From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Guillaume Nault <g.nault@alphalink.fr>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.6 25/81] l2tp: fix configuration passed to setup_udp_tunnel_sock()
Date: Wed, 22 Jun 2016 15:45:48 -0700 [thread overview]
Message-ID: <20160622223744.557236799@linuxfoundation.org> (raw)
In-Reply-To: <20160622223743.240652686@linuxfoundation.org>
4.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guillaume Nault <g.nault@alphalink.fr>
[ Upstream commit a5c5e2da8551eb69e5d5d09d51d526140b5db9fb ]
Unused fields of udp_cfg must be all zeros. Otherwise
setup_udp_tunnel_sock() fills ->gro_receive and ->gro_complete
callbacks with garbage, eventually resulting in panic when used by
udp_gro_receive().
[ 72.694123] BUG: unable to handle kernel paging request at ffff880033f87d78
[ 72.695518] IP: [<ffff880033f87d78>] 0xffff880033f87d78
[ 72.696530] PGD 26e2067 PUD 26e3067 PMD 342ed063 PTE 8000000033f87163
[ 72.696530] Oops: 0011 [#1] SMP KASAN
[ 72.696530] Modules linked in: l2tp_ppp l2tp_netlink l2tp_core ip6_udp_tunnel udp_tunnel pptp gre pppox ppp_generic slhc crc32c_intel ghash_clmulni_intel jitterentropy_rng sha256_generic hmac drbg ansi_cprng aesni_intel evdev aes_x86_64 ablk_helper cryptd lrw gf128mul glue_helper serio_raw acpi_cpufreq button proc\
essor ext4 crc16 jbd2 mbcache virtio_blk virtio_net virtio_pci virtio_ring virtio
[ 72.696530] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.7.0-rc1 #1
[ 72.696530] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
[ 72.696530] task: ffff880035b59700 ti: ffff880035b70000 task.ti: ffff880035b70000
[ 72.696530] RIP: 0010:[<ffff880033f87d78>] [<ffff880033f87d78>] 0xffff880033f87d78
[ 72.696530] RSP: 0018:ffff880035f87bc0 EFLAGS: 00010246
[ 72.696530] RAX: ffffed000698f996 RBX: ffff88003326b840 RCX: ffffffff814cc823
[ 72.696530] RDX: ffff88003326b840 RSI: ffff880033e48038 RDI: ffff880034c7c780
[ 72.696530] RBP: ffff880035f87c18 R08: 000000000000a506 R09: 0000000000000000
[ 72.696530] R10: ffff880035f87b38 R11: ffff880034b9344d R12: 00000000ebfea715
[ 72.696530] R13: 0000000000000000 R14: ffff880034c7c780 R15: 0000000000000000
[ 72.696530] FS: 0000000000000000(0000) GS:ffff880035f80000(0000) knlGS:0000000000000000
[ 72.696530] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 72.696530] CR2: ffff880033f87d78 CR3: 0000000033c98000 CR4: 00000000000406a0
[ 72.696530] Stack:
[ 72.696530] ffffffff814cc834 ffff880034b93468 0000001481416818 ffff88003326b874
[ 72.696530] ffff880034c7ccb0 ffff880033e48038 ffff88003326b840 ffff880034b93462
[ 72.696530] ffff88003326b88a ffff88003326b88c ffff880034b93468 ffff880035f87c70
[ 72.696530] Call Trace:
[ 72.696530] <IRQ>
[ 72.696530] [<ffffffff814cc834>] ? udp_gro_receive+0x1c6/0x1f9
[ 72.696530] [<ffffffff814ccb1c>] udp4_gro_receive+0x2b5/0x310
[ 72.696530] [<ffffffff814d989b>] inet_gro_receive+0x4a3/0x4cd
[ 72.696530] [<ffffffff81431b32>] dev_gro_receive+0x584/0x7a3
[ 72.696530] [<ffffffff810adf7a>] ? __lock_is_held+0x29/0x64
[ 72.696530] [<ffffffff814321f7>] napi_gro_receive+0x124/0x21d
[ 72.696530] [<ffffffffa000b145>] virtnet_receive+0x8df/0x8f6 [virtio_net]
[ 72.696530] [<ffffffffa000b27e>] virtnet_poll+0x1d/0x8d [virtio_net]
[ 72.696530] [<ffffffff81431350>] net_rx_action+0x15b/0x3b9
[ 72.696530] [<ffffffff815893d6>] __do_softirq+0x216/0x546
[ 72.696530] [<ffffffff81062392>] irq_exit+0x49/0xb6
[ 72.696530] [<ffffffff81588e9a>] do_IRQ+0xe2/0xfa
[ 72.696530] [<ffffffff81587a49>] common_interrupt+0x89/0x89
[ 72.696530] <EOI>
[ 72.696530] [<ffffffff810b05df>] ? trace_hardirqs_on_caller+0x229/0x270
[ 72.696530] [<ffffffff8102b3c7>] ? default_idle+0x1c/0x2d
[ 72.696530] [<ffffffff8102b3c5>] ? default_idle+0x1a/0x2d
[ 72.696530] [<ffffffff8102bb8c>] arch_cpu_idle+0xa/0xc
[ 72.696530] [<ffffffff810a6c39>] default_idle_call+0x1a/0x1c
[ 72.696530] [<ffffffff810a6d96>] cpu_startup_entry+0x15b/0x20f
[ 72.696530] [<ffffffff81039a81>] start_secondary+0x12c/0x133
[ 72.696530] Code: ff ff ff ff ff ff ff ff ff ff 7f ff ff ff ff ff ff ff 7f 00 7e f8 33 00 88 ff ff 6d 61 58 81 ff ff ff ff 5e de 0a 81 ff ff ff ff <00> 5c e2 34 00 88 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00
[ 72.696530] RIP [<ffff880033f87d78>] 0xffff880033f87d78
[ 72.696530] RSP <ffff880035f87bc0>
[ 72.696530] CR2: ffff880033f87d78
[ 72.696530] ---[ end trace ad7758b9a1dccf99 ]---
[ 72.696530] Kernel panic - not syncing: Fatal exception in interrupt
[ 72.696530] Kernel Offset: disabled
[ 72.696530] ---[ end Kernel panic - not syncing: Fatal exception in interrupt
v2: use empty initialiser instead of "{ NULL }" to avoid relying on
first field's type.
Fixes: 38fd2af24fcf ("udp: Add socket based GRO and config")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/l2tp/l2tp_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/l2tp/l2tp_core.c
+++ b/net/l2tp/l2tp_core.c
@@ -1581,7 +1581,7 @@ int l2tp_tunnel_create(struct net *net,
/* Mark socket as an encapsulation socket. See net/ipv4/udp.c */
tunnel->encap = encap;
if (encap == L2TP_ENCAPTYPE_UDP) {
- struct udp_tunnel_sock_cfg udp_cfg;
+ struct udp_tunnel_sock_cfg udp_cfg = { };
udp_cfg.sk_user_data = tunnel;
udp_cfg.encap_type = UDP_ENCAP_L2TPINUDP;
next prev parent reply other threads:[~2016-06-22 23:03 UTC|newest]
Thread overview: 86+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-06-22 22:45 [PATCH 4.6 00/81] 4.6.3-stable review Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 01/81] scsi_lib: correctly retry failed zero length REQ_TYPE_FS commands Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 02/81] scsi: Add QEMU CD-ROM to VPD Inquiry Blacklist Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 03/81] tipc: check nl sock before parsing nested attributes Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 04/81] netlink: Fix dump skb leak/double free Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 05/81] tipc: fix nametable publication field in nl compat Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 06/81] switchdev: pass pointer to fib_info instead of copy Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 07/81] macsec: fix netlink attribute for key id Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 08/81] tuntap: correctly wake up process during uninit Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 09/81] bpf: Use mount_nodev not mount_ns to mount the bpf filesystem Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 10/81] udp: prevent skbs lingering in tunnel socket queues Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 11/81] uapi glibc compat: fix compilation when !__USE_MISC in glibc Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 12/81] ipv4: Fix non-initialized TTL when CONFIG_SYSCTL=n Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 13/81] bpf, inode: disallow userns mounts Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 14/81] net: mvneta: Fix lacking spinlock initialization Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 15/81] net: hwbm: Fix unbalanced spinlock in error case Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 16/81] sfc: on MC reset, clear PIO buffer linkage in TXQs Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 17/81] team: dont call netdev_change_features under team->lock Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 18/81] net: alx: use custom skb allocator Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 19/81] net: stmmac: Fix incorrect memcpy source memory Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 20/81] vxlan: Accept user specified MTU value when create new vxlan link Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 21/81] net: nps_enet: Disable interrupts before napi reschedule Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 22/81] bpf, trace: use READ_ONCE for retrieving file ptr Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 23/81] tcp: record TLP and ER timer stats in v6 stats Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 24/81] bridge: Dont insert unnecessary local fdb entry on changing mac address Greg Kroah-Hartman
2016-06-22 22:45 ` Greg Kroah-Hartman [this message]
2016-06-22 22:45 ` [PATCH 4.6 26/81] ipv6: Skip XFRM lookup if dst_entry in socket cache is valid Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 27/81] KVM: arm/arm64: vgic-v2: Clear all dirty LRs Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 28/81] KVM: arm/arm64: vgic-v3: " Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 31/81] drivers/perf: arm_pmu: Defer the setting of __oprofile_cpu_pmu Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 32/81] ALSA: hda - Add PCI ID for Kabylake Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 33/81] ALSA: hda - Fix headset mic detection problem for Dell machine Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 34/81] ALSA: hda/realtek - ALC256 speaker noise issue Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 35/81] ALSA: hda/realtek - Add support for new codecs ALC700/ALC701/ALC703 Greg Kroah-Hartman
2016-06-22 22:45 ` [PATCH 4.6 36/81] ALSA: hda/realtek: Add T560 docking unit fixup Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 37/81] ARM: fix PTRACE_SETVFPREGS on SMP systems Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 39/81] gpio: bcm-kona: fix bcm_kona_gpio_reset() warnings Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 40/81] gpiolib: Fix NULL pointer deference Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 41/81] gpiolib: Fix unaligned used of reference counters Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 42/81] s390/bpf: fix recache skb->data/hlen for skb_vlan_push/pop Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 43/81] s390/bpf: reduce maximum program size to 64 KB Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 44/81] irqchip/gic-v3: Fix ICC_SGI1R_EL1.INTID decoding mask Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 45/81] crypto: public_key: select CRYPTO_AKCIPHER Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 46/81] crypto: ccp - Fix AES XTS error for request sizes above 4096 Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 47/81] arm64: Provide "model name" in /proc/cpuinfo for PER_LINUX32 tasks Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 48/81] arm64: mm: always take dirty state from new pte in ptep_set_access_flags Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 49/81] powerpc/pseries/eeh: Handle RTAS delay requests in configure_bridge Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 50/81] powerpc: Fix definition of SIAR and SDAR registers Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 51/81] powerpc: Use privileged SPR number for MMCR2 Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 52/81] powerpc/pseries: Add POWER8NVL support to ibm,client-architecture-support call Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 53/81] powerpc/mm/hash: Fix the reference bit update when handling hash fault Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 54/81] pinctrl: mediatek: fix dual-edge code defect Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 55/81] parisc: Fix pagefault crash in unaligned __get_user() call Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 56/81] memcg: add RCU locking around css_for_each_descendant_pre() in memcg_offline_kmem() Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 57/81] ecryptfs: forbid opening files without mmap handler Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 58/81] wext: Fix 32 bit iwpriv compatibility issue with 64 bit Kernel Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 59/81] mm: thp: broken page count after commit aa88b68c3b1d Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 60/81] x86/entry/traps: Dont force in_interrupt() to return true in IST handlers Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 61/81] proc: prevent stacking filesystems on top Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 62/81] sched: panic on corrupted stack end Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 63/81] fix d_walk()/non-delayed __d_free() race Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 64/81] sparc64: Reduce TLB flushes during hugepte changes Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 65/81] sparc64: Take ctx_alloc_lock properly in hugetlb_setup() Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 66/81] sparc: Harden signal return frame checks Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 67/81] sparc64: Fix return from trap window fill crashes Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 68/81] gpio: zynq: Fix the error path Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 69/81] gpio: zynq: initialize clock even without CONFIG_PM Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 70/81] drm/core: Do not preserve framebuffer on rmfb, v4 Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 71/81] netfilter: x_tables: dont move to non-existent next rule Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 72/81] netfilter: x_tables: validate targets of jumps Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 73/81] netfilter: x_tables: add and use xt_check_entry_offsets Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 74/81] netfilter: x_tables: kill check_entry helper Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 75/81] netfilter: x_tables: assert minimum target size Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 76/81] netfilter: x_tables: add compat version of xt_check_entry_offsets Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 77/81] netfilter: x_tables: check standard target size too Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 78/81] netfilter: x_tables: check for bogus target offset Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 79/81] netfilter: x_tables: validate all offsets and sizes in a rule Greg Kroah-Hartman
2016-06-22 22:46 ` [PATCH 4.6 80/81] netfilter: x_tables: dont reject valid target size on some architectures Greg Kroah-Hartman
2016-06-23 4:52 ` [PATCH 4.6 00/87] 4.6.3-stable review -rc2 Greg Kroah-Hartman
2016-06-23 19:45 ` Guenter Roeck
2016-06-24 17:15 ` Greg Kroah-Hartman
2016-06-23 21:53 ` Shuah Khan
2016-06-24 17:14 ` Greg Kroah-Hartman
[not found] ` <20160622223745.208652702@linuxfoundation.org>
2016-06-23 7:21 ` [PATCH 4.6 38/81] gpio: bail out silently on NULL descriptors Linus Walleij
2016-06-23 9:16 ` Hans de Goede
2016-06-24 2:50 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160622223744.557236799@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=g.nault@alphalink.fr \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox