From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Hulk Robot <hulkci@huawei.com>,
Yue Haibing <yuehaibing@huawei.com>,
Andrew Bowers <andrewx.bowers@intel.com>,
Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Subject: [PATCH 4.19 060/100] fm10k: Fix a potential NULL pointer dereference
Date: Tue, 30 Apr 2019 13:38:29 +0200 [thread overview]
Message-ID: <20190430113611.714218676@linuxfoundation.org> (raw)
In-Reply-To: <20190430113608.616903219@linuxfoundation.org>
From: Yue Haibing <yuehaibing@huawei.com>
commit 01ca667133d019edc9f0a1f70a272447c84ec41f upstream.
Syzkaller report this:
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN PTI
CPU: 0 PID: 4378 Comm: syz-executor.0 Tainted: G C 5.0.0+ #5
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1ubuntu1 04/01/2014
RIP: 0010:__lock_acquire+0x95b/0x3200 kernel/locking/lockdep.c:3573
Code: 00 0f 85 28 1e 00 00 48 81 c4 08 01 00 00 5b 5d 41 5c 41 5d 41 5e 41 5f c3 4c 89 ea 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 0f 85 cc 24 00 00 49 81 7d 00 e0 de 03 a6 41 bc 00 00
RSP: 0018:ffff8881e3c07a40 EFLAGS: 00010002
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000080
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: ffff8881e3c07d98 R11: ffff8881c7f21f80 R12: 0000000000000001
R13: 0000000000000080 R14: 0000000000000000 R15: 0000000000000001
FS: 00007fce2252e700(0000) GS:ffff8881f2400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007fffc7eb0228 CR3: 00000001e5bea002 CR4: 00000000007606f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
PKRU: 55555554
Call Trace:
lock_acquire+0xff/0x2c0 kernel/locking/lockdep.c:4211
__mutex_lock_common kernel/locking/mutex.c:925 [inline]
__mutex_lock+0xdf/0x1050 kernel/locking/mutex.c:1072
drain_workqueue+0x24/0x3f0 kernel/workqueue.c:2934
destroy_workqueue+0x23/0x630 kernel/workqueue.c:4319
__do_sys_delete_module kernel/module.c:1018 [inline]
__se_sys_delete_module kernel/module.c:961 [inline]
__x64_sys_delete_module+0x30c/0x480 kernel/module.c:961
do_syscall_64+0x9f/0x450 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x462e99
Code: f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fce2252dc58 EFLAGS: 00000246 ORIG_RAX: 00000000000000b0
RAX: ffffffffffffffda RBX: 000000000073bf00 RCX: 0000000000462e99
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000140
RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007fce2252e6bc
R13: 00000000004bcca9 R14: 00000000006f6b48 R15: 00000000ffffffff
If alloc_workqueue fails, it should return -ENOMEM, otherwise may
trigger this NULL pointer dereference while unloading drivers.
Reported-by: Hulk Robot <hulkci@huawei.com>
Fixes: 0a38c17a21a0 ("fm10k: Remove create_workqueue")
Signed-off-by: Yue Haibing <yuehaibing@huawei.com>
Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
drivers/net/ethernet/intel/fm10k/fm10k_main.c | 2 ++
1 file changed, 2 insertions(+)
--- a/drivers/net/ethernet/intel/fm10k/fm10k_main.c
+++ b/drivers/net/ethernet/intel/fm10k/fm10k_main.c
@@ -41,6 +41,8 @@ static int __init fm10k_init_module(void
/* create driver workqueue */
fm10k_workqueue = alloc_workqueue("%s", WQ_MEM_RECLAIM, 0,
fm10k_driver_name);
+ if (!fm10k_workqueue)
+ return -ENOMEM;
fm10k_dbg_init();
next prev parent reply other threads:[~2019-04-30 12:00 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-30 11:37 [PATCH 4.19 000/100] 4.19.38-stable review Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 001/100] netfilter: nft_compat: use refcnt_t type for nft_xt reference count Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 002/100] netfilter: nft_compat: make lists per netns Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 003/100] netfilter: nf_tables: split set destruction in deactivate and destroy phase Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 004/100] netfilter: nft_compat: destroy function must not have side effects Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 005/100] netfilter: nf_tables: warn when expr implements only one of activate/deactivate Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 006/100] netfilter: nf_tables: unbind set in rule from commit path Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 007/100] netfilter: nft_compat: dont use refcount_inc on newly allocated entry Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 008/100] netfilter: nft_compat: use .release_ops and remove list of extension Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 009/100] netfilter: nf_tables: fix set double-free in abort path Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 010/100] netfilter: nf_tables: bogus EBUSY when deleting set after flush Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 011/100] netfilter: nf_tables: bogus EBUSY in helper removal from transaction Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 012/100] net/ibmvnic: Fix RTNL deadlock during device reset Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 013/100] net: mvpp2: fix validate for PPv2.1 Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 014/100] ext4: fix some error pointer dereferences Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 015/100] tipc: handle the err returned from cmd header function Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 016/100] loop: do not print warn message if partition scan is successful Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 017/100] drm/rockchip: fix for mailbox read validation Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 018/100] vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 019/100] ipvs: fix warning on unused variable Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 020/100] powerpc/vdso32: fix CLOCK_MONOTONIC on PPC64 Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 021/100] ALSA: hda/ca0132 - Fix build error without CONFIG_PCI Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 022/100] net: dsa: mv88e6xxx: add call to mv88e6xxx_ports_cmode_init to probe for new DSA framework Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 023/100] cifs: fix memory leak in SMB2_read Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 024/100] cifs: do not attempt cifs operation on smb2+ rename error Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 025/100] tracing: Fix a memory leak by early error exit in trace_pid_write() Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 026/100] tracing: Fix buffer_ref pipe ops Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 027/100] gpio: eic: sprd: Fix incorrect irq type setting for the sync EIC Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 028/100] zram: pass down the bvec we need to read into in the work struct Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 029/100] lib/Kconfig.debug: fix build error without CONFIG_BLOCK Greg Kroah-Hartman
2019-04-30 11:37 ` [PATCH 4.19 030/100] MIPS: scall64-o32: Fix indirect syscall number load Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 031/100] trace: Fix preempt_enable_no_resched() abuse Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 032/100] IB/rdmavt: Fix frwr memory registration Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 033/100] RDMA/mlx5: Do not allow the user to write to the clock page Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 034/100] sched/numa: Fix a possible divide-by-zero Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 035/100] ceph: only use d_name directly when parent is locked Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 036/100] ceph: ensure d_name stability in ceph_dentry_hash() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 037/100] ceph: fix ci->i_head_snapc leak Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 038/100] nfsd: Dont release the callback slot unless it was actually held Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 039/100] sunrpc: dont mark uninitialised items as VALID Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 040/100] perf/x86/intel: Update KBL Package C-state events to also include PC8/PC9/PC10 counters Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 041/100] Input: synaptics-rmi4 - write config register values to the right offset Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 042/100] vfio/type1: Limit DMA mappings per container Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 043/100] dmaengine: sh: rcar-dmac: With cyclic DMA residue 0 is valid Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 044/100] dmaengine: sh: rcar-dmac: Fix glitch in dmaengine_tx_status Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 045/100] ARM: 8857/1: efi: enable CP15 DMB instructions before cleaning the cache Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 046/100] powerpc/mm/radix: Make Radix require HUGETLB_PAGE Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 047/100] drm/vc4: Fix memory leak during gpu reset Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 048/100] Revert "drm/i915/fbdev: Actually configure untiled displays" Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 049/100] drm/vc4: Fix compilation error reported by kbuild test bot Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 050/100] USB: Add new USB LPM helpers Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 051/100] USB: Consolidate LPM checks to avoid enabling LPM twice Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 052/100] slip: make slhc_free() silently accept an error pointer Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 053/100] intel_th: gth: Fix an off-by-one in output unassigning Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 054/100] fs/proc/proc_sysctl.c: Fix a NULL pointer dereference Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 055/100] workqueue: Try to catch flush_work() without INIT_WORK() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 056/100] binder: fix handling of misaligned binder object Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 057/100] sched/deadline: Correctly handle active 0-lag timers Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 058/100] NFS: Forbid setting AF_INET6 to "struct sockaddr_in"->sin_family Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 059/100] netfilter: ebtables: CONFIG_COMPAT: drop a bogus WARN_ON Greg Kroah-Hartman
2019-04-30 11:38 ` Greg Kroah-Hartman [this message]
2019-04-30 11:38 ` [PATCH 4.19 061/100] tipc: check bearer name with right length in tipc_nl_compat_bearer_enable Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 062/100] tipc: check link name with right length in tipc_nl_compat_link_set Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 063/100] net: netrom: Fix error cleanup path of nr_proto_init Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 064/100] net/rds: Check address length before reading address family Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 065/100] rxrpc: fix race condition in rxrpc_input_packet() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 066/100] aio: clear IOCB_HIPRI Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 067/100] aio: use assigned completion handler Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 068/100] aio: separate out ring reservation from req allocation Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 069/100] aio: dont zero entire aio_kiocb aio_get_req() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 070/100] aio: use iocb_put() instead of open coding it Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 071/100] aio: split out iocb copy from io_submit_one() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 072/100] aio: abstract out io_event filler helper Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 073/100] aio: initialize kiocb private in case any filesystems expect it Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 074/100] aio: simplify - and fix - fget/fput for io_submit() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 075/100] pin iocb through aio Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 076/100] aio: fold lookup_kiocb() into its sole caller Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 077/100] aio: keep io_event in aio_kiocb Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 078/100] aio: store event at final iocb_put() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 079/100] Fix aio_poll() races Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 080/100] x86, retpolines: Raise limit for generating indirect calls from switch-case Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 081/100] x86/retpolines: Disable switch jump tables when retpolines are enabled Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 082/100] mm: Fix warning in insert_pfn() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 083/100] x86/fpu: Dont export __kernel_fpu_{begin,end}() Greg Kroah-Hartman
2019-05-01 11:59 ` Lukas Wunner
2019-04-30 11:38 ` [PATCH 4.19 084/100] ipv4: add sanity checks in ipv4_link_failure() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 085/100] ipv4: set the tcp_min_rtt_wlen range from 0 to one day Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 086/100] mlxsw: spectrum: Fix autoneg status in ethtool Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 087/100] net/mlx5e: ethtool, Remove unsupported SFP EEPROM high pages query Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 088/100] net: rds: exchange of 8K and 1M pool Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 089/100] net/rose: fix unbound loop in rose_loopback_timer() Greg Kroah-Hartman
2019-04-30 11:38 ` [PATCH 4.19 090/100] net: stmmac: move stmmac_check_ether_addr() to driver probe Greg Kroah-Hartman
2019-04-30 11:39 ` [PATCH 4.19 091/100] net/tls: fix refcount adjustment in fallback Greg Kroah-Hartman
2019-04-30 11:39 ` [PATCH 4.19 092/100] stmmac: pci: Adjust IOT2000 matching Greg Kroah-Hartman
2019-04-30 11:39 ` [PATCH 4.19 093/100] team: fix possible recursive locking when add slaves Greg Kroah-Hartman
2019-04-30 11:39 ` [PATCH 4.19 094/100] net: hns: Fix WARNING when hns modules installed Greg Kroah-Hartman
2019-04-30 11:39 ` [PATCH 4.19 095/100] mlxsw: pci: Reincrease PCI reset timeout Greg Kroah-Hartman
2019-04-30 11:39 ` [PATCH 4.19 096/100] mlxsw: spectrum: Put MC TCs into DWRR mode Greg Kroah-Hartman
2019-04-30 11:39 ` [PATCH 4.19 097/100] net/mlx5e: Fix the max MTU check in case of XDP Greg Kroah-Hartman
2019-04-30 11:39 ` [PATCH 4.19 098/100] net/mlx5e: Fix use-after-free after xdp_return_frame Greg Kroah-Hartman
2019-04-30 11:39 ` [PATCH 4.19 099/100] net/tls: avoid potential deadlock in tls_set_device_offload_rx() Greg Kroah-Hartman
2019-04-30 11:39 ` [PATCH 4.19 100/100] net/tls: dont leak IV and record seq when offload fails Greg Kroah-Hartman
2019-04-30 17:26 ` [PATCH 4.19 000/100] 4.19.38-stable review kernelci.org bot
2019-04-30 22:32 ` shuah
2019-05-01 6:27 ` Naresh Kamboju
2019-05-01 8:25 ` Jon Hunter
2019-05-01 16:44 ` Guenter Roeck
2019-05-02 5:30 ` Bharath Vedartham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190430113611.714218676@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=andrewx.bowers@intel.com \
--cc=hulkci@huawei.com \
--cc=jeffrey.t.kirsher@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=yuehaibing@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).