public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/drivers/net/ethernet/broadcom/bnxt
History
Alexander Lobakin c4b04a802d bnxt_en: fix accessing vnic_info before allocating it 
bnxt_alloc_mem() dereferences ::vnic_info in the variable declaration
block, but allocates it much later. As a result, the following crash
happens on my setup:

 BUG: kernel NULL pointer dereference, address: 0000000000000090
 fbcon: Taking over console
 #PF: supervisor write access in kernel mode
 #PF: error_code (0x0002) - not-present page
 PGD 12f382067 P4D 0
 Oops: 8002 [#1] PREEMPT SMP NOPTI
 CPU: 47 PID: 2516 Comm: NetworkManager Not tainted 6.8.0-rc5-libeth+ #49
 Hardware name: Intel Corporation M50CYP2SBSTD/M58CYP2SBSTD, BIOS SE5C620.86B.01.01.0088.2305172341 05/17/2023
 RIP: 0010:bnxt_alloc_mem+0x1609/0x1910 [bnxt_en]
 Code: 81 c8 48 83 c8 08 31 c9 e9 d7 fe ff ff c7 44 24 Oc 00 00 00 00 49 89 d5 e9 2d fe ff ff 41 89 c6 e9 88 00 00 00 48 8b 44 24 50 <80> 88 90 00 00 00 Od 8b 43 74 a8 02 75 1e f6 83 14 02 00 00 80 74
 RSP: 0018:ff3f25580f3432c8 EFLAGS: 00010246
 RAX: 0000000000000000 RBX: ff15a5cfc45249e0 RCX: 0000002079777000
 RDX: ff15a5dfb9767000 RSI: 0000000000000000 RDI: 0000000000000000
 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
 R10: ff15a5dfb9777000 R11: ffffff8000000000 R12: 0000000000000000
 R13: 0000000000000000 R14: 0000000000000020 R15: ff15a5cfce34f540
 FS:  000007fb9a160500(0000) GS:ff15a5dfbefc0000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CRO: 0000000080050033
 CR2: 0000000000000090 CR3: 0000000109efc00Z CR4: 0000000000771ef0
 DR0: 0000000000000000 DR1: 0000000000000000 DRZ: 0000000000000000
 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
 PKRU: 55555554

 Call Trace:
 <TASK>
 ? __die_body+0x68/0xb0
 ? page_fault_oops+0x3a6/0x400
 ? exc_page_fault+0x7a/0x1b0
 ? asm_exc_page_fault+0x26/8x30
 ? bnxt_alloc_mem+0x1609/0x1910 [bnxt_en]
 ? bnxt_alloc_mem+0x1389/8x1918 [bnxt_en]
 _bnxt_open_nic+0x198/0xa50 [bnxt_en]
 ? bnxt_hurm_if_change+0x287/0x3d0 [bnxt_en]
 bnxt_open+0xeb/0x1b0 [bnxt_en]
 _dev_open+0x12e/0x1f0
 _dev_change_flags+0xb0/0x200
 dev_change_flags+0x25/0x60
 do_setlink+0x463/0x1260
 ? sock_def_readable+0x14/0xc0
 ? rtnl_getlink+0x4b9/0x590
 ? _nla_validate_parse+0x91/0xfa0
 rtnl_newlink+0xbac/0xe40
 <...>

Don't create a variable and dereference the first array member directly
since it's used only once in the code.

Fixes: ef4ee64e99 ("bnxt_en: Define BNXT_VNIC_DEFAULT for the default vnic index")
Signed-off-by: Alexander Lobakin <aleksander.lobakin@intel.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Reviewed-by: Michael Chan <michael.chan@broadcom.com>
Link: https://lore.kernel.org/r/20240226144911.1297336-1-aleksander.lobakin@intel.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-02-27 08:27:03 -08:00
..
bnxt.c bnxt_en: fix accessing vnic_info before allocating it 2024-02-27 08:27:03 -08:00
bnxt.h bnxt_en: Create and setup the additional VNIC for adding ntuple filters 2024-02-22 15:31:23 +01:00
bnxt_coredump.c
bnxt_coredump.h
bnxt_dcb.c bnxt_en: Fix possible crash after creating sw mqprio TCs 2024-01-19 21:15:13 -08:00
bnxt_dcb.h eth: bnxt: fix warning for define in struct_group 2023-07-28 13:47:34 -07:00
bnxt_debugfs.c
bnxt_debugfs.h
bnxt_devlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-12-14 17:14:41 -08:00
bnxt_devlink.h
bnxt_dim.c
bnxt_ethtool.c bnxt_en: Define BNXT_VNIC_DEFAULT for the default vnic index 2024-02-22 15:31:23 +01:00
bnxt_ethtool.h bnxt_en: Enhance ethtool ntuple support for ip flows besides TCP/UDP 2024-02-09 12:37:41 -08:00
bnxt_fw_hdr.h
bnxt_hsi.h bnxt_en: Update firmware interface to 1.10.3.15 2023-12-04 15:12:47 -08:00
bnxt_hwmon.c bnxt_en: Do not call sleeping hwmon_notify_event() from NAPI 2023-10-22 11:41:45 +01:00
bnxt_hwmon.h bnxt_en: Do not call sleeping hwmon_notify_event() from NAPI 2023-10-22 11:41:45 +01:00
bnxt_hwrm.c eth: bnxt: fix backward compatibility with older devices 2023-10-17 17:50:55 -07:00
bnxt_hwrm.h eth: bnxt: fix backward compatibility with older devices 2023-10-17 17:50:55 -07:00
bnxt_nvm_defs.h
bnxt_ptp.c bnxt_en: Make PTP timestamp HWRM more silent 2024-01-26 14:06:21 -08:00
bnxt_ptp.h bnxt_en: Skip nic close/open when configuring tstamp filters 2023-12-12 16:05:58 -08:00
bnxt_sriov.c bnxt_en: Rename some macros for the P5 chips 2023-11-21 17:32:49 -08:00
bnxt_sriov.h
bnxt_tc.c net: bnxt: fix a potential use-after-free in bnxt_init_tc 2023-12-05 19:43:42 -08:00
bnxt_tc.h
bnxt_ulp.c bnxt_en: Consolidate DB offset calculation 2023-12-04 15:12:47 -08:00
bnxt_ulp.h bnxt_en: Consolidate DB offset calculation 2023-12-04 15:12:47 -08:00
bnxt_vfr.c bnxt_en: Link representors to PCI device 2023-06-21 14:07:09 -07:00
bnxt_vfr.h
bnxt_xdp.c bnxt_en: Fix possible crash after creating sw mqprio TCs 2024-01-19 21:15:13 -08:00
bnxt_xdp.h bnxt: don't handle XDP in netpoll 2023-07-31 14:28:39 -07:00
Makefile bnxt_en: Move hwmon functions into a dedicated file 2023-10-04 11:23:01 +01:00