AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-01-20 03:36:36 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
88c2ace69d
linux_dsm_epyc7002/net/sched
History
Nikolay Aleksandrov 88c2ace69d sch_htb: fix crash on init failure 
The commit below added a call to the ->destroy() callback for all qdiscs
which failed in their ->init(), but some were not prepared for such
change and can't handle partially initialized qdisc. HTB is one of them
and if any error occurs before the qdisc watchdog timer and qdisc work are
initialized then we can hit either a null ptr deref (timer->base) when
canceling in ->destroy or lockdep error info about trying to register
a non-static key and a stack dump. So to fix these two move the watchdog
timer and workqueue init before anything that can err out.
To reproduce userspace needs to send broken htb qdisc create request,
tested with a modified tc (q_htb.c).

Trace log:
[ 2710.897602] BUG: unable to handle kernel NULL pointer dereference at (null)
[ 2710.897977] IP: hrtimer_active+0x17/0x8a
[ 2710.898174] PGD 58fab067
[ 2710.898175] P4D 58fab067
[ 2710.898353] PUD 586c0067
[ 2710.898531] PMD 0
[ 2710.898710]
[ 2710.899045] Oops: 0000 [#1] SMP
[ 2710.899232] Modules linked in:
[ 2710.899419] CPU: 1 PID: 950 Comm: tc Not tainted 4.13.0-rc6+ #54
[ 2710.899646] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.7.5-20140531_083030-gandalf 04/01/2014
[ 2710.900035] task: ffff880059ed2700 task.stack: ffff88005ad4c000
[ 2710.900262] RIP: 0010:hrtimer_active+0x17/0x8a
[ 2710.900467] RSP: 0018:ffff88005ad4f960 EFLAGS: 00010246
[ 2710.900684] RAX: 0000000000000000 RBX: ffff88003701e298 RCX: 0000000000000000
[ 2710.900933] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88003701e298
[ 2710.901177] RBP: ffff88005ad4f980 R08: 0000000000000001 R09: 0000000000000001
[ 2710.901419] R10: ffff88005ad4f800 R11: 0000000000000400 R12: 0000000000000000
[ 2710.901663] R13: ffff88003701e298 R14: ffffffff822a4540 R15: ffff88005ad4fac0
[ 2710.901907] FS:  00007f2f5e90f740(0000) GS:ffff88005d880000(0000) knlGS:0000000000000000
[ 2710.902277] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 2710.902500] CR2: 0000000000000000 CR3: 0000000058ca3000 CR4: 00000000000406e0
[ 2710.902744] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 2710.902977] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 2710.903180] Call Trace:
[ 2710.903332]  hrtimer_try_to_cancel+0x1a/0x93
[ 2710.903504]  hrtimer_cancel+0x15/0x20
[ 2710.903667]  qdisc_watchdog_cancel+0x12/0x14
[ 2710.903866]  htb_destroy+0x2e/0xf7
[ 2710.904097]  qdisc_create+0x377/0x3fd
[ 2710.904330]  tc_modify_qdisc+0x4d2/0x4fd
[ 2710.904511]  rtnetlink_rcv_msg+0x188/0x197
[ 2710.904682]  ? rcu_read_unlock+0x3e/0x5f
[ 2710.904849]  ? rtnl_newlink+0x729/0x729
[ 2710.905017]  netlink_rcv_skb+0x6c/0xce
[ 2710.905183]  rtnetlink_rcv+0x23/0x2a
[ 2710.905345]  netlink_unicast+0x103/0x181
[ 2710.905511]  netlink_sendmsg+0x326/0x337
[ 2710.905679]  sock_sendmsg_nosec+0x14/0x3f
[ 2710.905847]  sock_sendmsg+0x29/0x2e
[ 2710.906010]  ___sys_sendmsg+0x209/0x28b
[ 2710.906176]  ? do_raw_spin_unlock+0xcd/0xf8
[ 2710.906346]  ? _raw_spin_unlock+0x27/0x31
[ 2710.906514]  ? __handle_mm_fault+0x651/0xdb1
[ 2710.906685]  ? check_chain_key+0xb0/0xfd
[ 2710.906855]  __sys_sendmsg+0x45/0x63
[ 2710.907018]  ? __sys_sendmsg+0x45/0x63
[ 2710.907185]  SyS_sendmsg+0x19/0x1b
[ 2710.907344]  entry_SYSCALL_64_fastpath+0x23/0xc2

Note that probably this bug goes further back because the default qdisc
handling always calls ->destroy on init failure too.

Fixes: 87b60cfacf ("net_sched: fix error recovery at qdisc creation")
Fixes: 0fbbeb1ba4 ("[PKT_SCHED]: Fix missing qdisc_destroy() in qdisc_create_dflt()")
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-08-30 15:26:11 -07:00
..
act_api.c net sched actions: rename act_get_notify() to tcf_get_notify() 2017-07-14 08:52:33 -07:00
act_bpf.c bpf: expose prog id for cls_bpf and act_bpf 2017-06-21 15:14:23 -04:00
act_connmark.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_csum.c net: use skb->csum_not_inet to identify packets needing crc32c 2017-05-19 19:21:29 -04:00
act_gact.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_ife.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_ipt.c net: sched: fix NULL pointer dereference when action calls some targets 2017-08-18 16:25:49 -07:00
act_meta_mark.c Support to encoding decoding skb mark on IFE action 2016-03-01 17:15:23 -05:00
act_meta_skbprio.c Support to encoding decoding skb prio on IFE action 2016-03-01 17:15:23 -05:00
act_meta_skbtcindex.c net sched ife action: Introduce skb tcindex metadata encap decap 2016-09-19 21:55:28 -04:00
act_mirred.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_nat.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_pedit.c net/act_pedit: fix an error code 2017-06-14 15:24:18 -04:00
act_police.c net_sched: move tcf_lock down after gen_replace_estimator() 2017-06-14 14:39:19 -04:00
act_sample.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_simple.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_skbedit.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_skbmod.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
act_tunnel_key.c net: sched: act_tunnel_key: make UDP checksum configurable 2017-06-15 14:21:03 -04:00
act_vlan.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
cls_api.c net: sched: don't do tcf_chain_flush from tcf_chain_destroy 2017-08-22 14:39:58 -07:00
cls_basic.c net_sched: move the empty tp check from ->destroy() to ->delete() 2017-04-21 13:58:15 -04:00
cls_bpf.c bpf: expose prog id for cls_bpf and act_bpf 2017-06-21 15:14:23 -04:00
cls_cgroup.c net_sched: move the empty tp check from ->destroy() to ->delete() 2017-04-21 13:58:15 -04:00
cls_flow.c net_sched: move the empty tp check from ->destroy() to ->delete() 2017-04-21 13:58:15 -04:00
cls_flower.c net: propagate tc filter chain index down the ndo_setup_tc call 2017-06-08 09:55:53 -04:00
cls_fw.c net_sched: remove useless NULL to tp->root 2017-04-21 13:58:15 -04:00
cls_matchall.c net: propagate tc filter chain index down the ndo_setup_tc call 2017-06-08 09:55:53 -04:00
cls_route.c net_sched: remove useless NULL to tp->root 2017-04-21 13:58:15 -04:00
cls_rsvp6.c
cls_rsvp.c
cls_rsvp.h net_sched: remove useless NULL to tp->root 2017-04-21 13:58:15 -04:00
cls_tcindex.c net_sched: move the empty tp check from ->destroy() to ->delete() 2017-04-21 13:58:15 -04:00
cls_u32.c net: propagate tc filter chain index down the ndo_setup_tc call 2017-06-08 09:55:53 -04:00
em_canid.c net: sched: remove tcf_proto from ematch calls 2014-10-06 18:02:32 -04:00
em_cmp.c net_sched: cleanups 2011-01-19 23:31:12 -08:00
em_ipset.c netfilter: x_tables: move hook state into xt_action_param structure 2016-11-03 10:56:21 +01:00
em_meta.c net: convert sock.sk_refcnt from atomic_t to refcount_t 2017-07-01 07:39:08 -07:00
em_nbyte.c net: sched: remove tcf_proto from ematch calls 2014-10-06 18:02:32 -04:00
em_text.c net: Remove state argument from skb_find_text() 2015-02-22 15:59:54 -05:00
em_u32.c net_sched: cleanups 2011-01-19 23:31:12 -08:00
ematch.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
Kconfig net: sched: select cls when cls_act is enabled 2017-06-05 10:56:36 -04:00
Makefile net/sched: Introduce sample tc action 2017-01-24 13:44:28 -05:00
sch_api.c net_sched: fix a refcount_t issue with noop_qdisc 2017-08-24 21:28:24 -07:00
sch_atm.c net_sched: reset pointers to tcf blocks in classful qdiscs' destructors 2017-08-15 17:16:39 -07:00
sch_blackhole.c net_sched: drop packets after root qdisc lock is released 2016-06-25 12:19:35 -04:00
sch_cbq.c net_sched: reset pointers to tcf blocks in classful qdiscs' destructors 2017-08-15 17:16:39 -07:00
sch_choke.c treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
sch_codel.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
sch_drr.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_dsmark.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_fifo.c sched: don't use skb queue helpers 2016-09-19 01:47:18 -04:00
sch_fq_codel.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_fq.c mm, tree wide: replace __GFP_REPEAT by __GFP_RETRY_MAYFAIL with more useful semantic 2017-07-12 16:26:03 -07:00
sch_generic.c net_sched: fix a refcount_t issue with noop_qdisc 2017-08-24 21:28:24 -07:00
sch_gred.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
sch_hfsc.c net_sched: reset pointers to tcf blocks in classful qdiscs' destructors 2017-08-15 17:16:39 -07:00
sch_hhf.c treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
sch_htb.c sch_htb: fix crash on init failure 2017-08-30 15:26:11 -07:00
sch_ingress.c net: sched: introduce tcf block infractructure 2017-05-17 15:22:13 -04:00
sch_mq.c net: sched: make default fifo qdiscs appear in the dump 2017-03-12 22:53:02 -07:00
sch_mqprio.c net: propagate tc filter chain index down the ndo_setup_tc call 2017-06-08 09:55:53 -04:00
sch_multiq.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_netem.c treewide: use kv[mz]alloc* rather than opencoded variants 2017-05-08 17:15:13 -07:00
sch_pie.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
sch_plug.c net_sched: drop packets after root qdisc lock is released 2016-06-25 12:19:35 -04:00
sch_prio.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_qfq.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_red.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
sch_sfb.c net: sched: introduce a TRAP control action 2017-06-06 12:45:23 -04:00
sch_sfq.c net_sched/sfq: update hierarchical backlog when drop packet 2017-08-15 17:16:39 -07:00
sch_tbf.c netlink: pass extended ACK struct to parsing functions 2017-04-13 13:58:22 -04:00
sch_teql.c net: make ndo_get_stats64 a void function 2017-01-08 17:51:44 -05:00