| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20130614220119.GA12954@localhost>
Date: Sat, 15 Jun 2013 06:01:19 +0800
From: Fengguang Wu <fengguang.wu@...el.com>
To: fengguang.wu@...el.com, Pablo Neira Ayuso <pablo@...filter.org>
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [netlink] WARNING: at mm/vmalloc.c:1487 __vunmap()
Greetings,
I got the below dmesg and the first bad commit is
commit c05cdb1b864f548c0c3d8ae3b51264e6739a69b1
Author: Pablo Neira Ayuso <pablo@...filter.org>
Date: Mon Jun 3 09:46:28 2013 +0000
netlink: allow large data transfers from user-space
I can hit ENOBUFS in the sendmsg() path with a large batch that is
composed of many netlink messages. Here that limit is 8 MBytes of
skbuff data area as kmalloc does not manage to get more than that.
While discussing atomic rule-set for nftables with Patrick McHardy,
we decided to put all rule-set updates that need to be applied
atomically in one single batch to simplify the existing approach.
However, as explained above, the existing netlink code limits us
to a maximum of ~20000 rules that fit in one single batch without
hitting ENOBUFS. iptables does not have such limitation as it is
using vmalloc.
This patch adds netlink_alloc_large_skb() which is only used in
the netlink_sendmsg() path. It uses alloc_skb if the memory
requested is <= one memory page, that should be the common case
for most subsystems, else vmalloc for higher memory allocations.
Signed-off-by: Pablo Neira Ayuso <pablo@...filter.org>
Signed-off-by: David S. Miller <davem@...emloft.net>
[ 65.085802] init: plymouth-upstart-bridge main process (345) terminated with status 1
[ 65.138243] ------------[ cut here ]------------
[ 65.140281] WARNING: at /c/kernel-tests/src/tip/mm/vmalloc.c:1487 __vunmap+0x10b/0x110()
[ 65.143247] Trying to vfree() nonexistent vm area (ffffc90000810000)
[ 65.145697] CPU: 0 PID: 145 Comm: trinity Not tainted 3.10.0-rc5-00652-ge8a36a6 #9
[ 65.148822] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
[ 65.151073] 0000000000000009 ffff88000f3b7bc8 ffffffff81d3e5b3 ffff88000f3b7c08
[ 65.154718] ffffffff810cf7a6 ffff88000f3b7c28 ffffc90000810000 0000000000000000
[ 65.158343] 0000000000000001 ffff88000dc36620 ffff8800091c87b0 ffff88000f3b7c68
[ 65.161574] Call Trace:
[ 65.162609] [<ffffffff81d3e5b3>] dump_stack+0x19/0x1b
[ 65.164349] [<ffffffff810cf7a6>] warn_slowpath_common+0x66/0x90
[ 65.166294] [<ffffffff810cf841>] warn_slowpath_fmt+0x41/0x50
[ 65.168286] [<ffffffff81166f7b>] __vunmap+0x10b/0x110
[ 65.170351] [<ffffffff81166e2f>] vfree+0x2f/0x70
[ 65.172272] [<ffffffff81afd478>] netlink_skb_destructor+0xb8/0x100
[ 65.174645] [<ffffffff81aac8a1>] skb_release_head_state+0x51/0xb0
[ 65.177009] [<ffffffff81aadb61>] skb_release_all+0x11/0x30
[ 65.179175] [<ffffffff81aadb91>] __kfree_skb+0x11/0x90
[ 65.181293] [<ffffffff81aad9d9>] kfree_skb+0x19/0x40
[ 65.183308] [<ffffffff81ab00a8>] skb_queue_purge+0x18/0x30
[ 65.185482] [<ffffffff81afd858>] netlink_sock_destruct+0x38/0x110
[ 65.187873] [<ffffffff81aa8c3a>] __sk_free+0x1a/0x120
[ 65.189911] [<ffffffff81aa9989>] sk_free+0x19/0x20
[ 65.191875] [<ffffffff81afec77>] netlink_release+0x177/0x2d0
[ 65.194086] [<ffffffff81aa6208>] sock_release+0x18/0x70
[ 65.196172] [<ffffffff81aa645d>] sock_close+0xd/0x20
[ 65.198190] [<ffffffff8118ae55>] __fput+0xf5/0x240
[ 65.200189] [<ffffffff8118b069>] ____fput+0x9/0x10
[ 65.202139] [<ffffffff810eb955>] task_work_run+0x85/0xc0
[ 65.204257] [<ffffffff810d4942>] do_exit+0x232/0x920
[ 65.206262] [<ffffffff810d50ab>] do_group_exit+0x3b/0x90
[ 65.208353] [<ffffffff810d5112>] SyS_exit_group+0x12/0x20
[ 65.210517] [<ffffffff81d46827>] system_call_fastpath+0x16/0x1b
[ 65.212811] ---[ end trace 9a70fd0f1776886b ]---
git bisect start e8a36a6ada2098e53e13e7c4f28f3d0857738df4 v3.9 --
git bisect good 20b4fb485227404329e41ad15588afad3df23050 # 23:13 230+ Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
git bisect good eac84105cddf8686440aaa9fbcb58093e37e4180 # 23:35 230+ Merge tag 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mst/vhost
git bisect good 5c64e3a45d43c6e3fa87cbe02e10059171d10812 # 00:00 230+ Merge branch 'queue' of git://git.kernel.org/pub/scm/linux/kernel/git/nab/target-pending
git bisect good 8764d86100fe58e69877753faa44fc1d9276c624 # 00:50 230+ Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
git bisect good c8cecfd1abfb415bbfc4157e711b50c5c6fab270 # 01:08 230+ Merge remote-tracking branch 'asoc/for-next' into devel-cairo-x86_64-201306111910
git bisect good 311503bb2119788ac88c406e0893351a2bb0705e # 03:56 230+ tulip: remove redundant D0 power state set
git bisect bad ed0483fa06e0efb86a82e382a00dbad02b62807c # 04:09 102- macvtap: fix a possible race between queue selection and changing queues
git bisect good 6f45eba1894a3ece88574079a931cc2e5beee1f3 # 04:44 270+ Merge branch 'for-davem' of git://gitorious.org/linux-can/linux-can-next
git bisect good ddcd91c6b8ec60a6bd5d3691d2cfaf4447215da1 # 05:26 270+ sh_eth: use EDSR_ENALL to set EDSR
git bisect good ca162a82f56921442f5db72a3a472010e5a62c4b # 06:17 270+ fec: Only pass pdev in fec_ptp_init()
git bisect bad c18a79abe31f555ec3b363b5b8c1d003230053b6 # 06:57 171- sh_eth: get SH7619 support out of #ifdef
git bisect bad c05cdb1b864f548c0c3d8ae3b51264e6739a69b1 # 07:11 39- netlink: allow large data transfers from user-space
git bisect good 1b5acd292336da029535de010af568533df9b665 # 12:20 875+ bonding: disallow change of MAC if fail_over_mac enabled
git bisect good 1b5acd292336da029535de010af568533df9b665 # 03:42 2626+ bonding: disallow change of MAC if fail_over_mac enabled
git bisect bad e8a36a6ada2098e53e13e7c4f28f3d0857738df4 # 03:43 0- Merge remote-tracking branch 'x0148406/tmp' into devel-cairo-x86_64-201306111910
git bisect good 340c0f42c1ef970e7cdd6c5a7351f45792fac8e1 # 16:37 2625+ Revert "netlink: allow large data transfers from user-space"
git bisect good a2648ebb7ed69ef209d9c8a76fadeb3252d9a023 # 00:27 2625+ Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs
git bisect good c04efed734409f5a44715b54a6ca1b54b0ccf215 # 03:56 2625+ Add linux-next specific files for 20130607
Thanks,
Fengguang
View attachment "dmesg-kvm-vp-26729-20130611194828-3.10.0-rc5-00652-ge8a36a6-9" of type "text/plain" (69059 bytes)
Download attachment "bisect-e8a36a6ada2098e53e13e7c4f28f3d0857738df4-x86_64-randconfig-c03-0611-__vunmap-123562.log" of type "application/octet-stream" (28212 bytes)
View attachment ".config-bisect" of type "text/plain" (95574 bytes)
Powered by blists - more mailing lists