lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 26 May 2020 13:04:45 -0600
From:   David Ahern <dsahern@...il.com>
To:     "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        Saeed Mahameed <saeedm@...lanox.com>,
        Jesper Dangaard Brouer <brouer@...hat.com>,
        David Miller <davem@...emloft.net>,
        Daniel Borkmann <daniel@...earbox.net>
Subject: bpf-next/net-next: panic using bpf_xdp_adjust_head

bpf-next and net-next are panicing when a bpf program uses adjust_head -
e.g., popping a vlan header.

[ 7269.886684] BUG: kernel NULL pointer dereference, address:
0000000000000004
[ 7269.893676] #PF: supervisor read access in kernel mode
[ 7269.898821] #PF: error_code(0x0000) - not-present page
[ 7269.903970] PGD 0 P4D 0
[ 7269.906516] Oops: 0000 [#1] SMP PTI
[ 7269.910021] CPU: 3 PID: 0 Comm: swapper/3 Kdump: loaded Tainted: G
      I       5.7.0-rc6+ #221
[ 7269.919076] Hardware name: Dell Inc. PowerEdge R640/0W23H8, BIOS
1.6.12 11/20/2018
[ 7269.926661] RIP: 0010:__memmove+0x24/0x1a0
[ 7269.930766] Code: cc cc cc cc cc cc 48 89 f8 48 39 fe 7d 0f 49 89 f0
49 01 d0 49 39 f8 0f 8f a9 00 00 00 48 83 fa 20 0f 82 f5 00 00 00 48 89
d1 <f3> a4 c3 48 81 fa a8 02 00 00 72 05 40 38 fe 74 3b 48 83 ea 20 48
[ 7269.949548] RSP: 0018:ffff9c09cca04c68 EFLAGS: 00010282
[ 7269.954781] RAX: 0000000000000008 RBX: ffff9c09cca04d78 RCX:
ffff8bfc475a20fc
[ 7269.961927] RDX: ffff8bfc475a20fc RSI: 0000000000000004 RDI:
0000000000000008
[ 7269.969068] RBP: ffff8bfc475a2104 R08: ffff8bfc475a2100 R09:
ffff8bfc475a211c
[ 7269.976229] R10: 0000000000000012 R11: 0000000000000008 R12:
0000000000000004
[ 7269.983376] R13: ffff9c09cc9f57b8 R14: ffff8bfc475a2100 R15:
0000000000000008
[ 7269.990518] FS:  0000000000000000(0000) GS:ffff8c011f240000(0000)
knlGS:0000000000000000
[ 7269.998623] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 7270.004381] CR2: 0000000000000004 CR3: 0000001a72a0a004 CR4:
00000000007626e0
[ 7270.011523] DR0: 0000000000000000 DR1: 0000000000000000 DR2:
0000000000000000
[ 7270.018682] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7:
0000000000000400
[ 7270.025824] PKRU: 55555554
[ 7270.028539] Call Trace:
[ 7270.030990]  <IRQ>
[ 7270.033014]  bpf_xdp_adjust_head+0x68/0x80
[ 7270.037126]  bpf_prog_7d719f00afcf8e6c_xdp_l2fwd_prog+0x198/0xa10
[ 7270.043284]  mlx5e_xdp_handle+0x55/0x500 [mlx5_core]
[ 7270.048277]  mlx5e_skb_from_cqe_linear+0xf0/0x1b0 [mlx5_core]
[ 7270.054053]  mlx5e_handle_rx_cqe+0x64/0x140 [mlx5_core]
[ 7270.059297]  mlx5e_poll_rx_cq+0x8c8/0xa30 [mlx5_core]
[ 7270.064373]  mlx5e_napi_poll+0xdc/0x6a0 [mlx5_core]
[ 7270.069260]  net_rx_action+0x13d/0x3d0
[ 7270.073020]  __do_softirq+0xdd/0x2d0


git bisect chased it to
  13209a8f7304 ("Merge
git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net")

but that brings in a LOT of changes. Anyone have ideas on recent changes
that could be the root cause?

Powered by blists - more mailing lists