From patchwork Mon Apr  1 18:40:03 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: William Tu <witu@nvidia.com>
X-Patchwork-Id: 1918544
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=185.125.189.65; helo=lists.ubuntu.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com;
 receiver=patchwork.ozlabs.org)
Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4V7fwG5RjNz1yZ4
	for <incoming@patchwork.ozlabs.org>; Tue,  2 Apr 2024 05:40:45 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com)
	by lists.ubuntu.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1rrMaA-0005Q8-Oh; Mon, 01 Apr 2024 18:40:34 +0000
Received: from mail-bn1nam02on2064.outbound.protection.outlook.com
 ([40.107.212.64] helo=NAM02-BN1-obe.outbound.protection.outlook.com)
 by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.86_2) (envelope-from <witu@nvidia.com>) id 1rrMa8-0005PT-I8
 for kernel-team@lists.ubuntu.com; Mon, 01 Apr 2024 18:40:32 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=iAJPnkJ5mRAw4/xekcWdJVVNhnxF6W7gDSzuahVHco+n+xkVvd/Fz0fzsqsbvKC42ECQ/W3gw9ODolSd8cXJ5axn6RAGc4SfD+H3t/8aoIayY0UyTyHzkxeRn3M/snzIUIXbv5/TWwF9+ZJVQ4VVvviUOFgl9+Px/ia+XZzg6TQuoLN0MM2M+tqDE8RrmeyixixSUS7JGmodDVAv97sEfXGr84cH3dkUl62bKURf2B1SIxvUIIKJoqc48BUtjt7ZvhwQM9lz6zfA5q7XIzq/me+n1fGTLh1D5v/qhDp9if23rCnXic/PLM3/jxixPD/6si5Qfh8r9lNB+O7VKcYdaA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=o2rGdIyFg7NLRzS8reR0ZKq+TKp4su5/xV0RAzRYcqM=;
 b=A430Jn/EOOJ/15GCu17lspkttrKWYVOqBGP+vO2aMbBpb4Qai4W+EWWCv0UzccEfN+IdtrR0JXMx7PkrKR1KEOUI2IyKs2o3FYSMcfMDUbhc59sx5470v26gi+ECDBuURcW0M590j14k6eK+mOkhLmTU7uPKvlcxgKLX39+jGtFUq51uMgCzBh0At0VFIZg/EVekhSz86iPyGEacerCK1RT1HVoRDPCe8s4SLuS2IBWp8LrtC2Eq1CXeWWsWEoqrwtVnBlDv6ohQbZKMeFsdapc9IRfPP/KWOu0ImKtiLTJBkTVlpvAFqg9BIMuYongGMhjY0y6H8PtzBXsrImtvWA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.161) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none (0)
Received: from MN2PR01CA0057.prod.exchangelabs.com (2603:10b6:208:23f::26) by
 BY5PR12MB4100.namprd12.prod.outlook.com (2603:10b6:a03:200::13) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46; Mon, 1 Apr
 2024 18:40:27 +0000
Received: from BL6PEPF0001AB4C.namprd04.prod.outlook.com
 (2603:10b6:208:23f:cafe::94) by MN2PR01CA0057.outlook.office365.com
 (2603:10b6:208:23f::26) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7409.46 via Frontend
 Transport; Mon, 1 Apr 2024 18:40:26 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.161 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.117.161) by
 BL6PEPF0001AB4C.mail.protection.outlook.com (10.167.242.70) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.7452.22 via Frontend Transport; Mon, 1 Apr 2024 18:40:26 +0000
Received: from rnnvmail204.nvidia.com (10.129.68.6) by mail.nvidia.com
 (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Mon, 1 Apr 2024
 11:40:05 -0700
Received: from rnnvmail204.nvidia.com (10.129.68.6) by rnnvmail204.nvidia.com
 (10.129.68.6) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1258.12; Mon, 1 Apr
 2024 11:40:04 -0700
Received: from vdi.nvidia.com (10.127.8.12) by mail.nvidia.com (10.129.68.6)
 with Microsoft SMTP Server id 15.2.1258.12 via Frontend Transport; Mon, 1 Apr
 2024 11:40:04 -0700
From: William Tu <witu@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][J:linux-bluefield][PATCH 1/1] genetlink: fix single op policy
 dump when do is present
Date: Mon, 1 Apr 2024 11:40:03 -0700
Message-ID: <20240401184003.31246-2-witu@nvidia.com>
X-Mailer: git-send-email 2.37.1 (Apple Git-137.1)
In-Reply-To: <20240401184003.31246-1-witu@nvidia.com>
References: <20240401184003.31246-1-witu@nvidia.com>
MIME-Version: 1.0
X-NV-OnPremToCloud: ExternallySecured
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BL6PEPF0001AB4C:EE_|BY5PR12MB4100:EE_
X-MS-Office365-Filtering-Correlation-Id: f472fbf9-27fb-4352-238e-08dc527b32ab
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 /XcuLccpbnW3DVxaLfCC3uYhbxMIUu3/OSHwkXfzHie8JmyWK/+ezs6rPKc2pD0qUmuf3w/MM4hdJiueRSEmWauU7WmktifHaSj9DGwXV0BnjCgrSiJU5Z4bI4Dgz7MlAUNX6zSzgC/z1F13GImxgHBVgW3MqerQVehndEuAdqdQGxM072lXt+xKH2bgD5PXHpca/Jj23qYS21UG8/xvZpoXuJc3IBScY66KdooB+HUMN2X8lYmZjNAyQwC9RStv7TRbWzTcV5jc5eG/Oevml9PFfHhzKLvD8LbwqfsPn1R4etOH0S2M0O11IgIgXMuCyLKKuZpNU7KOnA3CsTvK3SRM0M8bY00kZUdYzrnAMPPTe/2V5m3VolUoYRsd/LEm/p1a071JIZXEpeKS5CMd8nf25vvYIuXnc1IzVLrs8TsEvO0vd+CuE/+jE43OBVgxqkt6w8m5G5F5oo+Kqw5+lfha47BqzkYbVSniUtCa1V1pTaHhvGtGqZYwhvsC69V/B1MlkbV5Ox3iKqefsU08X6nWja8sHXzcabR09ik4mSDgvPdOu+1czXT+/gBymIadjtVJONFHoFSs5X2/WneDONlb+AXqpIMVXw34WB9hnw9zMmgnU5GNW0YDJEM0ITJ1E98o/W3fchjcmWk9QNtgaT+2wSvAnzVcAU13RHSGSwI0ioOJVzCHqw9QArKZ3d/6D/71WoZJCwWs6esWoRbqK5sqvJzN8v+Wqf2woZQkBksZpcmAEbLsqWt98yl2PmJV
X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE;
 SFS:(13230031)(376005)(82310400014)(36860700004)(1800799015); DIR:OUT;
 SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Apr 2024 18:40:26.1955 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 f472fbf9-27fb-4352-238e-08dc527b32ab
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 BL6PEPF0001AB4C.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4100
Received-SPF: softfail client-ip=40.107.212.64; envelope-from=witu@nvidia.com;
 helo=NAM02-BN1-obe.outbound.protection.outlook.com
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: bodong@nvidia.com, vlad@nvidia.com, paulb@nvidia.com,
 dann.frazier@canonical.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Jakub Kicinski <kuba@kernel.org>

BugLink: https://bugs.launchpad.net/bugs/2059961

Jonathan reports crashes when running net-next in Meta's fleet.
Stats collection uses ethtool -I which does a per-op policy dump
to check if stats are supported. We don't initialize the dumpit
information if doit succeeds due to evaluation short-circuiting.

The crash may look like this:

BUG: kernel NULL pointer dereference, address: 0000000000000cc0
RIP: 0010:netlink_policy_dump_add_policy+0x174/0x2a0
 ctrl_dumppolicy_start+0x19f/0x2f0
 genl_start+0xe7/0x140

Or we may trigger a warning:

WARNING: CPU: 1 PID: 785 at net/netlink/policy.c:87 netlink_policy_dump_get_policy_idx+0x79/0x80
RIP: 0010:netlink_policy_dump_get_policy_idx+0x79/0x80
 ctrl_dumppolicy_put_op+0x214/0x360

depending on what garbage we pick up from the stack.

Reported-by: Jonathan Lemon <bsd@meta.com>
Fixes: 26588edbef60 ("genetlink: support split policies in ctrl_dumppolicy_put_op()")
Reviewed-by: Jacob Keller <jacob.e.keller@intel.com>
Tested-by: Leon Romanovsky <leonro@nvidia.com>
Link: https://lore.kernel.org/r/20221109183254.554051-1-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
(cherry picked from commit c1b05105573b2cd5845921eb0d2caa26e2144a34)
Signed-off-by: William Tu <witu@nvidia.com>
---
 net/netlink/genetlink.c | 30 +++++++++++++++++++++---------
 1 file changed, 21 insertions(+), 9 deletions(-)

diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index 2608235fb530..e23947cf3767 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -282,6 +282,7 @@ genl_cmd_full_to_split(struct genl_split_ops *op,
 	return 0;
 }
 
+/* Must make sure that op is initialized to 0 on failure */
 static int
 genl_get_cmd(u32 cmd, u8 flags, const struct genl_family *family,
 	     struct genl_split_ops *op)
@@ -302,6 +303,21 @@ genl_get_cmd(u32 cmd, u8 flags, const struct genl_family *family,
 	return err;
 }
 
+/* For policy dumping only, get ops of both do and dump.
+ * Fail if both are missing, genl_get_cmd() will zero-init in case of failure.
+ */
+static int
+genl_get_cmd_both(u32 cmd, const struct genl_family *family,
+		  struct genl_split_ops *doit, struct genl_split_ops *dumpit)
+{
+	int err1, err2;
+
+	err1 = genl_get_cmd(cmd, GENL_CMD_CAP_DO, family, doit);
+	err2 = genl_get_cmd(cmd, GENL_CMD_CAP_DUMP, family, dumpit);
+
+	return err1 && err2 ? -ENOENT : 0;
+}
+
 static bool
 genl_op_iter_init(const struct genl_family *family, struct genl_op_iter *iter)
 {
@@ -1406,10 +1422,10 @@ static int ctrl_dumppolicy_start(struct netlink_callback *cb)
 		ctx->single_op = true;
 		ctx->op = nla_get_u32(tb[CTRL_ATTR_OP]);
 
-		if (genl_get_cmd(ctx->op, GENL_CMD_CAP_DO, rt, &doit) &&
-		    genl_get_cmd(ctx->op, GENL_CMD_CAP_DUMP, rt, &dump)) {
+		err = genl_get_cmd_both(ctx->op, rt, &doit, &dump);
+		if (err) {
 			NL_SET_BAD_ATTR(cb->extack, tb[CTRL_ATTR_OP]);
-			return -ENOENT;
+			return err;
 		}
 
 		if (doit.policy) {
@@ -1549,13 +1565,9 @@ static int ctrl_dumppolicy(struct sk_buff *skb, struct netlink_callback *cb)
 		if (ctx->single_op) {
 			struct genl_split_ops doit, dumpit;
 
-			if (genl_get_cmd(ctx->op, GENL_CMD_CAP_DO,
-					 ctx->rt, &doit) &&
-			    genl_get_cmd(ctx->op, GENL_CMD_CAP_DUMP,
-					 ctx->rt, &dumpit)) {
-				WARN_ON(1);
+			if (WARN_ON(genl_get_cmd_both(ctx->op, ctx->rt,
+						      &doit, &dumpit)))
 				return -ENOENT;
-			}
 
 			if (ctrl_dumppolicy_put_op(skb, cb, &doit, &dumpit))
 				return skb->len;