From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Cedric Wassenaar <cedric@bytespeed.nl>,
Junxiao Chang <junxiao.chang@intel.com>,
Florian Fainelli <f.fainelli@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 043/105] net: stmmac: fix dma queue left shift overflow issue
Date: Wed, 27 Jul 2022 18:10:29 +0200 [thread overview]
Message-ID: <20220727161013.821677571@linuxfoundation.org> (raw)
In-Reply-To: <20220727161012.056867467@linuxfoundation.org>
From: Junxiao Chang <junxiao.chang@intel.com>
[ Upstream commit 613b065ca32e90209024ec4a6bb5ca887ee70980 ]
When queue number is > 4, left shift overflows due to 32 bits
integer variable. Mask calculation is wrong for MTL_RXQ_DMA_MAP1.
If CONFIG_UBSAN is enabled, kernel dumps below warning:
[ 10.363842] ==================================================================
[ 10.363882] UBSAN: shift-out-of-bounds in /build/linux-intel-iotg-5.15-8e6Tf4/
linux-intel-iotg-5.15-5.15.0/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c:224:12
[ 10.363929] shift exponent 40 is too large for 32-bit type 'unsigned int'
[ 10.363953] CPU: 1 PID: 599 Comm: NetworkManager Not tainted 5.15.0-1003-intel-iotg
[ 10.363956] Hardware name: ADLINK Technology Inc. LEC-EL/LEC-EL, BIOS 0.15.11 12/22/2021
[ 10.363958] Call Trace:
[ 10.363960] <TASK>
[ 10.363963] dump_stack_lvl+0x4a/0x5f
[ 10.363971] dump_stack+0x10/0x12
[ 10.363974] ubsan_epilogue+0x9/0x45
[ 10.363976] __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e
[ 10.363979] ? wake_up_klogd+0x4a/0x50
[ 10.363983] ? vprintk_emit+0x8f/0x240
[ 10.363986] dwmac4_map_mtl_dma.cold+0x42/0x91 [stmmac]
[ 10.364001] stmmac_mtl_configuration+0x1ce/0x7a0 [stmmac]
[ 10.364009] ? dwmac410_dma_init_channel+0x70/0x70 [stmmac]
[ 10.364020] stmmac_hw_setup.cold+0xf/0xb14 [stmmac]
[ 10.364030] ? page_pool_alloc_pages+0x4d/0x70
[ 10.364034] ? stmmac_clear_tx_descriptors+0x6e/0xe0 [stmmac]
[ 10.364042] stmmac_open+0x39e/0x920 [stmmac]
[ 10.364050] __dev_open+0xf0/0x1a0
[ 10.364054] __dev_change_flags+0x188/0x1f0
[ 10.364057] dev_change_flags+0x26/0x60
[ 10.364059] do_setlink+0x908/0xc40
[ 10.364062] ? do_setlink+0xb10/0xc40
[ 10.364064] ? __nla_validate_parse+0x4c/0x1a0
[ 10.364068] __rtnl_newlink+0x597/0xa10
[ 10.364072] ? __nla_reserve+0x41/0x50
[ 10.364074] ? __kmalloc_node_track_caller+0x1d0/0x4d0
[ 10.364079] ? pskb_expand_head+0x75/0x310
[ 10.364082] ? nla_reserve_64bit+0x21/0x40
[ 10.364086] ? skb_free_head+0x65/0x80
[ 10.364089] ? security_sock_rcv_skb+0x2c/0x50
[ 10.364094] ? __cond_resched+0x19/0x30
[ 10.364097] ? kmem_cache_alloc_trace+0x15a/0x420
[ 10.364100] rtnl_newlink+0x49/0x70
This change fixes MTL_RXQ_DMA_MAP1 mask issue and channel/queue
mapping warning.
Fixes: d43042f4da3e ("net: stmmac: mapping mtl rx to dma channel")
BugLink: https://bugzilla.kernel.org/show_bug.cgi?id=216195
Reported-by: Cedric Wassenaar <cedric@bytespeed.nl>
Signed-off-by: Junxiao Chang <junxiao.chang@intel.com>
Reviewed-by: Florian Fainelli <f.fainelli@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c b/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c
index 16c538cfaf59..2e71e510e127 100644
--- a/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c
+++ b/drivers/net/ethernet/stmicro/stmmac/dwmac4_core.c
@@ -215,6 +215,9 @@ static void dwmac4_map_mtl_dma(struct mac_device_info *hw, u32 queue, u32 chan)
if (queue == 0 || queue == 4) {
value &= ~MTL_RXQ_DMA_Q04MDMACH_MASK;
value |= MTL_RXQ_DMA_Q04MDMACH(chan);
+ } else if (queue > 4) {
+ value &= ~MTL_RXQ_DMA_QXMDMACH_MASK(queue - 4);
+ value |= MTL_RXQ_DMA_QXMDMACH(chan, queue - 4);
} else {
value &= ~MTL_RXQ_DMA_QXMDMACH_MASK(queue);
value |= MTL_RXQ_DMA_QXMDMACH(chan, queue);
--
2.35.1
next prev parent reply other threads:[~2022-07-27 16:52 UTC|newest]
Thread overview: 117+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-27 16:09 [PATCH 5.10 000/105] 5.10.134-rc1 review Greg Kroah-Hartman
2022-07-27 16:09 ` [PATCH 5.10 001/105] pinctrl: stm32: fix optional IRQ support to gpios Greg Kroah-Hartman
2022-07-27 16:09 ` [PATCH 5.10 002/105] riscv: add as-options for modules with assembly compontents Greg Kroah-Hartman
2022-07-27 16:09 ` [PATCH 5.10 003/105] mlxsw: spectrum_router: Fix IPv4 nexthop gateway indication Greg Kroah-Hartman
2022-07-27 16:09 ` [PATCH 5.10 004/105] lockdown: Fix kexec lockdown bypass with ima policy Greg Kroah-Hartman
2022-07-27 16:09 ` [PATCH 5.10 005/105] io_uring: Use original task for req identity in io_identity_cow() Greg Kroah-Hartman
2022-07-27 16:09 ` [PATCH 5.10 006/105] xen/gntdev: Ignore failure to unmap INVALID_GRANT_HANDLE Greg Kroah-Hartman
2022-07-27 16:09 ` [PATCH 5.10 007/105] block: split bio_kmalloc from bio_alloc_bioset Greg Kroah-Hartman
2022-07-27 16:09 ` [PATCH 5.10 008/105] block: fix bounce_clone_bio for passthrough bios Greg Kroah-Hartman
2022-07-27 16:09 ` [PATCH 5.10 009/105] docs: net: explain struct net_device lifetime Greg Kroah-Hartman
2022-07-27 16:09 ` [PATCH 5.10 010/105] net: make free_netdev() more lenient with unregistering devices Greg Kroah-Hartman
2022-07-28 21:00 ` Pavel Machek
2022-07-29 15:01 ` Greg Kroah-Hartman
2022-07-27 16:09 ` [PATCH 5.10 011/105] net: make sure devices go through netdev_wait_all_refs Greg Kroah-Hartman
2022-07-27 16:09 ` [PATCH 5.10 012/105] net: move net_set_todo inside rollback_registered() Greg Kroah-Hartman
2022-07-27 16:09 ` [PATCH 5.10 013/105] net: inline rollback_registered() Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 014/105] net: move rollback_registered_many() Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 015/105] net: inline rollback_registered_many() Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 016/105] Revert "m68knommu: only set CONFIG_ISA_DMA_API for ColdFire sub-arch" Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 017/105] PCI: hv: Fix multi-MSI to allow more than one MSI vector Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 018/105] PCI: hv: Fix hv_arch_irq_unmask() for multi-MSI Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 019/105] PCI: hv: Reuse existing IRTE allocation in compose_msi_msg() Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 020/105] PCI: hv: Fix interrupt mapping for multi-MSI Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 021/105] serial: mvebu-uart: correctly report configured baudrate value Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 022/105] xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 023/105] power/reset: arm-versatile: Fix refcount leak in versatile_reboot_probe Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 024/105] pinctrl: ralink: Check for null return of devm_kcalloc Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 025/105] perf/core: Fix data race between perf_event_set_output() and perf_mmap_close() Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 026/105] drm/amdgpu/display: add quirk handling for stutter mode Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 027/105] igc: Reinstate IGC_REMOVED logic and implement it properly Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 028/105] ip: Fix data-races around sysctl_ip_no_pmtu_disc Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 029/105] ip: Fix data-races around sysctl_ip_fwd_use_pmtu Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 030/105] ip: Fix data-races around sysctl_ip_fwd_update_priority Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 031/105] ip: Fix data-races around sysctl_ip_nonlocal_bind Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 032/105] ip: Fix a data-race around sysctl_ip_autobind_reuse Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 033/105] ip: Fix a data-race around sysctl_fwmark_reflect Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 034/105] tcp/dccp: Fix a data-race around sysctl_tcp_fwmark_accept Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 035/105] tcp: Fix data-races around sysctl_tcp_mtu_probing Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 036/105] tcp: Fix data-races around sysctl_tcp_base_mss Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 037/105] tcp: Fix data-races around sysctl_tcp_min_snd_mss Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 038/105] tcp: Fix a data-race around sysctl_tcp_mtu_probe_floor Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 039/105] tcp: Fix a data-race around sysctl_tcp_probe_threshold Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 040/105] tcp: Fix a data-race around sysctl_tcp_probe_interval Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 041/105] net: stmmac: fix unbalanced ptp clock issue in suspend/resume flow Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 042/105] i2c: cadence: Change large transfer count reset logic to be unconditional Greg Kroah-Hartman
2022-07-27 16:10 ` Greg Kroah-Hartman [this message]
2022-07-27 16:10 ` [PATCH 5.10 044/105] net/tls: Fix race in TLS device down flow Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 045/105] igmp: Fix data-races around sysctl_igmp_llm_reports Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 046/105] igmp: Fix a data-race around sysctl_igmp_max_memberships Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 047/105] igmp: Fix data-races around sysctl_igmp_max_msf Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 048/105] tcp: Fix data-races around keepalive sysctl knobs Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 049/105] tcp: Fix data-races around sysctl_tcp_syncookies Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 050/105] tcp: Fix data-races around sysctl_tcp_reordering Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 051/105] tcp: Fix data-races around some timeout sysctl knobs Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 052/105] tcp: Fix a data-race around sysctl_tcp_notsent_lowat Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 053/105] tcp: Fix a data-race around sysctl_tcp_tw_reuse Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 054/105] tcp: Fix data-races around sysctl_max_syn_backlog Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 055/105] tcp: Fix data-races around sysctl_tcp_fastopen Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 056/105] tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 057/105] iavf: Fix handling of dummy receive descriptors Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 058/105] i40e: Fix erroneous adapter reinitialization during recovery process Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 059/105] ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 060/105] gpio: pca953x: only use single read/write for No AI mode Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 061/105] gpio: pca953x: use the correct range when do regmap sync Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 062/105] gpio: pca953x: use the correct register address when regcache sync during init Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 063/105] be2net: Fix buffer overflow in be_get_module_eeprom Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 064/105] drm/imx/dcss: Add missing of_node_put() in fail path Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 065/105] ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 066/105] ip: Fix data-races around sysctl_ip_prot_sock Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 067/105] udp: Fix a data-race around sysctl_udp_l3mdev_accept Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 068/105] tcp: Fix data-races around sysctl knobs related to SYN option Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 069/105] tcp: Fix a data-race around sysctl_tcp_early_retrans Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 070/105] tcp: Fix data-races around sysctl_tcp_recovery Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 071/105] tcp: Fix a data-race around sysctl_tcp_thin_linear_timeouts Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 072/105] tcp: Fix data-races around sysctl_tcp_slow_start_after_idle Greg Kroah-Hartman
2022-07-27 16:10 ` [PATCH 5.10 073/105] tcp: Fix a data-race around sysctl_tcp_retrans_collapse Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 074/105] tcp: Fix a data-race around sysctl_tcp_stdurg Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 075/105] tcp: Fix a data-race around sysctl_tcp_rfc1337 Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 076/105] tcp: Fix data-races around sysctl_tcp_max_reordering Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 077/105] spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 078/105] KVM: Dont null dereference ops->destroy Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 079/105] mm/mempolicy: fix uninit-value in mpol_rebind_policy() Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 080/105] bpf: Make sure mac_header was set before using it Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 081/105] sched/deadline: Fix BUG_ON condition for deboosted tasks Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 082/105] x86/bugs: Warn when "ibrs" mitigation is selected on Enhanced IBRS parts Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 083/105] dlm: fix pending remove if msg allocation fails Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 084/105] drm/imx/dcss: fix unused but set variable warnings Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 085/105] bitfield.h: Fix "type of reg too small for mask" test Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 086/105] ALSA: memalloc: Align buffer allocations in page size Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 087/105] Bluetooth: Add bt_skb_sendmsg helper Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 088/105] Bluetooth: Add bt_skb_sendmmsg helper Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 089/105] Bluetooth: SCO: Replace use of memcpy_from_msg with bt_skb_sendmsg Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 090/105] Bluetooth: RFCOMM: Replace use of memcpy_from_msg with bt_skb_sendmmsg Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 091/105] Bluetooth: Fix passing NULL to PTR_ERR Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 092/105] Bluetooth: SCO: Fix sco_send_frame returning skb->len Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 093/105] Bluetooth: Fix bt_skb_sendmmsg not allocating partial chunks Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 094/105] x86/amd: Use IBPB for firmware calls Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 095/105] x86/alternative: Report missing return thunk details Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 096/105] watchqueue: make sure to serialize wqueue->defunct properly Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 097/105] tty: drivers/tty/, stop using tty_schedule_flip() Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 098/105] tty: the rest, " Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 099/105] tty: drop tty_schedule_flip() Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 100/105] tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push() Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 101/105] tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 102/105] net: usb: ax88179_178a needs FLAG_SEND_ZLP Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 103/105] watch-queue: remove spurious double semicolon Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 104/105] block: fix memory leak of bvec Greg Kroah-Hartman
2022-07-27 16:11 ` [PATCH 5.10 105/105] block-crypto-fallback: use a bio_set for splitting bios Greg Kroah-Hartman
2022-07-28 0:02 ` [PATCH 5.10 000/105] 5.10.134-rc1 review Florian Fainelli
2022-07-28 8:20 ` Naresh Kamboju
2022-07-28 9:44 ` Pavel Machek
2022-07-28 13:20 ` Guenter Roeck
2022-07-28 14:22 ` Guenter Roeck
2022-07-28 14:40 ` Greg Kroah-Hartman
2022-07-28 14:32 ` Jon Hunter
2022-07-28 14:41 ` Shuah Khan
2022-07-28 14:44 ` Sudip Mukherjee (Codethink)
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220727161013.821677571@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=cedric@bytespeed.nl \
--cc=davem@davemloft.net \
--cc=f.fainelli@gmail.com \
--cc=junxiao.chang@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).