openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/drivers/net/ethernet/qlogic/qed
History
Manish Chopra ffb057f989 qed: Fix stack out of bounds bug 
KASAN reported following bug in qed_init_qm_get_idx_from_flags
due to inappropriate casting of "pq_flags". Fix the type of "pq_flags".

[  196.624707] BUG: KASAN: stack-out-of-bounds in qed_init_qm_get_idx_from_flags+0x1a4/0x1b8 [qed]
[  196.624712] Read of size 8 at addr ffff809b00bc7360 by task kworker/0:9/1712
[  196.624714]
[  196.624720] CPU: 0 PID: 1712 Comm: kworker/0:9 Not tainted 4.18.0-60.el8.aarch64+debug #1
[  196.624723] Hardware name: To be filled by O.E.M. Saber/Saber, BIOS 0ACKL024 09/26/2018
[  196.624733] Workqueue: events work_for_cpu_fn
[  196.624738] Call trace:
[  196.624742]  dump_backtrace+0x0/0x2f8
[  196.624745]  show_stack+0x24/0x30
[  196.624749]  dump_stack+0xe0/0x11c
[  196.624755]  print_address_description+0x68/0x260
[  196.624759]  kasan_report+0x178/0x340
[  196.624762]  __asan_report_load_n_noabort+0x38/0x48
[  196.624786]  qed_init_qm_get_idx_from_flags+0x1a4/0x1b8 [qed]
[  196.624808]  qed_init_qm_info+0xec0/0x2200 [qed]
[  196.624830]  qed_resc_alloc+0x284/0x7e8 [qed]
[  196.624853]  qed_slowpath_start+0x6cc/0x1ae8 [qed]
[  196.624864]  __qede_probe.isra.10+0x1cc/0x12c0 [qede]
[  196.624874]  qede_probe+0x78/0xf0 [qede]
[  196.624879]  local_pci_probe+0xc4/0x180
[  196.624882]  work_for_cpu_fn+0x54/0x98
[  196.624885]  process_one_work+0x758/0x1900
[  196.624888]  worker_thread+0x4e0/0xd18
[  196.624892]  kthread+0x2c8/0x350
[  196.624897]  ret_from_fork+0x10/0x18
[  196.624899]
[  196.624902] Allocated by task 2:
[  196.624906]  kasan_kmalloc.part.1+0x40/0x108
[  196.624909]  kasan_kmalloc+0xb4/0xc8
[  196.624913]  kasan_slab_alloc+0x14/0x20
[  196.624916]  kmem_cache_alloc_node+0x1dc/0x480
[  196.624921]  copy_process.isra.1.part.2+0x1d8/0x4a98
[  196.624924]  _do_fork+0x150/0xfa0
[  196.624926]  kernel_thread+0x48/0x58
[  196.624930]  kthreadd+0x3a4/0x5a0
[  196.624932]  ret_from_fork+0x10/0x18
[  196.624934]
[  196.624937] Freed by task 0:
[  196.624938] (stack is not available)
[  196.624940]
[  196.624943] The buggy address belongs to the object at ffff809b00bc0000
[  196.624943]  which belongs to the cache thread_stack of size 32768
[  196.624946] The buggy address is located 29536 bytes inside of
[  196.624946]  32768-byte region [ffff809b00bc0000, ffff809b00bc8000)
[  196.624948] The buggy address belongs to the page:
[  196.624952] page:ffff7fe026c02e00 count:1 mapcount:0 mapping:ffff809b4001c000 index:0x0 compound_mapcount: 0
[  196.624960] flags: 0xfffff8000008100(slab|head)
[  196.624967] raw: 0fffff8000008100 dead000000000100 dead000000000200 ffff809b4001c000
[  196.624970] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[  196.624973] page dumped because: kasan: bad access detected
[  196.624974]
[  196.624976] Memory state around the buggy address:
[  196.624980]  ffff809b00bc7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  196.624983]  ffff809b00bc7280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  196.624985] >ffff809b00bc7300: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2
[  196.624988]                                                        ^
[  196.624990]  ffff809b00bc7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  196.624993]  ffff809b00bc7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  196.624995] ==================================================================

Signed-off-by: Manish Chopra <manishc@marvell.com>
Signed-off-by: Ariel Elior <aelior@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2019-01-28 11:13:34 -08:00
..
Makefile qed: Add support for tlv request processing. 2018-05-22 23:29:53 -04:00
qed.h qed: Use the doorbell overflow recovery mechanism in case of doorbell overflow 2018-11-30 13:45:13 -08:00
qed_cxt.c cross-tree: phase out dma_zalloc_coherent() 2019-01-08 07:58:37 -05:00
qed_cxt.h qed: Add srq core support for RoCE and iWARP 2018-06-04 17:09:54 -04:00
qed_dcbx.c qed: Fix overriding offload_tc by protocols without APP TLV 2018-11-13 08:51:16 -08:00
qed_dcbx.h qed: Do not add VLAN 0 tag to untagged frames in multi-function mode. 2018-09-19 23:12:24 -07:00
qed_debug.c qed: fix spelling mistake "attnetion" -> "attention" 2018-11-27 16:22:23 -08:00
qed_debug.h qed: Utilize FW 8.20.0.0 2017-05-18 13:21:40 -04:00
qed_dev.c qed: Fix stack out of bounds bug 2019-01-28 11:13:34 -08:00
qed_dev_api.h qed: Add doorbell overflow recovery mechanism 2018-11-30 13:45:12 -08:00
qed_fcoe.c qed: Fix SPQ entries not returned to pool in error flows 2018-11-08 19:38:19 -08:00
qed_fcoe.h qed: Revise alloc/setup/free flow 2017-05-21 12:56:53 -04:00
qed_hsi.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00
qed_hw.c qed*: Utilize FW 8.37.2.0 2018-06-05 10:48:09 -04:00
qed_hw.h qed*: Utilize FW 8.37.2.0 2018-06-05 10:48:09 -04:00
qed_init_fw_funcs.c qed: remove redundant functions qed_set_gft_event_id_cm_hdr 2018-07-29 08:33:30 -07:00
qed_init_ops.c qed: fix spelling mistake "comparsion" -> "comparison" 2018-08-25 17:41:09 -07:00
qed_init_ops.h qed*: Update to dual-license 2017-01-01 21:02:14 -05:00
qed_int.c qed: Use the doorbell overflow recovery mechanism in case of doorbell overflow 2018-11-30 13:45:13 -08:00
qed_int.h qed: Use the doorbell overflow recovery mechanism in case of doorbell overflow 2018-11-30 13:45:13 -08:00
qed_iscsi.c qed: Fix SPQ entries not returned to pool in error flows 2018-11-08 19:38:19 -08:00
qed_iscsi.h qed: Revise alloc/setup/free flow 2017-05-21 12:56:53 -04:00
qed_iwarp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-10-03 21:00:17 -07:00
qed_iwarp.h qed*: Utilize FW 8.33.1.0 2018-01-02 13:59:16 -05:00
qed_l2.c qed: Fix LACP pdu drops for VFs 2019-01-28 11:13:34 -08:00
qed_l2.h qed: Fix LACP pdu drops for VFs 2019-01-28 11:13:34 -08:00
qed_ll2.c qed: Fix system crash in ll2 xmit 2019-01-28 11:13:34 -08:00
qed_ll2.h qed: Register light L2 queues with doorbell overflow recovery mechanism 2018-11-30 13:45:13 -08:00
qed_main.c qed: Expose the doorbell overflow recovery mechanism to the protocol drivers 2018-11-30 13:45:13 -08:00
qed_mcp.c qed: Add support for MBI upgrade over MFW. 2018-11-27 16:17:20 -08:00
qed_mcp.h qed: Add support for MBI upgrade over MFW. 2018-11-27 16:17:20 -08:00
qed_mng_tlv.c qed: Add support for processing iscsi tlv request. 2018-05-22 23:29:54 -04:00
qed_ooo.c qed: Remove set but not used variable 'p_archipelago' 2018-09-28 10:25:11 -07:00
qed_ooo.h qed: Fix iWARP out of order flow 2017-10-19 12:46:43 +01:00
qed_ptp.c qed: Drop the 's' from num_ports_in_engines 2017-05-24 15:17:19 -04:00
qed_rdma.c qed: Fix rdma_info structure allocation 2018-11-13 08:51:16 -08:00
qed_rdma.h drivers/net/ethernet/qlogic/qed/qed_rdma.h: fix typo 2018-11-15 16:21:00 -08:00
qed_reg_addr.h qed: Use the doorbell overflow recovery mechanism in case of doorbell overflow 2018-11-30 13:45:13 -08:00
qed_roce.c qed: Fix SPQ entries not returned to pool in error flows 2018-11-08 19:38:19 -08:00
qed_roce.h qed: Split rdma content between qed_rdma and qed_roce 2017-06-21 15:32:59 -04:00
qed_selftest.c qed: Fix PTT entry leak in the selftest error flow. 2018-03-29 14:29:55 -04:00
qed_selftest.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
qed_sp.h qed: Register slowpath queue doorbell with doorbell overflow recovery mechanism 2018-11-30 13:45:13 -08:00
qed_sp_commands.c qed: Fix SPQ entries not returned to pool in error flows 2018-11-08 19:38:19 -08:00
qed_spq.c qed: Register slowpath queue doorbell with doorbell overflow recovery mechanism 2018-11-30 13:45:13 -08:00
qed_sriov.c qed: Fix LACP pdu drops for VFs 2019-01-28 11:13:34 -08:00
qed_sriov.h qed*: Utilize FW 8.33.1.0 2018-01-02 13:59:16 -05:00
qed_vf.c qed: Fix VF probe failure while FLR 2019-01-28 11:13:34 -08:00
qed_vf.h qed: Correct Multicast API to reflect existence of 256 approximate buckets. 2018-07-21 16:19:04 -07:00