| Message ID | 20240531155043.23008-1-bethany.jamison@canonical.com |
|---|---|
| Headers | show |
| Series | CVE-2024-26838 | expand |
On 5/31/24 9:50 AM, Bethany Jamison wrote: > [Impact] > > RDMA/irdma: Fix KASAN issue with tasklet > > KASAN testing revealed the following issue assocated with freeing an IRQ. > > [50006.466686] Call Trace: > [50006.466691] <IRQ> > [50006.489538] dump_stack+0x5c/0x80 > [50006.493475] print_address_description.constprop.6+0x1a/0x150 > [50006.499872] ? irdma_sc_process_ceq+0x483/0x790 [irdma] > [50006.505742] ? irdma_sc_process_ceq+0x483/0x790 [irdma] > [50006.511644] kasan_report.cold.11+0x7f/0x118 > [50006.516572] ? irdma_sc_process_ceq+0x483/0x790 [irdma] > [50006.522473] irdma_sc_process_ceq+0x483/0x790 [irdma] > [50006.528232] irdma_process_ceq+0xb2/0x400 [irdma] > [50006.533601] ? irdma_hw_flush_wqes_callback+0x370/0x370 [irdma] > [50006.540298] irdma_ceq_dpc+0x44/0x100 [irdma] > [50006.545306] tasklet_action_common.isra.14+0x148/0x2c0 > [50006.551096] __do_softirq+0x1d0/0xaf8 > [50006.555396] irq_exit_rcu+0x219/0x260 > [50006.559670] irq_exit+0xa/0x20 > [50006.563320] smp_apic_timer_interrupt+0x1bf/0x690 > [50006.568645] apic_timer_interrupt+0xf/0x20 > [50006.573341] </IRQ> > > The issue is that a tasklet could be pending on another core racing > the delete of the irq. > > Fix by insuring any scheduled tasklet is killed after deleting the > irq. > > [Fix] > > Noble: pending > Mantic: clean cherry-pick from linux-6.6.y > Jammy: pending > Focal: not-affected > Bionic: not-affected > Xenial: not-affected > Trusty: not-affected > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This fix affects those who use the Intel RDMA (Remote Direct Memory Access) > driver, an issue with the fix would be visible to the user via decreased > system performance. > > Mike Marciniszyn (1): > RDMA/irdma: Fix KASAN issue with tasklet > > drivers/infiniband/hw/irdma/hw.c | 7 +++++++ > 1 file changed, 7 insertions(+) > Acked-by: Tim Gardner <tim.gardner@canonical.com>
On Fri, May 31, 2024 at 10:50:42AM -0500, Bethany Jamison wrote: > [Impact] > > RDMA/irdma: Fix KASAN issue with tasklet > > KASAN testing revealed the following issue assocated with freeing an IRQ. > > [50006.466686] Call Trace: > [50006.466691] <IRQ> > [50006.489538] dump_stack+0x5c/0x80 > [50006.493475] print_address_description.constprop.6+0x1a/0x150 > [50006.499872] ? irdma_sc_process_ceq+0x483/0x790 [irdma] > [50006.505742] ? irdma_sc_process_ceq+0x483/0x790 [irdma] > [50006.511644] kasan_report.cold.11+0x7f/0x118 > [50006.516572] ? irdma_sc_process_ceq+0x483/0x790 [irdma] > [50006.522473] irdma_sc_process_ceq+0x483/0x790 [irdma] > [50006.528232] irdma_process_ceq+0xb2/0x400 [irdma] > [50006.533601] ? irdma_hw_flush_wqes_callback+0x370/0x370 [irdma] > [50006.540298] irdma_ceq_dpc+0x44/0x100 [irdma] > [50006.545306] tasklet_action_common.isra.14+0x148/0x2c0 > [50006.551096] __do_softirq+0x1d0/0xaf8 > [50006.555396] irq_exit_rcu+0x219/0x260 > [50006.559670] irq_exit+0xa/0x20 > [50006.563320] smp_apic_timer_interrupt+0x1bf/0x690 > [50006.568645] apic_timer_interrupt+0xf/0x20 > [50006.573341] </IRQ> > > The issue is that a tasklet could be pending on another core racing > the delete of the irq. > > Fix by insuring any scheduled tasklet is killed after deleting the > irq. > > [Fix] > > Noble: pending > Mantic: clean cherry-pick from linux-6.6.y > Jammy: pending > Focal: not-affected > Bionic: not-affected > Xenial: not-affected > Trusty: not-affected > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This fix affects those who use the Intel RDMA (Remote Direct Memory Access) > driver, an issue with the fix would be visible to the user via decreased > system performance. > > Mike Marciniszyn (1): > RDMA/irdma: Fix KASAN issue with tasklet > > drivers/infiniband/hw/irdma/hw.c | 7 +++++++ > 1 file changed, 7 insertions(+) Acked-by: Portia Stephens <portia.stephens@canonical.com>
On 31.05.24 17:50, Bethany Jamison wrote: > [Impact] > > RDMA/irdma: Fix KASAN issue with tasklet > > KASAN testing revealed the following issue assocated with freeing an IRQ. > > [50006.466686] Call Trace: > [50006.466691] <IRQ> > [50006.489538] dump_stack+0x5c/0x80 > [50006.493475] print_address_description.constprop.6+0x1a/0x150 > [50006.499872] ? irdma_sc_process_ceq+0x483/0x790 [irdma] > [50006.505742] ? irdma_sc_process_ceq+0x483/0x790 [irdma] > [50006.511644] kasan_report.cold.11+0x7f/0x118 > [50006.516572] ? irdma_sc_process_ceq+0x483/0x790 [irdma] > [50006.522473] irdma_sc_process_ceq+0x483/0x790 [irdma] > [50006.528232] irdma_process_ceq+0xb2/0x400 [irdma] > [50006.533601] ? irdma_hw_flush_wqes_callback+0x370/0x370 [irdma] > [50006.540298] irdma_ceq_dpc+0x44/0x100 [irdma] > [50006.545306] tasklet_action_common.isra.14+0x148/0x2c0 > [50006.551096] __do_softirq+0x1d0/0xaf8 > [50006.555396] irq_exit_rcu+0x219/0x260 > [50006.559670] irq_exit+0xa/0x20 > [50006.563320] smp_apic_timer_interrupt+0x1bf/0x690 > [50006.568645] apic_timer_interrupt+0xf/0x20 > [50006.573341] </IRQ> > > The issue is that a tasklet could be pending on another core racing > the delete of the irq. > > Fix by insuring any scheduled tasklet is killed after deleting the > irq. > > [Fix] > > Noble: pending > Mantic: clean cherry-pick from linux-6.6.y > Jammy: pending > Focal: not-affected > Bionic: not-affected > Xenial: not-affected > Trusty: not-affected > > [Test Case] > > Compile and boot tested. > > [Where problems could occur] > > This fix affects those who use the Intel RDMA (Remote Direct Memory Access) > driver, an issue with the fix would be visible to the user via decreased > system performance. > > Mike Marciniszyn (1): > RDMA/irdma: Fix KASAN issue with tasklet > > drivers/infiniband/hw/irdma/hw.c | 7 +++++++ > 1 file changed, 7 insertions(+) > Applied to mantic:linux/master-next. Thanks. -Stefan