Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers
History
Nikolay Aleksandrov 75825bb508 bonding: fix xfrm real_dev null pointer dereference 
[ Upstream commit f8cde9805981c50d0c029063dc7d82821806fc44 ]

We shouldn't set real_dev to NULL because packets can be in transit and
xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume
real_dev is set.

 Example trace:
 kernel: BUG: unable to handle page fault for address: 0000000000001030
 kernel: bond0: (slave eni0np1): making interface the new active one
 kernel: #PF: supervisor write access in kernel mode
 kernel: #PF: error_code(0x0002) - not-present page
 kernel: PGD 0 P4D 0
 kernel: Oops: 0002 [#1] PREEMPT SMP
 kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12
 kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014
 kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]
 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
 kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 <83> 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f
 kernel: bond0: (slave eni0np1): making interface the new active one
 kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246
 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
 kernel:
 kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60
 kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00
 kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014
 kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000
 kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000
 kernel: FS:  00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000
 kernel: CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0
 kernel: bond0: (slave eni0np1): making interface the new active one
 kernel: Call Trace:
 kernel:  <TASK>
 kernel:  ? __die+0x1f/0x60
 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
 kernel:  ? page_fault_oops+0x142/0x4c0
 kernel:  ? do_user_addr_fault+0x65/0x670
 kernel:  ? kvm_read_and_reset_apf_flags+0x3b/0x50
 kernel: bond0: (slave eni0np1): making interface the new active one
 kernel:  ? exc_page_fault+0x7b/0x180
 kernel:  ? asm_exc_page_fault+0x22/0x30
 kernel:  ? nsim_bpf_uninit+0x50/0x50 [netdevsim]
 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
 kernel:  ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]
 kernel: bond0: (slave eni0np1): making interface the new active one
 kernel:  bond_ipsec_offload_ok+0x7b/0x90 [bonding]
 kernel:  xfrm_output+0x61/0x3b0
 kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
 kernel:  ip_push_pending_frames+0x56/0x80

Fixes: 18cb261afd7b ("bonding: support hardware encryption offload to slaves")
Signed-off-by: Nikolay Aleksandrov <razor@blackwall.org>
Reviewed-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-01-19 15:02:44 +01:00
..
accessibility
acpi ACPI: processor: Fix memory leaks in error paths of processor_add() 2025-01-19 00:09:58 +01:00
amba
android ANDROID: fix ENOMEM check of binder_proc_ext 2025-01-19 14:57:13 +01:00
ata ata: libata-core: Fix null pointer dereference on error 2025-01-19 14:59:06 +01:00
atm atm: idt77252: prevent use after free in dequeue_rx() 2024-11-23 23:20:43 +01:00
auxdisplay
base devres: Initialize an uninitialized struct member 2025-01-19 00:10:00 +01:00
battery Revert "battery: nuke sm5451_charger driver from a53x" 2025-01-18 22:11:40 +01:00
bcma
block virtio-blk: don't keep queue frozen during system suspend 2025-01-15 16:29:50 +01:00
bluetooth Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO 2025-01-19 15:00:26 +01:00
bts
bus Revert "bus: integrator-lm: fix OF node leak in probe()" 2024-11-24 00:23:16 +01:00
cdrom
char Revert "tpm: Clean up TPM space after command failure" 2024-11-24 00:23:24 +01:00
clk Revert "clkdev: remove CONFIG_CLKDEV_LOOKUP" 2025-01-02 17:01:18 +01:00
clocksource clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX 2025-01-19 00:09:59 +01:00
connector
counter
cpufreq exynos: acme: dumb down code to take in any freq table 2025-01-15 16:39:44 +01:00
cpuidle cpuidle: menu: Take negative "sleep length" values into account 2024-11-19 18:01:28 +01:00
crypto crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() 2024-12-17 13:24:00 +01:00
dax
dca
devfreq
dio
dma dmaengine: dw: Select only supported masters for ACPI devices 2025-01-15 16:29:54 +01:00
dma-buf UPSTREAM: dma-buf: heaps: Fix off-by-one in CMA heap fault handler 2025-01-19 00:09:58 +01:00
edac EDAC/fsl_ddr: Fix bad bit shift operations 2024-12-17 13:23:59 +01:00
eisa
extcon
fingerprint
firewire
firmware BACKPORT: firmware: arm_scmi: Queue in scmi layer for mailbox implementation 2025-01-19 00:09:58 +01:00
fpga
fsi
gnss
gpio gpio: grgpio: Add NULL check in grgpio_probe 2024-12-17 13:24:27 +01:00
gpu drm: panel-orientation-quirks: Add quirk for OrangePi Neo 2025-01-19 14:53:29 +01:00
greybus
gud
hid HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup 2025-01-19 00:09:59 +01:00
hsi
hv Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic 2025-01-19 00:09:59 +01:00
hwmon hwmon: (adc128d818) Fix underflows seen when writing limit attributes 2025-01-19 00:10:00 +01:00
hwspinlock hwspinlock: Introduce hwspin_lock_bust() 2025-01-19 14:52:28 +01:00
hwtracing Revert "coresight: tmc: sg: Do not leak sg_table" 2024-11-24 00:23:19 +01:00
i2c i2c: riic: Always round-up when calculating bus period 2025-01-15 16:29:41 +01:00
i3c i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock 2024-12-17 13:24:32 +01:00
ide
idle
ifconn
iio iio: buffer-dmaengine: fix releasing dma channel on error 2025-01-19 00:09:59 +01:00
infiniband RDMA/uverbs: Prevent integer overflow issue 2025-01-15 16:29:56 +01:00
input Input: uinput - reject requests with unreasonable number of slots 2025-01-19 00:09:59 +01:00
interconnect Revert "interconnect: qcom: sm8250: Enable sync_state" 2024-11-24 00:23:19 +01:00
iommu iommu/vt-d: Handle volatile descriptor status read 2025-01-19 00:10:00 +01:00
ipack
irqchip irqchip/gic-v2m: Fix refcount leak in gicv2m_of_init() 2025-01-19 14:50:54 +01:00
isdn mISDN: Fix a use after free in hfcmulti_tx() 2024-11-23 23:20:17 +01:00
kperfmon
kq/mesh
leds leds: spi-byte: Call of_node_put() on error path 2025-01-19 00:10:02 +01:00
lightnvm
macintosh macintosh/therm_windtunnel: fix module unload. 2024-11-23 23:20:11 +01:00
mailbox Revert "mailbox: rockchip: fix a typo in module autoloading" 2024-11-24 00:23:13 +01:00
mcb
md dm init: Handle minors larger than 255 2025-01-19 00:10:01 +01:00
media media: uvcvideo: Fix integer overflow calculating timestamp 2025-01-19 15:00:20 +01:00
memory memory: stm32-fmc2-ebi: check regmap_read return value 2024-11-23 23:20:46 +01:00
memstick
message scsi: fusion: Remove unused variable 'rc' 2024-12-17 13:24:09 +01:00
mfd mfd: rt5033: Fix missing regmap_del_irq_chip() 2024-12-17 13:24:08 +01:00
misc VMCI: Fix use-after-free when removing resource in vmci_resource_remove() 2025-01-19 00:09:59 +01:00
mmc mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K 2025-01-19 14:50:31 +01:00
most
mtd mtd: rawnand: fix double free in atmel_pmecc_create_user() 2025-01-15 16:29:50 +01:00
muic
mux
net bonding: fix xfrm real_dev null pointer dereference 2025-01-19 15:02:44 +01:00
nfc nfc: pn533: Add poll mod list filling check 2024-11-23 23:20:55 +01:00
ntb Revert "ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()" 2024-11-24 00:23:20 +01:00
nubus
nvdimm nvdimm: rectify the illogical code within nd_dax_probe() 2024-12-17 13:24:32 +01:00
nvme nvmet-tcp: fix kernel crash if commands allocation fails 2025-01-19 00:09:58 +01:00
nvmem nvmem: Fix return type of devm_nvmem_device_get() in kerneldoc 2025-01-19 00:09:59 +01:00
of of/irq: Prevent device address out-of-bounds read in interrupt map walk 2025-01-19 00:09:59 +01:00
opp
oprofile
parisc
parport Revert "parport: Proper fix for array out-of-bounds access" 2024-11-24 00:22:51 +01:00
pci PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) 2025-01-19 00:10:01 +01:00
pcmcia pcmcia: Use resource_size function on resource object 2025-01-19 00:10:01 +01:00
perf
phy phy: core: Fix that API devm_phy_destroy() fails to destroy the phy 2025-01-15 16:29:49 +01:00
pinctrl pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins 2025-01-19 15:00:20 +01:00
platform platform/x86: asus-nb-wmi: Ignore unknown event 0xCF 2025-01-15 16:29:50 +01:00
pnp
power power: supply: gpio-charger: Fix set charge current limits 2025-01-15 16:29:51 +01:00
powercap Revert "powercap: RAPL: fix invalid initialization for pl4_supported field" 2024-11-24 00:23:18 +01:00
pps Revert "pps: remove usage of the deprecated ida_simple_xx() API" 2024-11-24 00:23:14 +01:00
ps3
ptp ptp: Add error handling for adjfine callback in ptp_clock_adjtime 2024-12-17 13:24:25 +01:00
pwm pwm: imx27: Workaround of the pwm output bug when decrease the duty cycle 2024-12-17 13:24:02 +01:00
rapidio
ras
regulator regulator: rk808: Add apply_bit for BUCK3 on RK809 2024-12-17 13:23:58 +01:00
remoteproc remoteproc: qcom_q6v5_mss: Re-order writes to the IMEM region 2024-12-17 13:24:13 +01:00
reset Revert "reset: berlin: fix OF node leak in probe() error path" 2024-11-24 00:23:27 +01:00
rpmsg rpmsg: glink: Propagate TX failures in intentless mode as well 2024-12-17 13:24:21 +01:00
rtc rtc: ab-eoz9: don't fail temperature reads on undervoltage notification 2024-12-17 13:24:22 +01:00
s390 Revert "s390/zcore: no need to check return value of debugfs_create functions" 2024-11-24 00:22:59 +01:00
samsung
sbus
scsi scsi: aacraid: Fix double-free on probe failure 2025-01-19 14:57:57 +01:00
sensorhub
sensors
sfi
sh sh: clk: Fix clk_enable() to return 0 on NULL clk 2025-01-15 16:29:45 +01:00
siox
slimbus
soc fvmap: move undervolting settings to Kconfig 2025-01-15 16:40:04 +01:00
soundwire Revert "soundwire: stream: fix programming slave ports for non-continous port maps" 2024-11-24 00:23:49 +01:00
spi spi: mpc52xx: Add cancel_work_sync before module remove 2024-12-17 13:24:27 +01:00
spmi
spu_verify
ssb ssb: Fix division by zero issue in ssb_calc_clock_rate 2024-11-23 23:20:44 +01:00
staging staging: iio: frequency: ad9834: Validate frequency parameter value 2025-01-19 00:09:59 +01:00
sti
target scsi: target: core: Fix null-ptr-deref in target_alloc_device() 2024-11-23 23:21:59 +01:00
tc
tee
thermal
thunderbolt thunderbolt: Add support for Intel Panther Lake-M/P 2025-01-15 16:29:53 +01:00
tty serial: 8250: omap: Move pm_runtime_get_sync 2024-12-17 13:24:19 +01:00
uh
uio uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind 2025-01-19 00:09:59 +01:00
usb usb: uas: set host status byte on data completion error 2025-01-19 00:10:01 +01:00
vdpa vdpa/mlx5: Fix suboptimal range on iotlb iteration 2024-12-17 13:24:13 +01:00
vfio vfio/pci: Properly hide first-in-list PCIe extended capability 2024-12-17 13:24:13 +01:00
vhost Revert "vdpa: Add eventfd for the vdpa callback" 2024-11-24 00:23:19 +01:00
vibrator
video fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() 2024-12-17 13:24:09 +01:00
virt
virtio Revert "vdpa: Add eventfd for the vdpa callback" 2024-11-24 00:23:19 +01:00
vision
vision3
visorbus
vlynq
vme
w1
watchdog watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04 2025-01-15 16:29:50 +01:00
xen xen: Fix the issue of resource not being properly released in xenbus_dev_probe() 2024-12-17 13:24:17 +01:00
zorro
Kconfig Added KernelSU 2024-11-19 22:44:48 +01:00
Kconfig.variant1
kernelsu Welcome KernelSU Next 2025-01-15 16:32:35 +01:00
Makefile Added KernelSU 2024-11-19 22:44:48 +01:00
Makefile.variant1