OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/drivers
History
Leon Romanovsky 75a4598209 RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs 
mlx5 modify_qp() relies on FW that the error will be thrown if wrong
state is supplied. The missing check in FW causes the following crash
while using XRC_TGT QPs.

[   14.769632] BUG: unable to handle kernel NULL pointer dereference at (null)
[   14.771085] IP: mlx5_ib_modify_qp+0xf60/0x13f0
[   14.771894] PGD 800000001472e067 P4D 800000001472e067 PUD 14529067 PMD 0
[   14.773126] Oops: 0002 [#1] SMP PTI
[   14.773763] CPU: 0 PID: 365 Comm: ubsan Not tainted 4.16.0-rc1-00038-g8151138c0793 #119
[   14.775192] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.7.5-0-ge51488c-20140602_164612-nilsson.home.kraxel.org 04/01/2014
[   14.777522] RIP: 0010:mlx5_ib_modify_qp+0xf60/0x13f0
[   14.778417] RSP: 0018:ffffbf48001c7bd8 EFLAGS: 00010246
[   14.779346] RAX: 0000000000000000 RBX: ffff9a8f9447d400 RCX: 0000000000000000
[   14.780643] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000000
[   14.781930] RBP: 0000000000000000 R08: 00000000000217b0 R09: ffffffffbc9c1504
[   14.783214] R10: fffff4a180519480 R11: ffff9a8f94523600 R12: ffff9a8f9493e240
[   14.784507] R13: ffff9a8f9447d738 R14: 000000000000050a R15: 0000000000000000
[   14.785800] FS:  00007f545b466700(0000) GS:ffff9a8f9fc00000(0000) knlGS:0000000000000000
[   14.787073] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   14.787792] CR2: 0000000000000000 CR3: 00000000144be000 CR4: 00000000000006b0
[   14.788689] Call Trace:
[   14.789007]  _ib_modify_qp+0x71/0x120
[   14.789475]  modify_qp.isra.20+0x207/0x2f0
[   14.790010]  ib_uverbs_modify_qp+0x90/0xe0
[   14.790532]  ib_uverbs_write+0x1d2/0x3c0
[   14.791049]  ? __handle_mm_fault+0x93c/0xe40
[   14.791644]  __vfs_write+0x36/0x180
[   14.792096]  ? handle_mm_fault+0xc1/0x210
[   14.792601]  vfs_write+0xad/0x1e0
[   14.793018]  SyS_write+0x52/0xc0
[   14.793422]  do_syscall_64+0x75/0x180
[   14.793888]  entry_SYSCALL_64_after_hwframe+0x21/0x86
[   14.794527] RIP: 0033:0x7f545ad76099
[   14.794975] RSP: 002b:00007ffd78787468 EFLAGS: 00000287 ORIG_RAX: 0000000000000001
[   14.795958] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f545ad76099
[   14.797075] RDX: 0000000000000078 RSI: 0000000020009000 RDI: 0000000000000003
[   14.798140] RBP: 00007ffd78787470 R08: 00007ffd78787480 R09: 00007ffd78787480
[   14.799207] R10: 00007ffd78787480 R11: 0000000000000287 R12: 00005599ada98760
[   14.800277] R13: 00007ffd78787560 R14: 0000000000000000 R15: 0000000000000000
[   14.801341] Code: 4c 8b 1c 24 48 8b 83 70 02 00 00 48 c7 83 cc 02 00
00 00 00 00 00 48 c7 83 24 03 00 00 00 00 00 00 c7 83 2c 03 00 00 00 00
00 00 <c7> 00 00 00 00 00 48 8b 83 70 02 00 00 c7 40 04 00 00 00 00 4c
[   14.804012] RIP: mlx5_ib_modify_qp+0xf60/0x13f0 RSP: ffffbf48001c7bd8
[   14.804838] CR2: 0000000000000000
[   14.805288] ---[ end trace 3f1da0df5c8b7c37 ]---

Cc: syzkaller <syzkaller@googlegroups.com>
Reported-by: Maor Gottlieb <maorg@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Doug Ledford <dledford@redhat.com>
 		2018-03-14 15:34:25 -04:00
..
accessibility
acpi vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
amba
android vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ata pci-v4.16-changes 2018-02-06 09:59:40 -08:00
atm atm: he: use 64-bit arithmetic instead of 32-bit 2018-02-08 15:05:16 -05:00
auxdisplay
base More power management updates for v4.16-rc1 2018-02-09 09:40:33 -08:00
bcma Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-01-19 22:59:33 -05:00
block Things have been very quiet on the rbd side, as work continues on the 2018-02-08 11:38:59 -08:00
bluetooth vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
bus ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
cdrom
char vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
clk MIPS changes for 4.16 2018-02-07 11:22:44 -08:00
clocksource
connector
cpufreq arm: imx: Add MODULE_ALIAS for cpufreq 2018-02-08 10:21:39 +01:00
cpuidle powerpc updates for 4.16 2018-02-02 10:01:04 -08:00
crypto KVM changes for 4.16 2018-02-10 13:16:35 -08:00
dax Merge branch 'for-4.16/dax' into libnvdimm-for-next 2018-02-03 00:26:10 -07:00
dca
devfreq
dio
dma Merge branch 'for-linus' of git://git.armlinux.org.uk/~rmk/linux-arm 2018-02-02 09:50:51 -08:00
dma-buf vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
edac
eisa EISA: Delete error message for a failed memory allocation in eisa_probe() 2018-01-23 09:04:10 +01:00
extcon
firewire vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
firmware 2nd set of arm64 updates for 4.16: 2018-02-08 10:44:25 -08:00
fmc
fpga
fsi
gpio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
gpu vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hid vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hsi vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hv vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
hwmon hwmon: (dell-smm) Disable fan support for Dell Vostro 3360 2018-01-27 09:34:22 -08:00
hwspinlock
hwtracing Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
i2c Merge branch 'i2c/for-4.16' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2018-02-04 10:57:43 -08:00
ide pci-v4.16-changes 2018-02-06 09:59:40 -08:00
idle
iio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
infiniband RDMA/mlx5: Fix NULL dereference while accessing XRC_TGT QPs 2018-03-14 15:34:25 -04:00
input vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
iommu IOMMU Updates for Linux v4.16 2018-02-08 12:03:54 -08:00
ipack
irqchip pci-v4.16-changes 2018-02-06 09:59:40 -08:00
isdn vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
leds vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
lightnvm
macintosh vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
mailbox vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
mcb
md vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
media vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
memory ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
memstick
message scsi: mptsas: remove duplicated assignment to pointer head 2018-01-17 01:19:38 -05:00
mfd vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
misc vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
mmc Kbuild updates for v4.16 (2nd) 2018-02-09 19:32:41 -08:00
mtd dma mapping changes for Linux 4.16: 2018-01-31 11:32:27 -08:00
mux Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
net net/mlx5: Fix wrongly assigned CQ reference counter 2018-03-07 15:54:36 -08:00
nfc
ntb NTB: ntb_perf: fix cast to restricted __le32 2018-01-28 22:17:24 -05:00
nubus nubus: Add support for the driver model 2018-01-16 16:47:29 +01:00
nvdimm Merge branch 'for-4.16/nfit' into libnvdimm-for-next 2018-02-03 00:26:26 -07:00
nvme for-linus-20180204 2018-02-04 11:16:35 -08:00
nvmem
of pci-v4.16-changes 2018-02-06 09:59:40 -08:00
opp
oprofile
parisc
parport
pci vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
pcmcia Merge branch 'pcmcia' of git://git.kernel.org/pub/scm/linux/kernel/git/brodo/pcmcia 2018-02-08 11:48:49 -08:00
perf bitmap: replace bitmap_{from,to}_u32array 2018-02-06 18:32:44 -08:00
phy USB/PHY updates for 4.16-rc1 2018-02-01 09:40:49 -08:00
pinctrl This is the bulk of pin control changes for the v4.16 kernel cycle: 2018-02-02 14:22:53 -08:00
platform vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
pnp
power power supply and reset changes for the v4.16 series 2018-01-31 12:55:31 -08:00
powercap powercap: intel_rapl: Fix trailing semicolon 2018-01-17 12:56:24 +01:00
pps vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ps3
ptp vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
pwm
rapidio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
ras mm/memory_failure: Remove unused trapno from memory_failure 2018-01-23 12:17:42 -06:00
regulator regulator: Fix suspend to idle 2018-01-30 12:25:59 +00:00
remoteproc remoteproc updates for v4.16 2018-02-05 10:07:40 -08:00
reset
rpmsg vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
rtc vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
s390 vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
sbus pci-v4.16-changes 2018-02-06 09:59:40 -08:00
scsi vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
sfi
sh cpufreq: Add and use cpufreq_for_each_{valid_,}entry_idx() 2018-02-08 10:21:39 +01:00
siox
slimbus
sn
soc ARM: SoC driver updates for 4.16 2018-02-01 16:35:31 -08:00
soundwire soundwire: Fix a signedness bug 2018-01-22 16:45:26 +01:00
spi Merge remote-tracking branch 'spi/topic/xilinx' into spi-next 2018-01-26 17:57:34 +00:00
spmi
ssb Merge git://git.kernel.org/pub/scm/linux/kernel/git/kvalo/wireless-drivers.git 2018-02-01 10:37:39 +02:00
staging vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
target Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending 2018-02-09 14:49:46 -08:00
tc
tee
thermal Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2018-02-06 15:04:58 -08:00
thunderbolt
tty vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
uio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
usb vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
uwb
vfio vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
vhost vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
video Kbuild updates for v4.16 (2nd) 2018-02-09 19:32:41 -08:00
virt vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
virtio virtio_pci: don't kfree device on register failure 2018-02-01 16:26:45 +02:00
visorbus
vlynq
vme
w1 Documentation updates for 4.16. New stuff includes refcount_t 2018-01-31 19:25:25 -08:00
watchdog linux-watchdog 4.16-rc1 merge window tag 2018-02-07 11:54:34 -08:00
xen vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
zorro
Kconfig Char/Misc driver patches for 4.16-rc1 2018-02-01 10:31:17 -08:00
Makefile pci-v4.16-changes 2018-02-06 09:59:40 -08:00