lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20161118130144.GO3612@linux.vnet.ibm.com>
Date:   Fri, 18 Nov 2016 05:01:44 -0800
From:   "Paul E. McKenney" <paulmck@...ux.vnet.ibm.com>
To:     Ding Tianhong <dingtianhong@...wei.com>
Cc:     josh@...htriplett.org, rostedt@...dmis.org,
        mathieu.desnoyers@...icios.com, jiangshanlai@...il.com,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
        davem@...emloft.net
Subject: Re: [PATCH] rcu: fix the OOM problem of huge IP abnormal packet
 traffic

On Fri, Nov 18, 2016 at 08:40:09PM +0800, Ding Tianhong wrote:
> The commit bedc196915 ("rcu: Fix soft lockup for rcu_nocb_kthread")
> will introduce a new problem that when huge IP abnormal packet arrived,
> it may cause OOM and break the kernel, just like this:
> 
> [   79.441538] mlx4_en: eth5: Leaving promiscuous mode steering mode:2
> [  100.067032] ksoftirqd/0: page allocation failure: order:0, mode:0x120
> [  100.067038] CPU: 0 PID: 3 Comm: ksoftirqd/0 Tainted: G           OE  ----V-------   3.10.0-327.28.3.28.x86_64 #1
> [  100.067039] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.9.1-0-gb3ef39f-20161018_184732-HGH1000003483 04/01/2014
> [  100.067041]  0000000000000120 00000000b080d798 ffff8802afd5b968 ffffffff81638cb9
> [  100.067045]  ffff8802afd5b9f8 ffffffff81171380 0000000000000010 0000000000000000
> [  100.067048]  ffff8802befd8000 00000000ffffffff 0000000000000001 00000000b080d798
> [  100.067050] Call Trace:
> [  100.067057]  [<ffffffff81638cb9>] dump_stack+0x19/0x1b
> [  100.067062]  [<ffffffff81171380>] warn_alloc_failed+0x110/0x180
> [  100.067066]  [<ffffffff81175b16>] __alloc_pages_nodemask+0x9b6/0xba0
> [  100.067070]  [<ffffffff8151e400>] ? skb_add_rx_frag+0x90/0xb0
> [  100.067075]  [<ffffffff811b6fba>] alloc_pages_current+0xaa/0x170
> [  100.067080]  [<ffffffffa06b9be0>] mlx4_alloc_pages.isra.24+0x40/0x170 [mlx4_en]
> [  100.067083]  [<ffffffffa06b9dec>] mlx4_en_alloc_frags+0xdc/0x220 [mlx4_en]
> [  100.067086]  [<ffffffff8152eeb8>] ? __netif_receive_skb+0x18/0x60
> [  100.067088]  [<ffffffff8152ef40>] ? netif_receive_skb+0x40/0xc0
> [  100.067092]  [<ffffffffa06bb521>] mlx4_en_process_rx_cq+0x5f1/0xec0 [mlx4_en]
> [  100.067095]  [<ffffffff8131027d>] ? list_del+0xd/0x30
> [  100.067098]  [<ffffffff8152c90f>] ? __napi_complete+0x1f/0x30
> [  100.067101]  [<ffffffffa06bbeef>] mlx4_en_poll_rx_cq+0x9f/0x170 [mlx4_en]
> [  100.067103]  [<ffffffff8152f372>] net_rx_action+0x152/0x240
> [  100.067107]  [<ffffffff81084d1f>] __do_softirq+0xef/0x280
> [  100.067109]  [<ffffffff81084ee0>] run_ksoftirqd+0x30/0x50
> [  100.067114]  [<ffffffff810ae93f>] smpboot_thread_fn+0xff/0x1a0
> [  100.067117]  [<ffffffff8163e269>] ? schedule+0x29/0x70
> [  100.067120]  [<ffffffff810ae840>] ? lg_double_unlock+0x90/0x90
> [  100.067122]  [<ffffffff810a5d4f>] kthread+0xcf/0xe0
> [  100.067124]  [<ffffffff810a5c80>] ? kthread_create_on_node+0x140/0x140
> [  100.067127]  [<ffffffff81649198>] ret_from_fork+0x58/0x90
> [  100.067129]  [<ffffffff810a5c80>] ? kthread_create_on_node+0x140/0x140
> 
> ================================cut here=====================================
> 
> The reason is that the huge abnormal IP packet will be received to net stack
> and be dropped finally by dst_release, and the dst_release would use the rcuos
> callback-offload kthread to free the packet, but the cond_resched_rcu_qs() will
> calling do_softirq() to receive more and more IP abnormal packets which will be
> throw into the RCU callbacks again later, the number of received packet is much
> greater than the number of packets freed, it will exhaust the memory and then OOM,
> so don't try to process any pending softirqs in the rcuos callback-offload kthread
> is a more effective solution.

OK, but we could still have softirqs processed by the grace-period kthread
as a result of any number of other events.  So this change might reduce
the probability of this problem, but it doesn't eliminate it.

How huge are these huge IP packets?  Is the underlying problem that they
are too large to use the memory-allocator fastpaths?

							Thanx, Paul

> Fix commit bedc196915 ("rcu: Fix soft lockup for rcu_nocb_kthread")
> Signed-off-by: Ding Tianhong <dingtianhong@...wei.com>
> 
> Signed-off-by: Ding Tianhong <dingtianhong@...wei.com>
> ---
>  kernel/rcu/tree_plugin.h | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/kernel/rcu/tree_plugin.h b/kernel/rcu/tree_plugin.h
> index 85c5a88..760c3b5 100644
> --- a/kernel/rcu/tree_plugin.h
> +++ b/kernel/rcu/tree_plugin.h
> @@ -2172,8 +2172,7 @@ static int rcu_nocb_kthread(void *arg)
>  			if (__rcu_reclaim(rdp->rsp->name, list))
>  				cl++;
>  			c++;
> -			local_bh_enable();
> -			cond_resched_rcu_qs();
> +			_local_bh_enable();
>  			list = next;
>  		}
>  		trace_rcu_batch_end(rdp->rsp->name, c, !!list, 0, 0, 1);
> -- 
> 1.9.0
> 
> 
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ