linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-25 03:46:17 +00:00

History

Mark Zhang 02eabb635b RDMA/cma: Allow UD qp_type to join multicast only [ Upstream commit `58e84f6b3e` ] As for multicast: - The SIDR is the only mode that makes sense; - Besides PS_UDP, other port spaces like PS_IB is also allowed, as it is UD compatible. In this case qkey also needs to be set [1]. This patch allows only UD qp_type to join multicast, and set qkey to default if it's not set, to fix an uninit-value error: the ib->rec.qkey field is accessed without being initialized. ===================================================== BUG: KMSAN: uninit-value in cma_set_qkey drivers/infiniband/core/cma.c:510 [inline] BUG: KMSAN: uninit-value in cma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570 cma_set_qkey drivers/infiniband/core/cma.c:510 [inline] cma_make_mc_event+0xb73/0xe00 drivers/infiniband/core/cma.c:4570 cma_iboe_join_multicast drivers/infiniband/core/cma.c:4782 [inline] rdma_join_multicast+0x2b83/0x30a0 drivers/infiniband/core/cma.c:4814 ucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479 ucma_join_multicast+0x1e3/0x250 drivers/infiniband/core/ucma.c:1546 ucma_write+0x639/0x6d0 drivers/infiniband/core/ucma.c:1732 vfs_write+0x8ce/0x2030 fs/read_write.c:588 ksys_write+0x28c/0x520 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __ia32_sys_write+0xdb/0x120 fs/read_write.c:652 do_syscall_32_irqs_on arch/x86/entry/common.c:114 [inline] __do_fast_syscall_32+0x96/0xf0 arch/x86/entry/common.c:180 do_fast_syscall_32+0x34/0x70 arch/x86/entry/common.c:205 do_SYSENTER_32+0x1b/0x20 arch/x86/entry/common.c:248 entry_SYSENTER_compat_after_hwframe+0x4d/0x5c Local variable ib.i created at: cma_iboe_join_multicast drivers/infiniband/core/cma.c:4737 [inline] rdma_join_multicast+0x586/0x30a0 drivers/infiniband/core/cma.c:4814 ucma_process_join+0xa76/0xf60 drivers/infiniband/core/ucma.c:1479 CPU: 0 PID: 29874 Comm: syz-executor.3 Not tainted 5.16.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 ===================================================== [1] https://lore.kernel.org/linux-rdma/20220117183832.GD84788@nvidia.com/ Fixes: `b5de0c60cc` ("RDMA/cma: Fix use after free race in roce multicast join") Reported-by: syzbot+8fcbb77276d43cc8b693@syzkaller.appspotmail.com Signed-off-by: Mark Zhang <markzhang@nvidia.com> Link: https://lore.kernel.org/r/58a4a98323b5e6b1282e83f6b76960d06e43b9fa.1679309909.git.leon@kernel.org Signed-off-by: Leon Romanovsky <leon@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2023-04-20 12:35:08 +02:00
..
accessibility	tty: fix possible null-ptr-defer in spk_ttyio_release	2023-01-24 07:24:37 +01:00
acpi	ACPI: video: Add acpi_backlight=video quirk for Lenovo ThinkPad W530	2023-04-13 16:55:34 +02:00
amba
android
ata	ata: ahci: Revert "ata: ahci: Add Tiger Lake UP{3,4} AHCI controller"	2023-03-10 09:32:32 +01:00
atm	atm: idt77252: fix kmemleak when rmmod idt77252	2023-03-30 12:49:09 +02:00
auxdisplay	auxdisplay: hd44780: Fix potential memory leak in hd44780_remove()	2023-03-11 13:55:16 +01:00
base	drivers: base: dd: fix memory leak with using debugfs_lookup()	2023-03-11 13:55:39 +01:00
bcma
block	ublk: read any SQE values upfront	2023-04-13 16:55:35 +02:00
bluetooth	bluetooth: btbcm: Fix logic error in forming the board name.	2023-04-20 12:35:06 +02:00
bus	bus: imx-weim: fix branch condition evaluates to a garbage value	2023-03-30 12:49:29 +02:00
cdrom
char	tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address	2023-03-17 08:50:30 +01:00
clk	clk: rs9: Fix suspend/resume	2023-04-20 12:35:08 +02:00
clocksource	clocksource/drivers/riscv: Patch riscv_clock_next_event() jump before first use	2023-03-10 09:33:03 +01:00
comedi	comedi: adv_pci1760: Fix PWM instruction handling	2023-01-24 07:24:35 +01:00
connector
counter	counter: 104-quad-8: Fix Synapse action reported for Index signals	2023-04-13 16:55:31 +02:00
cpufreq	cpufreq: davinci: Fix clk use after free	2023-03-10 09:33:01 +01:00
cpuidle	cpuidle: psci: Iterate backwards over list in psci_pd_remove()	2023-03-22 13:34:04 +01:00
crypto	crypto: qat - fix out-of-bounds read	2023-03-10 09:34:19 +01:00
cxl	cxl/pci: Handle excessive CDAT length	2023-04-13 16:55:25 +02:00
dax	dax/kmem: Fix leak of memory-hotplug resources	2023-03-10 09:34:25 +01:00
dca
devfreq
dio
dma	dmaengine: ptdma: check for null desc before calling pt_cmd_callback	2023-03-10 09:33:39 +01:00
dma-buf	dma-buf: actually set signaling bit for private stub fences	2023-02-09 11:28:23 +01:00
edac	EDAC/qcom: Do not pass llcc_driv_data as edac_device_ctl_info's pvt_info	2023-02-01 08:34:40 +01:00
eisa
extcon
firewire	firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region	2023-02-09 11:27:59 +01:00
firmware	firmware: arm_scmi: Fix device node validation for mailbox transport	2023-03-30 12:49:29 +02:00
fpga	fpga: microchip-spi: rewrite status polling in a time measurable way	2023-03-10 09:33:34 +01:00
fsi	use less confusing names for iov_iter direction initializers	2023-02-09 11:28:04 +01:00
gnss
gpio	gpio: davinci: Add irq chip flag to skip set wake	2023-04-13 16:55:22 +02:00
gpu	drm/i915/dsi: fix DSS CTL register offsets for TGL+	2023-04-20 12:35:07 +02:00
greybus
hid	HID: intel-ish-hid: ipc: Fix potential use-after-free in work function	2023-03-30 12:49:16 +02:00
hsi
hte
hv	Drivers: vmbus: Check for channel allocation before looking up relids	2023-04-13 16:55:18 +02:00
hwmon	hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs	2023-03-30 12:49:13 +02:00
hwspinlock
hwtracing	coresight-etm4: Fix for() loop drvdata->nr_addr_cmp range bug	2023-04-13 16:55:30 +02:00
i2c	i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()	2023-03-30 12:49:30 +02:00
i3c
idle	Revert "cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE again"	2023-04-06 12:10:58 +02:00
iio	iio: adc: ad7791: fix IRQ flags	2023-04-13 16:55:31 +02:00
infiniband	RDMA/cma: Allow UD qp_type to join multicast only	2023-04-20 12:35:08 +02:00
input	Input: goodix - add Lenovo Yoga Book X90F to nine_bytes_report DMI table	2023-04-06 12:10:50 +02:00
interconnect	interconnect: qcom: qcm2290: Fix MASTER_SNOC_BIMC_NRT	2023-03-30 12:48:59 +02:00
iommu	iommu/vt-d: Allow zero SAGAW if second-stage not supported	2023-04-06 12:10:49 +02:00
ipack
irqchip	irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts	2023-03-10 09:33:07 +01:00
isdn	use less confusing names for iov_iter direction initializers	2023-02-09 11:28:04 +01:00
leds	pwm: Make .get_state() callback return an error code	2023-04-13 16:55:18 +02:00
macintosh	macintosh: windfarm: Use unsigned type for 1-bit bitfields	2023-03-17 08:50:31 +01:00
mailbox
mcb
md	dm: fix improper splitting for abnormal bios	2023-04-13 16:55:17 +02:00
media	media: m5mols: fix off-by-one loop termination error	2023-03-22 13:33:53 +01:00
memory	memory: tegra30-emc: fix interconnect registration race	2023-03-22 13:33:56 +01:00
memstick
message
mfd	mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak	2023-03-11 13:55:32 +01:00
misc	misc: vmw_balloon: fix memory leak with using debugfs_lookup()	2023-03-11 13:55:39 +01:00
mmc	mmc: sdhci_am654: lower power-on failed message severity	2023-03-22 13:34:03 +01:00
most
mtd	mtd: rawnand: stm32_fmc2: use timings.mode instead of checking tRC_min	2023-04-20 12:35:07 +02:00
mux
net	wifi: mt76: ignore key disable commands	2023-04-13 16:55:35 +02:00
nfc	nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition	2023-03-22 13:33:46 +01:00
ntb
nubus
nvdimm	cxl/pmem: Fix nvdimm registration races	2023-03-10 09:34:20 +01:00
nvme	nvme: fix discard support without oncs	2023-04-13 16:55:32 +02:00
nvmem	nvmem: core: fix return value	2023-02-09 11:28:25 +01:00
of	of: reserved_mem: Have kmemleak ignore dynamically allocated reserved mem	2023-02-22 12:59:46 +01:00
opp	OPP: fix error checking in opp_migrate_dentry()	2023-03-10 09:33:01 +01:00
parisc	parisc: led: Fix potential null-ptr-deref in start_task()	2023-01-07 11:11:55 +01:00
parport
pci	PCI/DOE: Fix memory leak with CONFIG_DEBUG_OBJECTS=y	2023-04-13 16:55:25 +02:00
pcmcia
peci
perf	Partially revert "perf/arm-cmn: Optimise DTC counter accesses"	2023-02-01 08:34:49 +01:00
phy	phy: rockchip-typec: Fix unsigned comparison with less than zero	2023-03-11 13:55:40 +01:00
pinctrl	Revert "pinctrl: amd: Disable and mask interrupts on resume"	2023-04-20 12:35:05 +02:00
platform	platform/x86: think-lmi: Clean up display of current_value on Thinkstation	2023-04-13 16:55:22 +02:00
pnp
power	power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition	2023-03-30 12:49:01 +02:00
powercap	powercap: fix possible name leak in powercap_register_zone()	2023-03-10 09:32:56 +01:00
pps
ps3
ptp	ptp_qoriq: fix memory leak in probe()	2023-04-06 12:10:44 +02:00
pwm	pwm: meson: Explicitly set .polarity in .get_state()	2023-04-13 16:55:19 +02:00
rapidio
ras
regulator	regulator: Handle deferred clk	2023-04-06 12:10:46 +02:00
remoteproc	remoteproc/mtk_scp: Move clk ops outside send_lock	2023-03-10 09:34:26 +01:00
reset	reset: uniphier-glue: Fix possible null-ptr-deref	2023-02-01 08:34:05 +01:00
rpmsg	rpmsg: glink: Release driver_override	2023-03-10 09:33:45 +01:00
rtc	rtc: allow rtc_read_alarm without read_alarm callback	2023-03-11 13:55:30 +01:00
s390	s390/vfio-ap: fix memory leak in vfio_ap device driver	2023-04-06 12:10:46 +02:00
sbus
scsi	scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param()	2023-04-13 16:55:31 +02:00
sh
siox
slimbus
soc	soc: qcom: llcc: Fix slice configuration values for SC8280XP	2023-03-30 12:49:29 +02:00
soundwire	soundwire: cadence: Drain the RX FIFO after an IO timeout	2023-03-11 13:55:40 +01:00
spi	spi: intel: Check number of chip selects after reading the descriptor	2023-03-17 08:50:20 +01:00
spmi
ssb
staging	staging: rtl8723bs: Pass correct parameters to cfg80211_get_bss()	2023-03-17 08:50:16 +01:00
target	scsi: target: iscsi: Fix an error message in iscsi_check_key()	2023-03-30 12:49:17 +02:00
tc
tee	tee: amdtee: fix race condition in amdtee_open_session	2023-03-30 12:49:29 +02:00
thermal	thermal: intel: BXT_PMIC: select REGMAP instead of depending on it	2023-03-11 13:55:32 +01:00
thunderbolt	thunderbolt: Limit USB3 bandwidth of certain Intel USB4 host routers	2023-04-06 12:10:33 +02:00
tty	serial: 8250: Prevent starting up DMA Rx on THRI interrupt	2023-04-13 16:55:28 +02:00
ufs	scsi: ufs: core: Add soft dependency on governor_simpleondemand	2023-03-30 12:49:17 +02:00
uio
usb	USB: serial: option: add Quectel RM500U-CN modem	2023-04-13 16:55:26 +02:00
vdpa	vp_vdpa: fix the crash in hot unplug with vp_vdpa	2023-03-22 13:34:03 +01:00
vfio	vfio/type1: restore locked_vm	2023-03-10 09:34:32 +01:00
vhost	vhost-vdpa: free iommu domain after last use during cleanup	2023-03-22 13:33:44 +01:00
video	fbcon: set_con2fb_map needs to set con2fb_map!	2023-04-20 12:35:07 +02:00
virt	virt/coco/sev-guest: Add throttling awareness	2023-03-22 13:34:06 +01:00
virtio	virtio_pci: modify ENOENT to EINVAL	2023-01-24 07:24:31 +01:00
vlynq
w1	w1: fix WARNING after calling w1_process()	2023-02-01 08:34:26 +01:00
watchdog	watchdog: sbsa_wdog: Make sure the timeout programming is within the limits	2023-03-11 13:55:24 +01:00
xen	xen/grant-dma-iommu: Implement a dummy probe_device() callback	2023-03-10 09:33:02 +01:00
zorro
Kconfig
Makefile