From: "Srivatsa S. Bhat" <srivatsa.bhat@linux.vnet.ibm.com>
To: Neil Horman <nhorman@tuxdriver.com>
Cc: Gao feng <gaofeng@cn.fujitsu.com>,
eric.dumazet@gmail.com, davem@davemloft.net,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
mark.d.rustad@intel.com, john.r.fastabend@intel.com,
lizefan@huawei.com
Subject: Re: [PATCH] net, cgroup: Fix boot failure due to iteration of uninitialized list
Date: Mon, 10 Sep 2012 14:59:18 +0530 [thread overview]
Message-ID: <504DB2EE.2030700@linux.vnet.ibm.com> (raw)
In-Reply-To: <20120723114057.GA16518@hmsreliant.think-freely.org>
On 07/23/2012 05:10 PM, Neil Horman wrote:
> On Mon, Jul 23, 2012 at 09:15:05AM +0800, Gao feng wrote:
>> 于 2012年07月20日 00:27, Srivatsa S. Bhat 写道:
>>> After commit ef209f15 (net: cgroup: fix access the unallocated memory in
>>> netprio cgroup), boot fails with the following NULL pointer dereference:
>>>
[...]
>>> Call Trace:
>>> [<ffffffff81b1cb78>] cgroup_init_subsys+0x83/0x169
>>> [<ffffffff81b1ce13>] cgroup_init+0x36/0x119
>>> [<ffffffff81affef7>] start_kernel+0x3ba/0x3ef
>>> [<ffffffff81aff95b>] ? kernel_init+0x27b/0x27b
>>> [<ffffffff81aff356>] x86_64_start_reservations+0x131/0x136
>>> [<ffffffff81aff45e>] x86_64_start_kernel+0x103/0x112
>>> RIP [<ffffffff8145e8d6>] cgrp_create+0xf6/0x190
>>> RSP <ffffffff81a01ea8>
>>> CR2: 0000000000000698
>>> ---[ end trace a7919e7f17c0a725 ]---
>>> Kernel panic - not syncing: Attempted to kill the idle task!
>>>
>>> The code corresponds to:
>>>
>>> update_netdev_tables():
>>> for_each_netdev(&init_net, dev) {
>>> map = rtnl_dereference(dev->priomap); <---- HERE
>>>
>>>
>>> The list head is initialized in netdev_init(), which is called much
>>> later than cgrp_create(). So the problem is that we are calling
>>> update_netdev_tables() way too early (in cgrp_create()), which will
>>> end up traversing the not-yet-circular linked list. So at some point,
>>> the dev pointer will become NULL and hence dev->priomap becomes an
>>> invalid access.
>>>
>>> To fix this, just remove the update_netdev_tables() function entirely,
>>> since it appears that write_update_netdev_table() will handle things
>>> just fine.
>>
>> The reason I add update_netdev_tables in cgrp_create is to avoid additional
>> bound checkings when we accessing the dev->priomap.priomap.
>>
>> Eric,can we revert this commit 91c68ce2b26319248a32d7baa1226f819d283758 now?
>> I think it's safe enough to access priomap without bound check.
>>
>
> I think its probably safe, yes, but lets leave it there for just a bit. Its not
> hurting anything, and I'd like to look into getting Srivatsa' patch in first.
Hi Neil,
Did you get around to look into this again?
Regards,
Srivatsa S. Bhat
next prev parent reply other threads:[~2012-09-10 9:29 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-19 16:27 [PATCH] net, cgroup: Fix boot failure due to iteration of uninitialized list Srivatsa S. Bhat
2012-07-19 16:44 ` Neil Horman
2012-07-20 10:04 ` Srivatsa S. Bhat
2012-07-20 11:00 ` Neil Horman
2012-07-20 11:18 ` Srivatsa S. Bhat
2012-07-23 1:15 ` Gao feng
2012-07-23 11:40 ` Neil Horman
2012-09-10 9:29 ` Srivatsa S. Bhat [this message]
2012-09-10 13:16 ` Neil Horman
2012-09-11 11:21 ` Srivatsa S. Bhat
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=504DB2EE.2030700@linux.vnet.ibm.com \
--to=srivatsa.bhat@linux.vnet.ibm.com \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=gaofeng@cn.fujitsu.com \
--cc=john.r.fastabend@intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lizefan@huawei.com \
--cc=mark.d.rustad@intel.com \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).