[roce-1126]RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kunpeng920 |
New
|
Undecided
|
Unassigned |
Bug Description
"[Bug Description]
KASAN: slab-out-of-bounds in hns_roce_
[hns_roce]
Read of size 8 at addr ffff802185e08300 by task rmmod/270
Call trace:
dump_
show_
dump_
print_
__kasan_
kasan_
__asan_
hns_
hns_
hns_
hns_
ib_
ib_
ib_
remove_
disable_
__ib_
ib_
hns_
__hns_
hns_
hclge_
hnae3_
hnae3_
hns_
__arm64_
el0_
el0_svc+0x8/0xc
Allocated by task 255:
__kasan_
kasan_
__kmalloc+
hns_
hns_
__hns_
hns_
hclge_
hclge_
hnae3_
hnae3_
0xffff20000
do_
do_
load_
__se_
__arm64_
el0_
el0_svc+0x8/0xc
Freed by task 0:
(stack is not available)
The buggy address belongs to the object at ffff802185e06300
which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 0 bytes to the right of
8192-byte region [ffff802185e06300, ffff802185e08300)
The buggy address belongs to the page:
page:
compound_
flags: 0x5fffe00000010
raw: 5fffe00000010200 dead000000000100 dead000000000200 ffff802340020e00
raw: 0000000000000000 00000000803e003e 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff802185e
ffff802185e
>ffff802185
^
ffff802185e
ffff802185e
===
Disabling lock debugging due to kernel taint
[Steps to Reproduce]
Enable KASAN and configure PAGE_SIZE to 64K, insmod hns roce driver and then rmmod it.
[Actual Results]
Call trace because of slab-out-of-bound.
[Expected Results]
Success
[Reproducibility]
Inevitably
[Additional information]
Hardware: D06 CS
Firmware: NA
Kernel: NA
[Resolution]
Not configure eq->next when number of eq_buf is 1 in eq_mhop_alloc()."
RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver
RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver