superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers
History
Krister Johansen 90947ebf87 net: ena: fix shift-out-of-bounds in exponential backoff 
commit 1e9cb763e9 upstream.

The ENA adapters on our instances occasionally reset.  Once recently
logged a UBSAN failure to console in the process:

  UBSAN: shift-out-of-bounds in build/linux/drivers/net/ethernet/amazon/ena/ena_com.c:540:13
  shift exponent 32 is too large for 32-bit type 'unsigned int'
  CPU: 28 PID: 70012 Comm: kworker/u72:2 Kdump: loaded not tainted 5.15.117
  Hardware name: Amazon EC2 c5d.9xlarge/, BIOS 1.0 10/16/2017
  Workqueue: ena ena_fw_reset_device [ena]
  Call Trace:
  <TASK>
  dump_stack_lvl+0x4a/0x63
  dump_stack+0x10/0x16
  ubsan_epilogue+0x9/0x36
  __ubsan_handle_shift_out_of_bounds.cold+0x61/0x10e
  ? __const_udelay+0x43/0x50
  ena_delay_exponential_backoff_us.cold+0x16/0x1e [ena]
  wait_for_reset_state+0x54/0xa0 [ena]
  ena_com_dev_reset+0xc8/0x110 [ena]
  ena_down+0x3fe/0x480 [ena]
  ena_destroy_device+0xeb/0xf0 [ena]
  ena_fw_reset_device+0x30/0x50 [ena]
  process_one_work+0x22b/0x3d0
  worker_thread+0x4d/0x3f0
  ? process_one_work+0x3d0/0x3d0
  kthread+0x12a/0x150
  ? set_kthread_struct+0x50/0x50
  ret_from_fork+0x22/0x30
  </TASK>

Apparently, the reset delays are getting so large they can trigger a
UBSAN panic.

Looking at the code, the current timeout is capped at 5000us.  Using a
base value of 100us, the current code will overflow after (1<<29).  Even
at values before 32, this function wraps around, perhaps
unintentionally.

Cap the value of the exponent used for this backoff at (1<<16) which is
larger than currently necessary, but large enough to support bigger
values in the future.

Cc: stable@vger.kernel.org
Fixes: 4bb7f4cf60 ("net: ena: reduce driver load time")
Signed-off-by: Krister Johansen <kjlx@templeofstupid.com>
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Reviewed-by: Shay Agroskin <shayagr@amazon.com>
Link: https://lore.kernel.org/r/20230711013621.GE1926@templeofstupid.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2023-07-23 13:49:44 +02:00
..
accessibility
acpi ACPI: sleep: Avoid breaking S3 wakeup due to might_sleep() 2023-06-28 11:12:22 +02:00
amba
android binder: fix UAF of alloc->vma in race with munmap() 2023-05-30 14:03:19 +01:00
ata ata: libata-scsi: Avoid deadlock on rescan after device resume 2023-06-28 11:12:17 +02:00
atm
auxdisplay
base regmap-irq: Fix out-of-bounds access when allocating config buffers 2023-07-23 13:49:44 +02:00
bcma
block null_blk: Fix: memory release when memory_backed=1 2023-06-28 11:12:39 +02:00
bluetooth Bluetooth: hci_qca: fix debugfs registration 2023-06-14 11:15:28 +02:00
bus bus: ixp4xx: fix IXP4XX_EXP_T1_MASK 2023-07-23 13:49:43 +02:00
cdrom
char hwrng: imx-rngc - fix the timeout for init and self check 2023-07-23 13:49:35 +02:00
clk clk: qcom: mmcc-msm8974: fix MDSS_GDSC power flags 2023-07-19 16:21:58 +02:00
clocksource clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe 2023-07-19 16:20:59 +02:00
comedi
connector
counter
cpufreq cpufreq: mediatek: correct voltages for MT7622 and MT7623 2023-07-19 16:21:58 +02:00
cpuidle RISC-V: Align SBI probe implementation with spec 2023-05-11 23:03:04 +09:00
crypto crypto: qat - unmap buffers before free for RSA 2023-07-19 16:21:42 +02:00
cxl cxl: Wait Memory_Info_Valid before access memory related info 2023-05-30 14:03:32 +01:00
dax dax/kmem: Pass valid argument to memory_group_register_static 2023-07-19 16:21:43 +02:00
dca
devfreq
dio
dma dmaengine: pl330: rename _start to prevent build error 2023-06-09 10:34:00 +02:00
dma-buf
edac EDAC/qcom: Get rid of hardcoded register offsets 2023-06-21 16:00:51 +02:00
eisa
extcon extcon: usbc-tusb320: Unregister typec port on driver removal 2023-07-19 16:22:08 +02:00
firewire
firmware firmware: stratix10-svc: Fix a potential resource leak in svc_create_memory_pool() 2023-07-23 13:49:41 +02:00
fpga fpga: bridge: fix kernel-doc parameter description 2023-05-11 23:03:27 +09:00
fsi
gnss
gpio gpiolib: Fix irq_domain resource tracking for gpiochip_irqchip_add_domain() 2023-06-28 11:12:35 +02:00
gpu drm/ttm: Don't leak a resource on swapout move error 2023-07-23 13:49:40 +02:00
greybus
hid HID: amd_sfh: Fix for shift-out-of-bounds 2023-07-23 13:49:18 +02:00
hsi
hte hte: tegra-194: Fix off by one in tegra_hte_map_to_line_id() 2023-05-11 23:03:38 +09:00
hv Drivers: hv: vmbus: Fix vmbus_wait_for_unload() to scan present CPUs 2023-06-28 11:12:23 +02:00
hwmon hwmon: (pmbus/adm1275) Fix problems with temperature monitoring on ADM1272 2023-07-19 16:21:27 +02:00
hwspinlock
hwtracing hwtracing: hisi_ptt: Fix potential sleep in atomic context 2023-07-19 16:21:58 +02:00
i2c usb: typec: ucsi: Mark dGPUs as DEVICE scope 2023-07-19 16:22:12 +02:00
i3c i3c: master: svc: fix cpu schedule in spin lock 2023-07-19 16:21:54 +02:00
idle
iio meson saradc: fix clock divider mask length 2023-07-23 13:49:42 +02:00
infiniband RDMA/bnxt_re: Avoid calling wake_up threads from spin_lock context 2023-07-19 16:21:29 +02:00
input Input: pm8941-powerkey - fix debounce on gen2+ PMICs 2023-07-19 16:21:26 +02:00
interconnect interconnect: qcom: rpm: drop bogus pm domain attach 2023-05-11 23:03:28 +09:00
iommu iommu/virtio: Return size mapped for a detached domain 2023-07-19 16:21:20 +02:00
ipack
irqchip irqchip/loongson-pch-pic: Fix initialization of HT vector register 2023-07-19 16:22:09 +02:00
isdn
leds leds: trigger: netdev: Recheck NETDEV_LED_MODE_LINKUP on dev rename 2023-07-19 16:22:15 +02:00
macintosh macintosh: via-pmu-led: requires ATA to be set 2023-05-11 23:03:31 +09:00
mailbox mailbox: ti-msgmgr: Fill non-message tx data fields with 0x0 2023-07-19 16:22:03 +02:00
mcb mcb-pci: Reallocate memory region to avoid memory overlapping 2023-05-24 17:32:41 +01:00
md dm: verity-loadpin: Add NULL pointer check for 'bdev' parameter 2023-07-23 13:49:43 +02:00
media media: cec: i2c: ch7322: also select REGMAP 2023-07-19 16:22:00 +02:00
memory memory: brcmstb_dpfe: fix testing array offset after use 2023-07-19 16:21:24 +02:00
memstick memstick r592: make memstick_debug_get_tpc_name() static 2023-07-19 16:21:08 +02:00
message scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition 2023-05-24 17:32:37 +01:00
mfd mfd: pm8008: Fix module autoloading 2023-07-23 13:49:37 +02:00
misc misc: pci_endpoint_test: Re-init completion for every test 2023-07-23 13:49:37 +02:00
mmc mmc: sdhci: fix DMA configure compatibility issue when 64bit DMA mode is used. 2023-07-19 16:22:09 +02:00
most
mtd mtd: rawnand: meson: fix unaligned DMA buffers handling 2023-07-23 13:49:31 +02:00
mux
net net: ena: fix shift-out-of-bounds in exponential backoff 2023-07-23 13:49:44 +02:00
nfc nfcsim.c: Fix error checking for debugfs_create_dir 2023-06-28 11:12:36 +02:00
ntb NTB: ntb_tool: Add check for devm_kcalloc 2023-07-23 13:49:24 +02:00
nubus nubus: Partially revert proc_create_single_data() conversion 2023-07-05 18:27:37 +01:00
nvdimm
nvme nvme: don't reject probe due to duplicate IDs for single-ported PCIe devices 2023-07-23 13:49:43 +02:00
nvmem nvmem: rmem: Use NVMEM_DEVID_AUTO 2023-07-19 16:21:57 +02:00
of of: overlay: Fix missing of_node_put() in error case of init_overlay_changeset() 2023-06-21 16:00:51 +02:00
opp opp: Fix use-after-free in lazy_opp_tables after probe deferral 2023-07-23 13:49:42 +02:00
parisc parisc: Replace regular spinlock with spin_trylock on panic path 2023-05-24 17:32:42 +01:00
parport
pci PCI: rockchip: Set address alignment for endpoint mode 2023-07-23 13:49:37 +02:00
pcmcia
peci
perf perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() 2023-07-23 13:49:44 +02:00
phy phy: tegra: xusb: check return value of devm_kzalloc() 2023-07-19 16:21:58 +02:00
pinctrl pinctrl: amd: Unify debounce handling into amd_pinconf_set() 2023-07-23 13:49:31 +02:00
platform platform/x86: wmi: Break possible infinite loop when parsing GUID 2023-07-23 13:49:24 +02:00
pnp
power power: supply: Fix logic checking if system is running from battery 2023-06-21 16:00:52 +02:00
powercap powercap: RAPL: Fix CONFIG_IOSF_MBI dependency 2023-07-19 16:21:00 +02:00
pps
ps3
ptp
pwm pwm: mtk_disp: Fix the disable flow of disp_pwm 2023-07-19 16:21:59 +02:00
rapidio
ras
regulator regulator: tps65219: Fix matching interrupts for their regulators 2023-07-19 16:22:14 +02:00
remoteproc remoteproc: imx_dsp_rproc: Fix kernel test robot sparse warning 2023-05-24 17:32:53 +01:00
reset
rpmsg rpmsg: glink: Propagate TX failures in intentless mode as well 2023-05-11 23:03:16 +09:00
rtc rtc: st-lpc: Release some resources in st_rtc_probe() in case of error 2023-07-19 16:21:59 +02:00
s390 s390/zcrypt: do not retry administrative requests 2023-07-23 13:49:35 +02:00
sbus
scsi scsi: lpfc: Fix double free in lpfc_cmpl_els_logo_acc() caused by lpfc_nlp_not_used() 2023-07-23 13:49:38 +02:00
sh
siox
slimbus
soc soc: qcom: mdt_loader: Fix unconditional call to scm_pas_mem_setup 2023-07-23 13:49:34 +02:00
soundwire soundwire: qcom: fix storing port config out-of-bounds 2023-07-23 13:49:42 +02:00
spi spi: bcm-qspi: return error if neither hif_mspi nor mspi is available 2023-07-19 16:22:03 +02:00
spmi spmi: Add a check for remove callback when removing a SPMI driver 2023-05-11 23:03:31 +09:00
ssb
staging media: atomisp: gmin_platform: fix out_len in gmin_get_config_dsm_var() 2023-07-19 16:21:54 +02:00
target scsi: target: iscsi: Prevent login threads from racing between each other 2023-06-28 11:12:35 +02:00
tc
tee tee: amdtee: Add return_origin to 'struct tee_cmd_load_ta' 2023-06-14 11:15:28 +02:00
thermal thermal/drivers/sun8i: Fix some error handling paths in sun8i_ths_probe() 2023-07-19 16:21:01 +02:00
thunderbolt thunderbolt: Mask ring interrupt on Intel hardware as well 2023-06-21 16:00:56 +02:00
tty Revert "8250: add support for ASIX devices with a FIFO bug" 2023-07-23 13:49:43 +02:00
ufs scsi: ufs: ufs-mediatek: Add dependency for RESET_CONTROLLER 2023-07-23 13:49:21 +02:00
uio
usb xhci: Show ZHAOXIN xHCI root hub speed correctly 2023-07-23 13:49:42 +02:00
vdpa vduse: avoid empty string for dev name 2023-06-14 11:15:32 +02:00
vfio vfio/mdev: Move the compat_class initialization to module init 2023-07-19 16:21:41 +02:00
vhost vhost_net: revert upend_idx only on retriable error 2023-06-28 11:12:40 +02:00
video fbdev: omapfb: lcd_mipid: Fix an error handling path in mipid_spi_probe() 2023-07-19 16:21:26 +02:00
virt virt: sevguest: Add CONFIG_CRYPTO dependency 2023-07-19 16:20:55 +02:00
virtio virtio_ring: don't update event idx on get_buf 2023-05-11 23:03:31 +09:00
vlynq
w1 w1: fix loop in w1_fini() 2023-07-19 16:21:48 +02:00
watchdog watchdog: menz069_wdt: fix watchdog initialisation 2023-06-09 10:34:07 +02:00
xen xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() 2023-05-30 14:03:32 +01:00
zorro
Kconfig
Makefile