[roce-1126]RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
kunpeng920 |
Fix Released
|
Undecided
|
Ike Panhc | ||
Ubuntu-18.04 |
Fix Released
|
Undecided
|
Ike Panhc | ||
Ubuntu-18.04-hwe |
Fix Released
|
Undecided
|
Unassigned | ||
Ubuntu-19.04 |
Fix Released
|
Undecided
|
Ike Panhc | ||
Ubuntu-19.10 |
Fix Released
|
Undecided
|
Ike Panhc | ||
Ubuntu-20.04 |
Fix Released
|
Undecided
|
Unassigned | ||
Upstream-kernel |
Fix Released
|
Undecided
|
Unassigned | ||
linux (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Ike Panhc | ||
Disco |
Fix Released
|
Undecided
|
Ike Panhc | ||
Eoan |
Fix Released
|
Undecided
|
Ike Panhc |
Bug Description
[Impact]
KASAN reports slab-out-of-bounds in RDMA/hns driver
[Testcase]
Enable KASAN and modprobe RDMA/hns driver
[Regression Risk]
Only RDMA/hns driver modified. lowest risk to other drivers/platforms
[Bug Description]
KASAN: slab-out-of-bounds in hns_roce_
[hns_roce]
Read of size 8 at addr ffff802185e08300 by task rmmod/270
Call trace:
dump_
show_
dump_
print_
__kasan_
kasan_
__asan_
hns_
hns_
hns_
hns_
ib_
ib_
ib_
remove_
disable_
__ib_
ib_
hns_
__hns_
hns_
hclge_
hnae3_
hnae3_
hns_
__arm64_
el0_
el0_svc+0x8/0xc
Allocated by task 255:
__kasan_
kasan_
__kmalloc+
hns_
hns_
__hns_
hns_
hclge_
hclge_
hnae3_
hnae3_
0xffff20000
do_
do_
load_
__se_
__arm64_
el0_
el0_svc+0x8/0xc
Freed by task 0:
(stack is not available)
The buggy address belongs to the object at ffff802185e06300
which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 0 bytes to the right of
8192-byte region [ffff802185e06300, ffff802185e08300)
The buggy address belongs to the page:
page:
compound_
flags: 0x5fffe00000010
raw: 5fffe00000010200 dead000000000100 dead000000000200 ffff802340020e00
raw: 0000000000000000 00000000803e003e 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff802185e
ffff802185e
>ffff802185
^
ffff802185e
ffff802185e
===
Disabling lock debugging due to kernel taint
[Steps to Reproduce]
Enable KASAN and configure PAGE_SIZE to 64K, insmod hns roce driver and then rmmod it.
[Actual Results]
Call trace because of slab-out-of-bound.
[Expected Results]
Success
[Reproducibility]
Inevitably
[Additional information]
Hardware: D06 CS
Firmware: NA
Kernel: NA
[Resolution]
Not configure eq->next when number of eq_buf is 1 in eq_mhop_alloc().
RDMA/hns: bugfix for slab-out-of-bounds when loading hip08 driver
RDMA/hns: Bugfix for slab-out-of-bounds when unloading hip08 driver
description: | updated |
Changed in linux (Ubuntu Bionic): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Disco): | |
status: | In Progress → Fix Committed |
Changed in linux (Ubuntu Eoan): | |
status: | In Progress → Fix Committed |
tags: | added: verification-needed-bionic |
Changed in kunpeng920: | |
status: | In Progress → Fix Committed |
Changed in kunpeng920: | |
status: | Fix Committed → Fix Released |
This bug is missing log files that will aid in diagnosing the problem. While running an Ubuntu kernel (not a mainline or third-party kernel) please enter the following command in a terminal window:
apport-collect 1853989
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.