• J
    net: hns3: put off calling register_netdev() until client initialize complete · 79bacdcd
    Jian Shen 提交于
    stable inclusion
    from stable-5.10.42
    commit a663c1e418a3b5b8e8edfad4bc8e7278c312d6fc
    bugzilla: 55093
    CVE: NA
    
    --------------------------------
    
    [ Upstream commit a289a7e5 ]
    
    Currently, the netdevice is registered before client initializing
    complete. So there is a timewindow between netdevice available
    and usable. In this case, if user try to change the channel number
    or ring param, it may cause the hns3_set_rx_cpu_rmap() being called
    twice, and report bug.
    
    [47199.416502] hns3 0000:35:00.0 eth1: set channels: tqp_num=1, rxfh=0
    [47199.430340] hns3 0000:35:00.0 eth1: already uninitialized
    [47199.438554] hns3 0000:35:00.0: rss changes from 4 to 1
    [47199.511854] hns3 0000:35:00.0: Channels changed, rss_size from 4 to 1, tqps from 4 to 1
    [47200.163524] ------------[ cut here ]------------
    [47200.171674] kernel BUG at lib/cpu_rmap.c:142!
    [47200.177847] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP
    [47200.185259] Modules linked in: hclge(+) hns3(-) hns3_cae(O) hns_roce_hw_v2 hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O) [last unloaded: hclge]
    [47200.205912] CPU: 1 PID: 8260 Comm: ethtool Tainted: G           O      5.11.0-rc3+ #1
    [47200.215601] Hardware name:  , xxxxxx 02/04/2021
    [47200.223052] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--)
    [47200.230188] pc : cpu_rmap_add+0x38/0x40
    [47200.237472] lr : irq_cpu_rmap_add+0x84/0x140
    [47200.243291] sp : ffff800010e93a30
    [47200.247295] x29: ffff800010e93a30 x28: ffff082100584880
    [47200.254155] x27: 0000000000000000 x26: 0000000000000000
    [47200.260712] x25: 0000000000000000 x24: 0000000000000004
    [47200.267241] x23: ffff08209ba03000 x22: ffff08209ba038c0
    [47200.273789] x21: 000000000000003f x20: ffff0820e2bc1680
    [47200.280400] x19: ffff0820c970ec80 x18: 00000000000000c0
    [47200.286944] x17: 0000000000000000 x16: ffffb43debe4a0d0
    [47200.293456] x15: fffffc2082990600 x14: dead000000000122
    [47200.300059] x13: ffffffffffffffff x12: 000000000000003e
    [47200.306606] x11: ffff0820815b8080 x10: ffff53e411988000
    [47200.313171] x9 : 0000000000000000 x8 : ffff0820e2bc1700
    [47200.319682] x7 : 0000000000000000 x6 : 000000000000003f
    [47200.326170] x5 : 0000000000000040 x4 : ffff800010e93a20
    [47200.332656] x3 : 0000000000000004 x2 : ffff0820c970ec80
    [47200.339168] x1 : ffff0820e2bc1680 x0 : 0000000000000004
    [47200.346058] Call trace:
    [47200.349324]  cpu_rmap_add+0x38/0x40
    [47200.354300]  hns3_set_rx_cpu_rmap+0x6c/0xe0 [hns3]
    [47200.362294]  hns3_reset_notify_init_enet+0x1cc/0x340 [hns3]
    [47200.370049]  hns3_change_channels+0x40/0xb0 [hns3]
    [47200.376770]  hns3_set_channels+0x12c/0x2a0 [hns3]
    [47200.383353]  ethtool_set_channels+0x140/0x250
    [47200.389772]  dev_ethtool+0x714/0x23d0
    [47200.394440]  dev_ioctl+0x4cc/0x640
    [47200.399277]  sock_do_ioctl+0x100/0x2a0
    [47200.404574]  sock_ioctl+0x28c/0x470
    [47200.409079]  __arm64_sys_ioctl+0xb4/0x100
    [47200.415217]  el0_svc_common.constprop.0+0x84/0x210
    [47200.422088]  do_el0_svc+0x28/0x34
    [47200.426387]  el0_svc+0x28/0x70
    [47200.431308]  el0_sync_handler+0x1a4/0x1b0
    [47200.436477]  el0_sync+0x174/0x180
    [47200.441562] Code: 11000405 79000c45 f8247861 d65f03c0 (d4210000)
    [47200.448869] ---[ end trace a01efe4ce42e5f34 ]---
    
    The process is like below:
    excuting hns3_client_init
    |
    register_netdev()
    |                           hns3_set_channels()
    |                           |
    hns3_set_rx_cpu_rmap()      hns3_reset_notify_uninit_enet()
    |                               |
    |                            quit without calling function
    |                            hns3_free_rx_cpu_rmap for flag
    |                            HNS3_NIC_STATE_INITED is unset.
    |                           |
    |                           hns3_reset_notify_init_enet()
    |                               |
    set HNS3_NIC_STATE_INITED    call hns3_set_rx_cpu_rmap()-- crash
    
    Fix it by calling register_netdev() at the end of function
    hns3_client_init().
    
    Fixes: 08a10068 ("net: hns3: re-organize vector handle")
    Signed-off-by: NJian Shen <shenjian15@huawei.com>
    Signed-off-by: NHuazhong Tan <tanhuazhong@huawei.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    Signed-off-by: NSasha Levin <sashal@kernel.org>
    Signed-off-by: NChen Jun <chenjun102@huawei.com>
    Acked-by: NWeilong Chen <chenweilong@huawei.com>
    Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
    79bacdcd
hns3_enet.c 120.5 KB