| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1437209795.1026.31.camel@edumazet-glaptop2.roam.corp.google.com> Date: Sat, 18 Jul 2015 10:56:35 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Johan Schuijt <johan@...nsip.nl> Cc: "nikolay@...hat.com" <nikolay@...hat.com>, "davem@...emloft.net" <davem@...emloft.net>, "fw@...len.de" <fw@...len.de>, "chutzpah@...too.org" <chutzpah@...too.org>, Robin Geuze <robing@...nsip.nl>, Frank Schreuder <fschreuder@...nsip.nl>, netdev <netdev@...r.kernel.org> Subject: Re: reproducable panic eviction work queue On Fri, 2015-07-17 at 21:18 +0000, Johan Schuijt wrote: > Hey guys, > > > We’re currently running into a reproducible panic in the eviction work > queue code when we pin al our eth* IRQ to different CPU cores (in > order to scale our networking performance for our virtual servers). > This only occurs in kernels >= 3.17 and is a result of the following > change: > https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-3.18.y&id=b13d3cbfb8e8a8f53930af67d1ebf05149f32c24 > > > The race/panic we see seems to be the same as, or similar to: > https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-3.18.y&id=65ba1f1ec0eff1c25933468e1d238201c0c2cb29 > > > We can confirm that this is directly exposed by the IRQ pinning since > disabling this stops us from being able to reproduce this case :) > > > How te reproduce: in our test-setup we have 4 machines generating UDP > packets which are send to the vulnerable host. These all have a MTU of > 100 (for test purposes) and send UDP packets of a size of 256 bytes. > Within half an hour you will see the following panic: > > > crash> bt > PID: 56 TASK: ffff885f3d9fc210 CPU: 9 COMMAND: "kworker/9:0" > #0 [ffff885f3da03b60] machine_kexec at ffffffff8104a1f7 > #1 [ffff885f3da03bb0] crash_kexec at ffffffff810db187 > #2 [ffff885f3da03c80] oops_end at ffffffff81015140 > #3 [ffff885f3da03ca0] general_protection at ffffffff814f6c88 > [exception RIP: inet_evict_bucket+281] > RIP: ffffffff81480699 RSP: ffff885f3da03d58 RFLAGS: 00010292 > RAX: ffff885f3da03d08 RBX: dead0000001000a8 RCX: > ffff885f3da03d08 > RDX: 0000000000000006 RSI: ffff885f3da03ce8 RDI: > dead0000001000a8 > RBP: 0000000000000002 R8: 0000000000000286 R9: > ffff88302f401640 > R10: 0000000080000000 R11: ffff88602ec0c138 R12: > ffffffff81a8d8c0 > R13: ffff885f3da03d70 R14: 0000000000000000 R15: > ffff881d6efe1a00 > ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 > #4 [ffff885f3da03db0] inet_frag_worker at ffffffff8148075a > #5 [ffff885f3da03e10] process_one_work at ffffffff8107be19 > #6 [ffff885f3da03e60] worker_thread at ffffffff8107c6e3 > #7 [ffff885f3da03ed0] kthread at ffffffff8108103e > #8 [ffff885f3da03f50] ret_from_fork at ffffffff814f4d7c > > > We would love to receive your input on this matter. > > > Thx in advance, > > > - Johan Check commits 65ba1f1ec0eff1c25933468e1d238201c0c2cb29 & d70127e8a942364de8dd140fe73893efda363293 Also please send your mails in text format, not html, and CC netdev ( I did here) > > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists