NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_msm-6.1_noth.../drivers
History
Saravanan Vajravel 4323aaedeb RDMA/srpt: Add a check for valid 'mad_agent' pointer 
[ Upstream commit eca5cd9474cd26d62f9756f536e2e656d3f62f3a ]

When unregistering MAD agent, srpt module has a non-null check
for 'mad_agent' pointer before invoking ib_unregister_mad_agent().
This check can pass if 'mad_agent' variable holds an error value.
The 'mad_agent' can have an error value for a short window when
srpt_add_one() and srpt_remove_one() is executed simultaneously.

In srpt module, added a valid pointer check for 'sport->mad_agent'
before unregistering MAD agent.

This issue can hit when RoCE driver unregisters ib_device

Stack Trace:
------------
BUG: kernel NULL pointer dereference, address: 000000000000004d
PGD 145003067 P4D 145003067 PUD 2324fe067 PMD 0
Oops: 0002 [#1] PREEMPT SMP NOPTI
CPU: 10 PID: 4459 Comm: kworker/u80:0 Kdump: loaded Tainted: P
Hardware name: Dell Inc. PowerEdge R640/06NR82, BIOS 2.5.4 01/13/2020
Workqueue: bnxt_re bnxt_re_task [bnxt_re]
RIP: 0010:_raw_spin_lock_irqsave+0x19/0x40
Call Trace:
  ib_unregister_mad_agent+0x46/0x2f0 [ib_core]
  IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
  ? __schedule+0x20b/0x560
  srpt_unregister_mad_agent+0x93/0xd0 [ib_srpt]
  srpt_remove_one+0x20/0x150 [ib_srpt]
  remove_client_context+0x88/0xd0 [ib_core]
  bond0: (slave p2p1): link status definitely up, 100000 Mbps full duplex
  disable_device+0x8a/0x160 [ib_core]
  bond0: active interface up!
  ? kernfs_name_hash+0x12/0x80
 (NULL device *): Bonding Info Received: rdev: 000000006c0b8247
  __ib_unregister_device+0x42/0xb0 [ib_core]
 (NULL device *):         Master: mode: 4 num_slaves:2
  ib_unregister_device+0x22/0x30 [ib_core]
 (NULL device *):         Slave: id: 105069936 name:p2p1 link:0 state:0
  bnxt_re_stopqps_and_ib_uninit+0x83/0x90 [bnxt_re]
  bnxt_re_alloc_lag+0x12e/0x4e0 [bnxt_re]

Fixes: a42d985bd5 ("ib_srpt: Initial SRP Target merge for v3.3-rc1")
Reviewed-by: Selvin Xavier <selvin.xavier@broadcom.com>
Reviewed-by: Kashyap Desai <kashyap.desai@broadcom.com>
Signed-off-by: Saravanan Vajravel <saravanan.vajravel@broadcom.com>
Link: https://lore.kernel.org/r/20230406042549.507328-1-saravanan.vajravel@broadcom.com
Reviewed-by: Bart Van Assche <bvanassche@acm.org>
Signed-off-by: Leon Romanovsky <leon@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-05-11 23:03:34 +09:00
..
accessibility
acpi ACPI: bus: Ensure that notify handlers are not running after removal 2023-05-11 23:03:16 +09:00
amba
android
ata ata: ahci: Revert "ata: ahci: Add Tiger Lake UP{3,4} AHCI controller" 2023-03-10 09:32:32 +01:00
atm atm: idt77252: fix kmemleak when rmmod idt77252 2023-03-30 12:49:09 +02:00
auxdisplay auxdisplay: hd44780: Fix potential memory leak in hd44780_remove() 2023-03-11 13:55:16 +01:00
base cacheinfo: Check sib_leaf in cache_leaves_are_shared() 2023-05-11 23:03:29 +09:00
bcma
block block: ublk_drv: mark device as LIVE before adding disk 2023-04-20 12:35:11 +02:00
bluetooth Revert "Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work" 2023-05-11 23:03:26 +09:00
bus bus: mhi: host: Range check CHDBOFF and ERDBOFF 2023-05-11 23:03:05 +09:00
cdrom
char ipmi: ASPEED_BT_IPMI_BMC: select REGMAP_MMIO instead of depending on it 2023-05-11 23:03:26 +09:00
clk clk: qcom: gcc-sm6115: Mark RCGs shared where applicable 2023-05-11 23:03:34 +09:00
clocksource clocksource/drivers/riscv: Patch riscv_clock_next_event() jump before first use 2023-03-10 09:33:03 +01:00
comedi
connector
counter counter: 104-quad-8: Fix Synapse action reported for Index signals 2023-04-13 16:55:31 +02:00
cpufreq cpufreq: use correct unit when verify cur freq 2023-05-11 23:03:16 +09:00
cpuidle RISC-V: Align SBI probe implementation with spec 2023-05-11 23:03:04 +09:00
crypto crypto: sa2ul - Select CRYPTO_DES 2023-05-11 23:03:20 +09:00
cxl cxl/hdm: Fail upon detecting 0-sized decoders 2023-05-11 23:03:05 +09:00
dax dax/kmem: Fix leak of memory-hotplug resources 2023-03-10 09:34:25 +01:00
dca
devfreq
dio
dma dmaengine: apple-admac: Fix 'current_tx' not getting freed 2023-04-20 12:35:08 +02:00
dma-buf dma-buf: actually set signaling bit for private stub fences 2023-02-09 11:28:23 +01:00
edac EDAC/skx: Fix overflows on the DRAM row address mapping arrays 2023-05-11 23:03:08 +09:00
eisa
extcon
firewire firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region 2023-02-09 11:27:59 +01:00
firmware firmware: stratix10-svc: Fix an NULL vs IS_ERR() bug in probe 2023-05-11 23:03:30 +09:00
fpga fpga: bridge: fix kernel-doc parameter description 2023-05-11 23:03:27 +09:00
fsi use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
gnss
gpio gpiolib: acpi: Add a ignore wakeup quirk for Clevo NL5xNU 2023-05-01 08:26:27 +09:00
gpu drm/panel: novatek-nt35950: Only unregister DSI1 if it exists 2023-05-11 23:03:29 +09:00
greybus
hid HID: amd_sfh: Handle "no sensors" enabled for SFH1.1 2023-05-11 23:03:29 +09:00
hsi
hte
hv Drivers: vmbus: Check for channel allocation before looking up relids 2023-04-13 16:55:18 +02:00
hwmon hwmon: (pmbus/fsp-3y) Fix functionality bitmask in FSP-3Y YM-2151E 2023-05-11 23:03:16 +09:00
hwspinlock
hwtracing coresight: etm_pmu: Set the module field 2023-05-11 23:03:29 +09:00
i2c i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path 2023-05-11 23:03:30 +09:00
i3c
idle Revert "cpuidle, intel_idle: Fix CPUIDLE_FLAG_IRQ_ENABLE *again*" 2023-04-06 12:10:58 +02:00
iio iio: light: max44009: add missing OF device matching 2023-05-11 23:03:27 +09:00
infiniband RDMA/srpt: Add a check for valid 'mad_agent' pointer 2023-05-11 23:03:34 +09:00
input Input: pegasus-notetaker - check pipe type when probing 2023-04-26 14:28:43 +02:00
interconnect interconnect: qcom: rpm: drop bogus pm domain attach 2023-05-11 23:03:28 +09:00
iommu iommu/mediatek: Set dma_mask for PGTABLE_PA_35_EN 2023-05-11 23:03:33 +09:00
ipack
irqchip irqchip/irq-bcm7120-l2: Set IRQ_LEVEL for level triggered interrupts 2023-03-10 09:33:07 +01:00
isdn use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
leds pwm: Make .get_state() callback return an error code 2023-04-13 16:55:18 +02:00
macintosh macintosh: via-pmu-led: requires ATA to be set 2023-05-11 23:03:31 +09:00
mailbox mailbox: mpfs: switch to txdone_poll 2023-05-11 23:03:12 +09:00
mcb
md md/raid10: don't call bio_start_io_acct twice for bio which experienced read error 2023-05-11 23:03:23 +09:00
media media: mediatek: vcodec: add remove function for decoder platform driver 2023-05-11 23:03:16 +09:00
memory memory: tegra30-emc: fix interconnect registration race 2023-03-22 13:33:56 +01:00
memstick memstick: fix memory leak if card device is never registered 2023-04-26 14:28:39 +02:00
message
mfd mfd: arizona: Use pm_runtime_resume_and_get() to prevent refcnt leak 2023-03-11 13:55:32 +01:00
misc vmci_host: fix a race condition in vmci_host_poll() causing GPF 2023-05-11 23:03:28 +09:00
mmc mmc: sdhci-of-esdhc: fix quirk to ignore command inhibit for data 2023-05-11 23:03:11 +09:00
most
mtd ubi: Fix return value overwrite issue in try_write_vid_and_data() 2023-05-11 23:03:05 +09:00
mux
net net: amd: Fix link leak when verifying config failed 2023-05-11 23:03:26 +09:00
nfc nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition 2023-03-22 13:33:46 +01:00
ntb
nubus
nvdimm cxl/pmem: Fix nvdimm registration races 2023-03-10 09:34:20 +01:00
nvme nvme-fcloop: fix "inconsistent {IN-HARDIRQ-W} -> {HARDIRQ-ON-W} usage" 2023-05-11 23:03:22 +09:00
nvmem nvmem: core: fix return value 2023-02-09 11:28:25 +01:00
of of: Fix modalias string generation 2023-05-11 23:03:28 +09:00
opp OPP: fix error checking in opp_migrate_dentry() 2023-03-10 09:33:01 +01:00
parisc
parport
pci PCI/PM: Extend D3hot delay for NVIDIA HDA controllers 2023-05-11 23:03:29 +09:00
pcmcia
peci
perf perf/arm-cmn: Fix port detection for CMN-700 2023-05-11 23:03:16 +09:00
phy phy: qcom-qmp-pcie: sc8180x PCIe PHY has 2 lanes 2023-05-11 23:02:59 +09:00
pinctrl pinctrl: qcom: lpass-lpi: set output value before enabling output 2023-05-11 23:03:02 +09:00
platform platform/chrome: cros_typec_switch: Add missing fwnode_handle_put() 2023-05-11 23:03:16 +09:00
pnp
power power: supply: rk817: Fix low SOC bugs 2023-05-11 23:03:34 +09:00
powercap powercap: fix possible name leak in powercap_register_zone() 2023-03-10 09:32:56 +01:00
pps
ps3
ptp ptp_qoriq: fix memory leak in probe() 2023-04-06 12:10:44 +02:00
pwm pwm: meson: Fix g12a ao clk81 name 2023-05-11 23:03:02 +09:00
rapidio
ras
regulator regulator: stm32-pwr: fix of_iomap leak 2023-05-11 23:03:16 +09:00
remoteproc remoteproc/mtk_scp: Move clk ops outside send_lock 2023-03-10 09:34:26 +01:00
reset
rpmsg rpmsg: glink: Propagate TX failures in intentless mode as well 2023-05-11 23:03:16 +09:00
rtc rtc: k3: handle errors while enabling wake irq 2023-05-11 23:03:33 +09:00
s390 s390/vfio-ap: fix memory leak in vfio_ap device driver 2023-04-06 12:10:46 +02:00
sbus
scsi scsi: lpfc: Fix ioremap issues in lpfc_sli4_pci_mem_setup() 2023-05-11 23:03:21 +09:00
sh
siox
slimbus
soc soc: renesas: renesas-soc: Release 'chipid' from ioremap() 2023-05-11 23:03:12 +09:00
soundwire soundwire: qcom: correct setting ignore bit on v1.5.1 2023-05-11 23:03:02 +09:00
spi spi: cadence-quadspi: use macro DEFINE_SIMPLE_DEV_PM_OPS 2023-05-11 23:03:30 +09:00
spmi spmi: Add a check for remove callback when removing a SPMI driver 2023-05-11 23:03:31 +09:00
ssb
staging staging: rtl8192e: Fix W_DISABLE# does not work after stop/start 2023-05-11 23:03:30 +09:00
target scsi: target: iscsit: Fix TAS handling during conn cleanup 2023-05-11 23:03:19 +09:00
tc
tee tee: amdtee: fix race condition in amdtee_open_session 2023-03-30 12:49:29 +02:00
thermal thermal: intel: BXT_PMIC: select REGMAP instead of depending on it 2023-03-11 13:55:32 +01:00
thunderbolt thunderbolt: Limit USB3 bandwidth of certain Intel USB4 host routers 2023-04-06 12:10:33 +02:00
tty serial: 8250: Add missing wakeup event reporting 2023-05-11 23:03:30 +09:00
ufs scsi: ufs: core: Add soft dependency on governor_simpleondemand 2023-03-30 12:49:17 +02:00
uio
usb usb: mtu3: fix kernel panic at qmu transfer done irq handler 2023-05-11 23:03:30 +09:00
vdpa vp_vdpa: fix the crash in hot unplug with vp_vdpa 2023-03-22 13:34:03 +01:00
vfio vfio/type1: restore locked_vm 2023-03-10 09:34:32 +01:00
vhost vhost-vdpa: free iommu domain after last use during cleanup 2023-03-22 13:33:44 +01:00
video fbdev: mmp: Fix deferred clk handling in mmphw_probe() 2023-05-11 23:03:31 +09:00
virt virt/coco/sev-guest: Double-buffer messages 2023-05-11 23:03:10 +09:00
virtio virtio_ring: don't update event idx on get_buf 2023-05-11 23:03:31 +09:00
vlynq
w1
watchdog watchdog: sbsa_wdog: Make sure the timeout programming is within the limits 2023-03-11 13:55:24 +01:00
xen ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 2023-05-11 23:03:11 +09:00
zorro
Kconfig
Makefile