158 lines
6.0 KiB
Diff
158 lines
6.0 KiB
Diff
From 92e9db10ad78811b7ae2dc215e3dd24de2322b8b Mon Sep 17 00:00:00 2001
|
|
From: Kamal Heib <kheib@redhat.com>
|
|
Date: Mon, 20 Apr 2026 17:37:37 -0400
|
|
Subject: [PATCH] net/mlx5: Fix vhca_id access call trace use before alloc
|
|
|
|
JIRA: https://redhat.atlassian.net/browse/RHEL-169055
|
|
|
|
commit a8f930b7be7be3f18f14446df461e17137400407
|
|
Author: Parav Pandit <parav@nvidia.com>
|
|
Date: Tue Jan 27 10:52:40 2026 +0200
|
|
|
|
net/mlx5: Fix vhca_id access call trace use before alloc
|
|
|
|
HCA CAP structure is allocated in mlx5_hca_caps_alloc().
|
|
mlx5_mdev_init()
|
|
mlx5_hca_caps_alloc()
|
|
|
|
And HCA CAP is read from the device in mlx5_init_one().
|
|
|
|
The vhca_id's debugfs file is published even before above two
|
|
operations are done.
|
|
Due to this when user reads the vhca id before the initialization,
|
|
following call trace is observed.
|
|
|
|
Fix this by deferring debugfs publication until the HCA CAP is
|
|
allocated and read from the device.
|
|
|
|
BUG: kernel NULL pointer dereference, address: 0000000000000004
|
|
PGD 0 P4D 0
|
|
Oops: Oops: 0000 [#1] SMP PTI
|
|
CPU: 23 UID: 0 PID: 6605 Comm: cat Kdump: loaded Not tainted 6.18.0-rc7-sf+ #110 PREEMPT(full)
|
|
Hardware name: Supermicro SYS-6028U-TR4+/X10DRU-i+, BIOS 2.0b 08/09/2016
|
|
RIP: 0010:vhca_id_show+0x17/0x30 [mlx5_core]
|
|
Code: cb 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 48 8b 47 70 48 c7 c6 45 f0 12 c1 48 8b 80 70 03 00 00 <8b> 50 04 0f ca 0f b7 d2 e8 8c 82 47 cb 31 c0 c3 cc cc cc cc 0f 1f
|
|
RSP: 0018:ffffd37f4f337d40 EFLAGS: 00010203
|
|
RAX: 0000000000000000 RBX: ffff8f18445c9b40 RCX: 0000000000000001
|
|
RDX: ffff8f1109825180 RSI: ffffffffc112f045 RDI: ffff8f18445c9b40
|
|
RBP: 0000000000000000 R08: 0000645eac0d2928 R09: 0000000000000006
|
|
R10: ffffd37f4f337d48 R11: 0000000000000000 R12: ffffd37f4f337dd8
|
|
R13: ffffd37f4f337db0 R14: ffff8f18445c9b68 R15: 0000000000000001
|
|
FS: 00007f3eea099580(0000) GS:ffff8f2090f1f000(0000) knlGS:0000000000000000
|
|
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
|
|
CR2: 0000000000000004 CR3: 00000008b64e4006 CR4: 00000000003726f0
|
|
Call Trace:
|
|
<TASK>
|
|
seq_read_iter+0x11f/0x4f0
|
|
? _raw_spin_unlock+0x15/0x30
|
|
? do_anonymous_page+0x104/0x810
|
|
seq_read+0xf6/0x120
|
|
? srso_alias_untrain_ret+0x1/0x10
|
|
full_proxy_read+0x5c/0x90
|
|
vfs_read+0xad/0x320
|
|
? handle_mm_fault+0x1ab/0x290
|
|
ksys_read+0x52/0xd0
|
|
do_syscall_64+0x61/0x11e0
|
|
entry_SYSCALL_64_after_hwframe+0x76/0x7e
|
|
|
|
Fixes: dd3dd7263cde ("net/mlx5: Expose vhca_id to debugfs")
|
|
Signed-off-by: Parav Pandit <parav@nvidia.com>
|
|
Reviewed-by: Shay Drori <shayd@nvidia.com>
|
|
Reviewed-by: Simon Horman <horms@kernel.org>
|
|
Signed-off-by: Tariq Toukan <tariqt@nvidia.com>
|
|
Link: https://patch.msgid.link/1769503961-124173-4-git-send-email-tariqt@nvidia.com
|
|
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
|
|
|
|
Signed-off-by: Kamal Heib <kheib@redhat.com>
|
|
|
|
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/debugfs.c b/drivers/net/ethernet/mellanox/mlx5/core/debugfs.c
|
|
index 36806e813c33..1301c56e20d6 100644
|
|
--- a/drivers/net/ethernet/mellanox/mlx5/core/debugfs.c
|
|
+++ b/drivers/net/ethernet/mellanox/mlx5/core/debugfs.c
|
|
@@ -613,3 +613,19 @@ void mlx5_debug_cq_remove(struct mlx5_core_dev *dev, struct mlx5_core_cq *cq)
|
|
cq->dbg = NULL;
|
|
}
|
|
}
|
|
+
|
|
+static int vhca_id_show(struct seq_file *file, void *priv)
|
|
+{
|
|
+ struct mlx5_core_dev *dev = file->private;
|
|
+
|
|
+ seq_printf(file, "0x%x\n", MLX5_CAP_GEN(dev, vhca_id));
|
|
+ return 0;
|
|
+}
|
|
+
|
|
+DEFINE_SHOW_ATTRIBUTE(vhca_id);
|
|
+
|
|
+void mlx5_vhca_debugfs_init(struct mlx5_core_dev *dev)
|
|
+{
|
|
+ debugfs_create_file("vhca_id", 0400, dev->priv.dbg.dbg_root, dev,
|
|
+ &vhca_id_fops);
|
|
+}
|
|
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/main.c b/drivers/net/ethernet/mellanox/mlx5/core/main.c
|
|
index bb794c276b7f..5f6a8eef1982 100644
|
|
--- a/drivers/net/ethernet/mellanox/mlx5/core/main.c
|
|
+++ b/drivers/net/ethernet/mellanox/mlx5/core/main.c
|
|
@@ -1806,16 +1806,6 @@ static int mlx5_hca_caps_alloc(struct mlx5_core_dev *dev)
|
|
return -ENOMEM;
|
|
}
|
|
|
|
-static int vhca_id_show(struct seq_file *file, void *priv)
|
|
-{
|
|
- struct mlx5_core_dev *dev = file->private;
|
|
-
|
|
- seq_printf(file, "0x%x\n", MLX5_CAP_GEN(dev, vhca_id));
|
|
- return 0;
|
|
-}
|
|
-
|
|
-DEFINE_SHOW_ATTRIBUTE(vhca_id);
|
|
-
|
|
static int mlx5_notifiers_init(struct mlx5_core_dev *dev)
|
|
{
|
|
int err;
|
|
@@ -1884,7 +1874,7 @@ int mlx5_mdev_init(struct mlx5_core_dev *dev, int profile_idx)
|
|
priv->numa_node = dev_to_node(mlx5_core_dma_dev(dev));
|
|
priv->dbg.dbg_root = debugfs_create_dir(dev_name(dev->device),
|
|
mlx5_debugfs_root);
|
|
- debugfs_create_file("vhca_id", 0400, priv->dbg.dbg_root, dev, &vhca_id_fops);
|
|
+
|
|
INIT_LIST_HEAD(&priv->traps);
|
|
|
|
err = mlx5_cmd_init(dev);
|
|
@@ -2022,6 +2012,8 @@ static int probe_one(struct pci_dev *pdev, const struct pci_device_id *id)
|
|
goto err_init_one;
|
|
}
|
|
|
|
+ mlx5_vhca_debugfs_init(dev);
|
|
+
|
|
pci_save_state(pdev);
|
|
return 0;
|
|
|
|
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h b/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
|
|
index 99b0a25054ef..f2d74382fb85 100644
|
|
--- a/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
|
|
+++ b/drivers/net/ethernet/mellanox/mlx5/core/mlx5_core.h
|
|
@@ -258,6 +258,7 @@ int mlx5_wait_for_pages(struct mlx5_core_dev *dev, int *pages);
|
|
void mlx5_cmd_flush(struct mlx5_core_dev *dev);
|
|
void mlx5_cq_debugfs_init(struct mlx5_core_dev *dev);
|
|
void mlx5_cq_debugfs_cleanup(struct mlx5_core_dev *dev);
|
|
+void mlx5_vhca_debugfs_init(struct mlx5_core_dev *dev);
|
|
|
|
int mlx5_query_pcam_reg(struct mlx5_core_dev *dev, u32 *pcam, u8 feature_group,
|
|
u8 access_reg_group);
|
|
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c b/drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c
|
|
index b706f1486504..c45540fe7d9d 100644
|
|
--- a/drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c
|
|
+++ b/drivers/net/ethernet/mellanox/mlx5/core/sf/dev/driver.c
|
|
@@ -76,6 +76,7 @@ static int mlx5_sf_dev_probe(struct auxiliary_device *adev, const struct auxilia
|
|
goto init_one_err;
|
|
}
|
|
|
|
+ mlx5_vhca_debugfs_init(mdev);
|
|
return 0;
|
|
|
|
init_one_err:
|
|
--
|
|
2.50.1 (Apple Git-155)
|
|
|