diff --git a/patches/kernel/0011-IB-core-Avoid-crash-on-pkey-enforcement-failed-in-re.patch b/patches/kernel/0011-IB-core-Avoid-crash-on-pkey-enforcement-failed-in-re.patch new file mode 100644 index 0000000..c7e2422 --- /dev/null +++ b/patches/kernel/0011-IB-core-Avoid-crash-on-pkey-enforcement-failed-in-re.patch @@ -0,0 +1,87 @@ +From: Parav Pandit +Subject: [PATCH] IB/core: Avoid crash on pkey enforcement failed in received MADs + +commit 89548bcafec7ecfeea58c553f0834b5d575a66eb upstream. + +Below kernel crash is observed when Pkey security enforcement fails on +received MADs. This issue is reported in [1]. + +ib_free_recv_mad() accesses the rmpp_list, whose initialization is +needed before accessing it. +When security enformcent fails on received MADs, MAD processing avoided +due to security checks failed. + +OpenSM[3770]: SM port is down +kernel: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 +kernel: IP: ib_free_recv_mad+0x44/0xa0 [ib_core] +kernel: PGD 0 +kernel: P4D 0 +kernel: +kernel: Oops: 0002 [#1] SMP +kernel: CPU: 0 PID: 2833 Comm: kworker/0:1H Tainted: P IO 4.13.4-1-pve #1 +kernel: Hardware name: Dell XS23-TY3 /9CMP63, BIOS 1.71 09/17/2013 +kernel: Workqueue: ib-comp-wq ib_cq_poll_work [ib_core] +kernel: task: ffffa069c6541600 task.stack: ffffb9a729054000 +kernel: RIP: 0010:ib_free_recv_mad+0x44/0xa0 [ib_core] +kernel: RSP: 0018:ffffb9a729057d38 EFLAGS: 00010286 +kernel: RAX: ffffa069cb138a48 RBX: ffffa069cb138a10 RCX: 0000000000000000 +kernel: RDX: ffffb9a729057d38 RSI: 0000000000000000 RDI: ffffa069cb138a20 +kernel: RBP: ffffb9a729057d60 R08: ffffa072d2d49800 R09: ffffa069cb138ae0 +kernel: R10: ffffa069cb138ae0 R11: ffffa072b3994e00 R12: ffffb9a729057d38 +kernel: R13: ffffa069d1c90000 R14: 0000000000000000 R15: ffffa069d1c90880 +kernel: FS: 0000000000000000(0000) GS:ffffa069dba00000(0000) knlGS:0000000000000000 +kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 +kernel: CR2: 0000000000000008 CR3: 00000011f51f2000 CR4: 00000000000006f0 +kernel: Call Trace: +kernel: ib_mad_recv_done+0x5cc/0xb50 [ib_core] +kernel: __ib_process_cq+0x5c/0xb0 [ib_core] +kernel: ib_cq_poll_work+0x20/0x60 [ib_core] +kernel: process_one_work+0x1e9/0x410 +kernel: worker_thread+0x4b/0x410 +kernel: kthread+0x109/0x140 +kernel: ? process_one_work+0x410/0x410 +kernel: ? kthread_create_on_node+0x70/0x70 +kernel: ? SyS_exit_group+0x14/0x20 +kernel: ret_from_fork+0x25/0x30 +kernel: RIP: ib_free_recv_mad+0x44/0xa0 [ib_core] RSP: ffffb9a729057d38 +kernel: CR2: 0000000000000008 + +[1] : https://www.spinics.net/lists/linux-rdma/msg56190.html + +Fixes: 47a2b338fe63 ("IB/core: Enforce security on management datagrams") +Signed-off-by: Parav Pandit +Reported-by: Chris Blake +Reviewed-by: Daniel Jurgens +Reviewed-by: Hal Rosenstock +Signed-off-by: Doug Ledford +Signed-off-by: Greg Kroah-Hartman + +Signed-off-by: Fabian Grünbichler +--- + drivers/infiniband/core/mad.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/drivers/infiniband/core/mad.c b/drivers/infiniband/core/mad.c +index f8f53bb90837..cb91245e9163 100644 +--- a/drivers/infiniband/core/mad.c ++++ b/drivers/infiniband/core/mad.c +@@ -1974,14 +1974,15 @@ static void ib_mad_complete_recv(struct ib_mad_agent_private *mad_agent_priv, + unsigned long flags; + int ret; + ++ INIT_LIST_HEAD(&mad_recv_wc->rmpp_list); + ret = ib_mad_enforce_security(mad_agent_priv, + mad_recv_wc->wc->pkey_index); + if (ret) { + ib_free_recv_mad(mad_recv_wc); + deref_mad_agent(mad_agent_priv); ++ return; + } + +- INIT_LIST_HEAD(&mad_recv_wc->rmpp_list); + list_add(&mad_recv_wc->recv_buf.list, &mad_recv_wc->rmpp_list); + if (ib_mad_kernel_rmpp_agent(&mad_agent_priv->agent)) { + mad_recv_wc = ib_process_rmpp_recv_wc(mad_agent_priv, +-- +2.14.2 + diff --git a/patches/kernel/0012-IB-core-Don-t-enforce-PKey-security-on-SMI-MADs.patch b/patches/kernel/0012-IB-core-Don-t-enforce-PKey-security-on-SMI-MADs.patch new file mode 100644 index 0000000..cbb5b84 --- /dev/null +++ b/patches/kernel/0012-IB-core-Don-t-enforce-PKey-security-on-SMI-MADs.patch @@ -0,0 +1,47 @@ +From c7da6e780b87220187630411bcda8049072ecbf2 Mon Sep 17 00:00:00 2001 +From: Daniel Jurgens +Date: Mon, 20 Nov 2017 16:47:45 -0600 +Subject: [PATCH 12/13] IB/core: Don't enforce PKey security on SMI MADs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Per the infiniband spec an SMI MAD can have any PKey. Checking the pkey +on SMI MADs is not necessary, and it seems that some older adapters +using the mthca driver don't follow the convention of using the default +PKey, resulting in false denials, or errors querying the PKey cache. + +SMI MAD security is still enforced, only agents allowed to manage the +subnet are able to receive or send SMI MADs. + +Reported-by: Chris Blake +Fixes: 47a2b338fe63("IB/core: Enforce security on management datagrams") +Signed-off-by: Daniel Jurgens +Reviewed-by: Parav Pandit +Signed-off-by: Leon Romanovsky +Signed-off-by: Fabian Grünbichler +--- + drivers/infiniband/core/security.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/drivers/infiniband/core/security.c b/drivers/infiniband/core/security.c +index 70ad19c4c73e..8f9fd3b757db 100644 +--- a/drivers/infiniband/core/security.c ++++ b/drivers/infiniband/core/security.c +@@ -692,8 +692,11 @@ int ib_mad_enforce_security(struct ib_mad_agent_private *map, u16 pkey_index) + { + int ret; + +- if (map->agent.qp->qp_type == IB_QPT_SMI && !map->agent.smp_allowed) +- return -EACCES; ++ if (map->agent.qp->qp_type == IB_QPT_SMI) { ++ if (!map->agent.smp_allowed) ++ return -EACCES; ++ return 0; ++ } + + ret = ib_security_pkey_access(map->agent.device, + map->agent.port_num, +-- +2.14.2 +