lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Mar 2020 18:33:33 +0100 From: Julian Wiedmann <jwi@...ux.ibm.com> To: Michal Kubecek <mkubecek@...e.cz> Cc: David Miller <davem@...emloft.net>, netdev <netdev@...r.kernel.org>, Eric Dumazet <edumazet@...gle.com>, Jamal Hadi Salim <jhs@...atatu.com>, Cong Wang <xiyou.wangcong@...il.com>, Jiri Pirko <jiri@...nulli.us> Subject: Re: [PATCH net-next] net: sched: make newly activated qdiscs visible On 12.03.20 17:48, Michal Kubecek wrote: > On Tue, Mar 10, 2020 at 05:53:35PM +0100, Julian Wiedmann wrote: >> In their .attach callback, mq[prio] only add the qdiscs of the currently >> active TX queues to the device's qdisc hash list. >> If a user later increases the number of active TX queues, their qdiscs >> are not visible via eg. 'tc qdisc show'. >> >> Add a hook to netif_set_real_num_tx_queues() that walks all active >> TX queues and adds those which are missing to the hash list. >> >> CC: Eric Dumazet <edumazet@...gle.com> >> CC: Jamal Hadi Salim <jhs@...atatu.com> >> CC: Cong Wang <xiyou.wangcong@...il.com> >> CC: Jiri Pirko <jiri@...nulli.us> >> Signed-off-by: Julian Wiedmann <jwi@...ux.ibm.com> >> --- > > I started seeing the stack trace below consistently on boot with > (patched) net-next today and checking latest changes brought my > attention to commit 4cda75275f9f ("net: sched: make newly activated > qdiscs visible") (this patch) because it added the call of > dev_qdisc_set_real_num_tx_queues() to netif_set_real_num_tx_queues(). > After reverting the commit, the same machine boots without any issue. > > Michal Thanks Michal. Brown bag time - I completely disregarded the case where the queue count gets changed prior to an initial dev_activate(). Darn. Dave, I'll send you a revert in a minute. This clearly needs more thinking & testing. > > [ 40.579142] BUG: kernel NULL pointer dereference, address: 0000000000000400 > [ 40.586922] #PF: supervisor read access in kernel mode > [ 40.592668] #PF: error_code(0x0000) - not-present page > [ 40.598405] PGD 0 P4D 0 > [ 40.601234] Oops: 0000 [#1] PREEMPT SMP PTI > [ 40.605909] CPU: 18 PID: 1681 Comm: wickedd Tainted: G E 5.6.0-rc3-ethnl.50-default #1 > [ 40.616205] Hardware name: Intel Corporation S2600CP/S2600CP, BIOS RMLSDP.86I.R3.27.D685.1305151734 05/15/2013 > [ 40.627377] RIP: 0010:qdisc_hash_add.part.22+0x2e/0x90 > [ 40.633115] Code: 00 55 53 89 f5 48 89 fb e8 2f 9b fb ff 85 c0 74 44 48 8b 43 40 48 8b 08 69 43 38 47 86 c8 61 c1 e8 1c 48 83 e8 80 48 8d 14 c1 <48> 8b 04 c1 48 8d 4b 28 48 89 53 30 48 89 43 28 48 85 c0 48 89 0a > [ 40.654080] RSP: 0018:ffffb879864934d8 EFLAGS: 00010203 > [ 40.659914] RAX: 0000000000000080 RBX: ffffffffb8328d80 RCX: 0000000000000000 > [ 40.667882] RDX: 0000000000000400 RSI: 0000000000000000 RDI: ffffffffb831faa0 > [ 40.675849] RBP: 0000000000000000 R08: ffffa0752c8b9088 R09: ffffa0752c8b9208 > [ 40.683816] R10: 0000000000000006 R11: 0000000000000000 R12: ffffa0752d734000 > [ 40.691783] R13: 0000000000000008 R14: 0000000000000000 R15: ffffa07113c18000 > [ 40.699750] FS: 00007f94548e5880(0000) GS:ffffa0752e980000(0000) knlGS:0000000000000000 > [ 40.708782] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > [ 40.715189] CR2: 0000000000000400 CR3: 000000082b6ae006 CR4: 00000000001606e0 > [ 40.723156] Call Trace: > [ 40.725888] dev_qdisc_set_real_num_tx_queues+0x61/0x90 > [ 40.731725] netif_set_real_num_tx_queues+0x94/0x1d0 > [ 40.737286] __igb_open+0x19a/0x5d0 [igb] > [ 40.741767] __dev_open+0xbb/0x150 > [ 40.745567] __dev_change_flags+0x157/0x1a0 > [ 40.750240] dev_change_flags+0x23/0x60 > [ 40.754524] do_setlink+0x301/0xe50 > [ 40.758420] ? __nla_reserve+0x38/0x50 > [ 40.762609] ? __nla_validate_parse+0x41/0x880 > [ 40.767569] ? nla_put+0x2f/0x40 > [ 40.771167] ? inet6_fill_ifla6_attrs+0x429/0x450 > [ 40.776417] ? __nla_reserve+0x38/0x50 > [ 40.780603] __rtnl_newlink+0x544/0x8d0 > [ 40.784887] ? rtnl_dump_ifinfo+0x40b/0x560 > [ 40.789559] ? __nla_reserve+0x38/0x50 > [ 40.793744] ? __nla_put+0xc/0x20 > [ 40.797445] ? nla_put+0x2f/0x40 > [ 40.801054] ? fib_nexthop_info+0xde/0x1c0 > [ 40.805639] ? kmem_cache_alloc_trace+0x1e0/0x5a0 > [ 40.810896] ? __local_bh_enable_ip+0x47/0x80 > [ 40.815762] rtnl_newlink+0x47/0x70 > [ 40.819659] ? ns_capable_common+0x27/0x50 > [ 40.824234] rtnetlink_rcv_msg+0x125/0x320 > [ 40.828809] ? kmem_cache_alloc_node_trace+0x241/0x5b0 > [ 40.834546] ? rtnl_calcit.isra.34+0x110/0x110 > [ 40.839511] netlink_rcv_skb+0x4a/0x110 > [ 40.843793] netlink_unicast+0x18e/0x250 > [ 40.848165] netlink_sendmsg+0x2f2/0x410 > [ 40.852551] sock_sendmsg+0x5b/0x60 > [ 40.856449] ____sys_sendmsg+0x1e2/0x240 > [ 40.860829] ? copy_msghdr_from_user+0xc5/0x130 > [ 40.865891] ___sys_sendmsg+0x88/0xd0 > [ 40.869982] ? preempt_count_sub+0x43/0x50 > [ 40.874558] ? _raw_spin_unlock+0x16/0x30 > [ 40.879037] ? do_wp_page+0x164/0x540 > [ 40.883127] ? handle_pte_fault+0x521/0xda0 > [ 40.887799] ? __handle_mm_fault+0x4e0/0x600 > [ 40.892568] ? __sys_sendmsg+0x4e/0x80 > [ 40.896757] __sys_sendmsg+0x4e/0x80 > [ 40.900756] do_syscall_64+0x5a/0x1c0 > [ 40.904846] entry_SYSCALL_64_after_hwframe+0x49/0xbe > [ 40.910486] RIP: 0033:0x7f9453dd8c47 > [ 40.914477] Code: 64 89 02 48 c7 c0 ff ff ff ff eb b9 0f 1f 80 00 00 00 00 8b 05 ea fb 2b 00 48 63 d2 48 63 ff 85 c0 75 18 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 59 f3 c3 0f 1f 80 00 00 00 00 53 48 89 f3 48 > [ 40.935445] RSP: 002b:00007fffe72e6cb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e > [ 40.943901] RAX: ffffffffffffffda RBX: 000055df06f8dde0 RCX: 00007f9453dd8c47 > [ 40.951870] RDX: 0000000000000000 RSI: 00007fffe72e6cf0 RDI: 0000000000000006 > [ 40.959835] RBP: 000055df070d4c70 R08: 000055df070d4c70 R09: 000055df0703ae40 > [ 40.967800] R10: 0000000000000152 R11: 0000000000000246 R12: 000055df0702a330 > [ 40.975768] R13: 00007fffe72e6cf0 R14: 00007fffe72e6e40 R15: 000055df070211e0 > [ 40.983744] Modules linked in: br_netfilter(E) bridge(E) stp(E) llc(E) iscsi_ibft(E) iscsi_boot_sysfs(E) sunrpc(E) intel_rapl_msr(E) intel_rapl_common(E) sb_edac(E) x86_pkg_temp_thermal(E) intel_powerclamp(E) coretemp(E) crct10dif_pclmul(E) ixgbe(E) sfc(E) crc32_pclmul(E) crc32c_intel(E) ghash_clmulni_intel(E) xfrm_algo(E) iTCO_wdt(E) ipmi_ssif(E) aesni_intel(E) igb(E) libphy(E) iTCO_vendor_support(E) crypto_simd(E) joydev(E) mdio(E) mtd(E) cryptd(E) ptp(E) glue_helper(E) ioatdma(E) pps_core(E) ipmi_si(E) pcspkr(E) lpc_ich(E) dca(E) i2c_i801(E) ipmi_devintf(E) ipmi_msghandler(E) button(E) hid_generic(E) usbhid(E) mgag200(E) drm_kms_helper(E) syscopyarea(E) sysfillrect(E) sysimgblt(E) fb_sys_fops(E) drm_vram_helper(E) drm_ttm_helper(E) ttm(E) ehci_pci(E) ehci_hcd(E) sr_mod(E) drm(E) cdrom(E) i2c_algo_bit(E) usbcore(E) isci(E) libsas(E) scsi_transport_sas(E) wmi(E) sg(E) dm_multipath(E) dm_mod(E) scsi_dh_rdac(E) scsi_dh_emc(E) scsi_dh_alua(E) > [ 41.076818] CR2: 0000000000000400 > [ 41.076867] ---[ end trace c1af668e054f361a ]--- >
Powered by blists - more mailing lists