From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Maor Gottlieb <maorg@mellanox.com>,
Leon Romanovsky <leonro@mellanox.com>,
Mike Marciniszyn <mike.marciniszyn@intel.com>,
Jason Gunthorpe <jgg@mellanox.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 04/86] RDMA/core: Fix pkey and port assignment in get_new_pps
Date: Tue, 10 Mar 2020 13:44:28 +0100 [thread overview]
Message-ID: <20200310124531.045083681@linuxfoundation.org> (raw)
In-Reply-To: <20200310124530.808338541@linuxfoundation.org>
From: Maor Gottlieb <maorg@mellanox.com>
[ Upstream commit 801b67f3eaafd3f2ec8b65d93142d4ffedba85df ]
When port is part of the modify mask, then we should take it from the
qp_attr and not from the old pps. Same for PKEY. Otherwise there are
panics in some configurations:
RIP: 0010:get_pkey_idx_qp_list+0x50/0x80 [ib_core]
Code: c7 18 e8 13 04 30 ef 0f b6 43 06 48 69 c0 b8 00 00 00 48 03 85 a0 04 00 00 48 8b 50 20 48 8d 48 20 48 39 ca 74 1a 0f b7 73 04 <66> 39 72 10 75 08 eb 10 66 39 72 10 74 0a 48 8b 12 48 39 ca 75 f2
RSP: 0018:ffffafb3480932f0 EFLAGS: 00010203
RAX: ffff98059ababa10 RBX: ffff980d926e8cc0 RCX: ffff98059ababa30
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff98059ababa28
RBP: ffff98059b940000 R08: 00000000000310c0 R09: ffff97fe47c07480
R10: 0000000000000036 R11: 0000000000000200 R12: 0000000000000071
R13: ffff98059b940000 R14: ffff980d87f948a0 R15: 0000000000000000
FS: 00007f88deb31740(0000) GS:ffff98059f600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000010 CR3: 0000000853e26001 CR4: 00000000001606e0
Call Trace:
port_pkey_list_insert+0x3d/0x1b0 [ib_core]
? kmem_cache_alloc_trace+0x215/0x220
ib_security_modify_qp+0x226/0x3a0 [ib_core]
_ib_modify_qp+0xcf/0x390 [ib_core]
ipoib_init_qp+0x7f/0x200 [ib_ipoib]
? rvt_modify_port+0xd0/0xd0 [rdmavt]
? ib_find_pkey+0x99/0xf0 [ib_core]
ipoib_ib_dev_open_default+0x1a/0x200 [ib_ipoib]
ipoib_ib_dev_open+0x96/0x130 [ib_ipoib]
ipoib_open+0x44/0x130 [ib_ipoib]
__dev_open+0xd1/0x160
__dev_change_flags+0x1ab/0x1f0
dev_change_flags+0x23/0x60
do_setlink+0x328/0xe30
? __nla_validate_parse+0x54/0x900
__rtnl_newlink+0x54e/0x810
? __alloc_pages_nodemask+0x17d/0x320
? page_fault+0x30/0x50
? _cond_resched+0x15/0x30
? kmem_cache_alloc_trace+0x1c8/0x220
rtnl_newlink+0x43/0x60
rtnetlink_rcv_msg+0x28f/0x350
? kmem_cache_alloc+0x1fb/0x200
? _cond_resched+0x15/0x30
? __kmalloc_node_track_caller+0x24d/0x2d0
? rtnl_calcit.isra.31+0x120/0x120
netlink_rcv_skb+0xcb/0x100
netlink_unicast+0x1e0/0x340
netlink_sendmsg+0x317/0x480
? __check_object_size+0x48/0x1d0
sock_sendmsg+0x65/0x80
____sys_sendmsg+0x223/0x260
? copy_msghdr_from_user+0xdc/0x140
___sys_sendmsg+0x7c/0xc0
? skb_dequeue+0x57/0x70
? __inode_wait_for_writeback+0x75/0xe0
? fsnotify_grab_connector+0x45/0x80
? __dentry_kill+0x12c/0x180
__sys_sendmsg+0x58/0xa0
do_syscall_64+0x5b/0x200
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f88de467f10
Link: https://lore.kernel.org/r/20200227125728.100551-1-leon@kernel.org
Cc: <stable@vger.kernel.org>
Fixes: 1dd017882e01 ("RDMA/core: Fix protection fault in get_pkey_idx_qp_list")
Signed-off-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Tested-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/security.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/infiniband/core/security.c b/drivers/infiniband/core/security.c
index 4e2565cccb8ae..839ee047f36be 100644
--- a/drivers/infiniband/core/security.c
+++ b/drivers/infiniband/core/security.c
@@ -337,11 +337,15 @@ static struct ib_ports_pkeys *get_new_pps(const struct ib_qp *qp,
return NULL;
if (qp_attr_mask & IB_QP_PORT)
- new_pps->main.port_num =
- (qp_pps) ? qp_pps->main.port_num : qp_attr->port_num;
+ new_pps->main.port_num = qp_attr->port_num;
+ else if (qp_pps)
+ new_pps->main.port_num = qp_pps->main.port_num;
+
if (qp_attr_mask & IB_QP_PKEY_INDEX)
- new_pps->main.pkey_index = (qp_pps) ? qp_pps->main.pkey_index :
- qp_attr->pkey_index;
+ new_pps->main.pkey_index = qp_attr->pkey_index;
+ else if (qp_pps)
+ new_pps->main.pkey_index = qp_pps->main.pkey_index;
+
if ((qp_attr_mask & IB_QP_PKEY_INDEX) && (qp_attr_mask & IB_QP_PORT))
new_pps->main.state = IB_PORT_PKEY_VALID;
--
2.20.1
next prev parent reply other threads:[~2020-03-10 13:12 UTC|newest]
Thread overview: 105+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-10 12:44 [PATCH 4.19 00/86] 4.19.109-stable review Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 01/86] EDAC/amd64: Set grain per DIMM Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 02/86] ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 03/86] net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec Greg Kroah-Hartman
2020-03-10 12:44 ` Greg Kroah-Hartman [this message]
2020-03-10 12:44 ` [PATCH 4.19 05/86] RDMA/core: Fix use of logical OR in get_new_pps Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 06/86] kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 07/86] ALSA: hda: do not override bus codec_mask in link_get() Greg Kroah-Hartman
2020-03-10 22:33 ` Pavel Machek
2020-03-10 12:44 ` [PATCH 4.19 08/86] serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 09/86] selftests: fix too long argument Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 10/86] usb: gadget: composite: Support more than 500mA MaxPower Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 11/86] usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 12/86] usb: gadget: serial: fix Tx stall after buffer overflow Greg Kroah-Hartman
2020-03-10 15:08 ` Pavel Machek
2020-03-10 22:51 ` Michał Mirosław
2020-03-11 9:42 ` Pavel Machek
2020-03-10 12:44 ` [PATCH 4.19 13/86] drm/msm/mdp5: rate limit pp done timeout warnings Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 14/86] drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 15/86] scsi: megaraid_sas: silence a warning Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 16/86] drm/msm/dsi: save pll state before dsi host is powered off Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 17/86] drm/msm/dsi/pll: call vco set rate explicitly Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 18/86] selftests: forwarding: use proto icmp for {gretap, ip6gretap}_mac testing Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 19/86] net: dsa: b53: Ensure the default VID is untagged Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 20/86] net: ks8851-ml: Remove 8-bit bus accessors Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 21/86] net: ks8851-ml: Fix 16-bit data access Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 22/86] net: ks8851-ml: Fix 16-bit IO operation Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 23/86] watchdog: da9062: do not ping the hw during stop() Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 24/86] s390/cio: cio_ignore_proc_seq_next should increase position index Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 25/86] s390: make install not depend on vmlinux Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 26/86] x86/boot/compressed: Dont declare __force_order in kaslr_64.c Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 27/86] s390/qdio: fill SL with absolute addresses Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 28/86] nvme: Fix uninitialized-variable warning Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 29/86] ice: Dont tell the OS that link is going down Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 30/86] x86/xen: Distribute switch variables for initialization Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 31/86] net: thunderx: workaround BGX TX Underflow issue Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 32/86] ALSA: hda/realtek - Add Headset Mic supported Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 33/86] ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 34/86] cifs: dont leak -EAGAIN for stat() during reconnect Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 35/86] usb: storage: Add quirk for Samsung Fit flash Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 36/86] usb: quirks: add NO_LPM quirk for Logitech Screen Share Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 37/86] usb: dwc3: gadget: Update chain bit correctly when using sg list Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 38/86] usb: core: hub: fix unhandled return by employing a void function Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 39/86] usb: core: hub: do error out if usb_autopm_get_interface() fails Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 40/86] usb: core: port: " Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 41/86] vgacon: Fix a UAF in vgacon_invert_region Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 42/86] mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 43/86] mm: fix possible PMD dirty bit lost in set_pmd_migration_entry() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 44/86] fat: fix uninit-memory access for partial initialized inode Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 45/86] arm: dts: dra76x: Fix mmc3 max-frequency Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 46/86] tty:serial:mvebu-uart:fix a wrong return Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 47/86] serial: 8250_exar: add support for ACCES cards Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 48/86] vt: selection, close sel_buffer race Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 49/86] vt: selection, push console lock down Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 50/86] vt: selection, push sel_lock up Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 51/86] media: v4l2-mem2mem.c: fix broken links Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 52/86] x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 53/86] dmaengine: tegra-apb: Fix use-after-free Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 54/86] dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 55/86] dm cache: fix a crash due to incorrect work item cancelling Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 56/86] dm: report suspended device during destroy Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 57/86] dm writecache: verify watermark during resume Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 58/86] ARM: dts: ls1021a: Restore MDIO compatible to gianfar Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 59/86] spi: bcm63xx-hsspi: Really keep pll clk enabled Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 60/86] ASoC: topology: Fix memleak in soc_tplg_link_elems_load() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 61/86] ASoC: topology: Fix memleak in soc_tplg_manifest_load() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 62/86] ASoC: intel: skl: Fix pin debug prints Greg Kroah-Hartman
2020-03-11 9:52 ` Pavel Machek
2020-03-11 9:53 ` Pavel Machek
2020-03-10 12:45 ` [PATCH 4.19 63/86] ASoC: intel: skl: Fix possible buffer overflow in debug outputs Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 64/86] dmaengine: imx-sdma: remove dma_slave_config direction usage and leave sdma_event_enable() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 65/86] ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 66/86] ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 67/86] ASoC: dapm: Correct DAPM handling of active widgets during shutdown Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 68/86] drm/sun4i: Fix DE2 VI layer format support Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 69/86] drm/sun4i: de2/de3: Remove unsupported VI layer formats Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 70/86] phy: mapphone-mdm6600: Fix timeouts by adding wake-up handling Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 71/86] phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO toggle interval Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 72/86] ARM: dts: imx6: phycore-som: fix emmc supply Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 73/86] RDMA/iwcm: Fix iwcm work deallocation Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 74/86] RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 75/86] IB/hfi1, qib: Ensure RCU is locked when accessing list Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 76/86] ARM: imx: build v7_cpu_resume() unconditionally Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 77/86] ARM: dts: am437x-idk-evm: Fix incorrect OPP node names Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 78/86] ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 79/86] ARM: dts: imx7-colibri: Fix frequency for sd/mmc Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 80/86] hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 81/86] dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 82/86] powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 83/86] efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 84/86] efi/x86: Handle by-ref arguments covering multiple pages in mixed mode Greg Kroah-Hartman
2020-03-11 13:01 ` Pavel Machek
2020-03-11 13:13 ` Greg Kroah-Hartman
2020-03-11 13:28 ` Pavel Machek
2020-03-11 13:43 ` Ard Biesheuvel
2020-03-12 3:52 ` Arvind Sankar
2020-03-10 12:45 ` [PATCH 4.19 85/86] dm integrity: fix a deadlock due to offloading to an incorrect workqueue Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 86/86] scsi: pm80xx: Fixed kernel panic during error recovery for SATA drive Greg Kroah-Hartman
2020-03-10 20:08 ` [PATCH 4.19 00/86] 4.19.109-stable review Jon Hunter
2020-03-10 21:18 ` shuah
2020-03-10 21:58 ` Guenter Roeck
2020-03-11 6:52 ` Naresh Kamboju
2020-03-11 10:56 ` Chris Paterson
2020-03-11 13:13 ` Greg Kroah-Hartman
2020-03-17 19:46 ` Chris Paterson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200310124531.045083681@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jgg@mellanox.com \
--cc=leonro@mellanox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=maorg@mellanox.com \
--cc=mike.marciniszyn@intel.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).