sieni
/
linux
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/drivers/net
History
Shradha Gupta 3e64bb2ae7 net: mana: cleanup mana struct after debugfs_remove() 
When on a MANA VM hibernation is triggered, as part of hibernate_snapshot(),
mana_gd_suspend() and mana_gd_resume() are called. If during this
mana_gd_resume(), a failure occurs with HWC creation, mana_port_debugfs
pointer does not get reinitialized and ends up pointing to older,
cleaned-up dentry.
Further in the hibernation path, as part of power_down(), mana_gd_shutdown()
is triggered. This call, unaware of the failures in resume, tries to cleanup
the already cleaned up  mana_port_debugfs value and hits the following bug:

[  191.359296] mana 7870:00:00.0: Shutdown was called
[  191.359918] BUG: kernel NULL pointer dereference, address: 0000000000000098
[  191.360584] #PF: supervisor write access in kernel mode
[  191.361125] #PF: error_code(0x0002) - not-present page
[  191.361727] PGD 1080ea067 P4D 0
[  191.362172] Oops: Oops: 0002 [#1] SMP NOPTI
[  191.362606] CPU: 11 UID: 0 PID: 1674 Comm: bash Not tainted 6.14.0-rc5+ #2
[  191.363292] Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS Hyper-V UEFI Release v4.1 11/21/2024
[  191.364124] RIP: 0010:down_write+0x19/0x50
[  191.364537] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 53 48 89 fb e8 de cd ff ff 31 c0 ba 01 00 00 00 <f0> 48 0f b1 13 75 16 65 48 8b 05 88 24 4c 6a 48 89 43 08 48 8b 5d
[  191.365867] RSP: 0000:ff45fbe0c1c037b8 EFLAGS: 00010246
[  191.366350] RAX: 0000000000000000 RBX: 0000000000000098 RCX: ffffff8100000000
[  191.366951] RDX: 0000000000000001 RSI: 0000000000000064 RDI: 0000000000000098
[  191.367600] RBP: ff45fbe0c1c037c0 R08: 0000000000000000 R09: 0000000000000001
[  191.368225] R10: ff45fbe0d2b01000 R11: 0000000000000008 R12: 0000000000000000
[  191.368874] R13: 000000000000000b R14: ff43dc27509d67c0 R15: 0000000000000020
[  191.369549] FS:  00007dbc5001e740(0000) GS:ff43dc663f380000(0000) knlGS:0000000000000000
[  191.370213] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  191.370830] CR2: 0000000000000098 CR3: 0000000168e8e002 CR4: 0000000000b73ef0
[  191.371557] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  191.372192] DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400
[  191.372906] Call Trace:
[  191.373262]  <TASK>
[  191.373621]  ? show_regs+0x64/0x70
[  191.374040]  ? __die+0x24/0x70
[  191.374468]  ? page_fault_oops+0x290/0x5b0
[  191.374875]  ? do_user_addr_fault+0x448/0x800
[  191.375357]  ? exc_page_fault+0x7a/0x160
[  191.375971]  ? asm_exc_page_fault+0x27/0x30
[  191.376416]  ? down_write+0x19/0x50
[  191.376832]  ? down_write+0x12/0x50
[  191.377232]  simple_recursive_removal+0x4a/0x2a0
[  191.377679]  ? __pfx_remove_one+0x10/0x10
[  191.378088]  debugfs_remove+0x44/0x70
[  191.378530]  mana_detach+0x17c/0x4f0
[  191.378950]  ? __flush_work+0x1e2/0x3b0
[  191.379362]  ? __cond_resched+0x1a/0x50
[  191.379787]  mana_remove+0xf2/0x1a0
[  191.380193]  mana_gd_shutdown+0x3b/0x70
[  191.380642]  pci_device_shutdown+0x3a/0x80
[  191.381063]  device_shutdown+0x13e/0x230
[  191.381480]  kernel_power_off+0x35/0x80
[  191.381890]  hibernate+0x3c6/0x470
[  191.382312]  state_store+0xcb/0xd0
[  191.382734]  kobj_attr_store+0x12/0x30
[  191.383211]  sysfs_kf_write+0x3e/0x50
[  191.383640]  kernfs_fop_write_iter+0x140/0x1d0
[  191.384106]  vfs_write+0x271/0x440
[  191.384521]  ksys_write+0x72/0xf0
[  191.384924]  __x64_sys_write+0x19/0x20
[  191.385313]  x64_sys_call+0x2b0/0x20b0
[  191.385736]  do_syscall_64+0x79/0x150
[  191.386146]  ? __mod_memcg_lruvec_state+0xe7/0x240
[  191.386676]  ? __lruvec_stat_mod_folio+0x79/0xb0
[  191.387124]  ? __pfx_lru_add+0x10/0x10
[  191.387515]  ? queued_spin_unlock+0x9/0x10
[  191.387937]  ? do_anonymous_page+0x33c/0xa00
[  191.388374]  ? __handle_mm_fault+0xcf3/0x1210
[  191.388805]  ? __count_memcg_events+0xbe/0x180
[  191.389235]  ? handle_mm_fault+0xae/0x300
[  191.389588]  ? do_user_addr_fault+0x559/0x800
[  191.390027]  ? irqentry_exit_to_user_mode+0x43/0x230
[  191.390525]  ? irqentry_exit+0x1d/0x30
[  191.390879]  ? exc_page_fault+0x86/0x160
[  191.391235]  entry_SYSCALL_64_after_hwframe+0x76/0x7e
[  191.391745] RIP: 0033:0x7dbc4ff1c574
[  191.392111] Code: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89
[  191.393412] RSP: 002b:00007ffd95a23ab8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
[  191.393990] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007dbc4ff1c574
[  191.394594] RDX: 0000000000000005 RSI: 00005a6eeadb0ce0 RDI: 0000000000000001
[  191.395215] RBP: 00007ffd95a23ae0 R08: 00007dbc50003b20 R09: 0000000000000000
[  191.395805] R10: 0000000000000001 R11: 0000000000000202 R12: 0000000000000005
[  191.396404] R13: 00005a6eeadb0ce0 R14: 00007dbc500045c0 R15: 00007dbc50001ee0
[  191.396987]  </TASK>

To fix this, we explicitly set such mana debugfs variables to NULL after
debugfs_remove() is called.

Fixes: 6607c17c6c ("net: mana: Enable debugfs files for MANA device")
Cc: stable@vger.kernel.org
Signed-off-by: Shradha Gupta <shradhagupta@linux.microsoft.com>
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Reviewed-by: Michal Kubiak <michal.kubiak@intel.com>
Link: https://patch.msgid.link/1741688260-28922-1-git-send-email-shradhagupta@linux.microsoft.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
 		2025-03-13 13:26:35 +01:00
..
arcnet
bonding bonding: fix incorrect MAC address setting to receive NS messages 2025-03-11 13:19:27 +01:00
caif caif_virtio: fix wrong pointer check in cfv_probe() 2025-02-28 18:04:23 -08:00
can can: rockchip: rkcanfd_handle_rx_fifo_overflow_int(): bail out if skb cannot be allocated 2025-02-08 12:42:56 +01:00
dsa net: dsa: mv88e6xxx: Verify after ATU Load ops 2025-03-07 19:36:33 -08:00
ethernet net: mana: cleanup mana struct after debugfs_remove() 2025-03-13 13:26:35 +01:00
fddi
fjes
hamradio
hippi
hyperv hv_netvsc: Replace one-element array with flexible array member 2025-01-17 19:07:48 -08:00
ieee802154 Merge tag 'ieee802154-for-net-2025-01-03' of git://git.kernel.org/pub/scm/linux/kernel/git/wpan/wpan 2025-01-04 17:00:44 -08:00
ipa net: ipa: Enable checksum for IPA_ENDPOINT_AP_MODEM_{RX,TX} for v4.7 2025-03-04 16:19:21 -08:00
ipvlan ipvlan: ensure network headers are in skb linear part 2025-02-21 16:29:50 -08:00
mctp net: mctp i2c: Copy headers if cloned 2025-03-07 19:45:03 -08:00
mdio Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-12-19 11:35:07 -08:00
netdevsim selftests: drv-net: test XDP, HDS auto and the ioctl path 2025-02-24 14:16:37 -08:00
pcs Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-01-16 10:34:59 -08:00
phy net: phy: nxp-c45-tja11xx: add TJA112XB SGMII PCS restart errata 2025-03-07 19:54:25 -08:00
plip
ppp ppp: Fix KMSAN uninit-value warning with bpf 2025-03-04 16:56:41 -08:00
pse-pd net: pse-pd: pd692x0: Fix power limit retrieval 2025-02-18 18:30:27 -08:00
slip
team team: better TEAM_OPTION_TYPE_STRING validation 2025-02-13 08:36:55 -08:00
thunderbolt
usb net: usb: lan78xx: Sanitize return values of register read/write functions 2025-03-10 13:18:44 -07:00
vmxnet3 vmxnet3: Fix tx queue race condition with XDP 2025-02-01 17:17:32 -08:00
vxlan vxlan: check vxlan_vnigroup_init() return value 2025-02-11 15:24:48 -08:00
wan net: wan: framer: Simplify API framer_provider_simple_of_xlate() implementation 2024-12-15 14:13:56 -08:00
wireguard
wireless wifi: iwlwifi: trans: cancel restart work on op mode leave 2025-03-07 09:57:39 +01:00
wwan net: wwan: mhi_wwan_mbim: Silence sequence number glitch errors 2025-02-14 13:39:55 -08:00
xen-netback
Kconfig
LICENSE.SRC
Makefile
Space.c
amt.c
bareudp.c
dummy.c
eql.c
geneve.c geneve: Suppress list corruption splat in geneve_destroy_tunnels(). 2025-02-19 18:49:29 -08:00
gtp.c gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). 2025-02-19 18:49:28 -08:00
ifb.c
loopback.c net: loopback: Avoid sending IP packets without an Ethernet header 2025-02-21 16:06:46 -08:00
macsec.c
macvlan.c
macvtap.c
mdio.c
mhi_net.c
mii.c net: mii: Fix the Speed display when the network cable is not connected 2025-01-20 12:02:38 -08:00
net_failover.c
netconsole.c netconsole: Warn if MAX_USERDATA_ITEMS limit is exceeded 2025-01-09 18:06:36 -08:00
netkit.c netkit: Allow for configuring needed_{head,tail}room 2025-01-06 09:48:49 +01:00
nlmon.c
ntb_netdev.c
pfcp.c pfcp: Destroy device along with udp socket's netns dismantle. 2025-01-14 11:20:04 +01:00
rionet.c
sb1000.c
sungem_phy.c
tap.c ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple() 2024-12-18 17:55:30 -08:00
tun.c tun: revert fix group permission check 2025-02-05 18:22:11 -08:00
veth.c xdp: get rid of xdp_frame::mem.id 2024-12-12 18:22:52 -08:00
virtio_net.c virtio_net: ensure netdev_tx_reset_queue is called on bind xsk for tx 2024-12-10 11:22:21 +01:00
vrf.c
vsockmon.c
xen-netfront.c xen/netfront: fix crash when removing device 2024-12-13 09:12:24 +01:00