e: fix WoL support check Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 19/66] fm10k: Fix a potential NULL pointer dereference Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 20/66] riscv: fix accessing 8-byte variable from RV32 Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 21/66] HID: quirks: Fix keyboard + touchpad on Lenovo Miix 630 Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 22/66] net: hns3: fix compile error Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 23/66] xdp: fix cpumap redirect SKB creation bug Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 24/66] net/mlx5: E-Switch, Protect from invalid memory access in offload fdb table Sasha Levin
2019-04-24 14:32 ` [PATCH AUTOSEL 5.0 25/66] net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 26/66] bonding: show full hw address in sysfs for slave entries Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 27/66] net: stmmac: use correct DMA buffer size in the RX descriptor Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 28/66] net: stmmac: ratelimit RX error logs Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 29/66] net: stmmac: don't stop NAPI processing when dropping a packet Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 30/66] net: stmmac: don't overwrite discard_frame status Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 31/66] net: stmmac: fix dropping of multi-descriptor RX frames Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 32/66] net: stmmac: don't log oversized frames Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 33/66] jffs2: fix use-after-free on symlink traversal Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 34/66] debugfs: " Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 35/66] mfd: twl-core: Disable IRQ while suspended Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 36/66] block: use blk_free_flush_queue() to free hctx->fq in blk_mq_init_hctx Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 37/66] rtc: da9063: set uie_unsupported when relevant Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 38/66] HID: input: add mapping for Assistant key Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 39/66] vfio/pci: use correct format characters Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 40/66] vfio/type1: Limit DMA mappings per container Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 41/66] scsi: core: add new RDAC LENOVO/DE_Series device Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 42/66] scsi: storvsc: Fix calculation of sub-channel count Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 43/66] arm/mach-at91/pm : fix possible object reference leak Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 44/66] blk-mq: do not reset plug->rq_count before the list is sorted Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 45/66] arm64: fix wrong check of on_sdei_stack in nmi context Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 46/66] net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 47/66] net: hns: Use NAPI_POLL_WEIGHT for hns driver Sasha Levin
2019-04-24 14:33 ` Sasha Levin [this message]
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 49/66] net: hns: fix ICMP6 neighbor solicitation messages discard problem Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 50/66] net: hns: Fix WARNING when remove HNS driver with SMMU enabled Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 51/66] libcxgb: fix incorrect ppmax calculation Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 52/66] KVM: SVM: prevent DBG_DECRYPT and DBG_ENCRYPT overflow Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 53/66] kmemleak: powerpc: skip scanning holes in the .bss section Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 54/66] hugetlbfs: fix memory leak for resv_map Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 55/66] sh: fix multiple function definition build errors Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 56/66] kernel/sysctl.c: fix out-of-bounds access when setting file-max Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 57/66] null_blk: prevent crash from bad home_node value Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 58/66] xsysace: Fix error handling in ace_setup Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 59/66] fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock Sasha Levin
2019-04-24 16:34 ` Greg Kroah-Hartman
2019-04-24 16:40 ` Linus Torvalds
2019-04-24 17:02 ` Greg Kroah-Hartman
2019-04-24 17:19 ` Sasha Levin
2019-04-24 17:26 ` Linus Torvalds
2019-04-24 18:30 ` Kirill Smelkov
2019-04-25 10:04 ` David Laight
2019-04-26 7:45 ` Kirill Smelkov
2019-04-26 11:00 ` David Laight
2019-04-26 18:20 ` Kirill Smelkov
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 60/66] ARM: orion: don't use using 64-bit DMA masks Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 61/66] ARM: iop: " Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 62/66] pin iocb through aio Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 63/66] aio: fold lookup_kiocb() into its sole caller Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 64/66] aio: keep io_event in aio_kiocb Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 65/66] aio: store event at final iocb_put() Sasha Levin
2019-04-24 14:33 ` [PATCH AUTOSEL 5.0 66/66] Fix aio_poll() races Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190424143341.27665-48-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=liuyonglong@huawei.com \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox