mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/smc
History
Wen Gu d3aea02f0f net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT 
[ Upstream commit c308e9ec00 ]

SMCRv1 has a similar issue to SMCRv2 (see link below) that may access
invalid MRs of RMBs when construct LLC ADD LINK CONT messages.

 BUG: kernel NULL pointer dereference, address: 0000000000000014
 #PF: supervisor read access in kernel mode
 #PF: error_code(0x0000) - not-present page
 PGD 0 P4D 0
 Oops: 0000 [#1] PREEMPT SMP PTI
 CPU: 5 PID: 48 Comm: kworker/5:0 Kdump: loaded Tainted: G W   E      6.4.0-rc3+ #49
 Workqueue: events smc_llc_add_link_work [smc]
 RIP: 0010:smc_llc_add_link_cont+0x160/0x270 [smc]
 RSP: 0018:ffffa737801d3d50 EFLAGS: 00010286
 RAX: ffff964f82144000 RBX: ffffa737801d3dd8 RCX: 0000000000000000
 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff964f81370c30
 RBP: ffffa737801d3dd4 R08: ffff964f81370000 R09: ffffa737801d3db0
 R10: 0000000000000001 R11: 0000000000000060 R12: ffff964f82e70000
 R13: ffff964f81370c38 R14: ffffa737801d3dd3 R15: 0000000000000001
 FS:  0000000000000000(0000) GS:ffff9652bfd40000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000014 CR3: 000000008fa20004 CR4: 00000000003706e0
 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 Call Trace:
  <TASK>
  smc_llc_srv_rkey_exchange+0xa7/0x190 [smc]
  smc_llc_srv_add_link+0x3ae/0x5a0 [smc]
  smc_llc_add_link_work+0xb8/0x140 [smc]
  process_one_work+0x1e5/0x3f0
  worker_thread+0x4d/0x2f0
  ? __pfx_worker_thread+0x10/0x10
  kthread+0xe5/0x120
  ? __pfx_kthread+0x10/0x10
  ret_from_fork+0x2c/0x50
  </TASK>

When an alernate RNIC is available in system, SMC will try to add a new
link based on the RNIC for resilience. All the RMBs in use will be mapped
to the new link. Then the RMBs' MRs corresponding to the new link will
be filled into LLC messages. For SMCRv1, they are ADD LINK CONT messages.

However smc_llc_add_link_cont() may mistakenly access to unused RMBs which
haven't been mapped to the new link and have no valid MRs, thus causing a
crash. So this patch fixes it.

Fixes: 87f88cda21 ("net/smc: rkey processing for a new link as SMC client")
Link: https://lore.kernel.org/r/1685101741-74826-3-git-send-email-guwen@linux.alibaba.com
Signed-off-by: Wen Gu <guwen@linux.alibaba.com>
Reviewed-by: Wenjia Zhang <wenjia@linux.ibm.com>
Reviewed-by: Tony Lu <tonylu@linux.alibaba.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-06-14 11:16:44 +02:00
..
Kconfig
Makefile net/smc: fix compile warning for smc_sysctl 2022-03-07 11:59:17 +00:00
af_smc.c net/smc: Reset connection when trying to use SMCRv2 fails. 2023-05-30 14:17:28 +01:00
smc.h net/smc: Only save the original clcsock callback functions 2022-04-25 11:03:48 -07:00
smc_cdc.c net/smc: fix NULL sndbuf_desc in smc_cdc_tx_handler() 2023-03-13 16:03:58 -07:00
smc_cdc.h net/smc: fix kernel panic caused by race of smc_sock 2021-12-28 12:42:45 +00:00
smc_clc.c net/smc: Separate SMC-D and ISM APIs 2023-01-25 09:46:48 +00:00
smc_clc.h net/smc: Allow virtually contiguous sndbufs or RMBs for SMC-R 2022-07-18 11:19:17 +01:00
smc_close.c net: deal with most data-races in sk_wait_event() 2023-05-24 17:29:59 +01:00
smc_close.h
smc_core.c net/smc: Reset connection when trying to use SMCRv2 fails. 2023-05-30 14:17:28 +01:00
smc_core.h net/smc: replace mutex rmbs_lock and sndbufs_lock with rw_semaphore 2023-02-04 09:48:19 +00:00
smc_diag.c net/smc: Separate SMC-D and ISM APIs 2023-01-25 09:46:48 +00:00
smc_ib.c net/smc: Allow virtually contiguous sndbufs or RMBs for SMC-R 2022-07-18 11:19:17 +01:00
smc_ib.h net/smc: optimize for smc_sndbuf_sync_sg_for_device and smc_rmb_sync_sg_for_cpu 2022-07-18 11:19:17 +01:00
smc_ism.c net/smc: De-tangle ism and smc device initialization 2023-01-25 09:46:49 +00:00
smc_ism.h net/smc: Register SMC-D as ISM client 2023-01-25 09:46:48 +00:00
smc_llc.c net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT 2023-06-14 11:16:44 +02:00
smc_llc.h net/smc: Introduce a specific sysctl for TEST_LINK time 2022-09-22 12:58:21 +02:00
smc_netlink.c genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
smc_netlink.h net/smc: add support for user defined EIDs 2021-09-14 12:49:10 +01:00
smc_netns.h net/smc: introduce list of pnetids for Ethernet devices 2020-09-28 15:19:03 -07:00
smc_pnet.c net/smc: De-tangle ism and smc device initialization 2023-01-25 09:46:49 +00:00
smc_pnet.h net/smc: Use a mutex for locking "struct smc_pnettable" 2022-02-24 09:09:33 -08:00
smc_rx.c net: deal with most data-races in sk_wait_event() 2023-05-24 17:29:59 +01:00
smc_rx.h
smc_stats.c net/smc: Fix ENODATA tests in smc_nl_get_fback_stats() 2021-06-21 12:16:58 -07:00
smc_stats.h net/smc: Make SMC statistics network namespace aware 2021-06-16 12:54:02 -07:00
smc_sysctl.c net/smc: Unbind r/w buffer size from clcsock and make them tunable 2022-09-22 12:58:21 +02:00
smc_sysctl.h net/smc: fix -Wmissing-prototypes warning when CONFIG_SYSCTL not set 2022-03-09 20:02:35 -08:00
smc_tracepoint.c net/smc: Introduce tracepoint for smcr link down 2021-11-01 13:39:14 +00:00
smc_tracepoint.h net/smc: Add net namespace for tracepoints 2022-01-02 12:07:39 +00:00
smc_tx.c net: deal with most data-races in sk_wait_event() 2023-05-24 17:29:59 +01:00
smc_tx.h net/smc: Cork when sendpage with MSG_SENDPAGE_NOTLAST flag 2022-01-31 15:08:20 +00:00
smc_wr.c net/smc: Fix possible access to freed memory in link clear 2022-09-07 16:00:48 +01:00
smc_wr.h net/smc: Fix possible access to freed memory in link clear 2022-09-07 16:00:48 +01:00