AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-15 04:36:49 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
634576a184
linux_dsm_epyc7002/net/sched
History
Nikolay Aleksandrov 634576a184 sch_netem: avoid null pointer deref on init failure 
netem can fail in ->init due to missing options (either not supplied by
user-space or used as a default qdisc) causing a timer->base null
pointer deref in its ->destroy() and ->reset() callbacks.

Reproduce:
$ sysctl net.core.default_qdisc=netem
$ ip l set ethX up

Crash log:
[ 1814.846943] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 1814.847181] IP: hrtimer_active+0x17/0x8a
[ 1814.847270] PGD 59c34067
[ 1814.847271] P4D 59c34067
[ 1814.847337] PUD 37374067
[ 1814.847403] PMD 0
[ 1814.847468]
[ 1814.847582] Oops: 0000 [#1] SMP
[ 1814.847655] Modules linked in: sch_netem(O) sch_fq_codel(O)
[ 1814.847761] CPU: 3 PID: 1573 Comm: ip Tainted: G           O 4.13.0-rc6+ #62
[ 1814.847884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 1814.848043] task: ffff88003723a700 task.stack: ffff88005adc8000
[ 1814.848235] RIP: 0010:hrtimer_active+0x17/0x8a
[ 1814.848407] RSP: 0018:ffff88005adcb590 EFLAGS: 00010246
[ 1814.848590] RAX: 0000000000000000 RBX: ffff880058e359d8 RCX: 0000000000000000
[ 1814.848793] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff880058e359d8
[ 1814.848998] RBP: ffff88005adcb5b0 R08: 00000000014080c0 R09: 00000000ffffffff
[ 1814.849204] R10: ffff88005adcb660 R11: 0000000000000020 R12: 0000000000000000
[ 1814.849410] R13: ffff880058e359d8 R14: 00000000ffffffff R15: 0000000000000001
[ 1814.849616] FS:  00007f733bbca740(0000) GS:ffff88005d980000(0000) knlGS:0000000000000000
[ 1814.849919] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1814.850107] CR2: 0000000000000000 CR3: 0000000059f0d000 CR4: 00000000000406e0
[ 1814.850313] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1814.850518] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1814.850723] Call Trace:
[ 1814.850875]  hrtimer_try_to_cancel+0x1a/0x93
[ 1814.851047]  hrtimer_cancel+0x15/0x20
[ 1814.851211]  qdisc_watchdog_cancel+0x12/0x14
[ 1814.851383]  netem_reset+0xe6/0xed [sch_netem]
[ 1814.851561]  qdisc_destroy+0x8b/0xe5
[ 1814.851723]  qdisc_create_dflt+0x86/0x94
[ 1814.851890]  ? dev_activate+0x129/0x129
[ 1814.852057]  attach_one_default_qdisc+0x36/0x63
[ 1814.852232]  netdev_for_each_tx_queue+0x3d/0x48
[ 1814.852406]  dev_activate+0x4b/0x129
[ 1814.852569]  __dev_open+0xe7/0x104
[ 1814.852730]  __dev_change_flags+0xc6/0x15c
[ 1814.852899]  dev_change_flags+0x25/0x59
[ 1814.853064]  do_setlink+0x30c/0xb3f
[ 1814.853228]  ? check_chain_key+0xb0/0xfd
[ 1814.853396]  ? check_chain_key+0xb0/0xfd
[ 1814.853565]  rtnl_newlink+0x3a4/0x729
[ 1814.853728]  ? rtnl_newlink+0x117/0x729
[ 1814.853905]  ? ns_capable_common+0xd/0xb1
[ 1814.854072]  ? ns_capable+0x13/0x15
[ 1814.854234]  rtnetlink_rcv_msg+0x188/0x197
[ 1814.854404]  ? rcu_read_unlock+0x3e/0x5f
[ 1814.854572]  ? rtnl_newlink+0x729/0x729
[ 1814.854737]  netlink_rcv_skb+0x6c/0xce
[ 1814.854902]  rtnetlink_rcv+0x23/0x2a
[ 1814.855064]  netlink_unicast+0x103/0x181
[ 1814.855230]  netlink_sendmsg+0x326/0x337
[ 1814.855398]  sock_sendmsg_nosec+0x14/0x3f
[ 1814.855584]  sock_sendmsg+0x29/0x2e
[ 1814.855747]  ___sys_sendmsg+0x209/0x28b
[ 1814.855912]  ? do_raw_spin_unlock+0xcd/0xf8
[ 1814.856082]  ? _raw_spin_unlock+0x27/0x31
[ 1814.856251]  ? __handle_mm_fault+0x651/0xdb1
[ 1814.856421]  ? check_chain_key+0xb0/0xfd
[ 1814.856592]  __sys_sendmsg+0x45/0x63
[ 1814.856755]  ? __sys_sendmsg+0x45/0x63
[ 1814.856923]  SyS_sendmsg+0x19/0x1b
[ 1814.857083]  entry_SYSCALL_64_fastpath+0x23/0xc2
[ 1814.857256] RIP: 0033:0x7f733b2dd690
[ 1814.857419] RSP: 002b:00007ffe1d3387d8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1814.858238] RAX: ffffffffffffffda RBX: ffffffff810d278c RCX: 00007f733b2dd690
[ 1814.858445] RDX: 0000000000000000 RSI: 00007ffe1d338820 RDI: 0000000000000003
[ 1814.858651] RBP: ffff88005adcbf98 R08: 0000000000000001 R09: 0000000000000003
[ 1814.858856] R10: 00007ffe1d3385a0 R11: 0000000000000246 R12: 0000000000000002
[ 1814.859060] R13: 000000000066f1a0 R14: 00007ffe1d3408d0 R15: 0000000000000000
[ 1814.859267]  ? trace_hardirqs_off_caller+0xa7/0xcf
[ 1814.859446] Code: 10 55 48 89 c7 48 89 e5 e8 45 a1 fb ff 31 c0 5d c3
31 c0 c3 66 66 66 66 90 55 48 89 e5 41 56 41 55 41 54 53 49 89 fd 49 8b
45 30 <4c> 8b 20 41 8b 5c 24 38 31 c9 31 d2 48 c7 c7 50 8e 1d 82 41 89
[ 1814.860022] RIP: hrtimer_active+0x17/0x8a RSP: ffff88005adcb590
[ 1814.860214] CR2: 0000000000000000

Fixes: 87b60cfacf ("net_sched: fix error recovery at qdisc creation")
Fixes: 0fbbeb1ba4 ("[PKT_SCHED]: Fix missing qdisc_destroy() in qdisc_create_dflt()")
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-08-30 15:26:11 -07:00
..
act_api.c net sched actions: rename act_get_notify() to tcf_get_notify() 2017-07-14 08:52:33 -07:00
act_bpf.c bpf: expose prog id for cls_bpf and act_bpf 2017-06-21 15:14:23 -04:00
act_connmark.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_csum.c net: use skb->csum_not_inet to identify packets needing crc32c 2017-05-19 19:21:29 -04:00
act_gact.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_ife.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_ipt.c net: sched: fix NULL pointer dereference when action calls some targets 2017-08-18 16:25:49 -07:00
act_meta_mark.c Support to encoding decoding skb mark on IFE action 2016-03-01 17:15:23 -05:00
act_meta_skbprio.c Support to encoding decoding skb prio on IFE action 2016-03-01 17:15:23 -05:00
act_meta_skbtcindex.c net sched ife action: Introduce skb tcindex metadata encap decap 2016-09-19 21:55:28 -04:00
act_mirred.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_nat.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_pedit.c net/act_pedit: fix an error code 2017-06-14 15:24:18 -04:00
act_police.c net_sched: move tcf_lock down after gen_replace_estimator() 2017-06-14 14:39:19 -04:00
act_sample.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_simple.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_skbedit.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_skbmod.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_tunnel_key.c net: sched: act_tunnel_key: make UDP checksum configurable 2017-06-15 14:21:03 -04:00
act_vlan.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
cls_api.c net: sched: don't do tcf_chain_flush from tcf_chain_destroy 2017-08-22 14:39:58 -07:00
cls_basic.c net_sched: move the empty tp check from ->destroy() to ->delete() 2017-04-21 13:58:15 -04:00
cls_bpf.c bpf: expose prog id for cls_bpf and act_bpf 2017-06-21 15:14:23 -04:00
cls_cgroup.c net_sched: move the empty tp check from ->destroy() to ->delete() 2017-04-21 13:58:15 -04:00
cls_flow.c net_sched: move the empty tp check from ->destroy() to ->delete() 2017-04-21 13:58:15 -04:00
cls_flower.c net: propagate tc filter chain index down the ndo_setup_tc call 2017-06-08 09:55:53 -04:00
cls_fw.c net_sched: remove useless NULL to tp->root 2017-04-21 13:58:15 -04:00
cls_matchall.c net: propagate tc filter chain index down the ndo_setup_tc call 2017-06-08 09:55:53 -04:00
cls_route.c net_sched: remove useless NULL to tp->root 2017-04-21 13:58:15 -04:00
cls_rsvp6.c
cls_rsvp.c
cls_rsvp.h net_sched: remove useless NULL to tp->root 2017-04-21 13:58:15 -04:00
cls_tcindex.c net_sched: move the empty tp check from ->destroy() to ->delete() 2017-04-21 13:58:15 -04:00
cls_u32.c net: propagate tc filter chain index down the ndo_setup_tc call 2017-06-08 09:55:53 -04:00
em_canid.c net: sched: remove tcf_proto from ematch calls 2014-10-06 18:02:32 -04:00
em_cmp.c net_sched: cleanups 2011-01-19 23:31:12 -08:00
em_ipset.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
em_meta.c net: convert sock.sk_refcnt from atomic_t to refcount_t 2017-07-01 07:39:08 -07:00
em_nbyte.c net: sched: remove tcf_proto from ematch calls 2014-10-06 18:02:32 -04:00
em_text.c net: Remove state argument from skb_find_text() 2015-02-22 15:59:54 -05:00
em_u32.c net_sched: cleanups 2011-01-19 23:31:12 -08:00
ematch.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
Kconfig net: sched: select cls when cls_act is enabled 2017-06-05 10:56:36 -04:00
Makefile net/sched: Introduce sample tc action 2017-01-24 13:44:28 -05:00
sch_api.c net_sched: fix a refcount_t issue with noop_qdisc 2017-08-24 21:28:24 -07:00
sch_atm.c net_sched: reset pointers to tcf blocks in classful qdiscs' destructors 2017-08-15 17:16:39 -07:00
sch_blackhole.c net_sched: drop packets after root qdisc lock is released 2016-06-25 12:19:35 -04:00
sch_cbq.c sch_cbq: fix null pointer dereferences on init failure 2017-08-30 15:26:11 -07:00
sch_choke.c treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
sch_codel.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
sch_drr.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_dsmark.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_fifo.c sched: don't use skb queue helpers 2016-09-19 01:47:18 -04:00
sch_fq_codel.c sch_fq_codel: avoid double free on init failure 2017-08-30 15:26:11 -07:00
sch_fq.c mm, tree wide: replace __GFP_REPEAT by __GFP_RETRY_MAYFAIL with more useful semantic 2017-07-12 16:26:03 -07:00
sch_generic.c net_sched: fix a refcount_t issue with noop_qdisc 2017-08-24 21:28:24 -07:00
sch_gred.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
sch_hfsc.c sch_hfsc: fix null pointer deref and double free on init failure 2017-08-30 15:26:11 -07:00
sch_hhf.c sch_hhf: fix null pointer dereference on init failure 2017-08-30 15:26:11 -07:00
sch_htb.c sch_htb: fix crash on init failure 2017-08-30 15:26:11 -07:00
sch_ingress.c net: sched: introduce tcf block infractructure 2017-05-17 15:22:13 -04:00
sch_mq.c net: sched: make default fifo qdiscs appear in the dump 2017-03-12 22:53:02 -07:00
sch_mqprio.c net: propagate tc filter chain index down the ndo_setup_tc call 2017-06-08 09:55:53 -04:00
sch_multiq.c sch_multiq: fix double free on init failure 2017-08-30 15:26:11 -07:00
sch_netem.c sch_netem: avoid null pointer deref on init failure 2017-08-30 15:26:11 -07:00
sch_pie.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
sch_plug.c net_sched: drop packets after root qdisc lock is released 2016-06-25 12:19:35 -04:00
sch_prio.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_qfq.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_red.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
sch_sfb.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_sfq.c net_sched/sfq: update hierarchical backlog when drop packet 2017-08-15 17:16:39 -07:00
sch_tbf.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
sch_teql.c net: make ndo_get_stats64 a void function 2017-01-08 17:51:44 -05:00