From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Alaa Hleihel <alaa@mellanox.com>,
Roi Dayan <roid@mellanox.com>, Vlad Buslov <vladbu@mellanox.com>,
Saeed Mahameed <saeedm@mellanox.com>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 51/90] net/mlx5e: Fix kernel crash when setting vf VLANID on a VF dev
Date: Mon, 3 Aug 2020 14:19:13 +0200 [thread overview]
Message-ID: <20200803121900.093304188@linuxfoundation.org> (raw)
In-Reply-To: <20200803121857.546052424@linuxfoundation.org>
From: Alaa Hleihel <alaa@mellanox.com>
[ Upstream commit 350a63249d270b1f5bd05c7e2a24cd8de0f9db20 ]
After the cited commit, function 'mlx5_eswitch_set_vport_vlan' started
to acquire esw->state_lock.
However, esw is not defined for VF devices, hence attempting to set vf
VLANID on a VF dev will cause a kernel panic.
Fix it by moving up the (redundant) esw validation from function
'__mlx5_eswitch_set_vport_vlan' since the rest of the callers now have
and use a valid esw.
For example with vf device eth4:
# ip link set dev eth4 vf 0 vlan 0
Trace of the panic:
[ 411.409842] BUG: unable to handle page fault for address: 00000000000011b8
[ 411.449745] #PF: supervisor read access in kernel mode
[ 411.452348] #PF: error_code(0x0000) - not-present page
[ 411.454938] PGD 80000004189c9067 P4D 80000004189c9067 PUD 41899a067 PMD 0
[ 411.458382] Oops: 0000 [#1] SMP PTI
[ 411.460268] CPU: 4 PID: 5711 Comm: ip Not tainted 5.8.0-rc4_for_upstream_min_debug_2020_07_08_22_04 #1
[ 411.462447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014
[ 411.464158] RIP: 0010:__mutex_lock+0x4e/0x940
[ 411.464928] Code: fd 41 54 49 89 f4 41 52 53 89 d3 48 83 ec 70 44 8b 1d ee 03 b0 01 65 48 8b 04 25 28 00 00 00 48 89 45 c8 31 c0 45 85 db 75 0a <48> 3b 7f 60 0f 85 7e 05 00 00 49 8d 45 68 41 56 41 b8 01 00 00 00
[ 411.467678] RSP: 0018:ffff88841fcd74b0 EFLAGS: 00010246
[ 411.468562] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[ 411.469715] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000001158
[ 411.470812] RBP: ffff88841fcd7550 R08: ffffffffa00fa1ce R09: 0000000000000000
[ 411.471835] R10: ffff88841fcd7570 R11: 0000000000000000 R12: 0000000000000002
[ 411.472862] R13: 0000000000001158 R14: ffffffffa00fa1ce R15: 0000000000000000
[ 411.474004] FS: 00007faee7ca6b80(0000) GS:ffff88846fc00000(0000) knlGS:0000000000000000
[ 411.475237] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 411.476129] CR2: 00000000000011b8 CR3: 000000041909c006 CR4: 0000000000360ea0
[ 411.477260] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 411.478340] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 411.479332] Call Trace:
[ 411.479760] ? __nla_validate_parse.part.6+0x57/0x8f0
[ 411.482825] ? mlx5_eswitch_set_vport_vlan+0x3e/0xa0 [mlx5_core]
[ 411.483804] mlx5_eswitch_set_vport_vlan+0x3e/0xa0 [mlx5_core]
[ 411.484733] mlx5e_set_vf_vlan+0x41/0x50 [mlx5_core]
[ 411.485545] do_setlink+0x613/0x1000
[ 411.486165] __rtnl_newlink+0x53d/0x8c0
[ 411.486791] ? mark_held_locks+0x49/0x70
[ 411.487429] ? __lock_acquire+0x8fe/0x1eb0
[ 411.488085] ? rcu_read_lock_sched_held+0x52/0x60
[ 411.488998] ? kmem_cache_alloc_trace+0x16d/0x2d0
[ 411.489759] rtnl_newlink+0x47/0x70
[ 411.490357] rtnetlink_rcv_msg+0x24e/0x450
[ 411.490978] ? netlink_deliver_tap+0x92/0x3d0
[ 411.491631] ? validate_linkmsg+0x330/0x330
[ 411.492262] netlink_rcv_skb+0x47/0x110
[ 411.492852] netlink_unicast+0x1ac/0x270
[ 411.493551] netlink_sendmsg+0x336/0x450
[ 411.494209] sock_sendmsg+0x30/0x40
[ 411.494779] ____sys_sendmsg+0x1dd/0x1f0
[ 411.495378] ? copy_msghdr_from_user+0x5c/0x90
[ 411.496082] ___sys_sendmsg+0x87/0xd0
[ 411.496683] ? lock_acquire+0xb9/0x3a0
[ 411.497322] ? lru_cache_add+0x5/0x170
[ 411.497944] ? find_held_lock+0x2d/0x90
[ 411.498568] ? handle_mm_fault+0xe46/0x18c0
[ 411.499205] ? __sys_sendmsg+0x51/0x90
[ 411.499784] __sys_sendmsg+0x51/0x90
[ 411.500341] do_syscall_64+0x59/0x2e0
[ 411.500938] ? asm_exc_page_fault+0x8/0x30
[ 411.501609] ? rcu_read_lock_sched_held+0x52/0x60
[ 411.502350] entry_SYSCALL_64_after_hwframe+0x44/0xa9
[ 411.503093] RIP: 0033:0x7faee73b85a7
[ 411.503654] Code: Bad RIP value.
Fixes: 0e18134f4f9f ("net/mlx5e: Eswitch, use state_lock to synchronize vlan change")
Signed-off-by: Alaa Hleihel <alaa@mellanox.com>
Reviewed-by: Roi Dayan <roid@mellanox.com>
Reviewed-by: Vlad Buslov <vladbu@mellanox.com>
Signed-off-by: Saeed Mahameed <saeedm@mellanox.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/ethernet/mellanox/mlx5/core/eswitch.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
index 6b711affb7da4..8e6ab82019398 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
@@ -2155,8 +2155,6 @@ int __mlx5_eswitch_set_vport_vlan(struct mlx5_eswitch *esw,
struct mlx5_vport *evport = mlx5_eswitch_get_vport(esw, vport);
int err = 0;
- if (!ESW_ALLOWED(esw))
- return -EPERM;
if (IS_ERR(evport))
return PTR_ERR(evport);
if (vlan > 4095 || qos > 7)
@@ -2184,6 +2182,9 @@ int mlx5_eswitch_set_vport_vlan(struct mlx5_eswitch *esw,
u8 set_flags = 0;
int err;
+ if (!ESW_ALLOWED(esw))
+ return -EPERM;
+
if (vlan || qos)
set_flags = SET_VLAN_STRIP | SET_VLAN_INSERT;
--
2.25.1
next prev parent reply other threads:[~2020-08-03 12:28 UTC|newest]
Thread overview: 91+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-03 12:18 [PATCH 5.4 00/90] 5.4.56-rc1 review Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 01/90] crypto: ccp - Release all allocated memory if sha type is invalid Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 02/90] media: rc: prevent memory leak in cx23888_ir_probe Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 03/90] sunrpc: check that domain table is empty at module unload Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 04/90] ath10k: enable transmit data ack RSSI for QCA9884 Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 05/90] PCI/ASPM: Disable ASPM on ASMedia ASM1083/1085 PCIe-to-PCI bridge Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 06/90] mm/filemap.c: dont bother dropping mmap_sem for zero size readahead Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 07/90] ALSA: usb-audio: Add implicit feedback quirk for SSL2 Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 08/90] ALSA: hda/realtek: enable headset mic of ASUS ROG Zephyrus G15(GA502) series with ALC289 Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 09/90] ALSA: hda/realtek: typo_fix: enable headset mic of ASUS ROG Zephyrus G14(GA401) " Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 10/90] ALSA: hda/realtek: Fix add a "ultra_low_power" function for intel reference board (alc256) Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 11/90] ALSA: hda/realtek - Fixed HP right speaker no sound Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 12/90] ALSA: hda/hdmi: Fix keep_power assignment for non-component devices Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 13/90] IB/rdmavt: Fix RQ counting issues causing use of an invalid RWQE Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 14/90] vhost/scsi: fix up req type endian-ness Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 15/90] 9p/trans_fd: Fix concurrency del of req_list in p9_fd_cancelled/p9_read_work Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 16/90] wireless: Use offsetof instead of custom macro Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 17/90] ARM: 8986/1: hw_breakpoint: Dont invoke overflow handler on uaccess watchpoints Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 18/90] ARM: dts: imx6sx-sabreauto: Fix the phy-mode on fec2 Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 19/90] ARM: dts: imx6sx-sdb: " Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 20/90] ARM: dts: imx6qdl-icore: Fix OTG_ID pin and sdcard detect Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 21/90] virtio_balloon: fix up endian-ness for free cmd id Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 22/90] random32: update the net random state on interrupt and activity Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 23/90] ARM: percpu.h: fix build error Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 24/90] Revert "drm/amdgpu: Fix NULL dereference in dpm sysfs handlers" Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 25/90] drm/amd/display: Clear dm_state for fast updates Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 26/90] drm/amdgpu: Prevent kernel-infoleak in amdgpu_info_ioctl() Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 27/90] drm/dbi: Fix SPI Type 1 (9-bit) transfer Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 28/90] drm: hold gem reference until object is no longer accessed Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 29/90] random: fix circular include dependency on arm64 after addition of percpu.h Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 30/90] random32: remove net_rand_state from the latent entropy gcc plugin Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 31/90] rds: Prevent kernel-infoleak in rds_notify_queue_get() Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 32/90] libtraceevent: Fix build with binutils 2.35 Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 33/90] net/x25: Fix x25_neigh refcnt leak when x25 disconnect Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 34/90] net/x25: Fix null-ptr-deref in x25_disconnect Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 35/90] xfrm: policy: match with both mark and mask on user interfaces Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 36/90] ARM: dts sunxi: Relax a bit the CMA pool allocation range Greg Kroah-Hartman
2020-08-03 12:18 ` [PATCH 5.4 37/90] xfrm: Fix crash when the hold queue is used Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 38/90] ARM: dts: armada-38x: fix NETA lockup when repeatedly switching speeds Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 39/90] nvme-tcp: fix possible hang waiting for icresp response Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 40/90] selftests/net: rxtimestamp: fix clang issues for target arch PowerPC Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 41/90] selftests/net: psock_fanout: " Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 42/90] selftests/net: so_txtime: " Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 43/90] sh/tlb: Fix PGTABLE_LEVELS > 2 Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 44/90] sh: Fix validation of system call number Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 45/90] net: hns3: fix a TX timeout issue Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 46/90] net: hns3: fix aRFS FD rules leftover after add a user FD rule Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 47/90] net/mlx5: E-switch, Destroy TSAR when fail to enable the mode Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 48/90] net/mlx5e: Fix error path of device attach Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 49/90] net/mlx5: Verify Hardware supports requested ptp function on a given pin Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 50/90] net/mlx5e: Modify uplink state on interface up/down Greg Kroah-Hartman
2020-08-03 12:19 ` Greg Kroah-Hartman [this message]
2020-08-03 12:19 ` [PATCH 5.4 52/90] net: lan78xx: add missing endpoint sanity check Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 53/90] net: lan78xx: fix transfer-buffer memory leak Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 54/90] rhashtable: Fix unprotected RCU dereference in __rht_ptr Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 55/90] mlx4: disable device on shutdown Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 56/90] mlxsw: core: Increase scope of RCU read-side critical section Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 57/90] mlxsw: core: Free EMAD transactions using kfree_rcu() Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 58/90] ibmvnic: Fix IRQ mapping disposal in error path Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 59/90] bpf: Fix map leak in HASH_OF_MAPS map Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 60/90] mac80211: mesh: Free ie data when leaving mesh Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 61/90] mac80211: mesh: Free pending skb when destroying a mpath Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 62/90] arm64/alternatives: move length validation inside the subsection Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 63/90] arm64: csum: Fix handling of bad packets Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 64/90] Bluetooth: fix kernel oops in store_pending_adv_report Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 65/90] net: nixge: fix potential memory leak in nixge_probe() Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 66/90] net: gemini: Fix missing clk_disable_unprepare() in error path of gemini_ethernet_port_probe() Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 67/90] net/mlx5e: fix bpf_prog reference count leaks in mlx5e_alloc_rq Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 68/90] perf tools: Fix record failure when mixed with ARM SPE event Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 69/90] vxlan: fix memleak of fdb Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 70/90] usb: hso: Fix debug compile warning on sparc32 Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 71/90] selftests: fib_nexthop_multiprefix: fix cleanup() netns deletion Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 72/90] qed: Disable "MFW indication via attention" SPAM every 5 minutes Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 73/90] selftests: net: ip_defrag: modprobe missing nf_defrag_ipv6 support Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 74/90] nfc: s3fwrn5: add missing release on skb in s3fwrn5_recv_frame Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 75/90] scsi: core: Run queue in case of I/O resource contention failure Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 76/90] parisc: add support for cmpxchg on u8 pointers Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 77/90] net: ethernet: ravb: exit if re-initialization fails in tx timeout Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 78/90] Revert "i2c: cadence: Fix the hold bit setting" Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 79/90] x86/unwind/orc: Fix ORC for newly forked tasks Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 80/90] x86/stacktrace: Fix reliable check for empty user task stacks Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 81/90] cxgb4: add missing release on skb in uld_send() Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 82/90] xen-netfront: fix potential deadlock in xennet_remove() Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 83/90] RISC-V: Set maximum number of mapped pages correctly Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 84/90] drivers/net/wan: lapb: Corrected the usage of skb_cow Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 85/90] KVM: arm64: Dont inherit exec permission across page-table levels Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 86/90] KVM: LAPIC: Prevent setting the tscdeadline timer if the lapic is hw disabled Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 87/90] x86/i8259: Use printk_deferred() to prevent deadlock Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 88/90] perf tests bp_account: Make global variable static Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 89/90] perf env: Do not return pointers to local variables Greg Kroah-Hartman
2020-08-03 12:19 ` [PATCH 5.4 90/90] perf bench: Share some global variables to fix build with gcc 10 Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200803121900.093304188@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=alaa@mellanox.com \
--cc=linux-kernel@vger.kernel.org \
--cc=roid@mellanox.com \
--cc=saeedm@mellanox.com \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=vladbu@mellanox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).