From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Jian Shen <shenjian15@huawei.com>,
Guangbin Huang <huangguangbin2@huawei.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 56/93] net: hns3: do not allow call hns3_nic_net_open repeatedly
Date: Mon, 4 Oct 2021 14:52:54 +0200 [thread overview]
Message-ID: <20211004125036.422158837@linuxfoundation.org> (raw)
In-Reply-To: <20211004125034.579439135@linuxfoundation.org>
From: Jian Shen <shenjian15@huawei.com>
[ Upstream commit 5b09e88e1bf7fe86540fab4b5f3eece8abead39e ]
hns3_nic_net_open() is not allowed to called repeatly, but there
is no checking for this. When doing device reset and setup tc
concurrently, there is a small oppotunity to call hns3_nic_net_open
repeatedly, and cause kernel bug by calling napi_enable twice.
The calltrace information is like below:
[ 3078.222780] ------------[ cut here ]------------
[ 3078.230255] kernel BUG at net/core/dev.c:6991!
[ 3078.236224] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
[ 3078.243431] Modules linked in: hns3 hclgevf hclge hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O)
[ 3078.258880] CPU: 0 PID: 295 Comm: kworker/u8:5 Tainted: G O 5.14.0-rc4+ #1
[ 3078.269102] Hardware name: , BIOS KpxxxFPGA 1P B600 V181 08/12/2021
[ 3078.276801] Workqueue: hclge hclge_service_task [hclge]
[ 3078.288774] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)
[ 3078.296168] pc : napi_enable+0x80/0x84
tc qdisc sho[w 3d0e7v8 .e3t0h218 79] lr : hns3_nic_net_open+0x138/0x510 [hns3]
[ 3078.314771] sp : ffff8000108abb20
[ 3078.319099] x29: ffff8000108abb20 x28: 0000000000000000 x27: ffff0820a8490300
[ 3078.329121] x26: 0000000000000001 x25: ffff08209cfc6200 x24: 0000000000000000
[ 3078.339044] x23: ffff0820a8490300 x22: ffff08209cd76000 x21: ffff0820abfe3880
[ 3078.349018] x20: 0000000000000000 x19: ffff08209cd76900 x18: 0000000000000000
[ 3078.358620] x17: 0000000000000000 x16: ffffc816e1727a50 x15: 0000ffff8f4ff930
[ 3078.368895] x14: 0000000000000000 x13: 0000000000000000 x12: 0000259e9dbeb6b4
[ 3078.377987] x11: 0096a8f7e764eb40 x10: 634615ad28d3eab5 x9 : ffffc816ad8885b8
[ 3078.387091] x8 : ffff08209cfc6fb8 x7 : ffff0820ac0da058 x6 : ffff0820a8490344
[ 3078.396356] x5 : 0000000000000140 x4 : 0000000000000003 x3 : ffff08209cd76938
[ 3078.405365] x2 : 0000000000000000 x1 : 0000000000000010 x0 : ffff0820abfe38a0
[ 3078.414657] Call trace:
[ 3078.418517] napi_enable+0x80/0x84
[ 3078.424626] hns3_reset_notify_up_enet+0x78/0xd0 [hns3]
[ 3078.433469] hns3_reset_notify+0x64/0x80 [hns3]
[ 3078.441430] hclge_notify_client+0x68/0xb0 [hclge]
[ 3078.450511] hclge_reset_rebuild+0x524/0x884 [hclge]
[ 3078.458879] hclge_reset_service_task+0x3c4/0x680 [hclge]
[ 3078.467470] hclge_service_task+0xb0/0xb54 [hclge]
[ 3078.475675] process_one_work+0x1dc/0x48c
[ 3078.481888] worker_thread+0x15c/0x464
[ 3078.487104] kthread+0x160/0x170
[ 3078.492479] ret_from_fork+0x10/0x18
[ 3078.498785] Code: c8027c81 35ffffa2 d50323bf d65f03c0 (d4210000)
[ 3078.506889] ---[ end trace 8ebe0340a1b0fb44 ]---
Once hns3_nic_net_open() is excute success, the flag
HNS3_NIC_STATE_DOWN will be cleared. So add checking for this
flag, directly return when HNS3_NIC_STATE_DOWN is no set.
Fixes: e888402789b9 ("net: hns3: call hns3_nic_net_open() while doing HNAE3_UP_CLIENT")
Signed-off-by: Jian Shen <shenjian15@huawei.com>
Signed-off-by: Guangbin Huang <huangguangbin2@huawei.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/hisilicon/hns3/hns3_enet.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
index 936b9cfe1a62..4777db2623cf 100644
--- a/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
+++ b/drivers/net/ethernet/hisilicon/hns3/hns3_enet.c
@@ -444,6 +444,11 @@ static int hns3_nic_net_open(struct net_device *netdev)
if (hns3_nic_resetting(netdev))
return -EBUSY;
+ if (!test_bit(HNS3_NIC_STATE_DOWN, &priv->state)) {
+ netdev_warn(netdev, "net open repeatedly!\n");
+ return 0;
+ }
+
netif_carrier_off(netdev);
ret = hns3_nic_set_real_num_queue(netdev);
--
2.33.0
next prev parent reply other threads:[~2021-10-04 13:25 UTC|newest]
Thread overview: 100+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-04 12:51 [PATCH 5.10 00/93] 5.10.71-rc1 review Greg Kroah-Hartman
2021-10-04 12:51 ` [PATCH 5.10 01/93] tty: Fix out-of-bound vmalloc access in imageblit Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 02/93] cpufreq: schedutil: Use kobject release() method to free sugov_tunables Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 03/93] scsi: qla2xxx: Changes to support kdump kernel for NVMe BFS Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 04/93] cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 05/93] usb: cdns3: fix race condition before setting doorbell Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 06/93] ALSA: hda/realtek: Quirks to enable speaker output for Lenovo Legion 7i 15IMHG05, Yoga 7i 14ITL5/15ITL5, and 13s Gen2 laptops Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 07/93] ACPI: NFIT: Use fallback node id when numa info in NFIT table is incorrect Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 08/93] fs-verity: fix signed integer overflow with i_size near S64_MAX Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 09/93] hwmon: (tmp421) handle I2C errors Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 10/93] hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 11/93] hwmon: (w83792d) " Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 12/93] hwmon: (w83791d) " Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 13/93] gpio: pca953x: do not ignore i2c errors Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 14/93] scsi: ufs: Fix illegal offset in UPIU event trace Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 15/93] mac80211: fix use-after-free in CCMP/GCMP RX Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 16/93] x86/kvmclock: Move this_cpu_pvti into kvmclock.h Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 17/93] KVM: x86: Fix stack-out-of-bounds memory access from ioapic_write_indirect() Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 18/93] KVM: x86: nSVM: dont copy virt_ext from vmcb12 Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 19/93] KVM: nVMX: Filter out all unsupported controls when eVMCS was activated Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 20/93] KVM: rseq: Update rseq when processing NOTIFY_RESUME on xfer to KVM guest Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 21/93] media: ir_toy: prevent device from hanging during transmit Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 22/93] RDMA/cma: Do not change route.addr.src_addr.ss_family Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 23/93] drm/amd/display: Pass PCI deviceid into DC Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 24/93] drm/amdgpu: correct initial cp_hqd_quantum for gfx9 Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 25/93] ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 26/93] bpf: Handle return value of BPF_PROG_TYPE_STRUCT_OPS prog Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 27/93] IB/cma: Do not send IGMP leaves for sendonly Multicast groups Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 28/93] RDMA/cma: Fix listener leak in rdma_cma_listen_on_all() failure Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 29/93] bpf, mips: Validate conditional branch offsets Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 30/93] hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 31/93] mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 32/93] mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 33/93] mac80211: mesh: fix potentially unaligned access Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 34/93] mac80211-hwsim: fix late beacon hrtimer handling Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 35/93] sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 36/93] mptcp: dont return sockets in foreign netns Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 37/93] hwmon: (tmp421) report /PVLD condition as fault Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 38/93] hwmon: (tmp421) fix rounding for negative values Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 39/93] net: enetc: fix the incorrect clearing of IF_MODE bits Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 40/93] net: ipv4: Fix rtnexthop len when RTA_FLOW is present Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 41/93] smsc95xx: fix stalled rx after link change Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 42/93] drm/i915/request: fix early tracepoints Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 43/93] dsa: mv88e6xxx: 6161: Use chip wide MAX MTU Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 44/93] dsa: mv88e6xxx: Fix MTU definition Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 45/93] dsa: mv88e6xxx: Include tagger overhead when setting MTU for DSA and CPU ports Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 46/93] e100: fix length calculation in e100_get_regs_len Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 47/93] e100: fix buffer overrun in e100_get_regs Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 48/93] RDMA/hns: Fix inaccurate prints Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 49/93] bpf: Exempt CAP_BPF from checks against bpf_jit_limit Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 50/93] selftests, bpf: Fix makefile dependencies on libbpf Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 51/93] selftests, bpf: test_lwt_ip_encap: Really disable rp_filter Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 52/93] net: ks8851: fix link error Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 53/93] Revert "block, bfq: honor already-setup queue merges" Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 54/93] scsi: csiostor: Add module softdep on cxgb4 Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 55/93] ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup Greg Kroah-Hartman
2021-10-04 12:52 ` Greg Kroah-Hartman [this message]
2021-10-04 12:52 ` [PATCH 5.10 57/93] net: hns3: keep MAC pause mode when multiple TCs are enabled Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 58/93] net: hns3: fix mixed flag HCLGE_FLAG_MQPRIO_ENABLE and HCLGE_FLAG_DCB_ENABLE Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 59/93] net: hns3: fix show wrong state when add existing uc mac address Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 60/93] net: hns3: fix prototype warning Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.10 61/93] net: hns3: reconstruct function hns3_self_test Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 62/93] net: hns3: fix always enable rx vlan filter problem after selftest Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 63/93] net: phy: bcm7xxx: Fixed indirect MMD operations Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 64/93] net: sched: flower: protect fl_walk() with rcu Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 65/93] af_unix: fix races in sk_peer_pid and sk_peer_cred accesses Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 66/93] perf/x86/intel: Update event constraints for ICX Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 67/93] hwmon: (pmbus/mp2975) Add missed POUT attribute for page 1 mp2975 controller Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 68/93] nvme: add command id quirk for apple controllers Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 69/93] elf: dont use MAP_FIXED_NOREPLACE for elf interpreter mappings Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 70/93] debugfs: debugfs_create_file_size(): use IS_ERR to check for error Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 71/93] ipack: ipoctal: fix stack information leak Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 72/93] ipack: ipoctal: fix tty registration race Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 73/93] ipack: ipoctal: fix tty-registration error handling Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 74/93] ipack: ipoctal: fix missing allocation-failure check Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 75/93] ipack: ipoctal: fix module reference leak Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 76/93] ext4: fix loff_t overflow in ext4_max_bitmap_size() Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 77/93] ext4: limit the number of blocks in one ADD_RANGE TLV Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 78/93] ext4: fix reserved space counter leakage Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 79/93] ext4: add error checking to ext4_ext_replay_set_iblocks() Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 80/93] ext4: fix potential infinite loop in ext4_dx_readdir() Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 81/93] HID: u2fzero: ignore incomplete packets without data Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 82/93] net: udp: annotate data race around udp_sk(sk)->corkflag Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 83/93] ASoC: dapm: use component prefix when checking widget names Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 84/93] usb: hso: remove the bailout parameter Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 85/93] crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 86/93] HID: betop: fix slab-out-of-bounds Write in betop_probe Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 87/93] netfilter: ipset: Fix oversized kvmalloc() calls Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 88/93] mm: dont allow " Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 89/93] HID: usbhid: free raw_report buffers in usbhid_stop Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 90/93] net: mdiobus: Fix memory leak in __mdiobus_register Greg Kroah-Hartman
2021-10-04 20:58 ` Florian Fainelli
2021-10-04 12:53 ` [PATCH 5.10 91/93] KVM: x86: Handle SRCU initialization failure during page track init Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 92/93] netfilter: conntrack: serialize hash resizes and cleanups Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.10 93/93] netfilter: nf_tables: Fix oversized kvmalloc() calls Greg Kroah-Hartman
2021-10-04 16:31 ` [PATCH 5.10 00/93] 5.10.71-rc1 review Fox Chen
2021-10-04 18:08 ` Pavel Machek
2021-10-04 19:45 ` Shuah Khan
2021-10-04 20:48 ` Florian Fainelli
2021-10-05 2:40 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211004125036.422158837@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=huangguangbin2@huawei.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=shenjian15@huawei.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox