+++ /dev/null
-From a7542b87607560d0b89e7ff81d870bd6ff8835cb Mon Sep 17 00:00:00 2001
-From: Stefan Assmann <sassmann@kpanic.de>
-Date: Wed, 21 Aug 2019 16:09:29 +0200
-Subject: i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask
-
-From: Stefan Assmann <sassmann@kpanic.de>
-
-commit a7542b87607560d0b89e7ff81d870bd6ff8835cb upstream.
-
-While testing VF spawn/destroy the following panic occurred.
-
-BUG: unable to handle kernel NULL pointer dereference at 0000000000000029
-[...]
-Workqueue: i40e i40e_service_task [i40e]
-RIP: 0010:i40e_sync_vsi_filters+0x6fd/0xc60 [i40e]
-[...]
-Call Trace:
- ? __switch_to_asm+0x35/0x70
- ? __switch_to_asm+0x41/0x70
- ? __switch_to_asm+0x35/0x70
- ? _cond_resched+0x15/0x30
- i40e_sync_filters_subtask+0x56/0x70 [i40e]
- i40e_service_task+0x382/0x11b0 [i40e]
- ? __switch_to_asm+0x41/0x70
- ? __switch_to_asm+0x41/0x70
- process_one_work+0x1a7/0x3b0
- worker_thread+0x30/0x390
- ? create_worker+0x1a0/0x1a0
- kthread+0x112/0x130
- ? kthread_bind+0x30/0x30
- ret_from_fork+0x35/0x40
-
-Investigation revealed a race where pf->vf[vsi->vf_id].trusted may get
-accessed by the watchdog via i40e_sync_filters_subtask() although
-i40e_free_vfs() already free'd pf->vf.
-To avoid this the call to i40e_sync_vsi_filters() in
-i40e_sync_filters_subtask() needs to be guarded by __I40E_VF_DISABLE,
-which is also used by i40e_free_vfs().
-
-Note: put the __I40E_VF_DISABLE check after the
-__I40E_MACVLAN_SYNC_PENDING check as the latter is more likely to
-trigger.
-
-CC: stable@vger.kernel.org
-Signed-off-by: Stefan Assmann <sassmann@kpanic.de>
-Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
-Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/net/ethernet/intel/i40e/i40e_main.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/drivers/net/ethernet/intel/i40e/i40e_main.c
-+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
-@@ -2536,6 +2536,10 @@ void i40e_vlan_stripping_disable(struct
- /* Don't modify stripping options if a port VLAN is active */
- if (vsi->info.pvid)
- return;
-+ if (test_and_set_bit(__I40E_VF_DISABLE, pf->state)) {
-+ set_bit(__I40E_MACVLAN_SYNC_PENDING, pf->state);
-+ return;
-+ }
-
- if ((vsi->info.valid_sections &
- cpu_to_le16(I40E_AQ_VSI_PROP_VLAN_VALID)) &&
-@@ -7596,6 +7600,7 @@ static void i40e_sync_udp_filters_subtas
- }
- }
- }
-+ clear_bit(__I40E_VF_DISABLE, pf->state);
- }
-
- /**
gfs2-clear-buf_in_tr-when-ending-a-transaction-in-sweep_bh_for_rgrps.patch
memcg-oom-don-t-require-__gfp_fs-when-invoking-memcg-oom-killer.patch
memcg-kmem-do-not-fail-__gfp_nofail-charges.patch
-i40e-check-__i40e_vf_disable-bit-in-i40e_sync_filters_subtask.patch
ovl-filter-of-trusted-xattr-results-in-audit.patch
btrfs-fix-use-after-free-when-using-the-tree-modification-log.patch
btrfs-relinquish-cpus-in-btrfs_compare_trees.patch
+++ /dev/null
-From a7542b87607560d0b89e7ff81d870bd6ff8835cb Mon Sep 17 00:00:00 2001
-From: Stefan Assmann <sassmann@kpanic.de>
-Date: Wed, 21 Aug 2019 16:09:29 +0200
-Subject: i40e: check __I40E_VF_DISABLE bit in i40e_sync_filters_subtask
-
-From: Stefan Assmann <sassmann@kpanic.de>
-
-commit a7542b87607560d0b89e7ff81d870bd6ff8835cb upstream.
-
-While testing VF spawn/destroy the following panic occurred.
-
-BUG: unable to handle kernel NULL pointer dereference at 0000000000000029
-[...]
-Workqueue: i40e i40e_service_task [i40e]
-RIP: 0010:i40e_sync_vsi_filters+0x6fd/0xc60 [i40e]
-[...]
-Call Trace:
- ? __switch_to_asm+0x35/0x70
- ? __switch_to_asm+0x41/0x70
- ? __switch_to_asm+0x35/0x70
- ? _cond_resched+0x15/0x30
- i40e_sync_filters_subtask+0x56/0x70 [i40e]
- i40e_service_task+0x382/0x11b0 [i40e]
- ? __switch_to_asm+0x41/0x70
- ? __switch_to_asm+0x41/0x70
- process_one_work+0x1a7/0x3b0
- worker_thread+0x30/0x390
- ? create_worker+0x1a0/0x1a0
- kthread+0x112/0x130
- ? kthread_bind+0x30/0x30
- ret_from_fork+0x35/0x40
-
-Investigation revealed a race where pf->vf[vsi->vf_id].trusted may get
-accessed by the watchdog via i40e_sync_filters_subtask() although
-i40e_free_vfs() already free'd pf->vf.
-To avoid this the call to i40e_sync_vsi_filters() in
-i40e_sync_filters_subtask() needs to be guarded by __I40E_VF_DISABLE,
-which is also used by i40e_free_vfs().
-
-Note: put the __I40E_VF_DISABLE check after the
-__I40E_MACVLAN_SYNC_PENDING check as the latter is more likely to
-trigger.
-
-CC: stable@vger.kernel.org
-Signed-off-by: Stefan Assmann <sassmann@kpanic.de>
-Tested-by: Andrew Bowers <andrewx.bowers@intel.com>
-Signed-off-by: Jeff Kirsher <jeffrey.t.kirsher@intel.com>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-
----
- drivers/net/ethernet/intel/i40e/i40e_main.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/drivers/net/ethernet/intel/i40e/i40e_main.c
-+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c
-@@ -2645,6 +2645,10 @@ static void i40e_restore_vlan(struct i40
-
- if (!vsi->netdev)
- return;
-+ if (test_and_set_bit(__I40E_VF_DISABLE, pf->state)) {
-+ set_bit(__I40E_MACVLAN_SYNC_PENDING, pf->state);
-+ return;
-+ }
-
- i40e_vlan_rx_register(vsi->netdev, vsi->netdev->features);
-
-@@ -7164,6 +7168,7 @@ static void i40e_sync_udp_filters_subtas
- }
- }
- }
-+ clear_bit(__I40E_VF_DISABLE, pf->state);
- }
-
- /**
alarmtimer-use-eopnotsupp-instead-of-enotsupp.patch
regulator-defer-init-completion-for-a-while-after-late_initcall.patch
memcg-kmem-do-not-fail-__gfp_nofail-charges.patch
-i40e-check-__i40e_vf_disable-bit-in-i40e_sync_filters_subtask.patch
ovl-filter-of-trusted-xattr-results-in-audit.patch
btrfs-fix-use-after-free-when-using-the-tree-modification-log.patch
btrfs-relinquish-cpus-in-btrfs_compare_trees.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
