Re: [PATCH v3] tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset()

linux-trace-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Yunseong Kim <yskelg@gmail.com>
To: Pedro Tammela <pctammela@mojatatu.com>
Cc: netdev@vger.kernel.org, stable@vger.kernel.org,
	"Jakub Kicinski" <kuba@kernel.org>,
	"Steven Rostedt" <rostedt@goodmis.org>,
	"Masami Hiramatsu" <mhiramat@kernel.org>,
	"Mathieu Desnoyers" <mathieu.desnoyers@efficios.com>,
	"Takashi Iwai" <tiwai@suse.de>,
	"David S. Miller" <davem@davemloft.net>,
	"Thomas Hellström" <thomas.hellstrom@linux.intel.com>,
	"Rafael J. Wysocki" <rafael@kernel.org>,
	"Jamal Hadi Salim" <jhs@mojatatu.com>,
	"Cong Wang" <xiyou.wangcong@gmail.com>,
	"Jiri Pirko" <jiri@resnulli.us>,
	"Eric Dumazet" <edumazet@google.com>,
	"Paolo Abeni" <pabeni@redhat.com>,
	"Taehee Yoo" <ap420073@gmail.com>,
	"Austin Kim" <austindh.kim@gmail.com>,
	shjy180909@gmail.com, linux-kernel@vger.kernel.org,
	linux-trace-kernel@vger.kernel.org, ppbuk5246@gmail.com,
	"Yeoreum Yun" <yeoreum.yun@arm.com>
Subject: Re: [PATCH v3] tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset()
Date: Tue, 25 Jun 2024 01:10:14 +0900	[thread overview]
Message-ID: <2a28004a-161f-4cde-9d1c-7b779333e666@gmail.com> (raw)
In-Reply-To: <06d0ea61-47ee-4e54-9dfa-a711c5bc07d0@mojatatu.com>

Hi Pedro,

On 6/25/24 12:55 오전, Pedro Tammela wrote:
> On 24/06/2024 12:43, Yunseong Kim wrote:
>> Hi Pedro,
>>
>> On 6/25/24 12:12 오전, Pedro Tammela wrote:
>>> On 22/06/2024 01:57, yskelg@gmail.com wrote:
>>>> From: Yunseong Kim <yskelg@gmail.com>
>>>>
>>>> In the TRACE_EVENT(qdisc_reset) NULL dereference occurred from
>>>>
>>>>    qdisc->dev_queue->dev <NULL> ->name
>>>>
>>>> [ 5301.595872] KASAN: null-ptr-deref in range
>>>> [0x0000000000000130-0x0000000000000137]
>>>> [ 5301.595877] Mem abort info:
>>>> [ 5301.595881]   ESR = 0x0000000096000006
>>>> [ 5301.595885]   EC = 0x25: DABT (current EL), IL = 32 bits
>>>> [ 5301.595889]   SET = 0, FnV = 0
>>>> [ 5301.595893]   EA = 0, S1PTW = 0
>>>> [ 5301.595896]   FSC = 0x06: level 2 translation fault
>>>> [ 5301.595900] Data abort info:
>>>> [ 5301.595903]   ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000
>>>> [ 5301.595907]   CM = 0, WnR = 0, TnD = 0, TagAccess = 0
>>>> [ 5301.595911]   GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
>>>> [ 5301.595915] [dfff800000000026] address between user and kernel
>>>> address ranges
>>>> [ 5301.595971] Internal error: Oops: 0000000096000006 [#1] SMP
>>>> Link:
>>>> https://lore.kernel.org/lkml/20240229143432.273b4871@gandalf.local.home/t/
>>>> Fixes: 51270d573a8d ("tracing/net_sched: Fix tracepoints that save
>>>> qdisc_dev() as a string")
>>>> Cc: netdev@vger.kernel.org
>>>> Cc: stable@vger.kernel.org # +v6.7.10, +v6.8
>>>> Signed-off-by: Yunseong Kim <yskelg@gmail.com>
>>>> Signed-off-by: Yeoreum Yun <yeoreum.yun@arm.com>
>>>> ---
>>>>    include/trace/events/qdisc.h | 2 +-
>>>>    1 file changed, 1 insertion(+), 1 deletion(-)
>>>>
>>>> diff --git a/include/trace/events/qdisc.h
>>>> b/include/trace/events/qdisc.h
>>>> index f1b5e816e7e5..170b51fbe47a 100644
>>>> --- a/include/trace/events/qdisc.h
>>>> +++ b/include/trace/events/qdisc.h
>>>> @@ -81,7 +81,7 @@ TRACE_EVENT(qdisc_reset,
>>>>        TP_ARGS(q),
>>>>          TP_STRUCT__entry(
>>>> -        __string(    dev,        qdisc_dev(q)->name    )
>>>> +        __string(dev, qdisc_dev(q) ? qdisc_dev(q)->name :
>>>> "noop_queue")
>>>>            __string(    kind,        q->ops->id        )
>>>>            __field(    u32,        parent            )
>>>>            __field(    u32,        handle            )
>>>
>>> You missed the __assign_str portion (see below). Also let's just say
>>> "(null)" as it's the correct device name. "noop_queue" could be
>>> misleading.
>>
>> Thanks for the code review Pedro, I agree your advice.
>>
>>> diff --git a/include/trace/events/qdisc.h b/include/trace/events/qdisc.h
>>> index 1f4258308b96..f54e0b4dbcf4 100644
>>> --- a/include/trace/events/qdisc.h
>>> +++ b/include/trace/events/qdisc.h
>>> @@ -81,14 +81,14 @@ TRACE_EVENT(qdisc_reset,
>>>          TP_ARGS(q),
>>>
>>>          TP_STRUCT__entry(
>>> -               __string(       dev,           
>>> qdisc_dev(q)->name      )
>>> +               __string(       dev,            qdisc_dev(q) ?
>>> qdisc_dev(q)->name : "(null)"    )
>>>                  __string(       kind,          
>>> q->ops->id              )
>>>                  __field(        u32,           
>>> parent                  )
>>>                  __field(        u32,           
>>> handle                  )
>>>          ),
>>
>> It looks better to align the name with the current convention.
>>
>> Link:
>> https://lore.kernel.org/linux-trace-kernel/20240222211442.634192653@goodmis.org/
>>
>>>          TP_fast_assign(
>>> -               __assign_str(dev, qdisc_dev(q)->name);
>>> +               __assign_str(dev, qdisc_dev(q) ? qdisc_dev(q)->name :
>>> "(null)");
>>>                  __assign_str(kind, q->ops->id);
>>>                  __entry->parent = q->parent;
>>>                  __entry->handle = q->handle;
>>>
>>>
>>
>> The second part you mentioned, Steve recently worked on it and changed
>> it.
>>
>> Link:
>> https://lore.kernel.org/linux-trace-kernel/20240516133454.681ba6a0@rorschach.local.home/
> 
> Oh!

Thanks for the double check, Pedro.

>> If it hadn't, I don't think I would have been able to prevent the panic
>> by just applying my patch.
> 
> But you must be careful with the backports.
> 
> In any case, perhaps send another patch to net-next updating the new
> conventions there and use the 'old convention' for the bug fix?

Right, I agree, I'll send a patch for the next version.

Warm regards,
Yunseong Kim

     prev parent reply	other threads:[~2024-06-24 16:10 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-06-22  4:57 [PATCH v3] tracing/net_sched: NULL pointer dereference in perf_trace_qdisc_reset() yskelg
2024-06-22  5:50 ` Taehee Yoo
2024-06-22  6:12   ` Yunseong Kim
2024-06-22 12:01     ` Yunseong Kim
2024-06-24 15:12 ` Pedro Tammela
2024-06-24 15:43   ` Yunseong Kim
2024-06-24 15:55     ` Pedro Tammela
2024-06-24 16:10       ` Yunseong Kim [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=2a28004a-161f-4cde-9d1c-7b779333e666@gmail.com \
    --to=yskelg@gmail.com \
    --cc=ap420073@gmail.com \
    --cc=austindh.kim@gmail.com \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=jhs@mojatatu.com \
    --cc=jiri@resnulli.us \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-trace-kernel@vger.kernel.org \
    --cc=mathieu.desnoyers@efficios.com \
    --cc=mhiramat@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=pabeni@redhat.com \
    --cc=pctammela@mojatatu.com \
    --cc=ppbuk5246@gmail.com \
    --cc=rafael@kernel.org \
    --cc=rostedt@goodmis.org \
    --cc=shjy180909@gmail.com \
    --cc=stable@vger.kernel.org \
    --cc=thomas.hellstrom@linux.intel.com \
    --cc=tiwai@suse.de \
    --cc=xiyou.wangcong@gmail.com \
    --cc=yeoreum.yun@arm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).