openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/drivers/net
History
Manish Chopra ffb057f989 qed: Fix stack out of bounds bug 
KASAN reported following bug in qed_init_qm_get_idx_from_flags
due to inappropriate casting of "pq_flags". Fix the type of "pq_flags".

[  196.624707] BUG: KASAN: stack-out-of-bounds in qed_init_qm_get_idx_from_flags+0x1a4/0x1b8 [qed]
[  196.624712] Read of size 8 at addr ffff809b00bc7360 by task kworker/0:9/1712
[  196.624714]
[  196.624720] CPU: 0 PID: 1712 Comm: kworker/0:9 Not tainted 4.18.0-60.el8.aarch64+debug #1
[  196.624723] Hardware name: To be filled by O.E.M. Saber/Saber, BIOS 0ACKL024 09/26/2018
[  196.624733] Workqueue: events work_for_cpu_fn
[  196.624738] Call trace:
[  196.624742]  dump_backtrace+0x0/0x2f8
[  196.624745]  show_stack+0x24/0x30
[  196.624749]  dump_stack+0xe0/0x11c
[  196.624755]  print_address_description+0x68/0x260
[  196.624759]  kasan_report+0x178/0x340
[  196.624762]  __asan_report_load_n_noabort+0x38/0x48
[  196.624786]  qed_init_qm_get_idx_from_flags+0x1a4/0x1b8 [qed]
[  196.624808]  qed_init_qm_info+0xec0/0x2200 [qed]
[  196.624830]  qed_resc_alloc+0x284/0x7e8 [qed]
[  196.624853]  qed_slowpath_start+0x6cc/0x1ae8 [qed]
[  196.624864]  __qede_probe.isra.10+0x1cc/0x12c0 [qede]
[  196.624874]  qede_probe+0x78/0xf0 [qede]
[  196.624879]  local_pci_probe+0xc4/0x180
[  196.624882]  work_for_cpu_fn+0x54/0x98
[  196.624885]  process_one_work+0x758/0x1900
[  196.624888]  worker_thread+0x4e0/0xd18
[  196.624892]  kthread+0x2c8/0x350
[  196.624897]  ret_from_fork+0x10/0x18
[  196.624899]
[  196.624902] Allocated by task 2:
[  196.624906]  kasan_kmalloc.part.1+0x40/0x108
[  196.624909]  kasan_kmalloc+0xb4/0xc8
[  196.624913]  kasan_slab_alloc+0x14/0x20
[  196.624916]  kmem_cache_alloc_node+0x1dc/0x480
[  196.624921]  copy_process.isra.1.part.2+0x1d8/0x4a98
[  196.624924]  _do_fork+0x150/0xfa0
[  196.624926]  kernel_thread+0x48/0x58
[  196.624930]  kthreadd+0x3a4/0x5a0
[  196.624932]  ret_from_fork+0x10/0x18
[  196.624934]
[  196.624937] Freed by task 0:
[  196.624938] (stack is not available)
[  196.624940]
[  196.624943] The buggy address belongs to the object at ffff809b00bc0000
[  196.624943]  which belongs to the cache thread_stack of size 32768
[  196.624946] The buggy address is located 29536 bytes inside of
[  196.624946]  32768-byte region [ffff809b00bc0000, ffff809b00bc8000)
[  196.624948] The buggy address belongs to the page:
[  196.624952] page:ffff7fe026c02e00 count:1 mapcount:0 mapping:ffff809b4001c000 index:0x0 compound_mapcount: 0
[  196.624960] flags: 0xfffff8000008100(slab|head)
[  196.624967] raw: 0fffff8000008100 dead000000000100 dead000000000200 ffff809b4001c000
[  196.624970] raw: 0000000000000000 0000000000080008 00000001ffffffff 0000000000000000
[  196.624973] page dumped because: kasan: bad access detected
[  196.624974]
[  196.624976] Memory state around the buggy address:
[  196.624980]  ffff809b00bc7200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  196.624983]  ffff809b00bc7280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  196.624985] >ffff809b00bc7300: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2 f2 f2
[  196.624988]                                                        ^
[  196.624990]  ffff809b00bc7380: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  196.624993]  ffff809b00bc7400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  196.624995] ==================================================================

Signed-off-by: Manish Chopra <manishc@marvell.com>
Signed-off-by: Ariel Elior <aelior@marvell.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2019-01-28 11:13:34 -08:00
..
appletalk drivers/net: appletalk/cops: remove redundant if statement and mask 2018-12-24 14:48:26 -08:00
arcnet mm: remove include/linux/bootmem.h 2018-10-31 08:54:16 -07:00
bonding bonding: update nest level on unlink 2019-01-10 16:49:39 -05:00
caif
can can: flexcan: fix NULL pointer exception during bringup 2019-01-22 11:35:33 +01:00
dsa net: dsa: mv88e6xxx: Fix serdes irq setup going recursive 2019-01-27 23:19:19 -08:00
ethernet qed: Fix stack out of bounds bug 2019-01-28 11:13:34 -08:00
fddi cross-tree: phase out dma_zalloc_coherent() 2019-01-08 07:58:37 -05:00
fjes fjes: convert to DEFINE_SHOW_ATTRIBUTE 2018-12-10 12:05:20 -08:00
hamradio net/hamradio/6pack: use mod_timer() to rearm timers 2019-01-02 10:27:01 -08:00
hippi
hyperv hv_netvsc: fix typos in code comments 2019-01-23 13:21:34 -05:00
ieee802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00
ipvlan net: ipvlan: Issue NETDEV_PRE_CHANGEADDR 2018-12-13 18:41:38 -08:00
netdevsim drivers: net: netdevsim: use skb_sec_path helper 2018-12-19 11:21:37 -08:00
phy net: phy: Fixup GPLv2+ SPDX tags based on license text 2019-01-22 20:57:03 -08:00
plip
ppp net: Fix usage of pskb_trim_rcsum 2019-01-18 14:05:14 -08:00
slip
team net: dev: Add extack argument to dev_set_mac_address() 2018-12-13 18:41:38 -08:00
usb net: usb: asix: ax88772_bind return error when hw_reset fail 2019-01-24 22:33:11 -08:00
vmxnet3 cross-tree: phase out dma_zalloc_coherent() 2019-01-08 07:58:37 -05:00
wan Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-01-16 05:13:36 +12:00
wimax
wireless virt_wifi: fix error return code in virt_wifi_newlink() 2019-01-19 09:12:16 +01:00
xen-netback net: xenbus: convert to DEFINE_SHOW_ATTRIBUTE 2018-12-10 12:05:20 -08:00
Kconfig net: Fix typo in NET_FAILOVER help text 2019-01-18 14:06:29 -08:00
LICENSE.SRC
Makefile
Space.c
dummy.c
eql.c
geneve.c geneve: Initialize addr6 with memset 2018-11-17 22:03:06 -08:00
gtp.c
ifb.c
loopback.c
macsec.c macsec: let the administrator set UP state even if lowerdev is down 2018-10-28 19:26:42 -07:00
macvlan.c macvlan: replace kfree_skb by consume_skb for drop profiles 2019-01-17 22:09:09 -08:00
macvtap.c
mdio.c
mii.c
net_failover.c net: core: dev: Add extack argument to dev_open() 2018-12-06 13:26:06 -08:00
netconsole.c
nlmon.c
ntb_netdev.c ntb_netdev: Simplify remove with client device drvdata 2018-10-31 21:20:05 -04:00
rionet.c rapidio/rionet: do not free skb before reading its length 2018-11-28 10:38:48 -08:00
sb1000.c
sungem_phy.c
tap.c tap: call skb_probe_transport_header after setting skb->dev 2019-01-01 12:01:02 -08:00
thunderbolt.c
tun.c tun: publish tfile after it's fully initialized 2019-01-10 09:24:38 -05:00
veth.c net: Add extack argument to rtnl_create_link 2018-11-06 15:00:45 -08:00
virtio_net.c virtio_net: bulk free tx skbs 2019-01-19 16:06:52 -08:00
vrf.c net: core: dev: Add extack argument to dev_change_flags() 2018-12-06 13:26:07 -08:00
vsockmon.c
vxlan.c vxlan: Correct merge error. 2018-12-20 16:14:22 -08:00
xen-netfront.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-20 11:53:36 -08:00