* BUG: KASAN: null-ptr-deref in rdma_counter_get_hwstat_value+0x19d/0x260 in for-next branch
@ 2019-07-22 15:10 Gal Pressman
2019-07-22 17:52 ` Leon Romanovsky
0 siblings, 1 reply; 3+ messages in thread
From: Gal Pressman @ 2019-07-22 15:10 UTC (permalink / raw)
To: Jason Gunthorpe, Leon Romanovsky, Mark Zhang, Doug Ledford; +Cc: linux-rdma
Hi,
I pulled the latest for-next branch (5.3-rc1) which includes the new stats stuff
and applied a patch to enable EFA stats [1], and I'm getting the following trace
[2]. The EFA patch isn't merged yet so it could cause some extra noise, but this
did not happen before the core statistics patches were merged.
From a quick look it seems that 'port_counter->hstats' is only initialized for
ports 1..num_ports (i.e not initialized for port 0, device stats) in
rdma_counter_init rdma_for_each_port loop.
As a result, rdma_counter_get_hwstat_value hits a NULL pointer dereference when
querying device statistics as it tries to access an uninitialized hstats field in:
sum += port_counter->hstats->value[index];
I'm thinking of adding a check similar to the one that exists in
counter_history_stat_update and return 0 in case of !port_counter->hstats.
What do you guys think?
[1] https://patchwork.kernel.org/patch/11034123/
[2] cat /sys/class/infiniband/efa_0/hw_counters/completed_cmds
[ 82.519451] ==================================================================
[ 82.522782] BUG: KASAN: null-ptr-deref in
rdma_counter_get_hwstat_value+0x19d/0x260 [ib_core]
[ 82.526374] Read of size 8 at addr 00000000000000d0 by task cat/14604
[ 82.530133] CPU: 44 PID: 14604 Comm: cat Tainted: G E
5.3.0-rc1-dirty #101
[ 82.533613] Hardware name: Amazon EC2 c5n.18xlarge/, BIOS 1.0 10/16/2017
[ 82.536505] Call Trace:
[ 82.537837] dump_stack+0x91/0xeb
[ 82.539487] __kasan_report+0x1be/0x220
[ 82.541396] ? rdma_counter_get_hwstat_value+0x19d/0x260 [ib_core]
[ 82.544206] ? rdma_counter_get_hwstat_value+0x19d/0x260 [ib_core]
[ 82.546965] kasan_report+0xe/0x20
[ 82.548659] rdma_counter_get_hwstat_value+0x19d/0x260 [ib_core]
[ 82.552753] ? rdma_counter_query_stats+0x70/0x70 [ib_core]
[ 82.556629] ? lock_acquire+0x100/0x260
[ 82.559905] show_hw_stats+0xdc/0x1d0 [ib_core]
[ 82.563420] dev_attr_show+0x34/0x70
[ 82.566588] sysfs_kf_seq_show+0x12b/0x1c0
[ 82.569917] ? device_match_of_node+0x30/0x30
[ 82.573355] seq_read+0x171/0x6d0
[ 82.576415] vfs_read+0xc9/0x1e0
[ 82.579409] ksys_read+0xca/0x180
[ 82.582443] ? kernel_write+0xb0/0xb0
[ 82.585618] ? trace_hardirqs_on_thunk+0x1a/0x20
[ 82.589119] ? mark_held_locks+0x25/0xc0
[ 82.592387] ? do_syscall_64+0x14/0x2b0
[ 82.595648] do_syscall_64+0x68/0x2b0
[ 82.598886] entry_SYSCALL_64_after_hwframe+0x49/0xbe
[ 82.602612] RIP: 0033:0x7fa96127afe0
[ 82.605800] Code: 0b 31 c0 48 83 c4 08 e9 be fe ff ff 48 8d 3d 17 bf 09 00 e8
52 8a 02 00 66 90 83 3d bd cf 2d 00 00 75 10 b8 00 00 00 00 0f 05 <48> 3d 01 f0
ff ff 73 31 c3 48 83 ec 08 e8 4e cc 01 00 48 89 04 24
[ 82.617434] RSP: 002b:00007ffc04ceea48 EFLAGS: 00000246 ORIG_RAX:
0000000000000000
[ 82.623423] RAX: ffffffffffffffda RBX: 0000000000010000 RCX: 00007fa96127afe0
[ 82.629319] RDX: 0000000000010000 RSI: 0000000000ebf000 RDI: 0000000000000003
[ 82.635142] RBP: 0000000000ebf000 R08: 0000000000000000 R09: 0000000000010fff
[ 82.641030] R10: 00007ffc04cede20 R11: 0000000000000246 R12: 0000000000ebf000
[ 82.646915] R13: 0000000000000003 R14: 0000000000000000 R15: 0000000000000fff
[ 82.652804] ==================================================================
Thanks
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: BUG: KASAN: null-ptr-deref in rdma_counter_get_hwstat_value+0x19d/0x260 in for-next branch
2019-07-22 15:10 BUG: KASAN: null-ptr-deref in rdma_counter_get_hwstat_value+0x19d/0x260 in for-next branch Gal Pressman
@ 2019-07-22 17:52 ` Leon Romanovsky
2019-07-23 7:51 ` Gal Pressman
0 siblings, 1 reply; 3+ messages in thread
From: Leon Romanovsky @ 2019-07-22 17:52 UTC (permalink / raw)
To: Gal Pressman; +Cc: Jason Gunthorpe, Mark Zhang, Doug Ledford, linux-rdma
On Mon, Jul 22, 2019 at 06:10:01PM +0300, Gal Pressman wrote:
> Hi,
>
> I pulled the latest for-next branch (5.3-rc1) which includes the new stats stuff
> and applied a patch to enable EFA stats [1], and I'm getting the following trace
> [2]. The EFA patch isn't merged yet so it could cause some extra noise, but this
> did not happen before the core statistics patches were merged.
>
> From a quick look it seems that 'port_counter->hstats' is only initialized for
> ports 1..num_ports (i.e not initialized for port 0, device stats) in
> rdma_counter_init rdma_for_each_port loop.
>
> As a result, rdma_counter_get_hwstat_value hits a NULL pointer dereference when
> querying device statistics as it tries to access an uninitialized hstats field in:
> sum += port_counter->hstats->value[index];
>
> I'm thinking of adding a check similar to the one that exists in
> counter_history_stat_update and return 0 in case of !port_counter->hstats.
> What do you guys think?
It is in my queue, I waited for -rc1 to start sending.
https://git.kernel.org/pub/scm/linux/kernel/git/leon/linux-rdma.git/commit/?h=rdma-next&id=32f6bc477e9432776d6938beeda1905198485f5e
Thanks
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: BUG: KASAN: null-ptr-deref in rdma_counter_get_hwstat_value+0x19d/0x260 in for-next branch
2019-07-22 17:52 ` Leon Romanovsky
@ 2019-07-23 7:51 ` Gal Pressman
0 siblings, 0 replies; 3+ messages in thread
From: Gal Pressman @ 2019-07-23 7:51 UTC (permalink / raw)
To: Leon Romanovsky; +Cc: Jason Gunthorpe, Mark Zhang, Doug Ledford, linux-rdma
On 22/07/2019 20:52, Leon Romanovsky wrote:
> On Mon, Jul 22, 2019 at 06:10:01PM +0300, Gal Pressman wrote:
>> Hi,
>>
>> I pulled the latest for-next branch (5.3-rc1) which includes the new stats stuff
>> and applied a patch to enable EFA stats [1], and I'm getting the following trace
>> [2]. The EFA patch isn't merged yet so it could cause some extra noise, but this
>> did not happen before the core statistics patches were merged.
>>
>> From a quick look it seems that 'port_counter->hstats' is only initialized for
>> ports 1..num_ports (i.e not initialized for port 0, device stats) in
>> rdma_counter_init rdma_for_each_port loop.
>>
>> As a result, rdma_counter_get_hwstat_value hits a NULL pointer dereference when
>> querying device statistics as it tries to access an uninitialized hstats field in:
>> sum += port_counter->hstats->value[index];
>>
>> I'm thinking of adding a check similar to the one that exists in
>> counter_history_stat_update and return 0 in case of !port_counter->hstats.
>> What do you guys think?
>
> It is in my queue, I waited for -rc1 to start sending.
>
> https://git.kernel.org/pub/scm/linux/kernel/git/leon/linux-rdma.git/commit/?h=rdma-next&id=32f6bc477e9432776d6938beeda1905198485f5e
Thanks, good to know that it's the same fix.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-07-23 7:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-07-22 15:10 BUG: KASAN: null-ptr-deref in rdma_counter_get_hwstat_value+0x19d/0x260 in for-next branch Gal Pressman
2019-07-22 17:52 ` Leon Romanovsky
2019-07-23 7:51 ` Gal Pressman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.