• Davide Caratti's avatar
    bnxt_en: fix NULL dereference in case SR-IOV configuration fails · 1438e4bc
    Davide Caratti authored
    BugLink: https://bugs.launchpad.net/bugs/1888690
    
    commit c8b1d743 upstream.
    
    we need to set 'active_vfs' back to 0, if something goes wrong during the
    allocation of SR-IOV resources: otherwise, further VF configurations will
    wrongly assume that bp->pf.vf[x] are valid memory locations, and commands
    like the ones in the following sequence:
    
     # echo 2 >/sys/bus/pci/devices/${ADDR}/sriov_numvfs
     # ip link set dev ens1f0np0 up
     # ip link set dev ens1f0np0 vf 0 trust on
    
    will cause a kernel crash similar to this:
    
     bnxt_en 0000:3b:00.0: not enough MMIO resources for SR-IOV
     BUG: kernel NULL pointer dereference, address: 0000000000000014
     #PF: supervisor read access in kernel mode
     #PF: error_code(0x0000) - not-present page
     PGD 0 P4D 0
     Oops: 0000 [#1] SMP PTI
     CPU: 43 PID: 2059 Comm: ip Tainted: G          I       5.8.0-rc2.upstream+ #871
     Hardware name: Dell Inc. PowerEdge R740/08D89F, BIOS 2.2.11 06/13/2019
     RIP: 0010:bnxt_set_vf_trust+0x5b/0x110 [bnxt_en]
     Code: 44 24 58 31 c0 e8 f5 fb ff ff 85 c0 0f 85 b6 00 00 00 48 8d 1c 5b 41 89 c6 b9 0b 00 00 00 48 c1 e3 04 49 03 9c 24 f0 0e 00 00 <8b> 43 14 89 c2 83 c8 10 83 e2 ef 45 84 ed 49 89 e5 0f 44 c2 4c 89
     RSP: 0018:ffffac6246a1f570 EFLAGS: 00010246
     RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000000000b
     RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff98b28f538900
     RBP: ffff98b28f538900 R08: 0000000000000000 R09: 0000000000000008
     R10: ffffffffb9515be0 R11: ffffac6246a1f678 R12: ffff98b28f538000
     R13: 0000000000000001 R14: 0000000000000000 R15: ffffffffc05451e0
     FS:  00007fde0f688800(0000) GS:ffff98baffd40000(0000) knlGS:0000000000000000
     CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
     CR2: 0000000000000014 CR3: 000000104bb0a003 CR4: 00000000007606e0
     DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
     DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
     PKRU: 55555554
     Call Trace:
      do_setlink+0x994/0xfe0
      __rtnl_newlink+0x544/0x8d0
      rtnl_newlink+0x47/0x70
      rtnetlink_rcv_msg+0x29f/0x350
      netlink_rcv_skb+0x4a/0x110
      netlink_unicast+0x21d/0x300
      netlink_sendmsg+0x329/0x450
      sock_sendmsg+0x5b/0x60
      ____sys_sendmsg+0x204/0x280
      ___sys_sendmsg+0x88/0xd0
      __sys_sendmsg+0x5e/0xa0
      do_syscall_64+0x47/0x80
      entry_SYSCALL_64_after_hwframe+0x44/0xa9
    
    Fixes: c0c050c5 ("bnxt_en: New Broadcom ethernet driver.")
    Reported-by: default avatarFei Liu <feliu@redhat.com>
    CC: Jonathan Toppins <jtoppins@redhat.com>
    CC: Michael Chan <michael.chan@broadcom.com>
    Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
    Reviewed-by: default avatarMichael Chan <michael.chan@broadcom.com>
    Acked-by: default avatarJonathan Toppins <jtoppins@redhat.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
    Signed-off-by: default avatarKhalid Elmously <khalid.elmously@canonical.com>
    1438e4bc
bnxt_sriov.c 21.5 KB