From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Yonglong Liu <liuyonglong@huawei.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 57/99] net: hns: Fix probabilistic memory overwrite when HNS driver initialized
Date: Mon, 6 May 2019 16:32:30 +0200 [thread overview]
Message-ID: <20190506143059.236130025@linuxfoundation.org> (raw)
In-Reply-To: <20190506143053.899356316@linuxfoundation.org>
[ Upstream commit c0b0984426814f3a9251873b689e67d34d8ccd84 ]
When reboot the system again and again, may cause a memory
overwrite.
[ 15.638922] systemd[1]: Reached target Swap.
[ 15.667561] tun: Universal TUN/TAP device driver, 1.6
[ 15.676756] Bridge firewalling registered
[ 17.344135] Unable to handle kernel paging request at virtual address 0000000200000040
[ 17.352179] Mem abort info:
[ 17.355007] ESR = 0x96000004
[ 17.358105] Exception class = DABT (current EL), IL = 32 bits
[ 17.364112] SET = 0, FnV = 0
[ 17.367209] EA = 0, S1PTW = 0
[ 17.370393] Data abort info:
[ 17.373315] ISV = 0, ISS = 0x00000004
[ 17.377206] CM = 0, WnR = 0
[ 17.380214] user pgtable: 4k pages, 48-bit VAs, pgdp = (____ptrval____)
[ 17.386926] [0000000200000040] pgd=0000000000000000
[ 17.391878] Internal error: Oops: 96000004 [#1] SMP
[ 17.396824] CPU: 23 PID: 95 Comm: kworker/u130:0 Tainted: G E 4.19.25-1.2.78.aarch64 #1
[ 17.414175] Hardware name: Huawei TaiShan 2280 /BC11SPCD, BIOS 1.54 08/16/2018
[ 17.425615] Workqueue: events_unbound async_run_entry_fn
[ 17.435151] pstate: 00000005 (nzcv daif -PAN -UAO)
[ 17.444139] pc : __mutex_lock.isra.1+0x74/0x540
[ 17.453002] lr : __mutex_lock.isra.1+0x3c/0x540
[ 17.461701] sp : ffff000100d9bb60
[ 17.469146] x29: ffff000100d9bb60 x28: 0000000000000000
[ 17.478547] x27: 0000000000000000 x26: ffff802fb8945000
[ 17.488063] x25: 0000000000000000 x24: ffff802fa32081a8
[ 17.497381] x23: 0000000000000002 x22: ffff801fa2b15220
[ 17.506701] x21: ffff000009809000 x20: ffff802fa23a0888
[ 17.515980] x19: ffff801fa2b15220 x18: 0000000000000000
[ 17.525272] x17: 0000000200000000 x16: 0000000200000000
[ 17.534511] x15: 0000000000000000 x14: 0000000000000000
[ 17.543652] x13: ffff000008d95db8 x12: 000000000000000d
[ 17.552780] x11: ffff000008d95d90 x10: 0000000000000b00
[ 17.561819] x9 : ffff000100d9bb90 x8 : ffff802fb89d6560
[ 17.570829] x7 : 0000000000000004 x6 : 00000004a1801d05
[ 17.579839] x5 : 0000000000000000 x4 : 0000000000000000
[ 17.588852] x3 : ffff802fb89d5a00 x2 : 0000000000000000
[ 17.597734] x1 : 0000000200000000 x0 : 0000000200000000
[ 17.606631] Process kworker/u130:0 (pid: 95, stack limit = 0x(____ptrval____))
[ 17.617438] Call trace:
[ 17.623349] __mutex_lock.isra.1+0x74/0x540
[ 17.630927] __mutex_lock_slowpath+0x24/0x30
[ 17.638602] mutex_lock+0x50/0x60
[ 17.645295] drain_workqueue+0x34/0x198
[ 17.652623] __sas_drain_work+0x7c/0x168
[ 17.659903] sas_drain_work+0x60/0x68
[ 17.666947] hisi_sas_scan_finished+0x30/0x40 [hisi_sas_main]
[ 17.676129] do_scsi_scan_host+0x70/0xb0
[ 17.683534] do_scan_async+0x20/0x228
[ 17.690586] async_run_entry_fn+0x4c/0x1d0
[ 17.697997] process_one_work+0x1b4/0x3f8
[ 17.705296] worker_thread+0x54/0x470
Every time the call trace is not the same, but the overwrite address
is always the same:
Unable to handle kernel paging request at virtual address 0000000200000040
The root cause is, when write the reg XGMAC_MAC_TX_LF_RF_CONTROL_REG,
didn't use the io_base offset.
Signed-off-by: Yonglong Liu <liuyonglong@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c
index ba4316910dea..a60f207768fc 100644
--- a/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c
+++ b/drivers/net/ethernet/hisilicon/hns/hns_dsaf_xgmac.c
@@ -129,7 +129,7 @@ static void hns_xgmac_lf_rf_control_init(struct mac_driver *mac_drv)
dsaf_set_bit(val, XGMAC_UNIDIR_EN_B, 0);
dsaf_set_bit(val, XGMAC_RF_TX_EN_B, 1);
dsaf_set_field(val, XGMAC_LF_RF_INSERT_M, XGMAC_LF_RF_INSERT_S, 0);
- dsaf_write_reg(mac_drv, XGMAC_MAC_TX_LF_RF_CONTROL_REG, val);
+ dsaf_write_dev(mac_drv, XGMAC_MAC_TX_LF_RF_CONTROL_REG, val);
}
/**
--
2.20.1
next prev parent reply other threads:[~2019-05-06 14:59 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-06 14:31 [PATCH 4.19 00/99] 4.19.41-stable review Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 01/99] iwlwifi: fix driver operation for 5350 Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 02/99] mwifiex: Make resume actually do something useful again on SDIO cards Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 03/99] mac80211: dont attempt to rename ERR_PTR() debugfs dirs Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 04/99] i2c: synquacer: fix enumeration of slave devices Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 05/99] i2c: imx: correct the method of getting private data in notifier_call Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 06/99] i2c: Remove unnecessary call to irq_find_mapping Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 07/99] i2c: Clear client->irq in i2c_device_remove Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 08/99] i2c: Allow recovery of the initial IRQ by an I2C client device Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 09/99] i2c: Prevent runtime suspend of adapter when Host Notify is required Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 10/99] ALSA: hda/realtek - Add new Dell platform for headset mode Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 11/99] ALSA: hda/realtek - Fixed Dell AIO speaker noise Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 12/99] ALSA: hda/realtek - Apply the fixup for ASUS Q325UAR Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 13/99] USB: yurex: Fix protection fault after device removal Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 14/99] USB: w1 ds2490: Fix bug caused by improper use of altsetting array Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 15/99] USB: dummy-hcd: Fix failure to give back unlinked URBs Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 16/99] usb: usbip: fix isoc packet num validation in get_pipe Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 17/99] USB: core: Fix unterminated string returned by usb_string() Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 18/99] USB: core: Fix bug caused by duplicate interface PM usage counter Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 19/99] nvme-loop: init nvmet_ctrl fatal_err_work when allocate Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 20/99] efi: Fix debugobjects warning on efi_rts_work Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 21/99] arm64: dts: rockchip: fix rk3328-roc-cc gmac2io tx/rx_delay Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 22/99] HID: logitech: check the return value of create_singlethread_workqueue Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 23/99] HID: debug: fix race condition with between rdesc_show() and device removal Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 24/99] rtc: cros-ec: Fail suspend/resume if wake IRQ cant be configured Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 25/99] rtc: sh: Fix invalid alarm warning for non-enabled alarm Greg Kroah-Hartman
2019-05-06 14:31 ` [PATCH 4.19 26/99] batman-adv: Reduce claim hash refcnt only for removed entry Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 27/99] batman-adv: Reduce tt_local " Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 28/99] batman-adv: Reduce tt_global " Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 29/99] batman-adv: fix warning in function batadv_v_elp_get_throughput Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 30/99] ARM: dts: rockchip: Fix gpu opp node names for rk3288 Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 31/99] reset: meson-audio-arb: Fix missing .owner setting of reset_controller_dev Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 32/99] igb: Fix WARN_ONCE on runtime suspend Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 33/99] riscv: fix accessing 8-byte variable from RV32 Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 34/99] HID: quirks: Fix keyboard + touchpad on Lenovo Miix 630 Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 35/99] net: hns3: fix compile error Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 36/99] net/mlx5: E-Switch, Fix esw manager vport indication for more vport commands Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 37/99] bonding: show full hw address in sysfs for slave entries Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 38/99] net: stmmac: use correct DMA buffer size in the RX descriptor Greg Kroah-Hartman
2019-05-08 0:10 ` Nobuhiro Iwamatsu
2019-05-08 6:35 ` Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 39/99] net: stmmac: ratelimit RX error logs Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 40/99] net: stmmac: dont stop NAPI processing when dropping a packet Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 41/99] net: stmmac: dont overwrite discard_frame status Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 42/99] net: stmmac: fix dropping of multi-descriptor RX frames Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 43/99] net: stmmac: dont log oversized frames Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 44/99] jffs2: fix use-after-free on symlink traversal Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 45/99] debugfs: " Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 46/99] mfd: twl-core: Disable IRQ while suspended Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 47/99] block: use blk_free_flush_queue() to free hctx->fq in blk_mq_init_hctx Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 48/99] rtc: da9063: set uie_unsupported when relevant Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 49/99] HID: input: add mapping for Assistant key Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 50/99] vfio/pci: use correct format characters Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 51/99] scsi: core: add new RDAC LENOVO/DE_Series device Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 52/99] scsi: storvsc: Fix calculation of sub-channel count Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 53/99] arm/mach-at91/pm : fix possible object reference leak Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 54/99] arm64: fix wrong check of on_sdei_stack in nmi context Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 55/99] net: hns: fix KASAN: use-after-free in hns_nic_net_xmit_hw() Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 56/99] net: hns: Use NAPI_POLL_WEIGHT for hns driver Greg Kroah-Hartman
2019-05-06 14:32 ` Greg Kroah-Hartman [this message]
2019-05-06 14:32 ` [PATCH 4.19 58/99] net: hns: fix ICMP6 neighbor solicitation messages discard problem Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 59/99] net: hns: Fix WARNING when remove HNS driver with SMMU enabled Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 60/99] libcxgb: fix incorrect ppmax calculation Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 61/99] KVM: SVM: prevent DBG_DECRYPT and DBG_ENCRYPT overflow Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 62/99] kmemleak: powerpc: skip scanning holes in the .bss section Greg Kroah-Hartman
2019-05-07 7:58 ` Nobuhiro Iwamatsu
2019-05-07 12:51 ` Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 63/99] hugetlbfs: fix memory leak for resv_map Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 64/99] sh: fix multiple function definition build errors Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 65/99] xsysace: Fix error handling in ace_setup Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 66/99] fs: stream_open - opener for stream-like files so that read and write can run simultaneously without deadlock Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 67/99] ARM: orion: dont use using 64-bit DMA masks Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 68/99] ARM: iop: " Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 69/99] block: pass no-op callback to INIT_WORK() Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 70/99] perf/x86/amd: Update generic hardware cache events for Family 17h Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 71/99] Bluetooth: btusb: request wake pin with NOAUTOEN Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 72/99] Bluetooth: mediatek: fix up an error path to restore bdev->tx_state Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 73/99] clk: qcom: Add missing freq for usb30_master_clk on 8998 Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 74/99] staging: iio: adt7316: allow adt751x to use internal vref for all dacs Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 75/99] staging: iio: adt7316: fix the dac read calculation Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 76/99] staging: iio: adt7316: fix the dac write calculation Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 77/99] scsi: RDMA/srpt: Fix a credit leak for aborted commands Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 78/99] ASoC: Intel: bytcr_rt5651: Revert "Fix DMIC map headsetmic mapping" Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 79/99] ASoC: wm_adsp: Correct handling of compressed streams that restart Greg Kroah-Hartman
2019-05-07 8:44 ` Nobuhiro Iwamatsu
2019-05-07 12:49 ` Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 80/99] ASoC: stm32: fix sai driver name initialisation Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 81/99] platform/x86: intel_pmc_core: Fix PCH IP name Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 82/99] platform/x86: intel_pmc_core: Handle CFL regmap properly Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 83/99] IB/core: Unregister notifier before freeing MAD security Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 84/99] IB/core: Fix potential memory leak while creating MAD agents Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 85/99] IB/core: Destroy QP if XRC QP fails Greg Kroah-Hartman
2019-05-06 14:32 ` [PATCH 4.19 86/99] Input: snvs_pwrkey - initialize necessary driver data before enabling IRQ Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 87/99] Input: stmfts - acknowledge that setting brightness is a blocking call Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 88/99] gpio: mxc: add check to return defer probe if clock tree NOT ready Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 89/99] selinux: avoid silent denials in permissive mode under RCU walk Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 90/99] selinux: never allow relabeling on context mounts Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 91/99] mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 92/99] powerpc/mm/hash: Handle mmap_min_addr correctly in get_unmapped_area topdown search Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 93/99] x86/mce: Improve error message when kernel cannot recover, p2 Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 94/99] clk: x86: Add system specific quirk to mark clocks as critical Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 95/99] x86/mm/KASLR: Fix the size of the direct mapping section Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 96/99] x86/mm: Fix a crash with kmemleak_scan() Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 97/99] x86/mm/tlb: Revert "x86/mm: Align TLB invalidation info" Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 98/99] i2c: i2c-stm32f7: Fix SDADEL minimum formula Greg Kroah-Hartman
2019-05-06 14:33 ` [PATCH 4.19 99/99] media: v4l2: i2c: ov7670: Fix PLL bypass register values Greg Kroah-Hartman
2019-05-07 9:49 ` [PATCH 4.19 00/99] 4.19.41-stable review Naresh Kamboju
2019-05-07 12:44 ` Jon Hunter
2019-05-07 18:39 ` Guenter Roeck
2019-05-07 19:27 ` kernelci.org bot
2019-05-07 20:22 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190506143059.236130025@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=liuyonglong@huawei.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).