1. 23 6月, 2020 4 次提交
  2. 12 5月, 2020 1 次提交
  3. 13 3月, 2020 1 次提交
    • J
      RDMA/nl: Do not permit empty devices names during RDMA_NLDEV_CMD_NEWLINK/SET · 7aefa623
      Jason Gunthorpe 提交于
      Empty device names cannot be added to sysfs and crash with:
      
        kobject: (00000000f9de3792): attempted to be registered with empty name!
        WARNING: CPU: 1 PID: 10856 at lib/kobject.c:234 kobject_add_internal+0x7ac/0x9a0 lib/kobject.c:234
        Kernel panic - not syncing: panic_on_warn set ...
        CPU: 1 PID: 10856 Comm: syz-executor459 Not tainted 5.6.0-rc3-syzkaller #0
        Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
        Call Trace:
         __dump_stack lib/dump_stack.c:77 [inline]
         dump_stack+0x197/0x210 lib/dump_stack.c:118
         panic+0x2e3/0x75c kernel/panic.c:221
         __warn.cold+0x2f/0x3e kernel/panic.c:582
         report_bug+0x289/0x300 lib/bug.c:195
         fixup_bug arch/x86/kernel/traps.c:174 [inline]
         fixup_bug arch/x86/kernel/traps.c:169 [inline]
         do_error_trap+0x11b/0x200 arch/x86/kernel/traps.c:267
         do_invalid_op+0x37/0x50 arch/x86/kernel/traps.c:286
         invalid_op+0x23/0x30 arch/x86/entry/entry_64.S:1027
        RIP: 0010:kobject_add_internal+0x7ac/0x9a0 lib/kobject.c:234
        Code: 7a ca ca f9 e9 f0 f8 ff ff 4c 89 f7 e8 cd ca ca f9 e9 95 f9 ff ff e8 13 25 8c f9 4c 89 e6 48 c7 c7 a0 08 1a 89 e8 a3 76 5c f9 <0f> 0b 41 bd ea ff ff ff e9 52 ff ff ff e8 f2 24 8c f9 0f 0b e8 eb
        RSP: 0018:ffffc90002006eb0 EFLAGS: 00010286
        RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
        RDX: 0000000000000000 RSI: ffffffff815eae46 RDI: fffff52000400dc8
        RBP: ffffc90002006f08 R08: ffff8880972ac500 R09: ffffed1015d26659
        R10: ffffed1015d26658 R11: ffff8880ae9332c7 R12: ffff888093034668
        R13: 0000000000000000 R14: ffff8880a69d7600 R15: 0000000000000001
         kobject_add_varg lib/kobject.c:390 [inline]
         kobject_add+0x150/0x1c0 lib/kobject.c:442
         device_add+0x3be/0x1d00 drivers/base/core.c:2412
         ib_register_device drivers/infiniband/core/device.c:1371 [inline]
         ib_register_device+0x93e/0xe40 drivers/infiniband/core/device.c:1343
         rxe_register_device+0x52e/0x655 drivers/infiniband/sw/rxe/rxe_verbs.c:1231
         rxe_add+0x122b/0x1661 drivers/infiniband/sw/rxe/rxe.c:302
         rxe_net_add+0x91/0xf0 drivers/infiniband/sw/rxe/rxe_net.c:539
         rxe_newlink+0x39/0x90 drivers/infiniband/sw/rxe/rxe.c:318
         nldev_newlink+0x28a/0x430 drivers/infiniband/core/nldev.c:1538
         rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:195 [inline]
         rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
         rdma_nl_rcv+0x5d9/0x980 drivers/infiniband/core/netlink.c:259
         netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
         netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1329
         netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1918
         sock_sendmsg_nosec net/socket.c:652 [inline]
         sock_sendmsg+0xd7/0x130 net/socket.c:672
         ____sys_sendmsg+0x753/0x880 net/socket.c:2343
         ___sys_sendmsg+0x100/0x170 net/socket.c:2397
         __sys_sendmsg+0x105/0x1d0 net/socket.c:2430
         __do_sys_sendmsg net/socket.c:2439 [inline]
         __se_sys_sendmsg net/socket.c:2437 [inline]
         __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
         do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
         entry_SYSCALL_64_after_hwframe+0x49/0xbe
      
      Prevent empty names when checking the name provided from userspace during
      newlink and rename.
      
      Fixes: 3856ec4b ("RDMA/core: Add RDMA_NLDEV_CMD_NEWLINK/DELLINK support")
      Fixes: 05d940d3 ("RDMA/nldev: Allow IB device rename through RDMA netlink")
      Cc: stable@kernel.org
      Link: https://lore.kernel.org/r/20200309191648.GA30852@ziepe.ca
      Reported-and-tested-by: syzbot+da615ac67d4dbea32cbc@syzkaller.appspotmail.com
      Signed-off-by: NJason Gunthorpe <jgg@mellanox.com>
      7aefa623
  4. 05 3月, 2020 1 次提交
    • M
      RDMA/nldev: Fix crash when set a QP to a new counter but QPN is missing · 78f34a16
      Mark Zhang 提交于
      This fixes the kernel crash when a RDMA_NLDEV_CMD_STAT_SET command is
      received, but the QP number parameter is not available.
      
        iwpm_register_pid: Unable to send a nlmsg (client = 2)
        infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
        general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN
        KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
        CPU: 0 PID: 9754 Comm: syz-executor069 Not tainted 5.6.0-rc2-syzkaller #0
        Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
        RIP: 0010:nla_get_u32 include/net/netlink.h:1474 [inline]
        RIP: 0010:nldev_stat_set_doit+0x63c/0xb70 drivers/infiniband/core/nldev.c:1760
        Code: fc 01 0f 84 58 03 00 00 e8 41 83 bf fb 4c 8b a3 58 fd ff ff 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 04 48 89 fa 48 c1 ea 03 <0f> b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 6d
        RSP: 0018:ffffc900068bf350 EFLAGS: 00010247
        RAX: dffffc0000000000 RBX: ffffc900068bf728 RCX: ffffffff85b60470
        RDX: 0000000000000000 RSI: ffffffff85b6047f RDI: 0000000000000004
        RBP: ffffc900068bf750 R08: ffff88808c3ee140 R09: ffff8880a25e6010
        R10: ffffed10144bcddc R11: ffff8880a25e6ee3 R12: 0000000000000000
        R13: ffff88809acb0000 R14: ffff888092a42c80 R15: 000000009ef2e29a
        FS:  0000000001ff0880(0000) GS:ffff8880ae800000(0000) knlGS:0000000000000000
        CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
        CR2: 00007f4733e34000 CR3: 00000000a9b27000 CR4: 00000000001406f0
        DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
        DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
        Call Trace:
          rdma_nl_rcv_msg drivers/infiniband/core/netlink.c:195 [inline]
          rdma_nl_rcv_skb drivers/infiniband/core/netlink.c:239 [inline]
          rdma_nl_rcv+0x5d9/0x980 drivers/infiniband/core/netlink.c:259
          netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
          netlink_unicast+0x59e/0x7e0 net/netlink/af_netlink.c:1329
          netlink_sendmsg+0x91c/0xea0 net/netlink/af_netlink.c:1918
          sock_sendmsg_nosec net/socket.c:652 [inline]
          sock_sendmsg+0xd7/0x130 net/socket.c:672
          ____sys_sendmsg+0x753/0x880 net/socket.c:2343
          ___sys_sendmsg+0x100/0x170 net/socket.c:2397
          __sys_sendmsg+0x105/0x1d0 net/socket.c:2430
          __do_sys_sendmsg net/socket.c:2439 [inline]
          __se_sys_sendmsg net/socket.c:2437 [inline]
          __x64_sys_sendmsg+0x78/0xb0 net/socket.c:2437
          do_syscall_64+0xfa/0x790 arch/x86/entry/common.c:294
          entry_SYSCALL_64_after_hwframe+0x49/0xbe
        RIP: 0033:0x4403d9
        Code: 18 89 d0 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 fb 13 fc ff c3 66 2e 0f 1f 84 00 00 00 00
        RSP: 002b:00007ffc0efbc5c8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
        RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 00000000004403d9
        RDX: 0000000000000000 RSI: 0000000020000240 RDI: 0000000000000004
        RBP: 00000000006ca018 R08: 0000000000000008 R09: 00000000004002c8
        R10: 000000000000004a R11: 0000000000000246 R12: 0000000000401c60
        R13: 0000000000401cf0 R14: 0000000000000000 R15: 0000000000000000
      
      Fixes: b389327d ("RDMA/nldev: Allow counter manual mode configration through RDMA netlink")
      Link: https://lore.kernel.org/r/20200227125111.99142-1-leon@kernel.org
      Reported-by: syzbot+bd4af81bc51ee0283445@syzkaller.appspotmail.com
      Signed-off-by: NMark Zhang <markz@mellanox.com>
      Signed-off-by: NLeon Romanovsky <leonro@mellanox.com>
      Signed-off-by: NJason Gunthorpe <jgg@mellanox.com>
      78f34a16
  5. 14 1月, 2020 1 次提交
  6. 25 10月, 2019 1 次提交
  7. 24 10月, 2019 2 次提交
  8. 23 10月, 2019 3 次提交
  9. 05 10月, 2019 2 次提交
  10. 21 8月, 2019 1 次提交
  11. 12 8月, 2019 1 次提交
  12. 26 7月, 2019 1 次提交
  13. 09 7月, 2019 2 次提交
  14. 05 7月, 2019 6 次提交
  15. 26 6月, 2019 1 次提交
    • D
      RDMA/netlink: Audit policy settings for netlink attributes · 34d65cd8
      Doug Ledford 提交于
      For all string attributes for which we don't currently accept the element
      as input, we only use it as output, set the string length to
      RDMA_NLDEV_ATTR_EMPTY_STRING which is defined as 1.  That way we will only
      accept a null string for that element.  This will prevent someone from
      writing a new input routine that uses the element without also updating
      the policy to have a valid value.
      
      Also while there, make sure the existing entries that are valid have the
      correct policy, if not, correct the policy.  Remove unnecessary checks
      for nla_strlcpy() overflow once the policy has been set correctly.
      Signed-off-by: NDoug Ledford <dledford@redhat.com>
      Signed-off-by: NJason Gunthorpe <jgg@mellanox.com>
      34d65cd8
  16. 20 6月, 2019 1 次提交
  17. 19 6月, 2019 2 次提交
  18. 14 5月, 2019 1 次提交
  19. 28 4月, 2019 2 次提交
    • J
      netlink: make validation more configurable for future strictness · 8cb08174
      Johannes Berg 提交于
      We currently have two levels of strict validation:
      
       1) liberal (default)
           - undefined (type >= max) & NLA_UNSPEC attributes accepted
           - attribute length >= expected accepted
           - garbage at end of message accepted
       2) strict (opt-in)
           - NLA_UNSPEC attributes accepted
           - attribute length >= expected accepted
      
      Split out parsing strictness into four different options:
       * TRAILING     - check that there's no trailing data after parsing
                        attributes (in message or nested)
       * MAXTYPE      - reject attrs > max known type
       * UNSPEC       - reject attributes with NLA_UNSPEC policy entries
       * STRICT_ATTRS - strictly validate attribute size
      
      The default for future things should be *everything*.
      The current *_strict() is a combination of TRAILING and MAXTYPE,
      and is renamed to _deprecated_strict().
      The current regular parsing has none of this, and is renamed to
      *_parse_deprecated().
      
      Additionally it allows us to selectively set one of the new flags
      even on old policies. Notably, the UNSPEC flag could be useful in
      this case, since it can be arranged (by filling in the policy) to
      not be an incompatible userspace ABI change, but would then going
      forward prevent forgetting attribute entries. Similar can apply
      to the POLICY flag.
      
      We end up with the following renames:
       * nla_parse           -> nla_parse_deprecated
       * nla_parse_strict    -> nla_parse_deprecated_strict
       * nlmsg_parse         -> nlmsg_parse_deprecated
       * nlmsg_parse_strict  -> nlmsg_parse_deprecated_strict
       * nla_parse_nested    -> nla_parse_nested_deprecated
       * nla_validate_nested -> nla_validate_nested_deprecated
      
      Using spatch, of course:
          @@
          expression TB, MAX, HEAD, LEN, POL, EXT;
          @@
          -nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
          +nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)
      
          @@
          expression NLH, HDRLEN, TB, MAX, POL, EXT;
          @@
          -nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
          +nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)
      
          @@
          expression NLH, HDRLEN, TB, MAX, POL, EXT;
          @@
          -nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
          +nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
      
          @@
          expression TB, MAX, NLA, POL, EXT;
          @@
          -nla_parse_nested(TB, MAX, NLA, POL, EXT)
          +nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)
      
          @@
          expression START, MAX, POL, EXT;
          @@
          -nla_validate_nested(START, MAX, POL, EXT)
          +nla_validate_nested_deprecated(START, MAX, POL, EXT)
      
          @@
          expression NLH, HDRLEN, MAX, POL, EXT;
          @@
          -nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
          +nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)
      
      For this patch, don't actually add the strict, non-renamed versions
      yet so that it breaks compile if I get it wrong.
      
      Also, while at it, make nla_validate and nla_parse go down to a
      common __nla_validate_parse() function to avoid code duplication.
      
      Ultimately, this allows us to have very strict validation for every
      new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
      next patch, while existing things will continue to work as is.
      
      In effect then, this adds fully strict validation for any new command.
      Signed-off-by: NJohannes Berg <johannes.berg@intel.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      8cb08174
    • M
      netlink: make nla_nest_start() add NLA_F_NESTED flag · ae0be8de
      Michal Kubecek 提交于
      Even if the NLA_F_NESTED flag was introduced more than 11 years ago, most
      netlink based interfaces (including recently added ones) are still not
      setting it in kernel generated messages. Without the flag, message parsers
      not aware of attribute semantics (e.g. wireshark dissector or libmnl's
      mnl_nlmsg_fprintf()) cannot recognize nested attributes and won't display
      the structure of their contents.
      
      Unfortunately we cannot just add the flag everywhere as there may be
      userspace applications which check nlattr::nla_type directly rather than
      through a helper masking out the flags. Therefore the patch renames
      nla_nest_start() to nla_nest_start_noflag() and introduces nla_nest_start()
      as a wrapper adding NLA_F_NESTED. The calls which add NLA_F_NESTED manually
      are rewritten to use nla_nest_start().
      
      Except for changes in include/net/netlink.h, the patch was generated using
      this semantic patch:
      
      @@ expression E1, E2; @@
      -nla_nest_start(E1, E2)
      +nla_nest_start_noflag(E1, E2)
      
      @@ expression E1, E2; @@
      -nla_nest_start_noflag(E1, E2 | NLA_F_NESTED)
      +nla_nest_start(E1, E2)
      Signed-off-by: NMichal Kubecek <mkubecek@suse.cz>
      Acked-by: NJiri Pirko <jiri@mellanox.com>
      Acked-by: NDavid Ahern <dsahern@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      ae0be8de
  20. 23 4月, 2019 1 次提交
  21. 09 4月, 2019 1 次提交
  22. 29 3月, 2019 3 次提交
  23. 23 2月, 2019 1 次提交