Message ID | 20181018203840.87884-1-cpaasch@apple.com |
---|---|
State | Not Applicable, archived |
Delegated to: | David Miller |
Headers | show |
Series | [v4.14-stable] sch_netem: restore skb->dev after dequeuing from the rbtree | expand |
From: Christoph Paasch <cpaasch@apple.com> Date: Thu, 18 Oct 2018 13:38:40 -0700 > Upstream commit bffa72cf7f9d ("net: sk_buff rbnode reorg") got > backported as commit 6b921536f170 ("net: sk_buff rbnode reorg") into the > v4.14.x-tree. > > However, the backport does not include the changes in sch_netem.c > > We need these, as otherwise the skb->dev pointer is not set when > dequeueing from the netem rbtree, resulting in a panic: ... > Fixes: 6b921536f170 ("net: sk_buff rbnode reorg") > Cc: Stephen Hemminger <stephen@networkplumber.org> > Cc: Eric Dumazet <edumazet@google.com> > Cc: Soheil Hassas Yeganeh <soheil@google.com> > Cc: Wei Wang <weiwan@google.com> > Cc: Willem de Bruijn <willemb@google.com> > Signed-off-by: Christoph Paasch <cpaasch@apple.com> > --- > > Notes: > This patch should only make it into v4.14-stable as that's the only branch where > the offending commit has been backported to. Greg, please queue up.
Greg, On Thu, Oct 18, 2018 at 03:43:48PM -0700, David Miller wrote: > From: Christoph Paasch <cpaasch@apple.com> > Date: Thu, 18 Oct 2018 13:38:40 -0700 > > > Upstream commit bffa72cf7f9d ("net: sk_buff rbnode reorg") got > > backported as commit 6b921536f170 ("net: sk_buff rbnode reorg") into the > > v4.14.x-tree. > > > > However, the backport does not include the changes in sch_netem.c > > > > We need these, as otherwise the skb->dev pointer is not set when > > dequeueing from the netem rbtree, resulting in a panic: > ... > > Fixes: 6b921536f170 ("net: sk_buff rbnode reorg") > > Cc: Stephen Hemminger <stephen@networkplumber.org> > > Cc: Eric Dumazet <edumazet@google.com> > > Cc: Soheil Hassas Yeganeh <soheil@google.com> > > Cc: Wei Wang <weiwan@google.com> > > Cc: Willem de Bruijn <willemb@google.com> > > Signed-off-by: Christoph Paasch <cpaasch@apple.com> > > --- > > > > Notes: > > This patch should only make it into v4.14-stable as that's the only branch where > > the offending commit has been backported to. > > Greg, please queue up. Are you planing to queue this one ? Looks to me it was a miss on the backport. It seams that the backport was touching different files, and missed the change on net/sched/sch_netem.c. So, to me, even if this patch may not follow the strictly the rules of stable, as it is not a patch in upstream, seams to be a needed change, even if it is specific to stable linux-4.14.y. >
On Tue, Oct 30, 2018 at 12:12:51PM -0700, Eduardo Valentin wrote: >Greg, > >On Thu, Oct 18, 2018 at 03:43:48PM -0700, David Miller wrote: >> From: Christoph Paasch <cpaasch@apple.com> >> Date: Thu, 18 Oct 2018 13:38:40 -0700 >> >> > Upstream commit bffa72cf7f9d ("net: sk_buff rbnode reorg") got >> > backported as commit 6b921536f170 ("net: sk_buff rbnode reorg") into the >> > v4.14.x-tree. >> > >> > However, the backport does not include the changes in sch_netem.c >> > >> > We need these, as otherwise the skb->dev pointer is not set when >> > dequeueing from the netem rbtree, resulting in a panic: >> ... >> > Fixes: 6b921536f170 ("net: sk_buff rbnode reorg") >> > Cc: Stephen Hemminger <stephen@networkplumber.org> >> > Cc: Eric Dumazet <edumazet@google.com> >> > Cc: Soheil Hassas Yeganeh <soheil@google.com> >> > Cc: Wei Wang <weiwan@google.com> >> > Cc: Willem de Bruijn <willemb@google.com> >> > Signed-off-by: Christoph Paasch <cpaasch@apple.com> >> > --- >> > >> > Notes: >> > This patch should only make it into v4.14-stable as that's the only branch where >> > the offending commit has been backported to. >> >> Greg, please queue up. > >Are you planing to queue this one ? > >Looks to me it was a miss on the backport. > >It seams that the backport was touching different files, and missed the change >on net/sched/sch_netem.c. So, to me, even if this patch may not follow the >strictly the rules of stable, as it is not a patch in upstream, seams to be a >needed change, even if it is specific to stable linux-4.14.y. I've queued this patch for 4.14. -- Thanks, Sasha
diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c index 2a2ab6bfe5d8..3d325b840802 100644 --- a/net/sched/sch_netem.c +++ b/net/sched/sch_netem.c @@ -624,6 +624,10 @@ static struct sk_buff *netem_dequeue(struct Qdisc *sch) skb->next = NULL; skb->prev = NULL; skb->tstamp = netem_skb_cb(skb)->tstamp_save; + /* skb->dev shares skb->rbnode area, + * we need to restore its value. + */ + skb->dev = qdisc_dev(sch); #ifdef CONFIG_NET_CLS_ACT /*
Upstream commit bffa72cf7f9d ("net: sk_buff rbnode reorg") got backported as commit 6b921536f170 ("net: sk_buff rbnode reorg") into the v4.14.x-tree. However, the backport does not include the changes in sch_netem.c We need these, as otherwise the skb->dev pointer is not set when dequeueing from the netem rbtree, resulting in a panic: [ 15.427748] BUG: unable to handle kernel NULL pointer dereference at 00000000000000d0 [ 15.428863] IP: netif_skb_features+0x24/0x230 [ 15.429402] PGD 0 P4D 0 [ 15.429733] Oops: 0000 [#1] SMP PTI [ 15.430169] Modules linked in: [ 15.430614] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.14.77.mptcp #77 [ 15.431497] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.5.1 01/01/2011 [ 15.432568] task: ffff88042db19680 task.stack: ffffc90000070000 [ 15.433356] RIP: 0010:netif_skb_features+0x24/0x230 [ 15.433977] RSP: 0018:ffff88043fd83e70 EFLAGS: 00010286 [ 15.434665] RAX: ffff880429ad80c0 RBX: ffff88042bd0e400 RCX: ffff880429ad8000 [ 15.435585] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff88042bd0e400 [ 15.436551] RBP: ffff88042bd0e400 R08: ffff88042a4b6c9c R09: 0000000000000001 [ 15.437485] R10: 0000000000000004 R11: 0000000000000000 R12: ffff88042c700000 [ 15.438393] R13: ffff88042c700000 R14: ffff88042a4b6c00 R15: ffff88042c6bb000 [ 15.439315] FS: 0000000000000000(0000) GS:ffff88043fd80000(0000) knlGS:0000000000000000 [ 15.440314] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 15.441084] CR2: 00000000000000d0 CR3: 000000042c374000 CR4: 00000000000006e0 [ 15.442016] Call Trace: [ 15.442333] <IRQ> [ 15.442596] validate_xmit_skb+0x17/0x270 [ 15.443134] validate_xmit_skb_list+0x38/0x60 [ 15.443698] sch_direct_xmit+0x102/0x190 [ 15.444198] __qdisc_run+0xe3/0x240 [ 15.444671] net_tx_action+0x121/0x140 [ 15.445177] __do_softirq+0xe2/0x224 [ 15.445654] irq_exit+0xbf/0xd0 [ 15.446072] smp_apic_timer_interrupt+0x5d/0x90 [ 15.446654] apic_timer_interrupt+0x7d/0x90 [ 15.447185] </IRQ> [ 15.447460] RIP: 0010:native_safe_halt+0x2/0x10 [ 15.447992] RSP: 0018:ffffc90000073f10 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff10 [ 15.449008] RAX: ffffffff816667d0 RBX: ffffffff820946b0 RCX: 0000000000000000 [ 15.449895] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 15.450768] RBP: ffffffff82026940 R08: 00000004e858e5e1 R09: ffff88042a4b6d58 [ 15.451643] R10: 0000000000000000 R11: 000000d0d56879bb R12: 0000000000000000 [ 15.452478] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 15.453340] ? __sched_text_end+0x2/0x2 [ 15.453835] default_idle+0xf/0x20 [ 15.454259] do_idle+0x170/0x200 [ 15.454653] cpu_startup_entry+0x14/0x20 [ 15.455142] secondary_startup_64+0xa5/0xb0 [ 15.455715] Code: 1f 84 00 00 00 00 00 55 53 48 89 fd 48 83 ec 08 8b 87 bc 00 00 00 48 8b 8f c0 00 00 00 0f b6 97 81 00 00 00 48 8b 77 10 48 01 c8 <48> 8b 9 [ 15.458138] RIP: netif_skb_features+0x24/0x230 RSP: ffff88043fd83e70 [ 15.458933] CR2: 00000000000000d0 [ 15.459352] ---[ end trace 083925903ae60570 ]--- Fixes: 6b921536f170 ("net: sk_buff rbnode reorg") Cc: Stephen Hemminger <stephen@networkplumber.org> Cc: Eric Dumazet <edumazet@google.com> Cc: Soheil Hassas Yeganeh <soheil@google.com> Cc: Wei Wang <weiwan@google.com> Cc: Willem de Bruijn <willemb@google.com> Signed-off-by: Christoph Paasch <cpaasch@apple.com> --- Notes: This patch should only make it into v4.14-stable as that's the only branch where the offending commit has been backported to. net/sched/sch_netem.c | 4 ++++ 1 file changed, 4 insertions(+)