From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Maor Gottlieb <maorg@mellanox.com>,
Leon Romanovsky <leonro@mellanox.com>,
Mike Marciniszyn <mike.marciniszyn@intel.com>,
Jason Gunthorpe <jgg@mellanox.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 04/86] RDMA/core: Fix pkey and port assignment in get_new_pps
Date: Tue, 10 Mar 2020 13:44:28 +0100 [thread overview]
Message-ID: <20200310124531.045083681@linuxfoundation.org> (raw)
In-Reply-To: <20200310124530.808338541@linuxfoundation.org>
From: Maor Gottlieb <maorg@mellanox.com>
[ Upstream commit 801b67f3eaafd3f2ec8b65d93142d4ffedba85df ]
When port is part of the modify mask, then we should take it from the
qp_attr and not from the old pps. Same for PKEY. Otherwise there are
panics in some configurations:
RIP: 0010:get_pkey_idx_qp_list+0x50/0x80 [ib_core]
Code: c7 18 e8 13 04 30 ef 0f b6 43 06 48 69 c0 b8 00 00 00 48 03 85 a0 04 00 00 48 8b 50 20 48 8d 48 20 48 39 ca 74 1a 0f b7 73 04 <66> 39 72 10 75 08 eb 10 66 39 72 10 74 0a 48 8b 12 48 39 ca 75 f2
RSP: 0018:ffffafb3480932f0 EFLAGS: 00010203
RAX: ffff98059ababa10 RBX: ffff980d926e8cc0 RCX: ffff98059ababa30
RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff98059ababa28
RBP: ffff98059b940000 R08: 00000000000310c0 R09: ffff97fe47c07480
R10: 0000000000000036 R11: 0000000000000200 R12: 0000000000000071
R13: ffff98059b940000 R14: ffff980d87f948a0 R15: 0000000000000000
FS: 00007f88deb31740(0000) GS:ffff98059f600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000010 CR3: 0000000853e26001 CR4: 00000000001606e0
Call Trace:
port_pkey_list_insert+0x3d/0x1b0 [ib_core]
? kmem_cache_alloc_trace+0x215/0x220
ib_security_modify_qp+0x226/0x3a0 [ib_core]
_ib_modify_qp+0xcf/0x390 [ib_core]
ipoib_init_qp+0x7f/0x200 [ib_ipoib]
? rvt_modify_port+0xd0/0xd0 [rdmavt]
? ib_find_pkey+0x99/0xf0 [ib_core]
ipoib_ib_dev_open_default+0x1a/0x200 [ib_ipoib]
ipoib_ib_dev_open+0x96/0x130 [ib_ipoib]
ipoib_open+0x44/0x130 [ib_ipoib]
__dev_open+0xd1/0x160
__dev_change_flags+0x1ab/0x1f0
dev_change_flags+0x23/0x60
do_setlink+0x328/0xe30
? __nla_validate_parse+0x54/0x900
__rtnl_newlink+0x54e/0x810
? __alloc_pages_nodemask+0x17d/0x320
? page_fault+0x30/0x50
? _cond_resched+0x15/0x30
? kmem_cache_alloc_trace+0x1c8/0x220
rtnl_newlink+0x43/0x60
rtnetlink_rcv_msg+0x28f/0x350
? kmem_cache_alloc+0x1fb/0x200
? _cond_resched+0x15/0x30
? __kmalloc_node_track_caller+0x24d/0x2d0
? rtnl_calcit.isra.31+0x120/0x120
netlink_rcv_skb+0xcb/0x100
netlink_unicast+0x1e0/0x340
netlink_sendmsg+0x317/0x480
? __check_object_size+0x48/0x1d0
sock_sendmsg+0x65/0x80
____sys_sendmsg+0x223/0x260
? copy_msghdr_from_user+0xdc/0x140
___sys_sendmsg+0x7c/0xc0
? skb_dequeue+0x57/0x70
? __inode_wait_for_writeback+0x75/0xe0
? fsnotify_grab_connector+0x45/0x80
? __dentry_kill+0x12c/0x180
__sys_sendmsg+0x58/0xa0
do_syscall_64+0x5b/0x200
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f88de467f10
Link: https://lore.kernel.org/r/20200227125728.100551-1-leon@kernel.org
Cc: <stable@vger.kernel.org>
Fixes: 1dd017882e01 ("RDMA/core: Fix protection fault in get_pkey_idx_qp_list")
Signed-off-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Tested-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/infiniband/core/security.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/drivers/infiniband/core/security.c b/drivers/infiniband/core/security.c
index 4e2565cccb8ae..839ee047f36be 100644
--- a/drivers/infiniband/core/security.c
+++ b/drivers/infiniband/core/security.c
@@ -337,11 +337,15 @@ static struct ib_ports_pkeys *get_new_pps(const struct ib_qp *qp,
return NULL;
if (qp_attr_mask & IB_QP_PORT)
- new_pps->main.port_num =
- (qp_pps) ? qp_pps->main.port_num : qp_attr->port_num;
+ new_pps->main.port_num = qp_attr->port_num;
+ else if (qp_pps)
+ new_pps->main.port_num = qp_pps->main.port_num;
+
if (qp_attr_mask & IB_QP_PKEY_INDEX)
- new_pps->main.pkey_index = (qp_pps) ? qp_pps->main.pkey_index :
- qp_attr->pkey_index;
+ new_pps->main.pkey_index = qp_attr->pkey_index;
+ else if (qp_pps)
+ new_pps->main.pkey_index = qp_pps->main.pkey_index;
+
if ((qp_attr_mask & IB_QP_PKEY_INDEX) && (qp_attr_mask & IB_QP_PORT))
new_pps->main.state = IB_PORT_PKEY_VALID;
--
2.20.1
next prev parent reply other threads:[~2020-03-10 13:12 UTC|newest]
Thread overview: 106+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-10 12:44 [PATCH 4.19 00/86] 4.19.109-stable review Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 01/86] EDAC/amd64: Set grain per DIMM Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 02/86] ALSA: hda/realtek - Fix a regression for mute led on Lenovo Carbon X1 Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 03/86] net: dsa: bcm_sf2: Forcibly configure IMP port for 1Gb/sec Greg Kroah-Hartman
2020-03-10 12:44 ` Greg Kroah-Hartman [this message]
2020-03-10 12:44 ` [PATCH 4.19 05/86] RDMA/core: Fix use of logical OR in get_new_pps Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 06/86] kprobes: Fix optimize_kprobe()/unoptimize_kprobe() cancellation logic Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 07/86] ALSA: hda: do not override bus codec_mask in link_get() Greg Kroah-Hartman
2020-03-10 22:33 ` Pavel Machek
2020-03-10 12:44 ` [PATCH 4.19 08/86] serial: ar933x_uart: set UART_CS_{RX,TX}_READY_ORIDE Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 09/86] selftests: fix too long argument Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 10/86] usb: gadget: composite: Support more than 500mA MaxPower Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 11/86] usb: gadget: ffs: ffs_aio_cancel(): Save/restore IRQ flags Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 12/86] usb: gadget: serial: fix Tx stall after buffer overflow Greg Kroah-Hartman
2020-03-10 15:08 ` Pavel Machek
2020-03-10 22:51 ` Michał Mirosław
2020-03-11 9:42 ` Pavel Machek
2020-03-10 12:44 ` [PATCH 4.19 13/86] drm/msm/mdp5: rate limit pp done timeout warnings Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 14/86] drm: msm: Fix return type of dsi_mgr_connector_mode_valid for kCFI Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 15/86] scsi: megaraid_sas: silence a warning Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 16/86] drm/msm/dsi: save pll state before dsi host is powered off Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 17/86] drm/msm/dsi/pll: call vco set rate explicitly Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 18/86] selftests: forwarding: use proto icmp for {gretap, ip6gretap}_mac testing Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 19/86] net: dsa: b53: Ensure the default VID is untagged Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 20/86] net: ks8851-ml: Remove 8-bit bus accessors Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 21/86] net: ks8851-ml: Fix 16-bit data access Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 22/86] net: ks8851-ml: Fix 16-bit IO operation Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 23/86] watchdog: da9062: do not ping the hw during stop() Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 24/86] s390/cio: cio_ignore_proc_seq_next should increase position index Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 25/86] s390: make install not depend on vmlinux Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 26/86] x86/boot/compressed: Dont declare __force_order in kaslr_64.c Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 27/86] s390/qdio: fill SL with absolute addresses Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 28/86] nvme: Fix uninitialized-variable warning Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 29/86] ice: Dont tell the OS that link is going down Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 30/86] x86/xen: Distribute switch variables for initialization Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 31/86] net: thunderx: workaround BGX TX Underflow issue Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 32/86] ALSA: hda/realtek - Add Headset Mic supported Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 33/86] ALSA: hda/realtek - Fix silent output on Gigabyte X570 Aorus Master Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 34/86] cifs: dont leak -EAGAIN for stat() during reconnect Greg Kroah-Hartman
2020-03-10 12:44 ` [PATCH 4.19 35/86] usb: storage: Add quirk for Samsung Fit flash Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 36/86] usb: quirks: add NO_LPM quirk for Logitech Screen Share Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 37/86] usb: dwc3: gadget: Update chain bit correctly when using sg list Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 38/86] usb: core: hub: fix unhandled return by employing a void function Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 39/86] usb: core: hub: do error out if usb_autopm_get_interface() fails Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 40/86] usb: core: port: " Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 41/86] vgacon: Fix a UAF in vgacon_invert_region Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 42/86] mm, numa: fix bad pmd by atomically check for pmd_trans_huge when marking page tables prot_numa Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 43/86] mm: fix possible PMD dirty bit lost in set_pmd_migration_entry() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 44/86] fat: fix uninit-memory access for partial initialized inode Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 45/86] arm: dts: dra76x: Fix mmc3 max-frequency Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 46/86] tty:serial:mvebu-uart:fix a wrong return Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 47/86] serial: 8250_exar: add support for ACCES cards Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 48/86] vt: selection, close sel_buffer race Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 49/86] vt: selection, push console lock down Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 50/86] vt: selection, push sel_lock up Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 51/86] media: v4l2-mem2mem.c: fix broken links Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 52/86] x86/pkeys: Manually set X86_FEATURE_OSPKE to preserve existing changes Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 53/86] dmaengine: tegra-apb: Fix use-after-free Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 54/86] dmaengine: tegra-apb: Prevent race conditions of tasklet vs free list Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 55/86] dm cache: fix a crash due to incorrect work item cancelling Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 56/86] dm: report suspended device during destroy Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 57/86] dm writecache: verify watermark during resume Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 58/86] ARM: dts: ls1021a: Restore MDIO compatible to gianfar Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 59/86] spi: bcm63xx-hsspi: Really keep pll clk enabled Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 60/86] ASoC: topology: Fix memleak in soc_tplg_link_elems_load() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 61/86] ASoC: topology: Fix memleak in soc_tplg_manifest_load() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 62/86] ASoC: intel: skl: Fix pin debug prints Greg Kroah-Hartman
2020-03-11 9:52 ` Pavel Machek
2020-03-11 9:53 ` Pavel Machek
2020-03-10 12:45 ` [PATCH 4.19 63/86] ASoC: intel: skl: Fix possible buffer overflow in debug outputs Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 64/86] dmaengine: imx-sdma: remove dma_slave_config direction usage and leave sdma_event_enable() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 65/86] ASoC: pcm: Fix possible buffer overflow in dpcm state sysfs output Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 66/86] ASoC: pcm512x: Fix unbalanced regulator enable call in probe error path Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 67/86] ASoC: dapm: Correct DAPM handling of active widgets during shutdown Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 68/86] drm/sun4i: Fix DE2 VI layer format support Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 69/86] drm/sun4i: de2/de3: Remove unsupported VI layer formats Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 70/86] phy: mapphone-mdm6600: Fix timeouts by adding wake-up handling Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 71/86] phy: mapphone-mdm6600: Fix write timeouts with shorter GPIO toggle interval Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 72/86] ARM: dts: imx6: phycore-som: fix emmc supply Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 73/86] RDMA/iwcm: Fix iwcm work deallocation Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 74/86] RMDA/cm: Fix missing ib_cm_destroy_id() in ib_cm_insert_listen() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 75/86] IB/hfi1, qib: Ensure RCU is locked when accessing list Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 76/86] ARM: imx: build v7_cpu_resume() unconditionally Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 77/86] ARM: dts: am437x-idk-evm: Fix incorrect OPP node names Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 78/86] ARM: dts: imx6dl-colibri-eval-v3: fix sram compatible properties Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 79/86] ARM: dts: imx7-colibri: Fix frequency for sd/mmc Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 80/86] hwmon: (adt7462) Fix an error return in ADT7462_REG_VOLT() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 81/86] dmaengine: coh901318: Fix a double lock bug in dma_tc_handle() Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 82/86] powerpc: fix hardware PMU exception bug on PowerVM compatibility mode systems Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 83/86] efi/x86: Align GUIDs to their size in the mixed mode runtime wrapper Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 84/86] efi/x86: Handle by-ref arguments covering multiple pages in mixed mode Greg Kroah-Hartman
2020-03-11 13:01 ` Pavel Machek
2020-03-11 13:13 ` Greg Kroah-Hartman
2020-03-11 13:28 ` Pavel Machek
2020-03-11 13:43 ` Ard Biesheuvel
2020-03-12 3:52 ` Arvind Sankar
2020-03-10 12:45 ` [PATCH 4.19 85/86] dm integrity: fix a deadlock due to offloading to an incorrect workqueue Greg Kroah-Hartman
2020-03-10 12:45 ` [PATCH 4.19 86/86] scsi: pm80xx: Fixed kernel panic during error recovery for SATA drive Greg Kroah-Hartman
[not found] ` <20200310124530.808338541-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
2020-03-10 20:08 ` [PATCH 4.19 00/86] 4.19.109-stable review Jon Hunter
2020-03-10 20:08 ` Jon Hunter
2020-03-10 21:18 ` shuah
2020-03-10 21:58 ` Guenter Roeck
2020-03-11 6:52 ` Naresh Kamboju
2020-03-11 10:56 ` Chris Paterson
2020-03-11 13:13 ` Greg Kroah-Hartman
2020-03-17 19:46 ` Chris Paterson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200310124531.045083681@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jgg@mellanox.com \
--cc=leonro@mellanox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=maorg@mellanox.com \
--cc=mike.marciniszyn@intel.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.