1. 06 4月, 2018 1 次提交
  2. 15 3月, 2018 2 次提交
  3. 09 3月, 2018 1 次提交
  4. 07 3月, 2018 1 次提交
    • B
      RDMA/core: Avoid that ib_drain_qp() triggers an out-of-bounds stack access · a1ae7d03
      Bart Van Assche 提交于
      This patch fixes the following KASAN complaint:
      
      ==================================================================
      BUG: KASAN: stack-out-of-bounds in rxe_post_send+0x77d/0x9b0 [rdma_rxe]
      Read of size 8 at addr ffff880061aef860 by task 01/1080
      
      CPU: 2 PID: 1080 Comm: 01 Not tainted 4.16.0-rc3-dbg+ #2
      Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.0.0-prebuilt.qemu-project.org 04/01/2014
      Call Trace:
      dump_stack+0x85/0xc7
      print_address_description+0x65/0x270
      kasan_report+0x231/0x350
      rxe_post_send+0x77d/0x9b0 [rdma_rxe]
      __ib_drain_sq+0x1ad/0x250 [ib_core]
      ib_drain_qp+0x9/0x30 [ib_core]
      srp_destroy_qp+0x51/0x70 [ib_srp]
      srp_free_ch_ib+0xfc/0x380 [ib_srp]
      srp_create_target+0x1071/0x19e0 [ib_srp]
      kernfs_fop_write+0x180/0x210
      __vfs_write+0xb1/0x2e0
      vfs_write+0xf6/0x250
      SyS_write+0x99/0x110
      do_syscall_64+0xee/0x2b0
      entry_SYSCALL_64_after_hwframe+0x42/0xb7
      
      The buggy address belongs to the page:
      page:ffffea000186bbc0 count:0 mapcount:0 mapping:0000000000000000 index:0x0
      flags: 0x4000000000000000()
      raw: 4000000000000000 0000000000000000 0000000000000000 00000000ffffffff
      raw: 0000000000000000 ffffea000186bbe0 0000000000000000 0000000000000000
      page dumped because: kasan: bad access detected
      
      Memory state around the buggy address:
      ffff880061aef700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
      ffff880061aef780: 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00
      >ffff880061aef800: f2 f2 f2 f2 f2 f2 f2 00 00 00 00 00 f2 f2 f2 f2
                                                            ^
      ffff880061aef880: f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 f2 f2
      ffff880061aef900: f2 f2 f2 00 00 00 00 00 00 00 00 00 00 00 00 00
      ==================================================================
      
      Fixes: 765d6774 ("IB: new common API for draining queues")
      Signed-off-by: NBart Van Assche <bart.vanassche@wdc.com>
      Cc: Steve Wise <swise@opengridcomputing.com>
      Cc: Sagi Grimberg <sagi@grimberg.me>
      Cc: stable@vger.kernel.org
      Signed-off-by: NJason Gunthorpe <jgg@mellanox.com>
      a1ae7d03
  5. 23 2月, 2018 1 次提交
  6. 17 2月, 2018 1 次提交
    • S
      RDMA/restrack: don't use uaccess_kernel() · 2f08ee36
      Steve Wise 提交于
      uaccess_kernel() isn't sufficient to determine if an rdma resource is
      user-mode or not.  For example, resources allocated in the add_one()
      function of an ib_client get falsely labeled as user mode, when they
      are kernel mode allocations.  EG: mad qps.
      
      The result is that these qps are skipped over during a nldev query
      because of an erroneous namespace mismatch.
      
      So now we determine if the resource is user-mode by looking at the object
      struct's uobject or similar pointer to know if it was allocated for user
      mode applications.
      
      Fixes: 02d8883f ("RDMA/restrack: Add general infrastructure to track RDMA resources")
      Signed-off-by: NSteve Wise <swise@opengridcomputing.com>
      Signed-off-by: NJason Gunthorpe <jgg@mellanox.com>
      2f08ee36
  7. 30 1月, 2018 4 次提交
  8. 19 1月, 2018 1 次提交
  9. 16 1月, 2018 4 次提交
  10. 11 1月, 2018 1 次提交
  11. 06 1月, 2018 1 次提交
  12. 28 12月, 2017 2 次提交
  13. 19 12月, 2017 4 次提交
  14. 14 11月, 2017 1 次提交
  15. 19 10月, 2017 2 次提交
  16. 22 9月, 2017 1 次提交
    • A
      IB/core: Fix for core panic · e6f9bc34
      Alex Estrin 提交于
      Build with the latest patches resulted in panic:
      11384.486289] BUG: unable to handle kernel NULL pointer dereference at
               (null)
      [11384.486293] IP:           (null)
      [11384.486295] PGD 0
      [11384.486295] P4D 0
      [11384.486296]
      [11384.486299] Oops: 0010 [#1] SMP
      ......... snip ......
      [11384.486401] CPU: 0 PID: 968 Comm: kworker/0:1H Tainted: G        W  O
          4.13.0-a-stream-20170825 #1
      [11384.486402] Hardware name: Intel Corporation S2600WT2R/S2600WT2R,
      BIOS SE5C610.86B.01.01.0014.121820151719 12/18/2015
      [11384.486418] Workqueue: ib-comp-wq ib_cq_poll_work [ib_core]
      [11384.486419] task: ffff880850579680 task.stack: ffffc90007fec000
      [11384.486420] RIP: 0010:          (null)
      [11384.486420] RSP: 0018:ffffc90007fef970 EFLAGS: 00010206
      [11384.486421] RAX: ffff88084cfe8000 RBX: ffff88084dce4000 RCX:
      ffffc90007fef978
      [11384.486422] RDX: 0000000000000000 RSI: 0000000000000001 RDI:
      ffff88084cfe8000
      [11384.486422] RBP: ffffc90007fefab0 R08: 0000000000000000 R09:
      ffff88084dce4080
      [11384.486423] R10: ffffffffa02d7f60 R11: 0000000000000000 R12:
      ffff88105af65a00
      [11384.486423] R13: ffff88084dce4000 R14: 000000000000c000 R15:
      000000000000c000
      [11384.486424] FS:  0000000000000000(0000) GS:ffff88085f400000(0000)
      knlGS:0000000000000000
      [11384.486425] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
      [11384.486425] CR2: 0000000000000000 CR3: 0000000001c09000 CR4:
      00000000001406f0
      [11384.486426] Call Trace:
      [11384.486431]  ? is_valid_mcast_lid.isra.21+0xfb/0x110 [ib_core]
      [11384.486436]  ib_attach_mcast+0x6f/0xa0 [ib_core]
      [11384.486441]  ipoib_mcast_attach+0x81/0x190 [ib_ipoib]
      [11384.486443]  ipoib_mcast_join_complete+0x354/0xb40 [ib_ipoib]
      [11384.486448]  mcast_work_handler+0x330/0x6c0 [ib_core]
      [11384.486452]  join_handler+0x101/0x220 [ib_core]
      [11384.486455]  ib_sa_mcmember_rec_callback+0x54/0x80 [ib_core]
      [11384.486459]  recv_handler+0x3a/0x60 [ib_core]
      [11384.486462]  ib_mad_recv_done+0x423/0x9b0 [ib_core]
      [11384.486466]  __ib_process_cq+0x5d/0xb0 [ib_core]
      [11384.486469]  ib_cq_poll_work+0x20/0x60 [ib_core]
      [11384.486472]  process_one_work+0x149/0x360
      [11384.486474]  worker_thread+0x4d/0x3c0
      [11384.486487]  kthread+0x109/0x140
      [11384.486488]  ? rescuer_thread+0x380/0x380
      [11384.486489]  ? kthread_park+0x60/0x60
      [11384.486490]  ? kthread_park+0x60/0x60
      [11384.486493]  ret_from_fork+0x25/0x30
      [11384.486493] Code:  Bad RIP value.
      [11384.486493] Code:  Bad RIP value.
      [11384.486496] RIP:           (null) RSP: ffffc90007fef970
      [11384.486497] CR2: 0000000000000000
      [11384.486531] ---[ end trace b1acec6fb4ff6e75 ]---
      [11384.532133] Kernel panic - not syncing: Fatal exception
      [11384.536541] Kernel Offset: disabled
      [11384.969491] ---[ end Kernel panic - not syncing: Fatal exception
      [11384.976875] sched: Unexpected reschedule of offline CPU#1!
      [11384.983646] ------------[ cut here ]------------
      
      Rdma device driver may not have implemented (*get_link_layer)()
      so it can not be called directly. Should use appropriate helper function.
      Reviewed-by: NYuval Shaia <yuval.shaia@oracle.com>
      Fixes: 52363335 ("IB/core: Fix the validations of a multicast LID in attach or detach operations")
      Cc: stable@kernel.org # 4.13
      Reviewed-by: NDennis Dalessandro <dennis.dalessandro@intel.com>
      Signed-off-by: NAlex Estrin <alex.estrin@intel.com>
      Signed-off-by: NDennis Dalessandro <dennis.dalessandro@intel.com>
      Reviewed-by: NLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      e6f9bc34
  17. 31 8月, 2017 1 次提交
  18. 29 8月, 2017 1 次提交
  19. 25 8月, 2017 3 次提交
  20. 24 7月, 2017 4 次提交
  21. 23 7月, 2017 1 次提交
  22. 18 7月, 2017 2 次提交