linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-26 20:38:12 +00:00

No description

Find a file

Manuel Ullmann 35dd5f6de5 net: atlantic: invert deep par in pm functions, preventing null derefs commit `cbe6c3a8f8` upstream. This will reset deeply on freeze and thaw instead of suspend and resume and prevent null pointer dereferences of the uninitialized ring 0 buffer while thawing. The impact is an indefinitely hanging kernel. You can't switch consoles after this and the only possible user interaction is SysRq. BUG: kernel NULL pointer dereference RIP: 0010:aq_ring_rx_fill+0xcf/0x210 [atlantic] aq_vec_init+0x85/0xe0 [atlantic] aq_nic_init+0xf7/0x1d0 [atlantic] atl_resume_common+0x4f/0x100 [atlantic] pci_pm_thaw+0x42/0xa0 resolves in aq_ring.o to ``` 0000000000000ae0 <aq_ring_rx_fill>: { /* ... / baf: 48 8b 43 08 mov 0x8(%rbx),%rax buff->flags = 0U; / buff is NULL */ ``` The bug has been present since the introduction of the new pm code in `8aaa112a57` ("net: atlantic: refactoring pm logic") and was hidden until `8ce8427169` ("net: atlantic: changes for multi-TC support"), which refactored the aq_vec_{free,alloc} functions into aq_vec_{,ring}_{free,alloc}, but is technically not wrong. The original functions just always reinitialized the buffers on S3/S4. If the interface is down before freezing, the bug does not occur. It does not matter, whether the initrd contains and loads the module before thawing. So the fix is to invert the boolean parameter deep in all pm function calls, which was clearly intended to be set like that. First report was on Github [1], which you have to guess from the resume logs in the posted dmesg snippet. Recently I posted one on Bugzilla [2], since I did not have an AQC device so far. #regzbot introduced: `8ce8427169` #regzbot from: koo5 <kolman.jindrich@gmail.com> #regzbot monitor: https://github.com/Aquantia/AQtion/issues/32 Fixes: `8aaa112a57` ("net: atlantic: refactoring pm logic") Link: https://github.com/Aquantia/AQtion/issues/32 [1] Link: https://bugzilla.kernel.org/show_bug.cgi?id=215798 [2] Cc: stable@vger.kernel.org Reported-by: koo5 <kolman.jindrich@gmail.com> Signed-off-by: Manuel Ullmann <labre@posteo.de> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2022-04-27 14:41:12 +02:00
arch	stat: fix inconsistency between struct stat and struct compat_stat	2022-04-27 14:41:10 +02:00
block	block/compat_ioctl: fix range check in BLKGETSIZE	2022-04-27 14:40:54 +02:00
certs	certs: Fix build error when CONFIG_MODULE_SIG_KEY is empty	2022-01-23 00:08:44 +09:00
crypto	crypto: xts - Add softdep on ecb	2022-04-08 13:58:36 +02:00
Documentation	dt-bindings: net: snps: remove duplicate name	2022-04-20 09:36:27 +02:00
drivers	net: atlantic: invert deep par in pm functions, preventing null derefs	2022-04-27 14:41:12 +02:00
fs	mm, hugetlb: allow for "high" userspace addresses	2022-04-27 14:41:11 +02:00
include	oom_kill.c: futex: delay the OOM reaper to allow time for proper futex cleanup	2022-04-27 14:41:11 +02:00
init	init/main.c: return 1 from handled __setup() functions	2022-04-13 19:27:23 +02:00
ipc	ipc/sem: do not sleep with a spin lock held	2022-02-04 09:25:05 -08:00
kernel	irq_work: use kasan_record_aux_stack_noalloc() record callstack	2022-04-27 14:41:10 +02:00
lib	XArray: Disallow sibling entries of nodes	2022-04-27 14:41:05 +02:00
LICENSES	LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers	2021-12-16 14:33:10 +01:00
mm	mm/mmu_notifier.c: fix race in mmu_interval_notifier_remove()	2022-04-27 14:41:11 +02:00
net	netlink: reset network and mac headers in netlink_dump()	2022-04-27 14:41:02 +02:00
samples	samples/bpf, xdpsock: Fix race when running for fix duration of time	2022-04-08 13:58:18 +02:00
scripts	gcc-plugins: latent_entropy: use /dev/urandom	2022-04-20 09:36:24 +02:00
security	Fix incorrect type in assignment of ipv6 port for audit	2022-04-08 13:58:37 +02:00
sound	ALSA: hda: intel-dsp-config: update AlderLake PCI IDs	2022-04-27 14:41:07 +02:00
tools	selftests: KVM: Free the GIC FD when cleaning up in arch_timer	2022-04-27 14:41:07 +02:00
usr	kbuild: remove include/linux/cyclades.h from header file check	2022-01-27 08:51:08 +01:00
virt	KVM: avoid NULL pointer dereference in kvm_dirty_ring_push	2022-04-13 19:27:41 +02:00
.clang-format	genirq/msi: Make interrupt allocation less convoluted	2021-12-16 22:22:20 +01:00
.cocciconfig
.get_maintainer.ignore
.gitattributes	.gitattributes: use 'dts' diff driver for dts files	2019-12-04 19:44:11 -08:00
.gitignore	.gitignore: ignore only top-level modules.builtin	2021-05-02 00:43:35 +09:00
.mailmap	MAINTAINERS: Update Jisheng's email address	2022-03-08 17:30:32 +01:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	MAINTAINERS: replace a Microchip AT91 maintainer	2022-02-09 11:30:01 +01:00
Kbuild	kbuild: rename hostprogs-y/always to hostprogs/always-y	2020-02-04 01:53:07 +09:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	net: dsa: realtek-smi: move to subdirectory	2022-04-08 13:58:12 +02:00
Makefile	Linux 5.17.4	2022-04-20 09:36:28 +02:00
README

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.