lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 15 Dec 2015 01:35:27 +0000
From:	"Nelson, Shannon" <shannon.nelson@...el.com>
To:	Tom Herbert <tom@...bertland.com>, Jesse Gross <jesse@...ira.com>,
	"Jiri Benc" <jbenc@...hat.com>, David Miller <davem@...emloft.net>,
	netdev <netdev@...r.kernel.org>
Subject: WARN trace - skb_warn_bad_offload - vxlan - large udp packet - udp
 checksum disabled

Using a slightly modified version of udpspam (see diff below - hopefully not mangled by corporate email servers), where I set the SO_NO_CHECK socket option and can specify a large buffer size, I can reliably get the following WARN trace.  I have reproduced this on both ixgbe and i40e drivers using "udpspam-no-check <target-ip> 6000".

It looks to me like this is in the Tx path before we get to the actual NIC drivers, but I may be wrong.


[ 1757.644324] ------------[ cut here ]------------
[ 1757.644333] WARNING: CPU: 22 PID: 5537 at net/core/dev.c:2423 skb_warn_bad_offload+0x104/0x111()
[ 1757.644340] ixgbe: caps=(0x0000080660314bb3, 0x0000000000000000) len=6092 data_len=6000 gso_size=1528 gso_type=1026 ip_summed=0
[ 1757.644343] Modules linked in: nfnetlink_queue nfnetlink_log nfnetlink vxlan ip6_udp_tunnel udp_tunnel rfcomm xt_CHECKSUM bnep bluetooth rfkill tun fuse ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 nf_conntrack_ipv4 nf_defrag_ipv4 xt_conntrack nf_conntrack ebtable_nat ebtable_broute bridge stp llc ebtable_filter ebtables ip6table_mangle ip6table_security ip6table_raw ip6table_filter ip6_tables iptable_mangle iptable_security iptable_raw x86_pkg_temp_thermal coretemp kvm_intel kvm joydev iTCO_wdt ipmi_devintf iTCO_vendor_support irqbypass crct10dif_pclmul ixgbe igb crc32_pclmul ipmi_si ptp pps_core sb_edac lpc_ich crc32c_intel pcspkr edac_core i2c_i801 mfd_core mdio ipmi_msghandler mei_me shpchp tpm_tis ioatdma mei dca wmi tpm binfmt_misc uinput mgag200 i2c_algo_bit drm_kms_helper
[ 1757.644443]  ttm drm isci libsas firewire_ohci firewire_core i2c_core scsi_transport_sas crc_itu_t
[ 1757.644475] CPU: 22 PID: 5537 Comm: udpspam-no-chec Tainted: G        W       4.4.0-rc3+ #1
[ 1757.644480] Hardware name: Intel Corporation S2600CO/S2600CO, BIOS SE5C600.86B.02.03.0003.041920141333 04/19/2014
[ 1757.644482]  0000000000000000 00000000c92b03e4 ffff88081907b410 ffffffff8138f918
[ 1757.644488]  ffff88081907b458 ffff88081907b448 ffffffff8109c036 ffff8808196e9500
[ 1757.644494]  ffff880816f60000 0000000000000402 0000000000000000 ffff88080e8eb2ac
[ 1757.644499] Call Trace:
[ 1757.644509]  [<ffffffff8138f918>] dump_stack+0x44/0x5c
[ 1757.644514]  [<ffffffff8109c036>] warn_slowpath_common+0x86/0xc0
[ 1757.644518]  [<ffffffff8109c0cc>] warn_slowpath_fmt+0x5c/0x80
[ 1757.644523]  [<ffffffff813958cc>] ? ___ratelimit+0x8c/0xf0
[ 1757.644539]  [<ffffffff8174c77c>] skb_warn_bad_offload+0x104/0x111
[ 1757.644549]  [<ffffffff81649d1f>] __skb_gso_segment+0x7f/0xd0
[ 1757.644563]  [<ffffffff8164a08f>] validate_xmit_skb.isra.104.part.105+0x11f/0x2a0
[ 1757.644572]  [<ffffffff8164a5fb>] validate_xmit_skb_list+0x3b/0x60
[ 1757.644579]  [<ffffffff8166e591>] sch_direct_xmit+0xc1/0x1f0
[ 1757.644585]  [<ffffffff8164a92b>] __dev_queue_xmit+0x21b/0x510
[ 1757.644589]  [<ffffffff8164ac30>] dev_queue_xmit+0x10/0x20
[ 1757.644593]  [<ffffffff8168b66f>] ip_finish_output2+0x23f/0x310
[ 1757.644598]  [<ffffffff8168c179>] ip_finish_output+0x139/0x1f0
[ 1757.644605]  [<ffffffff8167e9d6>] ? nf_hook_slow+0x76/0xd0
[ 1757.644610]  [<ffffffff8168d64e>] ip_output+0x6e/0xe0
[ 1757.644615]  [<ffffffff8168cd02>] ? __ip_local_out+0x42/0x100
[ 1757.644620]  [<ffffffff8168c040>] ? ip_fragment.constprop.49+0x80/0x80
[ 1757.644627]  [<ffffffff8168cdf5>] ip_local_out+0x35/0x40
[ 1757.644634]  [<ffffffff816d195d>] iptunnel_xmit+0x12d/0x150
[ 1757.644640]  [<ffffffffa036326a>] udp_tunnel_xmit_skb+0xea/0x100 [udp_tunnel]
[ 1757.644648]  [<ffffffffa038a506>] vxlan_xmit_one+0xac6/0x1280 [vxlan]
[ 1757.644659]  [<ffffffff810ef332>] ? vprintk_emit+0x2f2/0x4f0
[ 1757.644675]  [<ffffffff81193772>] ? printk+0x5d/0x74
[ 1757.644681]  [<ffffffff8109c045>] ? warn_slowpath_common+0x95/0xc0
[ 1757.644688]  [<ffffffffa038bf32>] vxlan_xmit+0x172/0xd44 [vxlan]
[ 1757.644694]  [<ffffffff816c26a3>] ? inet_gso_segment+0x163/0x360
[ 1757.644711]  [<ffffffff8164a43e>] dev_hard_start_xmit+0x22e/0x3b0
[ 1757.644721]  [<ffffffff8164ab24>] __dev_queue_xmit+0x414/0x510
[ 1757.644734]  [<ffffffff8164ac30>] dev_queue_xmit+0x10/0x20
[ 1757.644747]  [<ffffffff8168b66f>] ip_finish_output2+0x23f/0x310
[ 1757.644758]  [<ffffffff8168c179>] ip_finish_output+0x139/0x1f0
[ 1757.644763]  [<ffffffff8167e9d6>] ? nf_hook_slow+0x76/0xd0
[ 1757.644768]  [<ffffffff8168d64e>] ip_output+0x6e/0xe0
[ 1757.644775]  [<ffffffff8168cd02>] ? __ip_local_out+0x42/0x100
[ 1757.644780]  [<ffffffff8168c040>] ? ip_fragment.constprop.49+0x80/0x80
[ 1757.644785]  [<ffffffff8168cdf5>] ip_local_out+0x35/0x40
[ 1757.644793]  [<ffffffff8168e0c9>] ip_send_skb+0x19/0x40
[ 1757.644800]  [<ffffffff816b41cd>] udp_send_skb+0x16d/0x270
[ 1757.644807]  [<ffffffff816b50f8>] udp_sendmsg+0x2c8/0x9a0
[ 1757.644812]  [<ffffffff8168b1b0>] ? ip_reply_glue_bits+0x60/0x60
[ 1757.644825]  [<ffffffff816c2387>] inet_sendmsg+0x67/0xa0
[ 1757.644838]  [<ffffffff8162bf88>] sock_sendmsg+0x38/0x50
[ 1757.644852]  [<ffffffff8162c442>] SYSC_sendto+0x102/0x190
[ 1757.644860]  [<ffffffff8113842f>] ? __audit_syscall_entry+0xaf/0x100
[ 1757.644867]  [<ffffffff81003176>] ? do_audit_syscall_entry+0x66/0x70
[ 1757.644873]  [<ffffffff810037ef>] ? syscall_trace_enter_phase1+0x11f/0x140
[ 1757.644879]  [<ffffffff81096c6d>] ? syscall_slow_exit_work+0x3f/0x9f
[ 1757.644883]  [<ffffffff8162cf5e>] SyS_sendto+0xe/0x10
[ 1757.644890]  [<ffffffff8175946e>] entry_SYSCALL_64_fastpath+0x12/0x71
[ 1757.644895] ---[ end trace ec9dfd887c59f41f ]---


Here are the udpspam.c diffs from the original that I found at
http://oss.sgi.com/archives/netdev/2001-10/txtmtEDzF63p0.txt


--- udpspam.c	2015-12-14 16:56:18.287053786 -0800
+++ udpspam-no-check.c	2015-12-14 17:02:21.979047972 -0800
@@ -42,8 +42,8 @@ typedef unsigned long dword;
 
 /* Globals */
 
-#define PAYLOAD_SIZE 4
-static char payload[PAYLOAD_SIZE];
+static int payload_size = 4;
+static char *payload;
 
 /* Socket functions */
 
@@ -85,6 +85,8 @@ static int get_udp_socket(){
 
 	option = 0;
 	setsockopt(fd,SOL_SOCKET,SO_BROADCAST,(void *)&option,sizeof(option));
+	option = 1;
+	setsockopt(fd,SOL_SOCKET,SO_NO_CHECK,(void *)&option,sizeof(option));
 
 	udp.sin_addr.s_addr = htonl(INADDR_ANY);
 	udp.sin_port = htons(0);
@@ -123,9 +125,19 @@ int main(int argc,char *argv[]){
 		exit(-1);
 
 	socket_connect_address(fd,&remote);
-	memset(payload,0,PAYLOAD_SIZE);
+
+	if (argc == 3) {
+		errno = 0;
+		payload_size = strtol(argv[2], NULL, 0);
+		if (errno) {
+			fprintf(stderr, "bad payload size '%s'\n", argv[2]);
+			exit(1);
+		}
+	}
+	payload = malloc(payload_size);
+	memset(payload,0,payload_size);
 	while (1)
-		sendto(fd,payload,PAYLOAD_SIZE,0,(struct sockaddr *)&remote,sizeof(remote));
+		sendto(fd,payload,payload_size,0,(struct sockaddr *)&remote,sizeof(remote));
 
 	exit(0);
 }


======================================================================
Mr. Shannon Nelson                        Network Division, Intel Corp.
Shannon.Nelson@...el.com                I don't speak for Intel
(503) 712-7659                    Parents can't afford to be squeamish

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ