xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f8ade8e2429758efa1eddf0a6e2cc936714afc8d
android_kernel_xiaomi_sm8450/drivers/infiniband/core
History
Yishai Hadas f8ade8e242 IB/uverbs: Fix ioctl query port to consider device disassociation 
Methods cannot peak into the ufile, the only way to get a ucontext and
hence a device is via the ib_uverbs_get_ucontext() call or inspecing a
locked uobject.

Otherwise during/after disassociation the pointers may be null or free'd.

 BUG: unable to handle kernel NULL pointer dereference at 0000000000000078
 PGD 800000005ece6067 P4D 800000005ece6067 PUD 5ece7067 PMD 0
 Oops: 0000 [#1] SMP PTI
 CPU: 0 PID: 10631 Comm: ibv_ud_pingpong Tainted: GW  OE     4.20.0-rc6+ #3
 Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
 RIP: 0010:ib_uverbs_handler_UVERBS_METHOD_QUERY_PORT+0x53/0x191 [ib_uverbs]
 Code: 80 00 00 00 31 c0 48 8b 47 40 48 8d 5c 24 38 48 8d 6c 24
               08 48 89 df 48 8b 40 08 4c 8b a0 18 03 00 00 31 c0 f3 48 ab 48 89
               ef <49> 83 7c 24 78 00 b1 06 f3 48 ab 0f 84 89 00 00 00 45 31  c9 31 d2
 RSP: 0018:ffffb54802ccfb10 EFLAGS: 00010246
 RAX: 0000000000000000 RBX: ffffb54802ccfb48 RCX:0000000000000000
 RDX: fffffffffffffffa RSI: ffffb54802ccfcf8 RDI:ffffb54802ccfb18
 RBP: ffffb54802ccfb18 R08: ffffb54802ccfd18 R09:0000000000000000
 R10: 0000000000000000 R11: 00000000000000d0 R12:0000000000000000
 R13: ffffb54802ccfcb0 R14: ffffb54802ccfc48 R15:ffff9f736e0059a0
 FS:  00007f55a6bd7740(0000) GS:ffff9f737ba00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000078 CR3: 0000000064214000 CR4:00000000000006f0
 Call Trace:
  ib_uverbs_cmd_verbs.isra.5+0x94d/0xa60 [ib_uverbs]
  ? copy_port_attr_to_resp+0x120/0x120 [ib_uverbs]
  ? arch_tlb_finish_mmu+0x16/0xc0
  ? tlb_finish_mmu+0x1f/0x30
  ? unmap_region+0xd9/0x120
  ib_uverbs_ioctl+0xbc/0x120 [ib_uverbs]
  do_vfs_ioctl+0xa9/0x620
  ? __do_munmap+0x29f/0x3a0
  ksys_ioctl+0x60/0x90
  __x64_sys_ioctl+0x16/0x20
  do_syscall_64+0x5b/0x180
  entry_SYSCALL_64_after_hwframe+0x44/0xa9
 RIP: 0033:0x7f55a62cb567

Fixes: 641d1207d2 ("IB/core: Move query port to ioctl")
Signed-off-by: Yishai Hadas <yishaih@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2019-01-25 11:58:06 -07:00
..
addr.c
RDMA/core: Annotate timeout as unsigned long
2018-10-16 13:34:01 -04:00
agent.c
RDMA: Mark if destroy address handle is in a sleepable context
2018-12-19 16:28:03 -07:00
agent.h
IB/mad: Add final OPA MAD processing
2015-06-12 14:49:18 -04:00
cache.c
RDMA/core: Delete RoCE GID in hw when corresponding IP is deleted
2018-12-18 14:16:44 -07:00
cgroup.c
IB/core: added support to use rdma cgroup controller
2017-01-10 11:14:27 -05:00
cm_msgs.h
IB/cm: Remove unused and erroneous msg sequence encoding
2018-07-09 11:39:28 -06:00
cm.c
RDMA: Mark if destroy address handle is in a sleepable context
2018-12-19 16:28:03 -07:00
cma_configfs.c
RDMA/cma: Move cma module specific functions to cma_priv.h
2018-11-22 11:57:33 -07:00
cma_priv.h
RDMA/cma: Move cma module specific functions to cma_priv.h
2018-11-22 11:57:33 -07:00
cma.c
RDMA/cma: Add cm_id restrack resource based on kernel or user cm_id type
2019-01-08 17:12:33 -07:00
core_priv.h
RDMA/device: Expose ib_device_try_get(()
2019-01-21 14:33:08 -07:00
cq.c
RDMA/restrack: Resource-tracker should not use uobject pointers
2018-12-18 15:38:26 -07:00
device.c
RDMA/device: Expose ib_device_try_get(()
2019-01-21 14:33:08 -07:00
fmr_pool.c
RDMA: Start use ib_device_ops
2018-12-12 07:40:16 -07:00
iwcm.c
RDMA/iwcm: Don't copy past the end of dev_name() string
2018-12-20 20:45:56 -07:00
iwcm.h
iw_cm: free cm_id resources on the last deref
2016-08-02 13:15:18 -04:00
iwpm_msg.c
RDMA/iwpm: Properly mark end of NL messages
2017-09-29 11:32:42 -04:00
iwpm_util.c
treewide: kzalloc() -> kcalloc()
2018-06-12 16:19:22 -07:00
iwpm_util.h
iwpm: crash fix for large connections test
2016-03-16 13:48:32 -04:00
mad_priv.h
RDMA/core: Annotate timeout as unsigned long
2018-10-16 13:34:01 -04:00
mad_rmpp.c
RDMA: Mark if destroy address handle is in a sleepable context
2018-12-19 16:28:03 -07:00
mad_rmpp.h
mad.c
RDMA: Start use ib_device_ops
2018-12-12 07:40:16 -07:00
Makefile
RDMA/uverbs: Implement an ioctl that can call write and write_ex handlers
2018-12-18 14:12:48 -05:00
mr_pool.c
IB/core: add a simple MR pool
2016-05-13 13:37:18 -04:00
multicast.c
IB: Make ib_init_ah_from_mcmember set sgid_attr
2018-06-25 14:19:56 -06:00
netlink.c
RDMA/netlink: Simplify netlink listener existence check
2018-10-03 16:06:07 -06:00
nldev.c
RDMA/nldev: Don't expose unsafe global rkey to regular user
2019-01-07 13:35:57 -07:00
opa_smi.h
RDMA: Start use ib_device_ops
2018-12-12 07:40:16 -07:00
packer.c
IB/core: trivial prink cleanup.
2016-03-03 10:20:25 -05:00
rdma_core.c
RDMA: Start use ib_device_ops
2018-12-12 07:40:16 -07:00
rdma_core.h
RDMA/uverbs: Mark ioctl responses with UVERBS_ATTR_F_VALID_OUTPUT
2019-01-14 14:02:22 -07:00
restrack.c
RDMA/restrack: Resource-tracker should not use uobject pointers
2018-12-18 15:38:26 -07:00
roce_gid_mgmt.c
IB/core: Fix oops in netdev_next_upper_dev_rcu()
2018-12-12 12:14:49 -05:00
rw.c
IB/core: Ensure we map P2P memory correctly in rdma_rw_ctx_[init|destroy]()
2018-10-17 12:18:20 -05:00
sa_query.c
RDMA: Mark if destroy address handle is in a sleepable context
2018-12-19 16:28:03 -07:00
sa.h
RDMA/core: Annotate timeout as unsigned long
2018-10-16 13:34:01 -04:00
security.c
RDMA: Start use ib_device_ops
2018-12-12 07:40:16 -07:00
smi.c
IB: Add rdma_cap_ib_switch helper and use where appropriate
2015-07-14 13:20:08 -04:00
smi.h
RDMA: Start use ib_device_ops
2018-12-12 07:40:16 -07:00
sysfs.c
RDMA: Start use ib_device_ops
2018-12-12 07:40:16 -07:00
ucm.c
RDMA: Start use ib_device_ops
2018-12-12 07:40:16 -07:00
ucma.c
RDMA/ucma: Fix Spectre v1 vulnerability
2018-10-16 12:47:40 -04:00
ud_header.c
IB/core: trivial prink cleanup.
2016-03-03 10:20:25 -05:00
umem_odp.c
RDMA/umem: Add missing initialization of owning_mm
2019-01-25 09:55:48 -07:00
umem.c
RDMA/core: Acquire and release mmap_sem on page range
2018-09-27 12:40:20 -06:00
user_mad.c
IB/umad: Start using dev_groups of class
2018-12-21 11:39:41 -07:00
uverbs_cmd.c
RDMA/uverbs: Mark ioctl responses with UVERBS_ATTR_F_VALID_OUTPUT
2019-01-14 14:02:22 -07:00
uverbs_ioctl.c
RDMA/uverbs: Mark ioctl responses with UVERBS_ATTR_F_VALID_OUTPUT
2019-01-14 14:02:22 -07:00
uverbs_main.c
IB/uverbs: Fix OOPs upon device disassociation
2019-01-25 11:58:06 -07:00
uverbs_marshall.c
IB/cm: Replace members of sa_path_rec with 'struct sgid_attr *'
2018-06-25 14:19:57 -06:00
uverbs_std_types_counters.c
RDMA: Start use ib_device_ops
2018-12-12 07:40:16 -07:00
uverbs_std_types_cq.c
RDMA/restrack: Resource-tracker should not use uobject pointers
2018-12-18 15:38:26 -07:00
uverbs_std_types_device.c
IB/uverbs: Fix ioctl query port to consider device disassociation
2019-01-25 11:58:06 -07:00
uverbs_std_types_dm.c
RDMA: Start use ib_device_ops
2018-12-12 07:40:16 -07:00
uverbs_std_types_flow_action.c
RDMA: Start use ib_device_ops
2018-12-12 07:40:16 -07:00
uverbs_std_types_mr.c
IB/uverbs: Signedness bug in UVERBS_HANDLER()
2018-12-22 16:07:13 -07:00
uverbs_std_types.c
RDMA: Mark if destroy address handle is in a sleepable context
2018-12-19 16:28:03 -07:00
uverbs_uapi.c
RDMA/uverbs: Implement an ioctl that can call write and write_ex handlers
2018-12-18 14:12:48 -05:00
uverbs.h
IB/core: Move query port to ioctl
2018-12-20 15:18:24 -07:00
verbs.c
RDMA: Mark if destroy address handle is in a sleepable context
2018-12-19 16:28:03 -07:00