• Andrew Boyer's avatar
    RDMA/i40iw: Avoid panic when reading back the IRQ affinity hint · 43731753
    Andrew Boyer authored
    The current code sets an affinity hint with a cpumask_t stored on the
    stack. This value can then be accessed through /proc/irq/*/affinity_hint/,
    causing a segfault or returning corrupt data.
    
    Move the cpumask_t into struct i40iw_msix_vector so it is available later.
    
    Backtrace:
    BUG: unable to handle kernel paging request at ffffb16e600e7c90
    IP: irq_affinity_hint_proc_show+0x60/0xf0
    PGD 17c0c6d067
    PUD 17c0c6e067
    PMD 15d4a0e067
    PTE 0
    
    Oops: 0000 [#1] SMP
    Modules linked in: ...
    CPU: 3 PID: 172543 Comm: grep Tainted: G           OE   ... #1
    Hardware name: ...
    task: ffff9a5caee08000 task.stack: ffffb16e659d8000
    RIP: 0010:irq_affinity_hint_proc_show+0x60/0xf0
    RSP: 0018:ffffb16e659dbd20 EFLAGS: 00010086
    RAX: 0000000000000246 RBX: ffffb16e659dbd20 RCX: 0000000000000000
    RDX: ffffb16e600e7c90 RSI: 0000000000000003 RDI: 0000000000000046
    RBP: ffffb16e659dbd88 R08: 0000000000000038 R09: 0000000000000001
    R10: 0000000070803079 R11: 0000000000000000 R12: ffff9a59d1d97a00
    R13: ffff9a5da47a6cd8 R14: ffff9a5da47a6c00 R15: ffff9a59d1d97a00
    FS:  00007f946c31d740(0000) GS:ffff9a5dc1800000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: ffffb16e600e7c90 CR3: 00000016a4339000 CR4: 00000000007406e0
    DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    PKRU: 55555554
    Call Trace:
     seq_read+0x12d/0x430
     ? sched_clock_cpu+0x11/0xb0
     proc_reg_read+0x48/0x70
     __vfs_read+0x37/0x140
     ? security_file_permission+0xa0/0xc0
     vfs_read+0x96/0x140
     SyS_read+0x58/0xc0
     do_syscall_64+0x5a/0x190
     entry_SYSCALL64_slow_path+0x25/0x25
    RIP: 0033:0x7f946bbc97e0
    RSP: 002b:00007ffdd0c4ae08 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
    RAX: ffffffffffffffda RBX: 000000000096b000 RCX: 00007f946bbc97e0
    RDX: 000000000096b000 RSI: 00007f946a2f0000 RDI: 0000000000000004
    RBP: 0000000000001000 R08: 00007f946a2ef011 R09: 000000000000000a
    R10: 0000000000001000 R11: 0000000000000246 R12: 00007f946a2f0000
    R13: 0000000000000004 R14: 0000000000000000 R15: 00007f946a2f0000
    Code: b9 08 00 00 00 49 89 c6 48 89 df 31 c0 4d 8d ae d8 00 00 00 f3 48 ab 4c 89 ef e8 6c 9a 56 00 49 8b 96 30 01 00 00 48 85 d2 74 3f <48> 8b 0a 48 89 4d 98 48 8b 4a 08 48 89 4d a0 48 8b 4a 10 48 89
    RIP: irq_affinity_hint_proc_show+0x60/0xf0 RSP: ffffb16e659dbd20
    CR2: ffffb16e600e7c90
    
    Fixes: 8e06af71 ("i40iw: add main, hdr, status")
    Signed-off-by: default avatarAndrew Boyer <andrew.boyer@dell.com>
    Reviewed-by: default avatarShiraz Saleem <shiraz.saleem@intel.com>
    Signed-off-by: default avatarDoug Ledford <dledford@redhat.com>
    43731753
i40iw.h 16.3 KB