github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 07:32:29 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
4b7441fac9
linux/drivers
History
Lijun Pan 4b7441fac9 ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues 
[ Upstream commit a0faaa27c7 ]

adapter->tx_scrq and adapter->rx_scrq could be NULL if the previous reset
did not complete after freeing sub crqs. Check for NULL before
dereferencing them.

Snippet of call trace:
ibmvnic 30000006 env6: Releasing sub-CRQ
ibmvnic 30000006 env6: Releasing CRQ
...
ibmvnic 30000006 env6: Got Control IP offload Response
ibmvnic 30000006 env6: Re-setting tx_scrq[0]
BUG: Kernel NULL pointer dereference on read at 0x00000000
Faulting instruction address: 0xc008000003dea7cc
Oops: Kernel access of bad area, sig: 11 [#1]
LE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=2048 NUMA pSeries
Modules linked in: rpadlpar_io rpaphp xt_CHECKSUM xt_MASQUERADE xt_conntrack ipt_REJECT nf_reject_ipv4 nft_compat nft_counter nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 nf_tables xsk_diag tcp_diag udp_diag raw_diag inet_diag unix_diag af_packet_diag netlink_diag tun bridge stp llc rfkill sunrpc pseries_rng xts vmx_crypto uio_pdrv_genirq uio binfmt_misc ip_tables xfs libcrc32c sd_mod t10_pi sg ibmvscsi ibmvnic ibmveth scsi_transport_srp dm_mirror dm_region_hash dm_log dm_mod
CPU: 80 PID: 1856 Comm: kworker/80:2 Tainted: G        W         5.8.0+ #4
Workqueue: events __ibmvnic_reset [ibmvnic]
NIP:  c008000003dea7cc LR: c008000003dea7bc CTR: 0000000000000000
REGS: c0000007ef7db860 TRAP: 0380   Tainted: G        W          (5.8.0+)
MSR:  800000000280b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE>  CR: 28002422  XER: 0000000d
CFAR: c000000000bd9520 IRQMASK: 0
GPR00: c008000003dea7bc c0000007ef7dbaf0 c008000003df7400 c0000007fa26ec00
GPR04: c0000007fcd0d008 c0000007fcd96350 0000000000000027 c0000007fcd0d010
GPR08: 0000000000000023 0000000000000000 0000000000000000 0000000000000000
GPR12: 0000000000002000 c00000001ec18e00 c0000000001982f8 c0000007bad6e840
GPR16: 0000000000000000 0000000000000000 0000000000000000 0000000000000000
GPR20: 0000000000000000 0000000000000000 0000000000000000 fffffffffffffef7
GPR24: 0000000000000402 c0000007fa26f3a8 0000000000000003 c00000016f8ec048
GPR28: 0000000000000000 0000000000000000 0000000000000000 c0000007fa26ec00
NIP [c008000003dea7cc] ibmvnic_reset_init+0x15c/0x258 [ibmvnic]
LR [c008000003dea7bc] ibmvnic_reset_init+0x14c/0x258 [ibmvnic]
Call Trace:
[c0000007ef7dbaf0] [c008000003dea7bc] ibmvnic_reset_init+0x14c/0x258 [ibmvnic] (unreliable)
[c0000007ef7dbb80] [c008000003de8860] __ibmvnic_reset+0x408/0x970 [ibmvnic]
[c0000007ef7dbc50] [c00000000018b7cc] process_one_work+0x2cc/0x800
[c0000007ef7dbd20] [c00000000018bd78] worker_thread+0x78/0x520
[c0000007ef7dbdb0] [c0000000001984c4] kthread+0x1d4/0x1e0
[c0000007ef7dbe20] [c00000000000cea8] ret_from_kernel_thread+0x5c/0x74

Fixes: 57a49436f4 ("ibmvnic: Reset sub-crqs during driver reset")
Signed-off-by: Lijun Pan <ljp@linux.ibm.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-12-02 08:48:12 +01:00
..
accessibility
acpi ACPI: button: Add DMI quirk for Medion Akoya E2228T 2020-11-24 13:27:19 +01:00
amba
android binder: fix UAF when releasing todo list 2020-10-29 09:54:56 +01:00
ata ata: sata_nv: Fix retrieving of active qcs 2020-11-05 11:08:38 +01:00
atm atm: nicstar: Unmap DMA on send error 2020-11-24 13:27:15 +01:00
auxdisplay
base PM: runtime: Resume the device earlier in __device_release_driver() 2020-11-10 12:36:01 +01:00
bcma bcma: fix incorrect update of BCMA_CORE_PCI_MDIO_DATA 2020-01-27 14:51:09 +01:00
block nbd: fix a block_device refcount leak in nbd_release 2020-11-18 19:18:47 +01:00
bluetooth Bluetooth: hci_uart: Cancel init work before unregistering 2020-10-29 09:55:05 +01:00
bus bus/fsl_mc: Do not rely on caller to provide non NULL mc_io 2020-11-05 11:08:43 +01:00
cdrom
char random32: make prandom_u32() output unpredictable 2020-11-18 19:18:52 +01:00
clk clk: ti: clockdomain: fix static checker warning 2020-11-05 11:08:44 +01:00
clocksource clocksource/drivers/h8300_timer8: Fix wrong return value in h8300_8timer_init() 2020-10-01 13:14:51 +02:00
connector
cpufreq acpi-cpufreq: Honor _PSD table setting on new AMD CPUs 2020-11-05 11:08:47 +01:00
cpuidle cpuidle: Fixup IRQ state 2020-09-09 19:04:23 +02:00
crypto chelsio/chtls: fix always leaking ctrl_skb 2020-11-10 12:35:54 +01:00
dax
dca
devfreq PM / devfreq: tegra30: Fix integer overflow on CPU's freq max out 2020-10-01 13:14:26 +02:00
dio
dma dmaengine: pl330: _prep_dma_memcpy: Fix wrong burst size 2020-12-02 08:48:09 +01:00
dma-buf dma-fence: Serialise signal enabling (dma_fence_enable_sw_signaling) 2020-10-01 13:14:24 +02:00
edac EDAC/ti: Fix handling of platform_get_irq() error 2020-10-29 09:55:00 +01:00
eisa
extcon extcon: adc-jack: Fix an error handling path in 'adc_jack_probe()' 2020-06-25 15:33:01 +02:00
firewire
firmware firmware: arm_sdei: Use cpus_read_lock() to avoid races with cpuhp 2020-10-01 13:14:35 +02:00
fmc
fpga fpga: dfl: fix bug in port reset handshake 2020-07-29 10:16:48 +02:00
fsi fsi: sbefifo: Don't fail operations when in SBE IPL state 2020-01-27 14:51:00 +01:00
gnss gnss: sirf: fix error return code in sirf_probe() 2020-06-22 09:05:28 +02:00
gpio gpio: pcie-idio-24: Enable PEX8311 interrupts 2020-11-18 19:18:50 +01:00
gpu drm/atomic_helper: Stop modesets on unregistered connectors harder 2020-12-02 08:48:08 +01:00
hid HID: Add Logitech Dinovo Edge battery quirk 2020-12-02 08:48:09 +01:00
hsi
hv hv_balloon: disable warning when floor reached 2020-11-18 19:18:41 +01:00
hwmon hwmon: (pmbus/max34440) Fix status register reads for MAX344{51,60,61} 2020-10-29 09:55:02 +01:00
hwspinlock
hwtracing coresight: tmc: Fix TMC mode read in tmc_read_unprepare_etb() 2020-08-19 08:14:58 +02:00
i2c i2c: imx: Fix external abort on interrupt in exit paths 2020-11-05 11:08:52 +01:00
ide ide: serverworks: potential overflow in svwks_set_pio_mode() 2020-02-24 08:34:49 +01:00
idle
iio iio: accel: kxcjk1013: Add support for KIOX010A ACPI DSM for setting tablet-mode 2020-11-24 13:27:25 +01:00
infiniband IB/mthca: fix return value of error branch in mthca_init_cq() 2020-12-02 08:48:11 +01:00
input Input: i8042 - allow insmod to succeed on devices without an i8042 controller 2020-12-02 08:48:08 +01:00
iommu iommu/amd: Increase interrupt remapping table limit to 512 entries 2020-11-18 19:18:45 +01:00
ipack ipack: tpci200: fix error return code in tpci200_register() 2020-05-27 17:37:43 +02:00
irqchip irqchip/stm32-exti: Avoid losing interrupts due to clearing pending bits by mistake 2020-09-03 11:24:29 +02:00
isdn PCI: add USR vendor id and use it in r8169 and w6692 driver 2020-06-22 09:05:23 +02:00
leds leds: bcm6328, bcm6358: use devres LED registering function 2020-11-05 11:08:46 +01:00
lightnvm lightnvm: pblk: fix lock order in pblk_rb_tear_down_check 2020-01-27 14:50:45 +01:00
macintosh drivers/macintosh: Fix memleak in windfarm_pm112 driver 2020-06-22 09:05:29 +02:00
mailbox mailbox: avoid timer start from callback 2020-10-30 10:38:21 +01:00
mcb
md md/raid5: fix oops during stripe resizing 2020-11-05 11:08:45 +01:00
media media: uvcvideo: Fix uvc_ctrl_fixup_xu_info() not having any effect 2020-11-05 11:08:46 +01:00
memory memory: emif: Remove bogus debugfs error handling 2020-11-05 11:08:45 +01:00
memstick
message scsi: mptfusion: Fix null pointer dereferences in mptscsih_remove() 2020-11-05 11:08:47 +01:00
mfd mfd: sprd: Add wakeup capability for PMIC IRQ 2020-11-18 19:18:46 +01:00
misc mei: protect mei_cl_mtu from null dereference 2020-11-18 19:18:49 +01:00
mmc mmc: renesas_sdhi_core: Add missing tmio_mmc_host_free() at remove 2020-11-18 19:18:50 +01:00
mtd ubi: check kthread_should_stop() after the setting of task state 2020-11-05 11:08:52 +01:00
mux
net ibmvnic: fix NULL pointer dereference in reset_sub_crq_queues 2020-12-02 08:48:12 +01:00
nfc nfc: s3fwrn5: use signed integer for parsing GPIO numbers 2020-12-02 08:48:11 +01:00
ntb NTB: hw: amd: fix an issue about leak system resources 2020-10-30 10:38:25 +01:00
nubus
nvdimm libnvdimm: Fix endian conversion issues 2020-06-07 13:17:53 +02:00
nvme nvme: free sq/cq dbbuf pointers when dbbuf set fails 2020-12-02 08:48:09 +01:00
nvmem nvmem: qfprom: remove incorrect write support 2020-06-10 21:35:00 +02:00
of of/address: Fix of_node memory leak in of_dma_is_coherent 2020-11-18 19:18:48 +01:00
opp OPP: Fix missing debugfs supply directory for OPPs 2020-01-27 14:50:04 +01:00
oprofile
parisc parisc: mask out enable and reserved bits from sba imask 2020-08-19 08:15:07 +02:00
parport
pci PCI: iproc: Set affinity mask on MSI interrupts 2020-10-30 10:38:21 +01:00
pcmcia
perf drivers/perf: xgene_pmu: Fix uninitialized resource struct 2020-10-29 09:55:00 +01:00
phy phy: tegra: xusb: Fix dangling pointer on probe failure 2020-12-02 08:48:10 +01:00
pinctrl pinctrl: rockchip: enable gpio pclk for rockchip_gpio_to_irq 2020-11-24 13:27:19 +01:00
platform platform/x86: mlx-platform: Remove PSU EEPROM configuration 2020-10-29 09:55:14 +01:00
pnp
power power: supply: test_power: add missing newlines when printing parameters by sysfs 2020-11-05 11:08:43 +01:00
powercap powercap: restrict energy meter to root access 2020-11-10 21:11:27 +01:00
pps
ps3
ptp ptp: free ptp device pin descriptors properly 2020-01-23 08:21:35 +01:00
pwm pwm: img: Fix null pointer access in probe 2020-10-30 10:38:21 +01:00
rapidio rapidio: fix the missed put_device() for rio_mport_add_riodev 2020-10-30 10:38:21 +01:00
ras
regulator regulator: workaround self-referent regulators 2020-11-24 13:27:25 +01:00
remoteproc remoteproc: qcom: q6v5: Update running state before requesting stop 2020-08-21 11:05:34 +02:00
reset reset: uniphier: Add SCSSI reset control for each channel 2020-02-24 08:34:44 +01:00
rpmsg rpmsg: glink: Use complete_all for open states 2020-11-05 11:08:43 +01:00
rtc rtc: rx8010: don't modify the global rtc ops 2020-11-05 11:08:54 +01:00
s390 s390/qeth: fix tear down of async TX buffers 2020-12-02 08:48:11 +01:00
sbus
scsi scsi: ufs: Fix race between shutdown and runtime resume flow 2020-12-02 08:48:10 +01:00
sfi
sh
siox
slimbus slimbus: qcom-ngd-ctrl: disable ngd in qmi server down callback 2020-10-29 09:55:12 +01:00
sn
soc soc: qcom: rpmh-rsc: Set suppress_bind_attrs flag 2020-08-19 08:14:50 +02:00
soundwire
spi spi: spi-s3c64xx: Check return values 2020-10-29 09:55:05 +01:00
spmi
ssb
staging staging: rtl8723bs: Add 024c:0627 to the list of SDIO device-ids 2020-11-24 13:27:24 +01:00
target scsi: target: iscsi: Fix cmd abort fabric stop race 2020-12-02 08:48:10 +01:00
tc
tee tee: optee: Fix compilation issue with nommu 2020-02-05 14:43:50 +00:00
thermal thermal: rcar_thermal: Handle probe error gracefully 2020-10-01 13:14:39 +02:00
thunderbolt thunderbolt: Add the missed ida_simple_remove() in ring_request_msix() 2020-11-18 19:18:49 +01:00
tty tty: serial: imx: keep console clocks always on 2020-11-24 13:27:24 +01:00
uio uio: Fix use-after-free in uio_unregister_device() 2020-11-18 19:18:49 +01:00
usb xhci: hisilicon: fix refercence leak in xhci_histb_probe 2020-11-18 19:18:49 +01:00
uwb
vfio vfio: platform: fix reference leak in vfio_platform_open 2020-11-18 19:18:46 +01:00
vhost vringh: fix __vringh_iov() when riov and wiov are different 2020-11-05 11:08:53 +01:00
video video: hyperv_fb: Fix the cache type when mapping the VRAM 2020-12-02 08:48:11 +01:00
virt drivers/virt/fsl_hypervisor: Fix error handling path 2020-10-29 09:55:09 +01:00
virtio virtio_ring: Avoid loop when vq is broken in virtqueue_poll 2020-08-26 10:31:01 +02:00
visorbus visorbus: fix uninitialized variable access 2020-02-24 08:34:47 +01:00
vlynq
vme vme: bridges: reduce stack usage 2020-02-24 08:34:47 +01:00
w1 w1: mxc_w1: Fix timeout resolution problem leading to bus error 2020-11-05 11:08:47 +01:00
watchdog drivers: watchdog: rdc321x_wdt: Fix race condition bugs 2020-11-05 11:08:44 +01:00
xen xen/events: block rogue events for some time 2020-11-05 11:08:37 +01:00
zorro
Kconfig
Makefile