lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 26 May 2020 15:30:29 -0600
From:   David Ahern <dsahern@...il.com>
To:     Saeed Mahameed <saeedm@...lanox.com>,
        "daniel@...earbox.net" <daniel@...earbox.net>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "davem@...emloft.net" <davem@...emloft.net>,
        "brouer@...hat.com" <brouer@...hat.com>
Subject: Re: bpf-next/net-next: panic using bpf_xdp_adjust_head

On 5/26/20 3:23 PM, Saeed Mahameed wrote:
> 
> looks like: xdp->data_meta has some invalid value.
> and i think its boundaries should be checked on 
> bpf_xdp_adjust_head() regardless of the issue that you are seeing.
> 
> Anyway I can't figure out the reason for this without extra digging
> since in mlx5 we do xdp_set_data_meta_invalid(); before passing the xdp
> buff to the bpf program, so it is not clear why would you hit the
> memove in bpf_xdp_adjust_head().
> 
>> [ 7270.033014]  bpf_xdp_adjust_head+0x68/0x80
>> [ 7270.037126]  bpf_prog_7d719f00afcf8e6c_xdp_l2fwd_prog+0x198/0xa10
>> [ 7270.043284]  mlx5e_xdp_handle+0x55/0x500 [mlx5_core]
>> [ 7270.048277]  mlx5e_skb_from_cqe_linear+0xf0/0x1b0 [mlx5_core]
>> [ 7270.054053]  mlx5e_handle_rx_cqe+0x64/0x140 [mlx5_core]
>> [ 7270.059297]  mlx5e_poll_rx_cq+0x8c8/0xa30 [mlx5_core]
>> [ 7270.064373]  mlx5e_napi_poll+0xdc/0x6a0 [mlx5_core]
>> [ 7270.069260]  net_rx_action+0x13d/0x3d0
>> [ 7270.073020]  __do_softirq+0xdd/0x2d0
>>
>>
>> git bisect chased it to
>>   13209a8f7304 ("Merge
>> git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net")
>>
> 
> Are you testing vanilla kernel ? 

yes - git bisect had no changes on top.

> 
> what does the xdp program do with the frame/xdp_buff other than
> bpf_xdp_adjust_head()/ i mean which other bpf helper is it calling ?
> 

nothing relevant. map lookup of a <mac,vlan> pair, map lookup of next
index, pop the vlan header, redirect to tap device:

   https://github.com/dsahern/bpf-progs/blob/master/ksrc/xdp_l2fwd.c

A program that I have been using for 5-6 months.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ