From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>,
Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>,
Jason Gunthorpe <jgg@nvidia.com>
Subject: [PATCH 5.10 22/74] IB/hfi1: Fix AIP early init panic
Date: Mon, 7 Feb 2022 12:06:20 +0100 [thread overview]
Message-ID: <20220207103757.963104282@linuxfoundation.org> (raw)
In-Reply-To: <20220207103757.232676988@linuxfoundation.org>
From: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
commit 5f8f55b92edd621f056bdf09e572092849fabd83 upstream.
An early failure in hfi1_ipoib_setup_rn() can lead to the following panic:
BUG: unable to handle kernel NULL pointer dereference at 00000000000001b0
PGD 0 P4D 0
Oops: 0002 [#1] SMP NOPTI
Workqueue: events work_for_cpu_fn
RIP: 0010:try_to_grab_pending+0x2b/0x140
Code: 1f 44 00 00 41 55 41 54 55 48 89 d5 53 48 89 fb 9c 58 0f 1f 44 00 00 48 89 c2 fa 66 0f 1f 44 00 00 48 89 55 00 40 84 f6 75 77 <f0> 48 0f ba 2b 00 72 09 31 c0 5b 5d 41 5c 41 5d c3 48 89 df e8 6c
RSP: 0018:ffffb6b3cf7cfa48 EFLAGS: 00010046
RAX: 0000000000000246 RBX: 00000000000001b0 RCX: 0000000000000000
RDX: 0000000000000246 RSI: 0000000000000000 RDI: 00000000000001b0
RBP: ffffb6b3cf7cfa70 R08: 0000000000000f09 R09: 0000000000000001
R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000
R13: ffffb6b3cf7cfa90 R14: ffffffff9b2fbfc0 R15: ffff8a4fdf244690
FS: 0000000000000000(0000) GS:ffff8a527f400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00000000000001b0 CR3: 00000017e2410003 CR4: 00000000007706f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
__cancel_work_timer+0x42/0x190
? dev_printk_emit+0x4e/0x70
iowait_cancel_work+0x15/0x30 [hfi1]
hfi1_ipoib_txreq_deinit+0x5a/0x220 [hfi1]
? dev_err+0x6c/0x90
hfi1_ipoib_netdev_dtor+0x15/0x30 [hfi1]
hfi1_ipoib_setup_rn+0x10e/0x150 [hfi1]
rdma_init_netdev+0x5a/0x80 [ib_core]
? hfi1_ipoib_free_rdma_netdev+0x20/0x20 [hfi1]
ipoib_intf_init+0x6c/0x350 [ib_ipoib]
ipoib_intf_alloc+0x5c/0xc0 [ib_ipoib]
ipoib_add_one+0xbe/0x300 [ib_ipoib]
add_client_context+0x12c/0x1a0 [ib_core]
enable_device_and_get+0xdc/0x1d0 [ib_core]
ib_register_device+0x572/0x6b0 [ib_core]
rvt_register_device+0x11b/0x220 [rdmavt]
hfi1_register_ib_device+0x6b4/0x770 [hfi1]
do_init_one.isra.20+0x3e3/0x680 [hfi1]
local_pci_probe+0x41/0x90
work_for_cpu_fn+0x16/0x20
process_one_work+0x1a7/0x360
? create_worker+0x1a0/0x1a0
worker_thread+0x1cf/0x390
? create_worker+0x1a0/0x1a0
kthread+0x116/0x130
? kthread_flush_work_fn+0x10/0x10
ret_from_fork+0x1f/0x40
The panic happens in hfi1_ipoib_txreq_deinit() because there is a NULL
deref when hfi1_ipoib_netdev_dtor() is called in this error case.
hfi1_ipoib_txreq_init() and hfi1_ipoib_rxq_init() are self unwinding so
fix by adjusting the error paths accordingly.
Other changes:
- hfi1_ipoib_free_rdma_netdev() is deleted including the free_netdev()
since the netdev core code deletes calls free_netdev()
- The switch to the accelerated entrances is moved to the success path.
Cc: stable@vger.kernel.org
Fixes: d99dc602e2a5 ("IB/hfi1: Add functions to transmit datagram ipoib packets")
Link: https://lore.kernel.org/r/1642287756-182313-4-git-send-email-mike.marciniszyn@cornelisnetworks.com
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@cornelisnetworks.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@cornelisnetworks.com>
Signed-off-by: Jason Gunthorpe <jgg@nvidia.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/infiniband/hw/hfi1/ipoib_main.c | 13 +++----------
1 file changed, 3 insertions(+), 10 deletions(-)
--- a/drivers/infiniband/hw/hfi1/ipoib_main.c
+++ b/drivers/infiniband/hw/hfi1/ipoib_main.c
@@ -185,12 +185,6 @@ static void hfi1_ipoib_netdev_dtor(struc
free_percpu(priv->netstats);
}
-static void hfi1_ipoib_free_rdma_netdev(struct net_device *dev)
-{
- hfi1_ipoib_netdev_dtor(dev);
- free_netdev(dev);
-}
-
static void hfi1_ipoib_set_id(struct net_device *dev, int id)
{
struct hfi1_ipoib_dev_priv *priv = hfi1_ipoib_priv(dev);
@@ -227,24 +221,23 @@ static int hfi1_ipoib_setup_rn(struct ib
priv->port_num = port_num;
priv->netdev_ops = netdev->netdev_ops;
- netdev->netdev_ops = &hfi1_ipoib_netdev_ops;
-
ib_query_pkey(device, port_num, priv->pkey_index, &priv->pkey);
rc = hfi1_ipoib_txreq_init(priv);
if (rc) {
dd_dev_err(dd, "IPoIB netdev TX init - failed(%d)\n", rc);
- hfi1_ipoib_free_rdma_netdev(netdev);
return rc;
}
rc = hfi1_ipoib_rxq_init(netdev);
if (rc) {
dd_dev_err(dd, "IPoIB netdev RX init - failed(%d)\n", rc);
- hfi1_ipoib_free_rdma_netdev(netdev);
+ hfi1_ipoib_txreq_deinit(priv);
return rc;
}
+ netdev->netdev_ops = &hfi1_ipoib_netdev_ops;
+
netdev->priv_destructor = hfi1_ipoib_netdev_dtor;
netdev->needs_free_netdev = true;
next prev parent reply other threads:[~2022-02-07 11:44 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-07 11:05 [PATCH 5.10 00/74] 5.10.99-rc1 review Greg Kroah-Hartman
2022-02-07 11:05 ` [PATCH 5.10 01/74] selinux: fix double free of cond_list on error paths Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 02/74] audit: improve audit queue handling when "audit=1" on cmdline Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 03/74] ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 04/74] ASoC: ops: Reject out of bounds values in snd_soc_put_volsw_sx() Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 05/74] ASoC: ops: Reject out of bounds values in snd_soc_put_xr_sx() Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 06/74] ALSA: usb-audio: Correct quirk for VF0770 Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 07/74] ALSA: hda: Fix UAF of leds class devs at unbinding Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 08/74] ALSA: hda: realtek: Fix race at concurrent COEF updates Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 09/74] ALSA: hda/realtek: Add quirk for ASUS GU603 Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 10/74] ALSA: hda/realtek: Add missing fixup-model entry for Gigabyte X570 ALC1220 quirks Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 11/74] ALSA: hda/realtek: Fix silent output on Gigabyte X570S Aorus Master (newer chipset) Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 12/74] ALSA: hda/realtek: Fix silent output on Gigabyte X570 Aorus Xtreme after reboot from Windows Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 13/74] btrfs: fix deadlock between quota disable and qgroup rescan worker Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 14/74] drm/nouveau: fix off by one in BIOS boundary checking Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 15/74] drm/amd/display: Force link_rate as LINK_RATE_RBR2 for 2018 15" Apple Retina panels Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 16/74] nvme-fabrics: fix state check in nvmf_ctlr_matches_baseopts() Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 17/74] mm/debug_vm_pgtable: remove pte entry from the page table Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 18/74] mm/pgtable: define pte_index so that preprocessor could recognize it Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 19/74] mm/kmemleak: avoid scanning potential huge holes Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 20/74] block: bio-integrity: Advance seed correctly for larger interval sizes Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 21/74] dma-buf: heaps: Fix potential spectre v1 gadget Greg Kroah-Hartman
2022-02-07 11:06 ` Greg Kroah-Hartman [this message]
2022-02-07 11:06 ` [PATCH 5.10 23/74] Revert "ASoC: mediatek: Check for error clk pointer" Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 24/74] memcg: charge fs_context and legacy_fs_context Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 25/74] RDMA/cma: Use correct address when leaving multicast group Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 26/74] RDMA/ucma: Protect mc during concurrent multicast leaves Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 27/74] IB/rdmavt: Validate remote_addr during loopback atomic tests Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 28/74] RDMA/siw: Fix broken RDMA Read Fence/Resume logic Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 29/74] RDMA/mlx4: Dont continue event handler after memory allocation failure Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 30/74] iommu/vt-d: Fix potential memory leak in intel_setup_irq_remapping() Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 31/74] iommu/amd: Fix loop timeout issue in iommu_ga_log_enable() Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 32/74] spi: bcm-qspi: check for valid cs before applying chip select Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 33/74] spi: mediatek: Avoid NULL pointer crash in interrupt Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 34/74] spi: meson-spicc: add IRQ check in meson_spicc_probe Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 35/74] spi: uniphier: fix reference count leak in uniphier_spi_probe() Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 36/74] net: ieee802154: hwsim: Ensure proper channel selection at probe time Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 37/74] net: ieee802154: mcr20a: Fix lifs/sifs periods Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 38/74] net: ieee802154: ca8210: Stop leaking skbs Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 39/74] net: ieee802154: Return meaningful error codes from the netlink helpers Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 40/74] net: macsec: Fix offload support for NETDEV_UNREGISTER event Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 41/74] net: macsec: Verify that send_sci is on when setting Tx sci explicitly Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 42/74] net: stmmac: dump gmac4 DMA registers correctly Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 43/74] net: stmmac: ensure PTP time register reads are consistent Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 44/74] drm/i915/overlay: Prevent divide by zero bugs in scaling Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 45/74] ASoC: fsl: Add missing error handling in pcm030_fabric_probe Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 46/74] ASoC: xilinx: xlnx_formatter_pcm: Make buffer bytes multiple of period bytes Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 47/74] ASoC: cpcap: Check for NULL pointer after calling of_get_child_by_name Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 48/74] ASoC: max9759: fix underflow in speaker_gain_control_put() Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 49/74] pinctrl: intel: Fix a glitch when updating IRQ flags on a preconfigured line Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 50/74] pinctrl: intel: fix unexpected interrupt Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 51/74] pinctrl: bcm2835: Fix a few error paths Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 52/74] scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 53/74] nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 54/74] gve: fix the wrong AdminQ buffer queue index check Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 55/74] bpf: Use VM_MAP instead of VM_ALLOC for ringbuf Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 56/74] selftests/exec: Remove pipe from TEST_GEN_FILES Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 57/74] selftests: futex: Use variable MAKE instead of make Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 58/74] tools/resolve_btfids: Do not print any commands when building silently Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 59/74] rtc: cmos: Evaluate century appropriate Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 60/74] Revert "fbcon: Disable accelerated scrolling" Greg Kroah-Hartman
2022-02-07 11:06 ` [PATCH 5.10 61/74] fbcon: Add option to enable legacy hardware acceleration Greg Kroah-Hartman
2022-02-07 11:07 ` [PATCH 5.10 62/74] perf stat: Fix display of grouped aliased events Greg Kroah-Hartman
2022-02-07 11:07 ` [PATCH 5.10 63/74] perf/x86/intel/pt: Fix crash with stop filters in single-range mode Greg Kroah-Hartman
2022-02-07 11:07 ` [PATCH 5.10 64/74] x86/perf: Default set FREEZE_ON_SMI for all Greg Kroah-Hartman
2022-02-07 11:07 ` [PATCH 5.10 65/74] EDAC/altera: Fix deferred probing Greg Kroah-Hartman
2022-02-07 11:07 ` [PATCH 5.10 66/74] EDAC/xgene: " Greg Kroah-Hartman
2022-02-07 11:07 ` [PATCH 5.10 67/74] ext4: prevent used blocks from being allocated during fast commit replay Greg Kroah-Hartman
2022-02-07 11:07 ` [PATCH 5.10 68/74] ext4: modify the logic of ext4_mb_new_blocks_simple Greg Kroah-Hartman
2022-02-07 11:07 ` [PATCH 5.10 69/74] ext4: fix error handling in ext4_restore_inline_data() Greg Kroah-Hartman
2022-02-07 11:07 ` [PATCH 5.10 70/74] ext4: fix error handling in ext4_fc_record_modified_inode() Greg Kroah-Hartman
2022-02-07 11:07 ` [PATCH 5.10 71/74] ext4: fix incorrect type issue during replay_del_range Greg Kroah-Hartman
2022-02-07 11:07 ` [PATCH 5.10 72/74] net: dsa: mt7530: make NET_DSA_MT7530 select MEDIATEK_GE_PHY Greg Kroah-Hartman
2022-02-09 19:08 ` Pavel Machek
2022-02-07 11:07 ` [PATCH 5.10 73/74] cgroup/cpuset: Fix "suspicious RCU usage" lockdep warning Greg Kroah-Hartman
2022-02-07 11:07 ` [PATCH 5.10 74/74] selftests: nft_concat_range: add test for reload with no element add/del Greg Kroah-Hartman
2022-02-07 17:03 ` [PATCH 5.10 00/74] 5.10.99-rc1 review Pavel Machek
2022-02-07 21:25 ` Shuah Khan
2022-02-07 22:21 ` Guenter Roeck
2022-02-07 23:45 ` Florian Fainelli
2022-02-08 2:45 ` Slade Watkins
2022-02-08 8:02 ` Naresh Kamboju
2022-02-08 14:01 ` Sudip Mukherjee
2022-02-08 20:36 ` Fox Chen
2022-02-09 3:15 ` Samuel Zou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220207103757.963104282@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=dennis.dalessandro@cornelisnetworks.com \
--cc=jgg@nvidia.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mike.marciniszyn@cornelisnetworks.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox