Revision 3929502b957ed05575e74134a817f26c42d13e2c authored by Vlad Buslov on 10 July 2019, 18:25:54 UTC, committed by David S. Miller on 12 July 2019, 22:27:41 UTC
Recent refactoring of tc block offloads infrastructure introduced new
flow_block_cb_setup_simple() method intended to be used as unified way for
all drivers to register offload callbacks. However, commit that actually
extended all users (drivers) with block cb list and provided it to
flow_block infra missed mlx5 en_rep. This leads to following NULL-pointer
dereference when creating Qdisc:
[ 278.385175] BUG: kernel NULL pointer dereference, address: 0000000000000000
[ 278.393233] #PF: supervisor read access in kernel mode
[ 278.399446] #PF: error_code(0x0000) - not-present page
[ 278.405847] PGD 8000000850e73067 P4D 8000000850e73067 PUD 8620cd067 PMD 0
[ 278.414141] Oops: 0000 [#1] SMP PTI
[ 278.419019] CPU: 7 PID: 3369 Comm: tc Not tainted 5.2.0-rc6+ #492
[ 278.426580] Hardware name: Supermicro SYS-2028TP-DECR/X10DRT-P, BIOS 2.0b 03/30/2017
[ 278.435853] RIP: 0010:flow_block_cb_setup_simple+0xc4/0x190
[ 278.442953] Code: 10 48 89 42 08 48 89 10 48 b8 00 01 00 00 00 00 ad de 49 89 00 48 05 00 01 00 00 49 89 40 08 31 c0 c3 b8 a1 ff ff ff c3 f3 c3 <48> 8b 06 48 39 c6 75 0a eb 1a 48 8b 00 48 39 c6 74 12
48 3b 50 28
[ 278.464829] RSP: 0018:ffffaf07c3f97990 EFLAGS: 00010246
[ 278.471648] RAX: 0000000000000000 RBX: ffff9b43ed4c7680 RCX: ffff9b43d5f80840
[ 278.480408] RDX: ffffffffc0491650 RSI: 0000000000000000 RDI: ffffaf07c3f97998
[ 278.489110] RBP: ffff9b43ddff9000 R08: ffff9b43d5f80840 R09: 0000000000000001
[ 278.497838] R10: 0000000000000009 R11: 00000000000003ad R12: ffffaf07c3f97c08
[ 278.506595] R13: ffff9b43d5f80000 R14: ffff9b43ed4c7680 R15: ffff9b43dfa20b40
[ 278.515374] FS: 00007f796be1b400(0000) GS:ffff9b43ef840000(0000) knlGS:0000000000000000
[ 278.525099] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 278.532453] CR2: 0000000000000000 CR3: 0000000840398002 CR4: 00000000001606e0
[ 278.541197] Call Trace:
[ 278.545252] tcf_block_offload_cmd.isra.52+0x7e/0xb0
[ 278.551871] tcf_block_get_ext+0x365/0x3e0
[ 278.557569] qdisc_create+0x15c/0x4e0
[ 278.562859] ? kmem_cache_alloc_trace+0x1a2/0x1c0
[ 278.569235] tc_modify_qdisc+0x1c8/0x780
[ 278.574761] rtnetlink_rcv_msg+0x291/0x340
[ 278.580518] ? _cond_resched+0x15/0x40
[ 278.585856] ? rtnl_calcit.isra.29+0x120/0x120
[ 278.591868] netlink_rcv_skb+0x4a/0x110
[ 278.597198] netlink_unicast+0x1a0/0x250
[ 278.602601] netlink_sendmsg+0x2c1/0x3c0
[ 278.608022] sock_sendmsg+0x5b/0x60
[ 278.612969] ___sys_sendmsg+0x289/0x310
[ 278.618231] ? do_wp_page+0x99/0x730
[ 278.623216] ? page_add_new_anon_rmap+0xbe/0x140
[ 278.629298] ? __handle_mm_fault+0xc84/0x1360
[ 278.635113] ? __sys_sendmsg+0x5e/0xa0
[ 278.640285] __sys_sendmsg+0x5e/0xa0
[ 278.645239] do_syscall_64+0x5b/0x1b0
[ 278.650274] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 278.656697] RIP: 0033:0x7f796abdeb87
[ 278.661628] Code: 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 80 00 00 00 00 8b 05 6a 2b 2c 00 48 63 d2 48 63 ff 85 c0 75 18 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 59 f3 c3 0f 1f 80 00 00 00 00 53
48 89 f3 48
[ 278.683248] RSP: 002b:00007ffde213ba48 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 278.692245] RAX: ffffffffffffffda RBX: 000000005d261e6f RCX: 00007f796abdeb87
[ 278.700862] RDX: 0000000000000000 RSI: 00007ffde213bab0 RDI: 0000000000000003
[ 278.709527] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000006
[ 278.718167] R10: 000000000000000c R11: 0000000000000246 R12: 0000000000000001
[ 278.726743] R13: 000000000067b580 R14: 0000000000000000 R15: 0000000000000000
[ 278.735302] Modules linked in: dummy vxlan ip6_udp_tunnel udp_tunnel sch_ingress nfsv3 nfs_acl nfs lockd grace fscache bridge stp llc sunrpc mlx5_ib ib_uverbs intel_rapl ib_core sb_edac x86_pkg_temp_
thermal intel_powerclamp coretemp kvm_intel kvm mlx5_core irqbypass crct10dif_pclmul crc32_pclmul crc32c_intel igb ghash_clmulni_intel ses mei_me enclosure mlxfw ipmi_ssif intel_cstate iTCO_wdt ptp mei
pps_core iTCO_vendor_support pcspkr joydev intel_uncore i2c_i801 ipmi_si lpc_ich intel_rapl_perf ioatdma wmi dca pcc_cpufreq ipmi_devintf ipmi_msghandler acpi_power_meter acpi_pad ast i2c_algo_bit drm_k
ms_helper ttm drm mpt3sas raid_class scsi_transport_sas
[ 278.802263] CR2: 0000000000000000
[ 278.807170] ---[ end trace b1f0a442a279e66f ]---
Extend en_rep with new static mlx5e_rep_block_cb_list list and pass it to
flow_block_cb_setup_simple() function instead of hardcoded NULL pointer.
Fixes: 955bcb6ea0df ("drivers: net: use flow block API")
Signed-off-by: Vlad Buslov <vladbu@mellanox.com>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 54638c6
| File | Mode | Size |
|---|---|---|
| 842 | ||
| crypto | ||
| dim | ||
| fonts | ||
| livepatch | ||
| lz4 | ||
| lzo | ||
| math | ||
| mpi | ||
| raid6 | ||
| reed_solomon | ||
| vdso | ||
| xz | ||
| zlib_deflate | ||
| zlib_inflate | ||
| zstd | ||
| .gitignore | -rw-r--r-- | 98 bytes |
| Kconfig | -rw-r--r-- | 14.9 KB |
| Kconfig.debug | -rw-r--r-- | 70.9 KB |
| Kconfig.kasan | -rw-r--r-- | 5.2 KB |
| Kconfig.kgdb | -rw-r--r-- | 4.2 KB |
| Kconfig.ubsan | -rw-r--r-- | 1.7 KB |
| Makefile | -rw-r--r-- | 9.4 KB |
| argv_split.c | -rw-r--r-- | 2.1 KB |
| ashldi3.c | -rw-r--r-- | 541 bytes |
| ashrdi3.c | -rw-r--r-- | 565 bytes |
| asn1_decoder.c | -rw-r--r-- | 13.2 KB |
| assoc_array.c | -rw-r--r-- | 51.8 KB |
| atomic64.c | -rw-r--r-- | 4.5 KB |
| atomic64_test.c | -rw-r--r-- | 6.4 KB |
| audit.c | -rw-r--r-- | 1.8 KB |
| bcd.c | -rw-r--r-- | 297 bytes |
| bch.c | -rw-r--r-- | 36.1 KB |
| bitmap.c | -rw-r--r-- | 35.5 KB |
| bitrev.c | -rw-r--r-- | 1.9 KB |
| bsearch.c | -rw-r--r-- | 1.4 KB |
| btree.c | -rw-r--r-- | 19.2 KB |
| bucket_locks.c | -rw-r--r-- | 1.4 KB |
| bug.c | -rw-r--r-- | 5.5 KB |
| build_OID_registry | -rwxr-xr-x | 4.5 KB |
| bust_spinlocks.c | -rw-r--r-- | 676 bytes |
| chacha.c | -rw-r--r-- | 3.6 KB |
| check_signature.c | -rw-r--r-- | 635 bytes |
| checksum.c | -rw-r--r-- | 4.8 KB |
| clz_ctz.c | -rw-r--r-- | 1.2 KB |
| clz_tab.c | -rw-r--r-- | 891 bytes |
| cmdline.c | -rw-r--r-- | 5.1 KB |
| cmpdi2.c | -rw-r--r-- | 501 bytes |
| compat_audit.c | -rw-r--r-- | 832 bytes |
| cpu_rmap.c | -rw-r--r-- | 7.6 KB |
| cpumask.c | -rw-r--r-- | 6.0 KB |
| crc-ccitt.c | -rw-r--r-- | 5.6 KB |
| crc-itu-t.c | -rw-r--r-- | 2.7 KB |
| crc-t10dif.c | -rw-r--r-- | 2.9 KB |
| crc16.c | -rw-r--r-- | 2.7 KB |
| crc32.c | -rw-r--r-- | 9.3 KB |
| crc32defs.h | -rw-r--r-- | 1.6 KB |
| crc32test.c | -rw-r--r-- | 37.5 KB |
| crc4.c | -rw-r--r-- | 1003 bytes |
| crc64.c | -rw-r--r-- | 1.7 KB |
| crc7.c | -rw-r--r-- | 2.5 KB |
| crc8.c | -rw-r--r-- | 2.4 KB |
| ctype.c | -rw-r--r-- | 1.4 KB |
| debug_info.c | -rw-r--r-- | 777 bytes |
| debug_locks.c | -rw-r--r-- | 1.2 KB |
| debugobjects.c | -rw-r--r-- | 34.2 KB |
| dec_and_lock.c | -rw-r--r-- | 1.2 KB |
| decompress.c | -rw-r--r-- | 1.7 KB |
| decompress_bunzip2.c | -rw-r--r-- | 23.5 KB |
| decompress_inflate.c | -rw-r--r-- | 4.5 KB |
| decompress_unlz4.c | -rw-r--r-- | 4.0 KB |
| decompress_unlzma.c | -rw-r--r-- | 15.8 KB |
| decompress_unlzo.c | -rw-r--r-- | 6.4 KB |
| decompress_unxz.c | -rw-r--r-- | 10.9 KB |
| devres.c | -rw-r--r-- | 11.1 KB |
| digsig.c | -rw-r--r-- | 5.5 KB |
| dump_stack.c | -rw-r--r-- | 3.0 KB |
| dynamic_debug.c | -rw-r--r-- | 26.2 KB |
| dynamic_queue_limits.c | -rw-r--r-- | 4.3 KB |
| earlycpio.c | -rw-r--r-- | 3.6 KB |
| error-inject.c | -rw-r--r-- | 5.4 KB |
| errseq.c | -rw-r--r-- | 6.6 KB |
| extable.c | -rw-r--r-- | 3.0 KB |
| fault-inject.c | -rw-r--r-- | 6.2 KB |
| fdt.c | -rw-r--r-- | 69 bytes |
| fdt_empty_tree.c | -rw-r--r-- | 80 bytes |
| fdt_ro.c | -rw-r--r-- | 72 bytes |
| fdt_rw.c | -rw-r--r-- | 72 bytes |
| fdt_strerror.c | -rw-r--r-- | 78 bytes |
| fdt_sw.c | -rw-r--r-- | 72 bytes |
| fdt_wip.c | -rw-r--r-- | 73 bytes |
| find_bit.c | -rw-r--r-- | 5.1 KB |
| find_bit_benchmark.c | -rw-r--r-- | 3.9 KB |
| flex_proportions.c | -rw-r--r-- | 6.9 KB |
| gen_crc32table.c | -rw-r--r-- | 3.3 KB |
| gen_crc64table.c | -rw-r--r-- | 1.4 KB |
| genalloc.c | -rw-r--r-- | 21.7 KB |
| generic-radix-tree.c | -rw-r--r-- | 4.8 KB |
| glob.c | -rw-r--r-- | 3.5 KB |
| globtest.c | -rw-r--r-- | 4.2 KB |
| hexdump.c | -rw-r--r-- | 8.2 KB |
| hweight.c | -rw-r--r-- | 1.9 KB |
| idr.c | -rw-r--r-- | 17.5 KB |
| inflate.c | -rw-r--r-- | 38.7 KB |
| interval_tree.c | -rw-r--r-- | 540 bytes |
| interval_tree_test.c | -rw-r--r-- | 3.4 KB |
| iomap.c | -rw-r--r-- | 9.1 KB |
| iomap_copy.c | -rw-r--r-- | 2.2 KB |
| iommu-helper.c | -rw-r--r-- | 755 bytes |
| ioremap.c | -rw-r--r-- | 5.0 KB |
| iov_iter.c | -rw-r--r-- | 40.9 KB |
| irq_poll.c | -rw-r--r-- | 5.4 KB |
| irq_regs.c | -rw-r--r-- | 394 bytes |
| is_single_threaded.c | -rw-r--r-- | 1.2 KB |
| jedec_ddr_data.c | -rw-r--r-- | 2.9 KB |
| kasprintf.c | -rw-r--r-- | 1.4 KB |
| kfifo.c | -rw-r--r-- | 12.1 KB |
| klist.c | -rw-r--r-- | 10.4 KB |
| kobject.c | -rw-r--r-- | 27.8 KB |
| kobject_uevent.c | -rw-r--r-- | 18.8 KB |
| kstrtox.c | -rw-r--r-- | 10.5 KB |
| kstrtox.h | -rw-r--r-- | 293 bytes |
| libcrc32c.c | -rw-r--r-- | 2.0 KB |
| list_debug.c | -rw-r--r-- | 1.8 KB |
| list_sort.c | -rw-r--r-- | 8.4 KB |
| llist.c | -rw-r--r-- | 2.5 KB |
| locking-selftest-hardirq.h | -rw-r--r-- | 246 bytes |
| locking-selftest-mutex.h | -rw-r--r-- | 159 bytes |
| locking-selftest-rlock-hardirq.h | -rw-r--r-- | 74 bytes |
| locking-selftest-rlock-softirq.h | -rw-r--r-- | 74 bytes |
| locking-selftest-rlock.h | -rw-r--r-- | 197 bytes |
| locking-selftest-rsem.h | -rw-r--r-- | 202 bytes |
| locking-selftest-rtmutex.h | -rw-r--r-- | 162 bytes |
| locking-selftest-softirq.h | -rw-r--r-- | 246 bytes |
| locking-selftest-spin-hardirq.h | -rw-r--r-- | 73 bytes |
| locking-selftest-spin-softirq.h | -rw-r--r-- | 73 bytes |
| locking-selftest-spin.h | -rw-r--r-- | 157 bytes |
| locking-selftest-wlock-hardirq.h | -rw-r--r-- | 74 bytes |
| locking-selftest-wlock-softirq.h | -rw-r--r-- | 74 bytes |
| locking-selftest-wlock.h | -rw-r--r-- | 197 bytes |
| locking-selftest-wsem.h | -rw-r--r-- | 202 bytes |
| locking-selftest.c | -rw-r--r-- | 43.7 KB |
| lockref.c | -rw-r--r-- | 4.5 KB |
| logic_pio.c | -rw-r--r-- | 7.7 KB |
| lru_cache.c | -rw-r--r-- | 18.8 KB |
| lshrdi3.c | -rw-r--r-- | 559 bytes |
| memcat_p.c | -rw-r--r-- | 753 bytes |
| memory-notifier-error-inject.c | -rw-r--r-- | 1.1 KB |
| memweight.c | -rw-r--r-- | 1.0 KB |
| muldi3.c | -rw-r--r-- | 1.7 KB |
| net_utils.c | -rw-r--r-- | 640 bytes |
| netdev-notifier-error-inject.c | -rw-r--r-- | 1.5 KB |
| nlattr.c | -rw-r--r-- | 22.6 KB |
| nmi_backtrace.c | -rw-r--r-- | 3.0 KB |
| nodemask.c | -rw-r--r-- | 653 bytes |
| notifier-error-inject.c | -rw-r--r-- | 2.7 KB |
| notifier-error-inject.h | -rw-r--r-- | 653 bytes |
| objagg.c | -rw-r--r-- | 28.3 KB |
| of-reconfig-notifier-error-inject.c | -rw-r--r-- | 1.3 KB |
| oid_registry.c | -rw-r--r-- | 3.7 KB |
| once.c | -rw-r--r-- | 1.4 KB |
| packing.c | -rw-r--r-- | 6.5 KB |
| parman.c | -rw-r--r-- | 10.6 KB |
| parser.c | -rw-r--r-- | 8.1 KB |
| pci_iomap.c | -rw-r--r-- | 4.2 KB |
| percpu-refcount.c | -rw-r--r-- | 13.3 KB |
| percpu_counter.c | -rw-r--r-- | 5.8 KB |
| percpu_test.c | -rw-r--r-- | 3.2 KB |
| plist.c | -rw-r--r-- | 5.9 KB |
| pm-notifier-error-inject.c | -rw-r--r-- | 1.2 KB |
| radix-tree.c | -rw-r--r-- | 43.3 KB |
| random32.c | -rw-r--r-- | 12.8 KB |
| ratelimit.c | -rw-r--r-- | 1.6 KB |
| rbtree.c | -rw-r--r-- | 18.0 KB |
| rbtree_test.c | -rw-r--r-- | 9.5 KB |
| refcount.c | -rw-r--r-- | 11.4 KB |
| rhashtable.c | -rw-r--r-- | 29.4 KB |
| sbitmap.c | -rw-r--r-- | 16.6 KB |
| scatterlist.c | -rw-r--r-- | 24.7 KB |
| seq_buf.c | -rw-r--r-- | 8.0 KB |
| sg_pool.c | -rw-r--r-- | 3.6 KB |
| sg_split.c | -rw-r--r-- | 5.0 KB |
| sha1.c | -rw-r--r-- | 6.1 KB |
| sha256.c | -rw-r--r-- | 9.9 KB |
| show_mem.c | -rw-r--r-- | 1.2 KB |
| siphash.c | -rw-r--r-- | 12.0 KB |
| smp_processor_id.c | -rw-r--r-- | 1.5 KB |
| sort.c | -rw-r--r-- | 8.0 KB |
| stackdepot.c | -rw-r--r-- | 8.6 KB |
| stmp_device.c | -rw-r--r-- | 1.9 KB |
| string.c | -rw-r--r-- | 23.9 KB |
| string_helpers.c | -rw-r--r-- | 13.9 KB |
| strncpy_from_user.c | -rw-r--r-- | 3.2 KB |
| strnlen_user.c | -rw-r--r-- | 3.5 KB |
| syscall.c | -rw-r--r-- | 2.5 KB |
| test-kstrtox.c | -rw-r--r-- | 17.3 KB |
| test-string_helpers.c | -rw-r--r-- | 10.3 KB |
| test_bitfield.c | -rw-r--r-- | 4.3 KB |
| test_bitmap.c | -rw-r--r-- | 10.6 KB |
| test_blackhole_dev.c | -rw-r--r-- | 2.5 KB |
| test_bpf.c | -rw-r--r-- | 158.8 KB |
| test_debug_virtual.c | -rw-r--r-- | 981 bytes |
| test_firmware.c | -rw-r--r-- | 21.6 KB |
| test_hash.c | -rw-r--r-- | 6.3 KB |
| test_hexdump.c | -rw-r--r-- | 6.3 KB |
| test_ida.c | -rw-r--r-- | 4.3 KB |
| test_kasan.c | -rw-r--r-- | 13.1 KB |
| test_kmod.c | -rw-r--r-- | 30.0 KB |
| test_list_sort.c | -rw-r--r-- | 3.3 KB |
| test_memcat_p.c | -rw-r--r-- | 2.2 KB |
| test_module.c | -rw-r--r-- | 794 bytes |
| test_objagg.c | -rw-r--r-- | 24.6 KB |
| test_overflow.c | -rw-r--r-- | 22.3 KB |
| test_parman.c | -rw-r--r-- | 11.2 KB |
| test_printf.c | -rw-r--r-- | 14.3 KB |
| test_rhashtable.c | -rw-r--r-- | 20.0 KB |
| test_siphash.c | -rw-r--r-- | 7.5 KB |
| test_sort.c | -rw-r--r-- | 870 bytes |
| test_stackinit.c | -rw-r--r-- | 10.9 KB |
| test_static_key_base.c | -rw-r--r-- | 1.6 KB |
| test_static_keys.c | -rw-r--r-- | 5.6 KB |
| test_string.c | -rw-r--r-- | 2.4 KB |
| test_strscpy.c | -rw-r--r-- | 4.0 KB |
| test_sysctl.c | -rw-r--r-- | 3.7 KB |
| test_ubsan.c | -rw-r--r-- | 2.4 KB |
| test_user_copy.c | -rw-r--r-- | 5.1 KB |
| test_uuid.c | -rw-r--r-- | 3.4 KB |
| test_vmalloc.c | -rw-r--r-- | 10.6 KB |
| test_xarray.c | -rw-r--r-- | 41.4 KB |
| textsearch.c | -rw-r--r-- | 9.3 KB |
| timerqueue.c | -rw-r--r-- | 2.6 KB |
| ts_bm.c | -rw-r--r-- | 5.1 KB |
| ts_fsm.c | -rw-r--r-- | 10.4 KB |
| ts_kmp.c | -rw-r--r-- | 4.1 KB |
| ubsan.c | -rw-r--r-- | 10.5 KB |
| ubsan.h | -rw-r--r-- | 1.7 KB |
| ucmpdi2.c | -rw-r--r-- | 568 bytes |
| ucs2_string.c | -rw-r--r-- | 2.5 KB |
| usercopy.c | -rw-r--r-- | 737 bytes |
| uuid.c | -rw-r--r-- | 2.6 KB |
| vsprintf.c | -rw-r--r-- | 79.1 KB |
| win_minmax.c | -rw-r--r-- | 3.4 KB |
| xarray.c | -rw-r--r-- | 52.7 KB |
| xxhash.c | -rw-r--r-- | 12.7 KB |
Computing file changes ...
