mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-28 21:33:52 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
David Thompson a583117668 mlxbf_gige: call request_irq() after NAPI initialized 
[ Upstream commit f7442a634a ]

The mlxbf_gige driver encounters a NULL pointer exception in
mlxbf_gige_open() when kdump is enabled.  The sequence to reproduce
the exception is as follows:
a) enable kdump
b) trigger kdump via "echo c > /proc/sysrq-trigger"
c) kdump kernel executes
d) kdump kernel loads mlxbf_gige module
e) the mlxbf_gige module runs its open() as the
   the "oob_net0" interface is brought up
f) mlxbf_gige module will experience an exception
   during its open(), something like:

     Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
     Mem abort info:
       ESR = 0x0000000086000004
       EC = 0x21: IABT (current EL), IL = 32 bits
       SET = 0, FnV = 0
       EA = 0, S1PTW = 0
       FSC = 0x04: level 0 translation fault
     user pgtable: 4k pages, 48-bit VAs, pgdp=00000000e29a4000
     [0000000000000000] pgd=0000000000000000, p4d=0000000000000000
     Internal error: Oops: 0000000086000004 [#1] SMP
     CPU: 0 PID: 812 Comm: NetworkManager Tainted: G           OE     5.15.0-1035-bluefield #37-Ubuntu
     Hardware name: https://www.mellanox.com BlueField-3 SmartNIC Main Card/BlueField-3 SmartNIC Main Card, BIOS 4.6.0.13024 Jan 19 2024
     pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
     pc : 0x0
     lr : __napi_poll+0x40/0x230
     sp : ffff800008003e00
     x29: ffff800008003e00 x28: 0000000000000000 x27: 00000000ffffffff
     x26: ffff000066027238 x25: ffff00007cedec00 x24: ffff800008003ec8
     x23: 000000000000012c x22: ffff800008003eb7 x21: 0000000000000000
     x20: 0000000000000001 x19: ffff000066027238 x18: 0000000000000000
     x17: ffff578fcb450000 x16: ffffa870b083c7c0 x15: 0000aaab010441d0
     x14: 0000000000000001 x13: 00726f7272655f65 x12: 6769675f6662786c
     x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa870b0842398
     x8 : 0000000000000004 x7 : fe5a48b9069706ea x6 : 17fdb11fc84ae0d2
     x5 : d94a82549d594f35 x4 : 0000000000000000 x3 : 0000000000400100
     x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000066027238
     Call trace:
      0x0
      net_rx_action+0x178/0x360
      __do_softirq+0x15c/0x428
      __irq_exit_rcu+0xac/0xec
      irq_exit+0x18/0x2c
      handle_domain_irq+0x6c/0xa0
      gic_handle_irq+0xec/0x1b0
      call_on_irq_stack+0x20/0x2c
      do_interrupt_handler+0x5c/0x70
      el1_interrupt+0x30/0x50
      el1h_64_irq_handler+0x18/0x2c
      el1h_64_irq+0x7c/0x80
      __setup_irq+0x4c0/0x950
      request_threaded_irq+0xf4/0x1bc
      mlxbf_gige_request_irqs+0x68/0x110 [mlxbf_gige]
      mlxbf_gige_open+0x5c/0x170 [mlxbf_gige]
      __dev_open+0x100/0x220
      __dev_change_flags+0x16c/0x1f0
      dev_change_flags+0x2c/0x70
      do_setlink+0x220/0xa40
      __rtnl_newlink+0x56c/0x8a0
      rtnl_newlink+0x58/0x84
      rtnetlink_rcv_msg+0x138/0x3c4
      netlink_rcv_skb+0x64/0x130
      rtnetlink_rcv+0x20/0x30
      netlink_unicast+0x2ec/0x360
      netlink_sendmsg+0x278/0x490
      __sock_sendmsg+0x5c/0x6c
      ____sys_sendmsg+0x290/0x2d4
      ___sys_sendmsg+0x84/0xd0
      __sys_sendmsg+0x70/0xd0
      __arm64_sys_sendmsg+0x2c/0x40
      invoke_syscall+0x78/0x100
      el0_svc_common.constprop.0+0x54/0x184
      do_el0_svc+0x30/0xac
      el0_svc+0x48/0x160
      el0t_64_sync_handler+0xa4/0x12c
      el0t_64_sync+0x1a4/0x1a8
     Code: bad PC value
     ---[ end trace 7d1c3f3bf9d81885 ]---
     Kernel panic - not syncing: Oops: Fatal exception in interrupt
     Kernel Offset: 0x2870a7a00000 from 0xffff800008000000
     PHYS_OFFSET: 0x80000000
     CPU features: 0x0,000005c1,a3332a5a
     Memory Limit: none
     ---[ end Kernel panic - not syncing: Oops: Fatal exception in interrupt ]---

The exception happens because there is a pending RX interrupt before the
call to request_irq(RX IRQ) executes.  Then, the RX IRQ handler fires
immediately after this request_irq() completes. The RX IRQ handler runs
"napi_schedule()" before NAPI is fully initialized via "netif_napi_add()"
and "napi_enable()", both which happen later in the open() logic.

The logic in mlxbf_gige_open() must fully initialize NAPI before any calls
to request_irq() execute.

Fixes: f92e1869d7 ("Add Mellanox BlueField Gigabit Ethernet driver")
Signed-off-by: David Thompson <davthompson@nvidia.com>
Reviewed-by: Asmaa Mnebhi <asmaa@nvidia.com>
Link: https://lore.kernel.org/r/20240325183627.7641-1-davthompson@nvidia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-04-10 16:19:36 +02:00
..
accessibility speakup: Fix 8bit characters from direct synth 2024-04-10 16:18:40 +02:00
acpi ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() 2024-04-10 16:19:35 +02:00
amba
android binder: signal epoll threads of self-work 2024-02-23 08:55:06 +01:00
ata ahci: asm1064: asm1166: don't limit reported ports 2024-04-10 16:18:43 +02:00
atm
auxdisplay
base x86/rfds: Mitigate Register File Data Sampling (RFDS) 2024-04-10 16:18:48 +02:00
bcma
block aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts 2024-03-26 18:21:15 -04:00
bluetooth Bluetooth: hci_qca: don't use IS_ERR_OR_NULL() with gpiod_get_optional() 2024-03-26 18:21:22 -04:00
bus bus: tegra-aconnect: Update dependency to ARCH_TEGRA 2024-03-26 18:21:19 -04:00
cdrom
char
clk clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays 2024-04-10 16:18:37 +02:00
clocksource clocksource/drivers/arm_global_timer: Fix maximum prescaler value 2024-04-10 16:18:46 +02:00
comedi comedi: comedi_test: Prevent timers rescheduling during deletion 2024-03-26 18:21:34 -04:00
connector
counter
cpufreq cpufreq: brcmstb-avs-cpufreq: fix up "add check for cpufreq_cpu_get's return value" 2024-04-10 16:18:44 +02:00
cpuidle
crypto crypto: qat - resolve race condition during AER recovery 2024-04-10 16:18:35 +02:00
cxl
dax
dca
devfreq
dio
dma dmaengine: tegra210-adma: Update dependency to ARCH_TEGRA 2024-03-26 18:21:25 -04:00
dma-buf dma-buf: add dma_fence_timestamp helper 2024-02-23 08:55:10 +01:00
edac
eisa
extcon
firewire firewire: core: use long bus reset on gap count error 2024-03-26 18:21:13 -04:00
firmware efivarfs: Request at most 512 bytes for variable names 2024-04-10 16:19:30 +02:00
fpga
fsi
gnss
gpio gpio: fix resource unwinding order in error path 2024-03-06 14:38:50 +00:00
gpu drm/amd/display: Preserve original aspect ratio in create stream 2024-04-10 16:19:32 +02:00
greybus
hid HID: amd_sfh: Update HPD sensor structure elements 2024-03-26 18:21:30 -04:00
hsi
hv
hwmon hwmon: (amc6821) add of_match table 2024-04-10 16:18:40 +02:00
hwspinlock
hwtracing
i2c i2c: i801: Avoid potential double call to gpiod_remove_lookup_table 2024-04-10 16:18:46 +02:00
i3c
idle
iio iio: accel: bma400: Fix a compilation problem 2024-02-23 08:55:07 +01:00
infiniband trace: Relocate event helper files 2024-04-10 16:19:24 +02:00
input Input: gpio_keys_polled - suppress deferred probe error for gpio 2024-03-26 18:21:13 -04:00
interconnect Revert "interconnect: Teach lockdep about icc_bw_lock order" 2024-03-06 14:38:50 +00:00
iommu iommu/dma: Force swiotlb_max_mapping_size on an untrusted device 2024-04-10 16:18:47 +02:00
ipack
irqchip irqchip/gic-v3-its: Fix GICv4.1 VPE affinity update 2024-02-23 08:55:09 +01:00
isdn
leds leds: sgm3140: Add missing timer cleanup and flash gpio control 2024-03-26 18:21:31 -04:00
macintosh
mailbox
mcb
md dm snapshot: fix lockup in dm_exception_table_exit 2024-04-10 16:18:44 +02:00
media media: xc4000: Fix atomicity violation in xc4000_get_frequency 2024-04-10 16:18:34 +02:00
memory
memstick
message
mfd mfd: altera-sysmgr: Call of_node_put() only when of_parse_phandle() takes a ref 2024-03-26 18:21:29 -04:00
misc mei: me: add arrow lake point H DID 2024-04-10 16:18:46 +02:00
mmc mmc: core: Avoid negative index with array access 2024-04-10 16:19:31 +02:00
most
mtd mtd: rawnand: meson: fix scrambling mode value in command macro 2024-04-10 16:18:36 +02:00
mux
net mlxbf_gige: call request_irq() after NAPI initialized 2024-04-10 16:19:36 +02:00
nfc
ntb NTB: fix possible name leak in ntb_register_device() 2024-03-26 18:21:28 -04:00
nubus
nvdimm
nvme nvmet-fc: take ref count on tgtport before delete assoc 2024-03-01 13:21:46 +01:00
nvmem nvmem: meson-efuse: fix function pointer type mismatch 2024-04-10 16:18:40 +02:00
of of: property: fix typo in io-channels 2024-02-23 08:55:10 +01:00
opp OPP: debugfs: Fix warning around icc_get_name() 2024-03-26 18:21:23 -04:00
parisc
parport
pci PCI/DPC: Quirk PIO log size for Intel Ice Lake Root Ports 2024-04-10 16:19:34 +02:00
pcmcia
perf
phy phy: tegra: xusb: Add API to retrieve the port number of phy 2024-04-10 16:18:40 +02:00
pinctrl pinctrl: mediatek: Drop bogus slew rate register range for MT8192 2024-03-26 18:21:26 -04:00
platform platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names 2024-03-01 13:21:48 +01:00
pnp
power power: supply: bq27xxx-i2c: Do not free non existing IRQ 2024-03-06 14:38:48 +00:00
powercap
pps
ps3
ptp
pwm pwm: sti: Fix capture for st,pwm-num-chan < st,capture-num-chan 2024-03-26 18:21:18 -04:00
rapidio
ras
regulator regulator: pwm-regulator: Add validity checks in continuous .get_voltage 2024-03-01 13:21:45 +01:00
remoteproc remoteproc: stm32: fix incorrect optional pointers 2024-03-26 18:21:37 -04:00
reset
rpmsg
rtc rtc: mt6397: select IRQ_DOMAIN instead of depending on it 2024-03-26 18:21:34 -04:00
s390 s390/qeth: handle deferred cc1 2024-04-10 16:19:35 +02:00
sbus
scsi scsi: lpfc: Correct size for wqe for memset() 2024-04-10 16:19:34 +02:00
sh
siox
slimbus slimbus: core: Remove usage of the deprecated ida_simple_xx() API 2024-04-10 16:18:40 +02:00
soc soc: fsl: qbman: Use raw spinlock for cgr_lock 2024-04-10 16:18:42 +02:00
soundwire
spi spi: spi-mt65xx: Fix NULL pointer access in interrupt handler 2024-03-26 18:21:37 -04:00
spmi
ssb
staging staging: vc04_services: fix information leak in create_component() 2024-04-10 16:19:32 +02:00
target scsi: target: core: Add TMF to tmr_list handling 2024-03-01 13:21:43 +01:00
tc
tee tee: optee: Fix kernel panic caused by incorrect error handling 2024-04-10 16:18:46 +02:00
thermal
thunderbolt
tty serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO 2024-04-10 16:19:30 +02:00
uio
usb USB: UAS: return ENODEV when submit urbs fail with device not attached 2024-04-10 16:19:35 +02:00
vdpa vdpa/mlx5: Allow CVQ size changes 2024-03-26 18:21:36 -04:00
vfio vfio/fsl-mc: Block calling interrupt handler without trigger 2024-04-10 16:19:30 +02:00
vhost vhost: use kzalloc() instead of kmalloc() followed by memset() 2024-02-23 08:55:00 +01:00
video backlight: lp8788: Fully initialize backlight_properties during probe 2024-03-26 18:21:31 -04:00
virt
virtio
visorbus
vlynq
vme
w1
watchdog watchdog: stm32_iwdg: initialize default timeout 2024-03-26 18:21:33 -04:00
xen xen/events: close evtchn after mapping cleanup 2024-04-10 16:18:46 +02:00
zorro
Kconfig
Makefile