UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers
History
Matthias Stocker 9ee14af24e vmxnet3: disable rx data ring on dma allocation failure 
[ Upstream commit ffbe335b8d471f79b259e950cb20999700670456 ]

When vmxnet3_rq_create() fails to allocate memory for rq->data_ring.base,
the subsequent call to vmxnet3_rq_destroy_all_rxdataring does not reset
rq->data_ring.desc_size for the data ring that failed, which presumably
causes the hypervisor to reference it on packet reception.

To fix this bug, rq->data_ring.desc_size needs to be set to 0 to tell
the hypervisor to disable this feature.

[   95.436876] kernel BUG at net/core/skbuff.c:207!
[   95.439074] invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
[   95.440411] CPU: 7 PID: 0 Comm: swapper/7 Not tainted 6.9.3-dirty #1
[   95.441558] Hardware name: VMware, Inc. VMware Virtual
Platform/440BX Desktop Reference Platform, BIOS 6.00 12/12/2018
[   95.443481] RIP: 0010:skb_panic+0x4d/0x4f
[   95.444404] Code: 4f 70 50 8b 87 c0 00 00 00 50 8b 87 bc 00 00 00 50
ff b7 d0 00 00 00 4c 8b 8f c8 00 00 00 48 c7 c7 68 e8 be 9f e8 63 58 f9
ff <0f> 0b 48 8b 14 24 48 c7 c1 d0 73 65 9f e8 a1 ff ff ff 48 8b 14 24
[   95.447684] RSP: 0018:ffffa13340274dd0 EFLAGS: 00010246
[   95.448762] RAX: 0000000000000089 RBX: ffff8fbbc72b02d0 RCX: 000000000000083f
[   95.450148] RDX: 0000000000000000 RSI: 00000000000000f6 RDI: 000000000000083f
[   95.451520] RBP: 000000000000002d R08: 0000000000000000 R09: ffffa13340274c60
[   95.452886] R10: ffffffffa04ed468 R11: 0000000000000002 R12: 0000000000000000
[   95.454293] R13: ffff8fbbdab3c2d0 R14: ffff8fbbdbd829e0 R15: ffff8fbbdbd809e0
[   95.455682] FS:  0000000000000000(0000) GS:ffff8fbeefd80000(0000) knlGS:0000000000000000
[   95.457178] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   95.458340] CR2: 00007fd0d1f650c8 CR3: 0000000115f28000 CR4: 00000000000406f0
[   95.459791] Call Trace:
[   95.460515]  <IRQ>
[   95.461180]  ? __die_body.cold+0x19/0x27
[   95.462150]  ? die+0x2e/0x50
[   95.462976]  ? do_trap+0xca/0x110
[   95.463973]  ? do_error_trap+0x6a/0x90
[   95.464966]  ? skb_panic+0x4d/0x4f
[   95.465901]  ? exc_invalid_op+0x50/0x70
[   95.466849]  ? skb_panic+0x4d/0x4f
[   95.467718]  ? asm_exc_invalid_op+0x1a/0x20
[   95.468758]  ? skb_panic+0x4d/0x4f
[   95.469655]  skb_put.cold+0x10/0x10
[   95.470573]  vmxnet3_rq_rx_complete+0x862/0x11e0 [vmxnet3]
[   95.471853]  vmxnet3_poll_rx_only+0x36/0xb0 [vmxnet3]
[   95.473185]  __napi_poll+0x2b/0x160
[   95.474145]  net_rx_action+0x2c6/0x3b0
[   95.475115]  handle_softirqs+0xe7/0x2a0
[   95.476122]  __irq_exit_rcu+0x97/0xb0
[   95.477109]  common_interrupt+0x85/0xa0
[   95.478102]  </IRQ>
[   95.478846]  <TASK>
[   95.479603]  asm_common_interrupt+0x26/0x40
[   95.480657] RIP: 0010:pv_native_safe_halt+0xf/0x20
[   95.481801] Code: 22 d7 e9 54 87 01 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 93 ba 3b 00 fb f4 <e9> 2c 87 01 00 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90
[   95.485563] RSP: 0018:ffffa133400ffe58 EFLAGS: 00000246
[   95.486882] RAX: 0000000000004000 RBX: ffff8fbbc1d14064 RCX: 0000000000000000
[   95.488477] RDX: ffff8fbeefd80000 RSI: ffff8fbbc1d14000 RDI: 0000000000000001
[   95.490067] RBP: ffff8fbbc1d14064 R08: ffffffffa0652260 R09: 00000000000010d3
[   95.491683] R10: 0000000000000018 R11: ffff8fbeefdb4764 R12: ffffffffa0652260
[   95.493389] R13: ffffffffa06522e0 R14: 0000000000000001 R15: 0000000000000000
[   95.495035]  acpi_safe_halt+0x14/0x20
[   95.496127]  acpi_idle_do_entry+0x2f/0x50
[   95.497221]  acpi_idle_enter+0x7f/0xd0
[   95.498272]  cpuidle_enter_state+0x81/0x420
[   95.499375]  cpuidle_enter+0x2d/0x40
[   95.500400]  do_idle+0x1e5/0x240
[   95.501385]  cpu_startup_entry+0x29/0x30
[   95.502422]  start_secondary+0x11c/0x140
[   95.503454]  common_startup_64+0x13e/0x141
[   95.504466]  </TASK>
[   95.505197] Modules linked in: nft_fib_inet nft_fib_ipv4
nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6
nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6
nf_defrag_ipv4 rfkill ip_set nf_tables vsock_loopback
vmw_vsock_virtio_transport_common qrtr vmw_vsock_vmci_transport vsock
sunrpc binfmt_misc pktcdvd vmw_balloon pcspkr vmw_vmci i2c_piix4 joydev
loop dm_multipath nfnetlink zram crct10dif_pclmul crc32_pclmul vmwgfx
crc32c_intel polyval_clmulni polyval_generic ghash_clmulni_intel
sha512_ssse3 sha256_ssse3 vmxnet3 sha1_ssse3 drm_ttm_helper vmw_pvscsi
ttm ata_generic pata_acpi serio_raw scsi_dh_rdac scsi_dh_emc
scsi_dh_alua ip6_tables ip_tables fuse
[   95.516536] ---[ end trace 0000000000000000 ]---

Fixes: 6f4833383e ("net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete()")
Signed-off-by: Matthias Stocker <mstocker@barracuda.com>
Reviewed-by: Subbaraya Sundeep <sbhatta@marvell.com>
Reviewed-by: Ronak Doshi <ronak.doshi@broadcom.com>
Link: https://lore.kernel.org/r/20240531103711.101961-1-mstocker@barracuda.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-06-21 14:38:15 +02:00
..
accel kthread: add kthread_stop_put 2024-06-12 11:12:52 +02:00
accessibility speakup: Fix sizeof() vs ARRAY_SIZE() bug 2024-06-12 11:11:18 +02:00
acpi ACPI: resource: Do IRQ override on TongFang GXxHRXx and GMxHGxx 2024-06-16 13:47:33 +02:00
amba
android binder: fix max_thread type inconsistency 2024-05-25 16:22:54 +02:00
ata ata: pata_legacy: make legacy_exit() work again 2024-06-16 13:47:33 +02:00
atm atm: idt77252: fix a memleak in open_card_ubr0 2024-02-16 19:10:49 +01:00
auxdisplay
base module: don't ignore sysfs_create_link() failures 2024-06-12 11:12:17 +02:00
bcma
block null_blk: Fix the WARNING: modpost: missing MODULE_DESCRIPTION() 2024-06-12 11:12:44 +02:00
bluetooth Bluetooth: HCI: Remove HCI_AMP support 2024-06-12 11:11:55 +02:00
bus bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state 2024-04-13 13:07:38 +02:00
cache cache: ax45mp_cache: Align end size to cache boundary in ax45mp_dma_cache_wback() 2024-03-01 13:35:08 +01:00
cdrom
cdx
char tpm_tis: Do *not* flush uninitialized work 2024-06-16 13:47:41 +02:00
clk clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs 2024-06-16 13:47:39 +02:00
clocksource clocksource/drivers/arm_global_timer: Fix maximum prescaler value 2024-04-03 15:28:50 +02:00
comedi comedi: vmk80xx: fix incomplete endpoint checking 2024-04-27 17:11:39 +02:00
connector connector/cn_proc: revert "connector: Fix proc_event_num_listeners count not cleared" 2024-02-23 09:25:01 +01:00
counter
cpufreq cpufreq: amd-pstate: Fix the inconsistency in max frequency units 2024-06-16 13:47:41 +02:00
cpuidle cpuidle: Avoid potential overflow in integer multiplication 2024-04-13 13:07:29 +02:00
crypto crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak 2024-06-16 13:47:39 +02:00
cxl cxl/region: Fix cxlr_pmem leaks 2024-06-12 11:12:42 +02:00
dax
dca
devfreq
dio
dma dmaengine: idxd: Avoid unnecessary destruction of file_ida 2024-06-12 11:12:25 +02:00
dma-buf dma-buf/sw-sync: don't enable IRQ from sync_print_obj() 2024-06-12 11:12:54 +02:00
edac EDAC/igen6: Convert PCIBIOS_* return codes to errnos 2024-06-16 13:47:47 +02:00
eisa
extcon extcon: max8997: select IRQ_DOMAIN instead of depending on it 2024-06-12 11:12:27 +02:00
firewire firewire: ohci: fulfill timestamp for some local asynchronous transaction 2024-05-17 12:02:30 +02:00
firmware efi: libstub: only free priv.runtime_map when allocated 2024-06-12 11:13:01 +02:00
fpga fpga: region: add owner module and take its refcount 2024-06-12 11:12:23 +02:00
fsi
gnss
gpio gpiolib: acpi: Fix failed in acpi_gpiochip_find() by adding parent node match 2024-06-12 11:12:34 +02:00
gpu drm/amdkfd: handle duplicate BOs in reserve_bo_and_cond_vms 2024-06-16 13:47:44 +02:00
greybus
hid HID: i2c-hid: elan: fix reset suspend current leakage 2024-06-16 13:47:40 +02:00
hsi
hte
hv Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted 2024-05-17 12:02:17 +02:00
hwmon hwmon: (shtc1) Fix property misspelling 2024-06-12 11:13:00 +02:00
hwspinlock
hwtracing intel_th: pci: Add Meteor Lake-S CPU support 2024-06-16 13:47:42 +02:00
i2c i2c: acpi: Unbind mux adapters before delete 2024-06-16 13:47:40 +02:00
i3c i3c: master: svc: fix invalidate IBI type and miss call client IBI handler 2024-06-16 13:47:46 +02:00
idle
iio iio: accel: mxc4005: Reset chip on probe() and resume() 2024-06-12 11:12:34 +02:00
infiniband RDMA/bnxt_re: Fix the sparse warnings 2024-06-12 11:13:02 +02:00
input Input: cyapa - add missing input core locking to suspend/resume functions 2024-06-12 11:12:40 +02:00
interconnect interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment 2024-06-12 11:12:18 +02:00
iommu iommu: Undo pasid attachment only for the devices that have succeeded 2024-06-12 11:12:06 +02:00
ipack
irqchip irqchip/loongson-pch-msi: Fix off-by-one on allocation error path 2024-06-12 11:11:40 +02:00
isdn
leds leds: pwm: Disable PWM when going to suspend 2024-06-12 11:12:24 +02:00
macintosh macintosh/via-macii: Fix "BUG: sleeping function called from invalid context" 2024-06-12 11:11:47 +02:00
mailbox
mcb
md md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING 2024-06-16 13:47:34 +02:00
media media: v4l: async: Fix notifier list entry init 2024-06-16 13:47:36 +02:00
memory memory: tegra: Correct DLA client names 2024-03-26 18:19:32 -04:00
memstick
message
mfd mfd: cs42l43: Fix wrong GPIO_FN_SEL and SPI_CLK_CONFIG1 defaults 2024-03-26 18:19:55 -04:00
misc misc/pvpanic-pci: register attributes via pci_driver 2024-06-12 11:12:35 +02:00
mmc mmc: sdhci-acpi: Add quirk to enable pull-up on the card-detect GPIO on Asus T100TA 2024-06-16 13:47:37 +02:00
most
mtd mtd: rawnand: hynix: fixed typo 2024-06-12 11:11:58 +02:00
mux
net vmxnet3: disable rx data ring on dma allocation failure 2024-06-21 14:38:15 +02:00
nfc NFC: trf7970a: disable all regulators on removal 2024-05-02 16:32:36 +02:00
ntb NTB: fix possible name leak in ntb_register_device() 2024-03-26 18:19:48 -04:00
nubus
nvdimm
nvme nvmet: fix ns enable/disable possible hang 2024-06-12 11:12:53 +02:00
nvmem nvmem: add explicit config option to read old syntax fixed OF cells 2024-05-17 12:01:55 +02:00
of of: module: add buffer overflow check in of_modalias() 2024-06-12 11:12:10 +02:00
opp OPP: debugfs: Fix warning around icc_get_name() 2024-03-26 18:19:40 -04:00
parisc
parport
pci PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 2024-06-12 11:12:27 +02:00
pcmcia
peci
perf perf/arm-dmc620: Fix lockdep assert in ->event_init() 2024-06-12 11:12:46 +02:00
phy phy: qcom: qmp-combo: fix duplicate return in qmp_v4_configure_dp_phy 2024-06-12 11:12:14 +02:00
pinctrl pinctrl: qcom: pinctrl-sm7150: Fix sdc1 and ufs special pins regs 2024-06-12 11:12:24 +02:00
platform platform/chrome: cros_ec: Handle events during suspend after resume completion 2024-06-16 13:47:33 +02:00
pmdomain pmdomain: imx8mp-blk-ctrl: imx8mp_blk: Add fdcc clock to hdmimix domain 2024-04-13 13:07:30 +02:00
pnp
power power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator 2024-05-17 12:01:58 +02:00
powercap powercap: intel_rapl_tpmi: Fix System Domain probing 2024-04-03 15:28:19 +02:00
pps
ps3
ptp
pwm pwm: Rename pwm_apply_state() to pwm_apply_might_sleep() 2024-06-12 11:12:24 +02:00
rapidio
ras
regulator regulator: tps6594-regulator: Correct multi-phase configuration 2024-06-12 11:12:48 +02:00
remoteproc remoteproc: mediatek: Make sure IPI buffer fits in L2TCM 2024-05-25 16:22:55 +02:00
reset
rpmsg
rtc nvmem: add explicit config option to read old syntax fixed OF cells 2024-05-17 12:01:55 +02:00
s390 s390/ap: Fix crash in AP internal function modify_bitmap() 2024-06-16 13:47:46 +02:00
sbus
scsi scsi: core: Handle devices which return an unusually large VPD page count 2024-06-16 13:47:40 +02:00
sh
siox
slimbus slimbus: qcom-ngd-ctrl: Add timeout for wait operation 2024-05-17 12:02:33 +02:00
soc soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request 2024-06-16 13:47:33 +02:00
soundwire soundwire: cadence: fix invalid PDI offset 2024-06-12 11:12:15 +02:00
spi spi: stm32: Don't warn about spurious interrupts 2024-06-12 11:12:59 +02:00
spmi
ssb
staging greybus: arche-ctrl: move device table to its right location 2024-06-12 11:12:17 +02:00
target scsi: target: Fix SELinux error when systemd-modules loads the target module 2024-05-17 12:02:15 +02:00
tc
tee tee: optee: Fix kernel panic caused by incorrect error handling 2024-04-03 15:28:44 +02:00
thermal thermal/drivers/qcom/lmh: Check for SCM availability at probe 2024-06-16 13:47:33 +02:00
thunderbolt thunderbolt: Reset only non-USB4 host routers in resume 2024-04-27 17:11:44 +02:00
tty serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler 2024-06-12 11:12:35 +02:00
ufs scsi: ufs: mcq: Fix error output and clean up ufshcd_mcq_abort() 2024-06-21 14:38:13 +02:00
uio uio_hv_generic: Don't free decrypted memory 2024-05-17 12:02:17 +02:00
usb kthread: add kthread_stop_put 2024-06-12 11:12:52 +02:00
vdpa vdpa/mlx5: Allow CVQ size changes 2024-03-26 18:20:10 -04:00
vfio vfio/pci: fix potential memory leak in vfio_intx_enable() 2024-06-12 11:12:22 +02:00
vhost vhost: Add smp_rmb() in vhost_enable_notify() 2024-04-17 11:19:35 +02:00
video fbdev: savage: Handle err return when savagefb_check_var failed 2024-06-16 13:47:37 +02:00
virt drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() 2024-06-12 11:12:09 +02:00
virtio virtio: delete vq in vp_find_vqs_msix() when request_irq() fails 2024-06-12 11:12:49 +02:00
vlynq
w1 nvmem: add explicit config option to read old syntax fixed OF cells 2024-05-17 12:01:55 +02:00
watchdog watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin 2024-06-16 13:47:43 +02:00
xen drivers/xen: Improve the late XenStore init protocol 2024-06-12 11:12:51 +02:00
zorro
Kconfig
Makefile