mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-04-23 14:27:30 -04:00
Code Issues Packages Projects Releases Wiki Activity
766,634 Commits 1 Branch 927 Tags
05f58ceba123bdb420cf44c6ea04b6db467edd1c
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Leon Romanovsky 05f58ceba1 RDMA/mlx5: Check that supplied blue flame index doesn't overflow 
User's supplied index is checked again total number of system pages, but
this number already includes num_static_sys_pages, so addition of that
value to supplied index causes to below error while trying to access
sys_pages[].

BUG: KASAN: slab-out-of-bounds in bfregn_to_uar_index+0x34f/0x400
Read of size 4 at addr ffff880065561904 by task syz-executor446/314

CPU: 0 PID: 314 Comm: syz-executor446 Not tainted 4.18.0-rc1+ #256
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org 04/01/2014
Call Trace:
 dump_stack+0xef/0x17e
 print_address_description+0x83/0x3b0
 kasan_report+0x18d/0x4d0
 bfregn_to_uar_index+0x34f/0x400
 create_user_qp+0x272/0x227d
 create_qp_common+0x32eb/0x43e0
 mlx5_ib_create_qp+0x379/0x1ca0
 create_qp.isra.5+0xc94/0x22d0
 ib_uverbs_create_qp+0x21b/0x2a0
 ib_uverbs_write+0xc2c/0x1010
 vfs_write+0x1b0/0x550
 ksys_write+0xc6/0x1a0
 do_syscall_64+0xa7/0x590
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x433679
Code: fd ff 48 81 c4 80 00 00 00 e9 f1 fe ff ff 0f 1f 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 3b 91 fd ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007fff2b3d8e48 EFLAGS: 00000217 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00000000004002f8 RCX: 0000000000433679
RDX: 0000000000000040 RSI: 0000000020000240 RDI: 0000000000000003
RBP: 00000000006d4018 R08: 00000000004002f8 R09: 00000000004002f8
R10: 00000000004002f8 R11: 0000000000000217 R12: 0000000000000000
R13: 000000000040cb00 R14: 000000000040cb90 R15: 0000000000000006

Allocated by task 314:
 kasan_kmalloc+0xa0/0xd0
 __kmalloc+0x1a9/0x510
 mlx5_ib_alloc_ucontext+0x966/0x2620
 ib_uverbs_get_context+0x23f/0xa60
 ib_uverbs_write+0xc2c/0x1010
 __vfs_write+0x10d/0x720
 vfs_write+0x1b0/0x550
 ksys_write+0xc6/0x1a0
 do_syscall_64+0xa7/0x590
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

Freed by task 1:
 __kasan_slab_free+0x12e/0x180
 kfree+0x159/0x630
 kvfree+0x37/0x50
 single_release+0x8e/0xf0
 __fput+0x2d8/0x900
 task_work_run+0x102/0x1f0
 exit_to_usermode_loop+0x159/0x1c0
 do_syscall_64+0x408/0x590
 entry_SYSCALL_64_after_hwframe+0x49/0xbe

The buggy address belongs to the object at ffff880065561100
 which belongs to the cache kmalloc-4096 of size 4096
The buggy address is located 2052 bytes inside of
 4096-byte region [ffff880065561100, ffff880065562100)
The buggy address belongs to the page:
page:ffffea0001955800 count:1 mapcount:0 mapping:ffff88006c402480 index:0x0 compound_mapcount: 0
flags: 0x4000000000008100(slab|head)
raw: 4000000000008100 ffffea0001a7c000 0000000200000002 ffff88006c402480
raw: 0000000000000000 0000000080070007 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
 ffff880065561800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 ffff880065561880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
>ffff880065561900: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
                   ^
 ffff880065561980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
 ffff880065561a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc

Cc: <stable@vger.kernel.org> # 4.15
Fixes: 1ee47ab3e8 ("IB/mlx5: Enable QP creation with a given blue flame index")
Reported-by: Noa Osherovich <noaos@mellanox.com>
Signed-off-by: Leon Romanovsky <leonro@mellanox.com>
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
2018-07-13 11:54:50 -06:00
arch
Merge tag 'docs-broken-links' of git://linuxtv.org/mchehab/experimental
2018-06-17 05:25:18 +09:00
block
Merge tag 'for-linus-20180616' of git://git.kernel.dk/linux-block
2018-06-17 05:37:55 +09:00
certs
docs: Fix some broken references
2018-06-15 18:10:01 -03:00
crypto
docs: Fix some broken references
2018-06-15 18:10:01 -03:00
Documentation
Merge tag 'for-linus-20180616' of git://git.kernel.dk/linux-block
2018-06-17 05:37:55 +09:00
drivers
RDMA/mlx5: Check that supplied blue flame index doesn't overflow
2018-07-13 11:54:50 -06:00
firmware
kbuild: remove all dummy assignments to obj-
2017-11-18 11:46:06 +09:00
fs
IB/core: add max_send_sge and max_recv_sge attributes
2018-06-18 13:17:28 -06:00
include
rdma/cxgb4: Add support for 64Byte cqes
2018-07-13 11:52:55 -06:00
init
Merge tag 'kbuild-v4.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2018-06-13 08:40:34 -07:00
ipc
ipc: use new return type vm_fault_t
2018-06-15 07:55:25 +09:00
kernel
Merge tag 'docs-broken-links' of git://linuxtv.org/mchehab/experimental
2018-06-17 05:25:18 +09:00
lib
docs: Fix some broken references
2018-06-15 18:10:01 -03:00
LICENSES
LICENSES: Add Linux-OpenIB license text
2018-04-27 16:41:53 -06:00
mm
mm: fix oom_kill event handling
2018-06-15 07:55:25 +09:00
net
infiniband: i40iw, nes: don't use wall time for TCP sequence numbers
2018-07-11 12:10:19 -06:00
samples
Merge tag 'vfio-v4.18-rc1' of git://github.com/awilliam/linux-vfio
2018-06-12 13:11:26 -07:00
scripts
scripts/documentation-file-ref-check: check tools/*/Documentation
2018-06-15 18:10:01 -03:00
security
docs: Fix some broken references
2018-06-15 18:10:01 -03:00
sound
docs: Fix some broken references
2018-06-15 18:10:01 -03:00
tools
Merge tag 'docs-broken-links' of git://linuxtv.org/mchehab/experimental
2018-06-17 05:25:18 +09:00
usr
kbuild: rename built-in.o to built-in.a
2018-03-26 02:01:19 +09:00
virt
Merge tag 'overflow-v4.18-rc1-part2' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2018-06-12 18:28:00 -07:00
.clang-format
clang-format: add configuration file
2018-04-11 10:28:35 -07:00
.cocciconfig
scripts: add Linux .cocciconfig for coccinelle
2016-07-22 12:13:39 +02:00
.get_maintainer.ignore
Add hch to .get_maintainer.ignore
2015-08-21 14:30:10 -07:00
.gitattributes
.gitattributes: set git diff driver for C source code files
2016-10-07 18:46:30 -07:00
.gitignore
Merge tag 'kbuild-v4.17-2' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2018-04-15 17:21:30 -07:00
.mailmap
Merge branch 'asoc-4.17' into asoc-4.18 for compress dependencies
2018-04-26 12:24:28 +01:00
COPYING
COPYING: use the new text with points to the license files
2018-03-23 12:41:45 -06:00
CREDITS
MAINTAINERS/CREDITS: Drop METAG ARCHITECTURE
2018-03-05 16:34:24 +00:00
Kbuild
Merge tag 'kbuild-v4.15' of git://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild
2017-11-17 17:45:29 -08:00
Kconfig
kconfig: add basic helper macros to scripts/Kconfig.include
2018-05-29 03:31:19 +09:00
MAINTAINERS
MAINTAINERS: Moving out...
2018-07-04 11:54:36 -06:00
Makefile
Linux 4.18-rc1
2018-06-17 08:04:49 +09:00
README
Docs: Added a pointer to the formatted docs to README
2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.
Description
No description provided
Readme 3.6 GiB
Languages
C 97%
Assembly 1%
Shell 0.6%
Rust 0.5%
Python 0.4%
Other 0.3%