lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 26 Jul 2023 16:33:40 -0700
From: Martin KaFai Lau <martin.lau@...ux.dev>
To: Leon Romanovsky <leon@...nel.org>
Cc: Jakub Kicinski <kuba@...nel.org>, Daniel Borkmann <daniel@...earbox.net>,
 syzbot <syzbot+14736e249bce46091c18@...kaller.appspotmail.com>,
 andrii@...nel.org, ast@...nel.org, bpf@...r.kernel.org, haoluo@...gle.com,
 john.fastabend@...il.com, jolsa@...nel.org, kpsingh@...nel.org,
 linux-kernel@...r.kernel.org, netdev@...r.kernel.org, sdf@...gle.com,
 song@...nel.org, syzkaller-bugs@...glegroups.com, yhs@...com,
 Gal Pressman <gal@...dia.com>
Subject: Re: [syzbot] [bpf?] WARNING: ODEBUG bug in tcx_uninstall

On 7/26/23 11:16 AM, Martin KaFai Lau wrote:
> On 7/26/23 10:01 AM, Leon Romanovsky wrote:
>> On Wed, Jul 26, 2023 at 08:23:12AM -0700, Jakub Kicinski wrote:
>>> On Wed, 26 Jul 2023 10:12:54 +0300 Leon Romanovsky wrote:
>>>>> Thanks, I'll take a look this evening.
>>>>
>>>> Did anybody post a fix for that?
>>>>
>>>> We are experiencing the following kernel panic in netdev commit
>>>> b57e0d48b300 (net-next/main) Merge branch '100GbE' of 
>>>> git://git.kernel.org/pub/scm/linux/kernel/git/tnguy/next-queue
>>>
>>> Not that I know, looks like this is with Daniel's previous fix already
>>> present, and syzbot is hitting it, too :(
>>
>> My naive workaround which restored our regression runs is:
>>
>> diff --git a/kernel/bpf/tcx.c b/kernel/bpf/tcx.c
>> index 69a272712b29..10c9ab830702 100644
>> --- a/kernel/bpf/tcx.c
>> +++ b/kernel/bpf/tcx.c
>> @@ -111,6 +111,7 @@ void tcx_uninstall(struct net_device *dev, bool ingress)
>>                          bpf_prog_put(tuple.prog);
>>                  tcx_skeys_dec(ingress);
>>          }
>> -       WARN_ON_ONCE(tcx_entry(entry)->miniq_active);
>> +       tcx_miniq_set_active(entry, false);
> 
> Thanks for the report. I will look into it.

I don't see how that may be triggered for now after Daniel's recent fix in 
commit dc644b540a2d ("tcx: Fix splat in ingress_destroy upon tcx_entry_free"). 
Do you have a small reproducible case? Thanks.

> 
>>          tcx_entry_free(entry);
>>   }
>>
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ