| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 18 Nov 2022 14:29:09 +0000
From: "Jankowski, Konrad0" <konrad0.jankowski@...el.com>
To: ivecera <ivecera@...hat.com>,
"netdev@...r.kernel.org" <netdev@...r.kernel.org>
CC: SlawomirX Laba <slawomirx.laba@...el.com>,
Eric Dumazet <edumazet@...gle.com>,
"moderated list:INTEL ETHERNET DRIVERS"
<intel-wired-lan@...ts.osuosl.org>,
open list <linux-kernel@...r.kernel.org>,
"Piotrowski, Patryk" <patryk.piotrowski@...el.com>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
"David S. Miller" <davem@...emloft.net>,
"sassmann@...hat.com" <sassmann@...hat.com>
Subject: RE: [Intel-wired-lan] [PATCH net] iavf: Fix a crash during reset task
> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@...osl.org> On Behalf Of Ivan
> Vecera
> Sent: Tuesday, November 8, 2022 10:36 AM
> To: netdev@...r.kernel.org
> Cc: SlawomirX Laba <slawomirx.laba@...el.com>; Eric Dumazet
> <edumazet@...gle.com>; moderated list:INTEL ETHERNET DRIVERS <intel-
> wired-lan@...ts.osuosl.org>; open list <linux-kernel@...r.kernel.org>;
> Piotrowski, Patryk <patryk.piotrowski@...el.com>; Jakub Kicinski
> <kuba@...nel.org>; Paolo Abeni <pabeni@...hat.com>; David S. Miller
> <davem@...emloft.net>; sassmann@...hat.com
> Subject: [Intel-wired-lan] [PATCH net] iavf: Fix a crash during reset task
>
> Recent commit aa626da947e9 ("iavf: Detach device during reset task") removed
> netif_tx_stop_all_queues() with an assumption that Tx queues are already
> stopped by netif_device_detach() in the beginning of reset task. This assumption
> is incorrect because during reset task a potential link event can start Tx queues
> again.
> Revert this change to fix this issue.
>
> Reproducer:
> 1. Run some Tx traffic (e.g. iperf3) over iavf interface 2. Switch MTU of this
> interface in a loop
>
> [root@...t ~]# cat repro.sh
> #!/bin/sh
>
> IF=enp2s0f0v0
>
> iperf3 -c 192.168.0.1 -t 600 --logfile /dev/null & sleep 2
>
> while :; do
> for i in 1280 1500 2000 900 ; do
> ip link set $IF mtu $i
> sleep 2
> done
> done
> [root@...t ~]# ./repro.sh
>
> Result:
> [ 306.199917] iavf 0000:02:02.0 enp2s0f0v0: NIC Link is Up Speed is 40 Gbps Full
> Duplex [ 308.205944] iavf 0000:02:02.0 enp2s0f0v0: NIC Link is Up Speed is 40
> Gbps Full Duplex [ 310.103223] BUG: kernel NULL pointer dereference, address:
> 0000000000000008 [ 310.110179] #PF: supervisor write access in kernel mode [
> 310.115396] #PF: error_code(0x0002) - not-present page [ 310.120526] PGD 0
> P4D 0 [ 310.123057] Oops: 0002 [#1] PREEMPT SMP NOPTI [ 310.127408] CPU:
> 24 PID: 183 Comm: kworker/u64:9 Kdump: loaded Not tainted 6.1.0-rc3+ #2 [
> 310.135485] Hardware name: Abacus electric, s.r.o. - servis@...cus.cz Super
> Server/H12SSW-iN, BIOS 2.4 04/13/2022 [ 310.145728] Workqueue: iavf
> iavf_reset_task [iavf] [ 310.150520] RIP: 0010:iavf_xmit_frame_ring+0xd1/0xf70
> [iavf] [ 310.156180] Code: d0 0f 86 da 00 00 00 83 e8 01 0f b7 fa 29 f8 01 c8 39 c6
> 0f 8f a0 08 00 00 48 8b 45 20 48 8d 14 92 bf 01 00 00 00 4c 8d 3c d0 <49> 89 5f 08
> 8b 43 70 66 41 89 7f 14 41 89 47 10 f6 83 82 00 00 00 [ 310.174918] RSP:
> 0018:ffffbb5f0082caa0 EFLAGS: 00010293 [ 310.180137] RAX:
> 0000000000000000 RBX: ffff92345471a6e8 RCX: 0000000000000200 [
> 310.187259] RDX: 0000000000000000 RSI: 000000000000000d RDI:
> 0000000000000001 [ 310.194385] RBP: ffff92341d249000 R08: ffff92434987fcac
> R09: 0000000000000001 [ 310.201509] R10: 0000000011f683b9 R11:
> 0000000011f50641 R12: 0000000000000008 [ 310.208631] R13:
> ffff923447500000 R14: 0000000000000000 R15: 0000000000000000 [
> 310.215756] FS: 0000000000000000(0000) GS:ffff92434ee00000(0000)
> knlGS:0000000000000000 [ 310.223835] CS: 0010 DS: 0000 ES: 0000 CR0:
> 0000000080050033 [ 310.229572] CR2: 0000000000000008 CR3:
> 0000000fbc210004 CR4: 0000000000770ee0 [ 310.236696] PKRU: 55555554 [
> 310.239399] Call Trace:
> [ 310.241844] <IRQ>
> [ 310.243855] ? dst_alloc+0x5b/0xb0
> [ 310.247260] dev_hard_start_xmit+0x9e/0x1f0 [ 310.251439]
> sch_direct_xmit+0xa0/0x370 [ 310.255276] __qdisc_run+0x13e/0x580 [
> 310.258848] __dev_queue_xmit+0x431/0xd00 [ 310.262851] ?
> selinux_ip_postroute+0x147/0x3f0 [ 310.267377]
> ip_finish_output2+0x26c/0x540
>
> Fixes: aa626da947e9 ("iavf: Detach device during reset task")
> Cc: Jacob Keller <jacob.e.keller@...el.com>
> Cc: Patryk Piotrowski <patryk.piotrowski@...el.com>
> Cc: SlawomirX Laba <slawomirx.laba@...el.com>
> Signed-off-by: Ivan Vecera <ivecera@...hat.com>
> ---
> drivers/net/ethernet/intel/iavf/iavf_main.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/drivers/net/ethernet/intel/iavf/iavf_main.c
> b/drivers/net/ethernet/intel/iavf/iavf_main.c
> index 3fc572341781..5abcd66e7c7a 100644
> --- a/drivers/net/ethernet/intel/iavf/iavf_main.c
> +++ b/drivers/net/ethernet/intel/iavf/iavf_main.c
> @@ -3033,6 +3033,7 @@ static void iavf_reset_task(struct work_struct *work)
Tested-by: Konrad Jankowski <konrad0.jankowski@...el.com>
Powered by blists - more mailing lists