ixgbe: Kernel Oops when attempting to disable spoofchk in a non-existing VF
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Trusty |
Fix Released
|
Medium
|
Heitor Alves de Siqueira |
Bug Description
[Impact]
Trusty 3.13 kernel Oops due to ixgbe driver failing to check non-existing VF
[Description]
In the current Trusty kernel, when the ixgbe driver tries to enable or disable spoofchk for a non-existing VF, it causes a kernel oops. This is due to a missing check in ixgbe_ndo_
Upstream commit: https:/
$ git describe --contains 600a507ddcb99
Ubuntu-
$ rmadison linux-generic
=> linux-generic | 3.13.0.24.28 | trusty | amd64, ...
=> linux-generic | 3.13.0.165.175 | trusty-security | amd64, ...
=> linux-generic | 3.13.0.165.175 | trusty-updates | amd64, ...
linux-generic | 4.4.0.21.22 | xenial | amd64, ...
linux-generic | 4.15.0.20.23 | bionic | amd64, ...
linux-generic | 4.18.0.10.11 | cosmic | amd64, ...
linux-generic | 4.19.0.12.13 | disco | amd64, ...
[Fix]
The fix is to check if the requested VF exists before dereferencing it in the driver. Upstream commit 600a507ddcb99 introduced this check, and it's a clean cherry pick into the latest Trusty kernel.
[Test Case]
1) Deploy a Trusty system with an ixgbe adapter and latest kernel from -updates:
# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.5 LTS
Release: 14.04
Codename: trusty
# uname -r
3.13.0-165-generic
# lspci -v -s 04:00.0
04:00.0 Ethernet controller: Intel Corporation Ethernet Controller 10-Gigabit X540-AT2 (rev 01)
Subsystem: Hewlett-Packard Company 561FLR-T 2-port 10Gb Ethernet Adapter
Flags: bus master, fast devsel, latency 0, IRQ 16
Memory at 92e00000 (32-bit, prefetchable) [size=2M]
Memory at 93004000 (32-bit, prefetchable) [size=16K]
[virtual] Expansion ROM at 93080000 [disabled] [size=512K]
Kernel driver in use: ixgbe
2) Attempt to disable spoofchk with VF -1:
# ip link set dev eth4 vf -1 spoofchk off
Killed
# dmesg
[ 241.066440] BUG: unable to handle kernel paging request at fffffffffffffffa
[ 241.066880] IP: [<ffffffffa0147
[ 241.067331] PGD 2c13067 PUD 2c15067 PMD 0
[ 241.067591] Oops: 0002 [#1] SMP
[ 241.067793] Modules linked in: ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_
[ 241.070462] CPU: 43 PID: 2214 Comm: ip Not tainted 3.13.0-165-generic #215-Ubuntu
[ 241.070908] Hardware name: HP ProLiant DL360 Gen9, BIOS P89 05/06/2015
[ 241.071302] task: ffff880035c4c800 ti: ffff8810275c8000 task.ti: ffff8810275c8000
[ 241.071751] RIP: 0010:[<
[ 241.072349] RSP: 0018:ffff881027
[ 241.072663] RAX: 0000000000000000 RBX: ffff881022360000 RCX: 00000000ffffffff
[ 241.073090] RDX: 0000000000000000 RSI: 00000000000081fc RDI: ffff881022360000
[ 241.073522] RBP: ffff8810275c9858 R08: fffffffffffffffb R09: ffffffffffffffa8
[ 241.073953] R10: 00000000ffffffa1 R11: 0000000000000246 R12: ffff8810275c9950
[ 241.074381] R13: 0000000000000000 R14: ffffffffa01511c0 R15: 00000000ffffffea
[ 241.074814] FS: 00007f3188ce674
[ 241.075299] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 241.075642] CR2: fffffffffffffffa CR3: 000000202662a000 CR4: 0000000000160770
[ 241.076365] Stack:
[ 241.076470] ffff8810275c98f0 ffffffff8164f6fb ffff8810275c9888 ffff882000000010
[ 241.076938] ffffffffa01511c0 ffff8820268b0c24 0000000000000000 0000000000000000
[ 241.077403] 0000000000000000 0000000000000000 ffff8820268b0c28 0000000000000000
[ 241.077865] Call Trace:
[ 241.078037] [<ffffffff8164f
[ 241.078352] [<ffffffff8139c
[ 241.078669] [<ffffffff8164f
[ 241.078994] [<ffffffff81161
[ 241.079393] [<ffffffff812e5
[ 241.079733] [<ffffffff81077
[ 241.080027] [<ffffffff8164c
[ 241.080381] [<ffffffff811af
[ 241.080802] [<ffffffff8162c
[ 241.081121] [<ffffffff8164c
[ 241.081464] [<ffffffff8166b
[ 241.081792] [<ffffffff8164c
[ 241.082118] [<ffffffff8166a
[ 241.082455] [<ffffffff8166a
[ 241.082801] [<ffffffff81623
[ 241.099175] [<ffffffff811bd
[ 241.115633] [<ffffffff81622
[ 241.132150] [<ffffffff81623
[ 241.148222] [<ffffffff81623
[ 241.163907] [<ffffffff81621
[ 241.179322] [<ffffffff81748
[ 241.194220] [<ffffffff811df
[ 241.209158] [<ffffffff811e9
[ 241.223576] [<ffffffff811ca
[ 241.237701] [<ffffffff81624
[ 241.251846] [<ffffffff81624
[ 241.265579] [<ffffffff8174d
[ 241.278978] Code: 8d 0c 06 83 e1 07 29 c1 48 63 c6 c1 fe 03 4c 8d 04 80 8d 34 b5 00 82 00 00 4e 8d 0c 40 48 8b 87 90 85 00 00 48 63 f6 49 c1 e1 03 <42> 88 54 08 52 48 89 f0 48 03 87 80 16 00 00 8b 00 41 ba 01 00
[ 241.306211] RIP [<ffffffffa0147
[ 241.319310] RSP <ffff8810275c9858>
[ 241.332404] CR2: fffffffffffffffa
[ 241.345011] ---[ end trace a45b72690a7e13be ]---
[Regression Potential]
The regression potential is low, since the fix is a simple check to confirm the VF exists before doing any operations. This check is already implemented in other functions of the ixgbe driver, and only the spoofchk function is missing it. Nonetheless, the patch was tested in an impacted system and confirmed to resolve the kernel oops without further problems.
CVE References
Changed in linux (Ubuntu Trusty): | |
status: | New → In Progress |
importance: | Undecided → Medium |
assignee: | nobody → Heitor R. Alves de Siqueira (halves) |
tags: | added: sts |
Changed in linux (Ubuntu Trusty): | |
status: | In Progress → Fix Committed |
SRU request sent to kernel-team mailing list: https:/ /lists. ubuntu. com/archives/ kernel- team/2019- February/ 098444. html