* [net-next, PATCH 1/2, v1] net: socionext: different approach on DMA
From: Ilias Apalodimas @ 2018-09-10 8:24 UTC (permalink / raw)
To: netdev, jaswinder.singh
Cc: ard.biesheuvel, masami.hiramatsu, arnd, mykyta.iziumtsev,
bjorn.topel, magnus.karlsson, Ilias Apalodimas
In-Reply-To: <1536567880-15097-1-git-send-email-ilias.apalodimas@linaro.org>
Current driver dynamically allocates an skb and maps it as DMA rx buffer.
A following patch introduces AF_XDP functionality, so we need a
different allocation scheme. Buffers are allocated dynamically and
mapped into hardware. During the Rx operation the driver uses
build_skb() to produce the necessary buffers for the network stack
Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
---
drivers/net/ethernet/socionext/netsec.c | 239 +++++++++++++++++---------------
1 file changed, 130 insertions(+), 109 deletions(-)
diff --git a/drivers/net/ethernet/socionext/netsec.c b/drivers/net/ethernet/socionext/netsec.c
index 7aa5ebb..666fee2 100644
--- a/drivers/net/ethernet/socionext/netsec.c
+++ b/drivers/net/ethernet/socionext/netsec.c
@@ -296,6 +296,11 @@ struct netsec_rx_pkt_info {
bool err_flag;
};
+static void netsec_rx_fill(struct netsec_priv *priv, u16 from, u16 num);
+
+static void *netsec_alloc_rx_data(struct netsec_priv *priv,
+ dma_addr_t *dma_addr, u16 *len);
+
static void netsec_write(struct netsec_priv *priv, u32 reg_addr, u32 val)
{
writel(val, priv->ioaddr + reg_addr);
@@ -556,34 +561,10 @@ static const struct ethtool_ops netsec_ethtool_ops = {
/************* NETDEV_OPS FOLLOW *************/
-static struct sk_buff *netsec_alloc_skb(struct netsec_priv *priv,
- struct netsec_desc *desc)
-{
- struct sk_buff *skb;
-
- if (device_get_dma_attr(priv->dev) == DEV_DMA_COHERENT) {
- skb = netdev_alloc_skb_ip_align(priv->ndev, desc->len);
- } else {
- desc->len = L1_CACHE_ALIGN(desc->len);
- skb = netdev_alloc_skb(priv->ndev, desc->len);
- }
- if (!skb)
- return NULL;
-
- desc->addr = skb->data;
- desc->dma_addr = dma_map_single(priv->dev, desc->addr, desc->len,
- DMA_FROM_DEVICE);
- if (dma_mapping_error(priv->dev, desc->dma_addr)) {
- dev_kfree_skb_any(skb);
- return NULL;
- }
- return skb;
-}
static void netsec_set_rx_de(struct netsec_priv *priv,
struct netsec_desc_ring *dring, u16 idx,
- const struct netsec_desc *desc,
- struct sk_buff *skb)
+ const struct netsec_desc *desc)
{
struct netsec_de *de = dring->vaddr + DESC_SZ * idx;
u32 attr = (1 << NETSEC_RX_PKT_OWN_FIELD) |
@@ -602,59 +583,6 @@ static void netsec_set_rx_de(struct netsec_priv *priv,
dring->desc[idx].dma_addr = desc->dma_addr;
dring->desc[idx].addr = desc->addr;
dring->desc[idx].len = desc->len;
- dring->desc[idx].skb = skb;
-}
-
-static struct sk_buff *netsec_get_rx_de(struct netsec_priv *priv,
- struct netsec_desc_ring *dring,
- u16 idx,
- struct netsec_rx_pkt_info *rxpi,
- struct netsec_desc *desc, u16 *len)
-{
- struct netsec_de de = {};
-
- memcpy(&de, dring->vaddr + DESC_SZ * idx, DESC_SZ);
-
- *len = de.buf_len_info >> 16;
-
- rxpi->err_flag = (de.attr >> NETSEC_RX_PKT_ER_FIELD) & 1;
- rxpi->rx_cksum_result = (de.attr >> NETSEC_RX_PKT_CO_FIELD) & 3;
- rxpi->err_code = (de.attr >> NETSEC_RX_PKT_ERR_FIELD) &
- NETSEC_RX_PKT_ERR_MASK;
- *desc = dring->desc[idx];
- return desc->skb;
-}
-
-static struct sk_buff *netsec_get_rx_pkt_data(struct netsec_priv *priv,
- struct netsec_rx_pkt_info *rxpi,
- struct netsec_desc *desc,
- u16 *len)
-{
- struct netsec_desc_ring *dring = &priv->desc_ring[NETSEC_RING_RX];
- struct sk_buff *tmp_skb, *skb = NULL;
- struct netsec_desc td;
- int tail;
-
- *rxpi = (struct netsec_rx_pkt_info){};
-
- td.len = priv->ndev->mtu + 22;
-
- tmp_skb = netsec_alloc_skb(priv, &td);
-
- tail = dring->tail;
-
- if (!tmp_skb) {
- netsec_set_rx_de(priv, dring, tail, &dring->desc[tail],
- dring->desc[tail].skb);
- } else {
- skb = netsec_get_rx_de(priv, dring, tail, rxpi, desc, len);
- netsec_set_rx_de(priv, dring, tail, &td, tmp_skb);
- }
-
- /* move tail ahead */
- dring->tail = (dring->tail + 1) % DESC_NUM;
-
- return skb;
}
static int netsec_clean_tx_dring(struct netsec_priv *priv, int budget)
@@ -721,19 +649,29 @@ static int netsec_process_tx(struct netsec_priv *priv, int budget)
return done;
}
+static void nsetsec_adv_desc(u16 *idx)
+{
+ *idx = *idx + 1;
+ if (unlikely(*idx >= DESC_NUM))
+ *idx = 0;
+}
+
static int netsec_process_rx(struct netsec_priv *priv, int budget)
{
struct netsec_desc_ring *dring = &priv->desc_ring[NETSEC_RING_RX];
struct net_device *ndev = priv->ndev;
- struct netsec_rx_pkt_info rx_info;
- int done = 0;
- struct netsec_desc desc;
struct sk_buff *skb;
- u16 len;
+ int done = 0;
while (done < budget) {
u16 idx = dring->tail;
struct netsec_de *de = dring->vaddr + (DESC_SZ * idx);
+ struct netsec_desc *desc = &dring->desc[idx];
+ struct netsec_rx_pkt_info rpi;
+ dma_addr_t dma_handle;
+ void *buf_addr;
+ u16 pkt_len;
+ u16 desc_len;
if (de->attr & (1U << NETSEC_RX_PKT_OWN_FIELD))
break;
@@ -744,28 +682,62 @@ static int netsec_process_rx(struct netsec_priv *priv, int budget)
*/
dma_rmb();
done++;
- skb = netsec_get_rx_pkt_data(priv, &rx_info, &desc, &len);
- if (unlikely(!skb) || rx_info.err_flag) {
+
+ pkt_len = de->buf_len_info >> 16;
+ rpi.err_code = (de->attr >> NETSEC_RX_PKT_ERR_FIELD) &
+ NETSEC_RX_PKT_ERR_MASK;
+ rpi.err_flag = (de->attr >> NETSEC_RX_PKT_ER_FIELD) & 1;
+ if (rpi.err_flag) {
netif_err(priv, drv, priv->ndev,
- "%s: rx fail err(%d)\n",
- __func__, rx_info.err_code);
+ "%s: rx fail err(%d)\n", __func__,
+ rpi.err_code);
ndev->stats.rx_dropped++;
+ nsetsec_adv_desc(&dring->tail);
+ /* reuse buffer page frag */
+ netsec_rx_fill(priv, idx, 1);
continue;
}
+ rpi.rx_cksum_result = (de->attr >> NETSEC_RX_PKT_CO_FIELD) & 3;
- dma_unmap_single(priv->dev, desc.dma_addr, desc.len,
- DMA_FROM_DEVICE);
- skb_put(skb, len);
+ dma_sync_single_for_cpu(priv->dev, desc->dma_addr, pkt_len,
+ DMA_FROM_DEVICE);
+
+ prefetch(desc->addr);
+ buf_addr = netsec_alloc_rx_data(priv, &dma_handle, &desc_len);
+ if (unlikely(!buf_addr))
+ break;
+
+ skb = build_skb(desc->addr, desc->len);
+ if (unlikely(!skb)) {
+ dma_unmap_single(priv->dev, dma_handle, desc_len,
+ DMA_TO_DEVICE);
+ skb_free_frag(buf_addr);
+ netif_err(priv, drv, priv->ndev,
+ "rx failed to alloc skb\n");
+ break;
+ }
+ dma_unmap_single_attrs(priv->dev, desc->dma_addr, desc->len,
+ DMA_TO_DEVICE, DMA_ATTR_SKIP_CPU_SYNC);
+
+ /* Update the descriptor with fresh buffers */
+ desc->len = desc_len;
+ desc->dma_addr = dma_handle;
+ desc->addr = buf_addr;
+
+ skb_put(skb, pkt_len);
skb->protocol = eth_type_trans(skb, priv->ndev);
if (priv->rx_cksum_offload_flag &&
- rx_info.rx_cksum_result == NETSEC_RX_CKSUM_OK)
+ rpi.rx_cksum_result == NETSEC_RX_CKSUM_OK)
skb->ip_summed = CHECKSUM_UNNECESSARY;
if (napi_gro_receive(&priv->napi, skb) != GRO_DROP) {
ndev->stats.rx_packets++;
- ndev->stats.rx_bytes += len;
+ ndev->stats.rx_bytes += pkt_len;
}
+
+ netsec_rx_fill(priv, idx, 1);
+ nsetsec_adv_desc(&dring->tail);
}
return done;
@@ -928,7 +900,10 @@ static void netsec_uninit_pkt_dring(struct netsec_priv *priv, int id)
dma_unmap_single(priv->dev, desc->dma_addr, desc->len,
id == NETSEC_RING_RX ? DMA_FROM_DEVICE :
DMA_TO_DEVICE);
- dev_kfree_skb(desc->skb);
+ if (id == NETSEC_RING_RX)
+ skb_free_frag(desc->addr);
+ else if (id == NETSEC_RING_TX)
+ dev_kfree_skb(desc->skb);
}
memset(dring->desc, 0, sizeof(struct netsec_desc) * DESC_NUM);
@@ -953,50 +928,96 @@ static void netsec_free_dring(struct netsec_priv *priv, int id)
dring->desc = NULL;
}
+static void *netsec_alloc_rx_data(struct netsec_priv *priv,
+ dma_addr_t *dma_handle, u16 *desc_len)
+{
+ size_t len = priv->ndev->mtu + ETH_HLEN + VLAN_HLEN * 2 + NET_SKB_PAD +
+ NET_IP_ALIGN;
+ dma_addr_t mapping;
+ void *buf;
+
+ len = SKB_DATA_ALIGN(len);
+ len += SKB_DATA_ALIGN(sizeof(struct skb_shared_info));
+
+ buf = napi_alloc_frag(len);
+ if (!buf)
+ return NULL;
+
+ mapping = dma_map_single(priv->dev, buf, len, DMA_FROM_DEVICE);
+ if (unlikely(dma_mapping_error(priv->dev, mapping)))
+ goto err_out;
+
+ *dma_handle = mapping;
+ *desc_len = len;
+
+ return buf;
+
+err_out:
+ skb_free_frag(buf);
+ return NULL;
+}
+
+static void netsec_rx_fill(struct netsec_priv *priv, u16 from, u16 num)
+{
+ struct netsec_desc_ring *dring = &priv->desc_ring[NETSEC_RING_RX];
+ u16 idx = from;
+
+ while (num) {
+ netsec_set_rx_de(priv, dring, idx, &dring->desc[idx]);
+ idx++;
+ if (idx >= DESC_NUM)
+ idx = 0;
+ num--;
+ }
+}
+
static int netsec_alloc_dring(struct netsec_priv *priv, enum ring_id id)
{
struct netsec_desc_ring *dring = &priv->desc_ring[id];
- int ret = 0;
dring->vaddr = dma_zalloc_coherent(priv->dev, DESC_SZ * DESC_NUM,
&dring->desc_dma, GFP_KERNEL);
- if (!dring->vaddr) {
- ret = -ENOMEM;
+ if (!dring->vaddr)
goto err;
- }
dring->desc = kcalloc(DESC_NUM, sizeof(*dring->desc), GFP_KERNEL);
- if (!dring->desc) {
- ret = -ENOMEM;
+ if (!dring->desc)
goto err;
- }
return 0;
err:
netsec_free_dring(priv, id);
- return ret;
+ return -ENOMEM;
}
static int netsec_setup_rx_dring(struct netsec_priv *priv)
{
struct netsec_desc_ring *dring = &priv->desc_ring[NETSEC_RING_RX];
- struct netsec_desc desc;
- struct sk_buff *skb;
- int n;
+ int i;
- desc.len = priv->ndev->mtu + 22;
+ for (i = 0; i < DESC_NUM; i++) {
+ struct netsec_desc *desc = &dring->desc[i];
+ dma_addr_t dma_handle;
+ void *buf;
+ u16 len;
- for (n = 0; n < DESC_NUM; n++) {
- skb = netsec_alloc_skb(priv, &desc);
- if (!skb) {
+ buf = netsec_alloc_rx_data(priv, &dma_handle, &len);
+ if (!buf) {
netsec_uninit_pkt_dring(priv, NETSEC_RING_RX);
- return -ENOMEM;
+ goto err_out;
}
- netsec_set_rx_de(priv, dring, n, &desc, skb);
+ desc->dma_addr = dma_handle;
+ desc->addr = buf;
+ desc->len = len;
}
+ netsec_rx_fill(priv, 0, DESC_NUM);
+
return 0;
+
+err_out:
+ return -ENOMEM;
}
static int netsec_netdev_load_ucode_region(struct netsec_priv *priv, u32 reg,
--
2.7.4
^ permalink raw reply related
* [net-next, PATCH 0/2, v1] net: socionext: add AF_XDP support
From: Ilias Apalodimas @ 2018-09-10 8:24 UTC (permalink / raw)
To: netdev, jaswinder.singh
Cc: ard.biesheuvel, masami.hiramatsu, arnd, mykyta.iziumtsev,
bjorn.topel, magnus.karlsson, Ilias Apalodimas
This patch series adds AF_XDP support socionext netsec driver
- patch [1/2]: Use a different allocation scheme for Rx DMA buffers to prepare
the driver for AF_XDP support
- patch [2/2]: Add AF_XDP support without zero-copy
Ilias Apalodimas (2):
net: socionext: different approach on DMA
net: socionext: add AF_XDP support
drivers/net/ethernet/socionext/netsec.c | 444 +++++++++++++++++++++++---------
1 file changed, 329 insertions(+), 115 deletions(-)
--
2.7.4
^ permalink raw reply
* Re: kernels > v4.12 oops/crash with ipsec-traffic: bisected to b838d5e1c5b6e57b10ec8af2268824041e3ea911: ipv4: mark DST_NOGC and remove the operation of dst_free()
From: Kristian Evensen @ 2018-09-10 8:18 UTC (permalink / raw)
To: Steffen Klassert
Cc: linux, Network Development, weiwan, Tobias Hommel, edumazet
In-Reply-To: <20180910063739.GX23674@gauss3.secunet.de>
Hi,
Thanks everyone for all the effort in debugging this issue.
On Mon, Sep 10, 2018 at 8:39 AM Steffen Klassert
<steffen.klassert@secunet.com> wrote:
> The easy fix that could be backported to stable would be
> to check skb->dst for NULL and drop the packet in that case.
Thought I should just chime in and say that we deployed this
work-around when we started observing the error back in June. Since
then we have not seen any crashes. Also, we have instrumented some of
our kernels to count the number of times the error is hit (overall +
consecutive). Compared to the overall number of packets, the error
happens very rarely. With our workloads, we on average see the error
once every couple of days.
BR,
Kristian
^ permalink raw reply
* Re: [PATCH net-next] tcp: rate limit synflood warnings further
From: Eric Dumazet @ 2018-09-10 7:52 UTC (permalink / raw)
To: Willem de Bruijn, netdev; +Cc: davem, eric.dumazet, Willem de Bruijn
In-Reply-To: <20180909231212.212470-1-willemdebruijn.kernel@gmail.com>
On 09/09/2018 04:12 PM, Willem de Bruijn wrote:
> From: Willem de Bruijn <willemb@google.com>
>
> Convert pr_info to net_info_ratelimited to limit the total number of
> synflood warnings.
>
> Commit 946cedccbd73 ("tcp: Change possible SYN flooding messages")
> rate limits synflood warnings to one per listener.
>
> Workloads that open many listener sockets can still see a high rate of
> log messages. Syzkaller is one frequent example.
>
> Signed-off-by: Willem de Bruijn <willemb@google.com>
Thanks Willem
Signed-off-by: Eric Dumazet <edumazet@google.com>
^ permalink raw reply
* [PATCH net-next 1/3] liquidio: Disabling tasklet when NAPI is active
From: Felix Manlunas @ 2018-09-10 6:34 UTC (permalink / raw)
To: davem
Cc: netdev, raghu.vatsavayi, derek.chickles, satananda.burla,
felix.manlunas, intiyaz.basha
In-Reply-To: <20180910063322.GA4011@felix-thinkpad.cavium.com>
From: Intiyaz Basha <intiyaz.basha@cavium.com>
Control packets are processed in tasklet when interface is down and in
NAPI when interface is up. So tasklet can be disabled when interface up
and re-enabled when interface is down.
Signed-off-by: Intiyaz Basha <intiyaz.basha@cavium.com>
Acked-by: Derek Chickles <derek.chickles@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
---
drivers/net/ethernet/cavium/liquidio/lio_main.c | 14 +++++++++++++-
drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 16 ++++++++++++++++
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/drivers/net/ethernet/cavium/liquidio/lio_main.c b/drivers/net/ethernet/cavium/liquidio/lio_main.c
index 40f941f..0aba1f7 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_main.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_main.c
@@ -1239,8 +1239,10 @@ static void send_rx_ctrl_cmd(struct lio *lio, int start_stop)
static void liquidio_destroy_nic_device(struct octeon_device *oct, int ifidx)
{
struct net_device *netdev = oct->props[ifidx].netdev;
- struct lio *lio;
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct napi_struct *napi, *n;
+ struct lio *lio;
if (!netdev) {
dev_err(&oct->pci_dev->dev, "%s No netdevice ptr for index %d\n",
@@ -1269,6 +1271,8 @@ static void liquidio_destroy_nic_device(struct octeon_device *oct, int ifidx)
list_for_each_entry_safe(napi, n, &netdev->napi_list, dev_list)
netif_napi_del(napi);
+ tasklet_enable(&oct_priv->droq_tasklet);
+
if (atomic_read(&lio->ifstate) & LIO_IFSTATE_REGISTERED)
unregister_netdev(netdev);
@@ -1805,9 +1809,13 @@ static int liquidio_open(struct net_device *netdev)
{
struct lio *lio = GET_LIO(netdev);
struct octeon_device *oct = lio->oct_dev;
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct napi_struct *napi, *n;
if (oct->props[lio->ifidx].napi_enabled == 0) {
+ tasklet_disable(&oct_priv->droq_tasklet);
+
list_for_each_entry_safe(napi, n, &netdev->napi_list, dev_list)
napi_enable(napi);
@@ -1861,6 +1869,8 @@ static int liquidio_stop(struct net_device *netdev)
{
struct lio *lio = GET_LIO(netdev);
struct octeon_device *oct = lio->oct_dev;
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct napi_struct *napi, *n;
ifstate_reset(lio, LIO_IFSTATE_RUNNING);
@@ -1907,6 +1917,8 @@ static int liquidio_stop(struct net_device *netdev)
if (OCTEON_CN23XX_PF(oct))
oct->droq[0]->ops.poll_mode = 0;
+
+ tasklet_enable(&oct_priv->droq_tasklet);
}
dev_info(&oct->pci_dev->dev, "%s interface is stopped\n", netdev->name);
diff --git a/drivers/net/ethernet/cavium/liquidio/lio_vf_main.c b/drivers/net/ethernet/cavium/liquidio/lio_vf_main.c
index 8fa7ac3..0ec4bfe 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_vf_main.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_vf_main.c
@@ -444,6 +444,8 @@ static void octeon_pci_flr(struct octeon_device *oct)
*/
static void octeon_destroy_resources(struct octeon_device *oct)
{
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct msix_entry *msix_entries;
int i;
@@ -587,6 +589,8 @@ static void octeon_destroy_resources(struct octeon_device *oct)
/* Nothing to be done here either */
break;
}
+
+ tasklet_kill(&oct_priv->droq_tasklet);
}
/**
@@ -652,6 +656,8 @@ static void send_rx_ctrl_cmd(struct lio *lio, int start_stop)
static void liquidio_destroy_nic_device(struct octeon_device *oct, int ifidx)
{
struct net_device *netdev = oct->props[ifidx].netdev;
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct napi_struct *napi, *n;
struct lio *lio;
@@ -681,6 +687,8 @@ static void liquidio_destroy_nic_device(struct octeon_device *oct, int ifidx)
list_for_each_entry_safe(napi, n, &netdev->napi_list, dev_list)
netif_napi_del(napi);
+ tasklet_enable(&oct_priv->droq_tasklet);
+
if (atomic_read(&lio->ifstate) & LIO_IFSTATE_REGISTERED)
unregister_netdev(netdev);
@@ -898,9 +906,13 @@ static int liquidio_open(struct net_device *netdev)
{
struct lio *lio = GET_LIO(netdev);
struct octeon_device *oct = lio->oct_dev;
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct napi_struct *napi, *n;
if (!oct->props[lio->ifidx].napi_enabled) {
+ tasklet_disable(&oct_priv->droq_tasklet);
+
list_for_each_entry_safe(napi, n, &netdev->napi_list, dev_list)
napi_enable(napi);
@@ -938,6 +950,8 @@ static int liquidio_stop(struct net_device *netdev)
{
struct lio *lio = GET_LIO(netdev);
struct octeon_device *oct = lio->oct_dev;
+ struct octeon_device_priv *oct_priv =
+ (struct octeon_device_priv *)oct->priv;
struct napi_struct *napi, *n;
/* tell Octeon to stop forwarding packets to host */
@@ -967,6 +981,8 @@ static int liquidio_stop(struct net_device *netdev)
oct->props[lio->ifidx].napi_enabled = 0;
oct->droq[0]->ops.poll_mode = 0;
+
+ tasklet_enable(&oct_priv->droq_tasklet);
}
cancel_delayed_work_sync(&lio->stats_wk.work);
--
1.8.3.1
^ permalink raw reply related
* Re: kernels > v4.12 oops/crash with ipsec-traffic: bisected to b838d5e1c5b6e57b10ec8af2268824041e3ea911: ipv4: mark DST_NOGC and remove the operation of dst_free()
From: Steffen Klassert @ 2018-09-10 6:37 UTC (permalink / raw)
To: Wolfgang Walter; +Cc: netdev, Wei Wang, Tobias Hommel, Eric Dumazet
In-Reply-To: <1619354.H6dCVflbiu@stwm.de>
On Fri, Sep 07, 2018 at 11:10:55PM +0200, Wolfgang Walter wrote:
> Hello Steffen,
>
> in one of your emails to Thomas you wrote:
> > xfrm_lookup+0x2a is at the very beginning of xfrm_lookup(), here we
> > find:
> >
> > u16 family = dst_orig->ops->family;
> >
> > ops has an offset of 32 bytes (20 hex) in dst_orig, so looks like
> > dst_orig is NULL.
> >
> > In the forwarding case, we get dst_orig from the skb and dst_orig
> > can't be NULL here unless the skb itself is already fishy.
>
> Is this really true?
>
> If xfrm_lookup is called from
>
> __xfrm_route_forward():
>
> int __xfrm_route_forward(struct sk_buff *skb, unsigned short family)
> {
> struct net *net = dev_net(skb->dev);
> struct flowi fl;
> struct dst_entry *dst;
> int res = 1;
>
> if (xfrm_decode_session(skb, &fl, family) < 0) {
> XFRM_INC_STATS(net, LINUX_MIB_XFRMFWDHDRERROR);
> return 0;
> }
>
> skb_dst_force(skb);
>
> dst = xfrm_lookup(net, skb_dst(skb), &fl, NULL, XFRM_LOOKUP_QUEUE);
> if (IS_ERR(dst)) {
> res = 0;
> dst = NULL;
> }
> skb_dst_set(skb, dst);
> return res;
> }
>
> couldn't it be possible that skb_dst_force(skb) actually sets dst to NULL if
> it cannot safely lock it? If it is absolutely sure that skb_dst_force() never
> can set dst to NULL I wonder why it is called at all?
Ugh, skb_dst_force apparently changed since I looked at it last time.
I did not expect that it can clear skb->dst. This behaviour was
introduced with:
commit 222d7dbd258dad4cd5241c43ef818141fad5a87a
net: prevent dst uses after free
from Eric Dumazet (put him to Cc).
The easy fix that could be backported to stable would be
to check skb->dst for NULL and drop the packet in that case.
I wonder if we can do better here. We can still use the
dst_entry as long as we don't exit the RCU grace period.
But looking deeper into it, the crypto layer might return
asynchronously. In this case, we exit the RCU grace period
and we have to drop the packet anyway.
If I understand correct, the bug happens rarely. So maybe
we could just stay with the easy fix (I'll do a patch today).
The other thing I wonder about is why Tobias bisected this to
commit b838d5e1c5b6e57b10ec8af2268824041e3ea911
ipv4: mark DST_NOGC and remove the operation of dst_free()
from 'Jun 17 2017' and not to
commit 222d7dbd258dad4cd5241c43ef818141fad5a87a
net: prevent dst uses after free
from 'Sep 21 2017'.
Maybe Tobias has seen two bugs. Before
("net: prevent dst uses after free"), it was the
use after free, and after this fix it was a NULL
pointer derference of skb->dst.
^ permalink raw reply
* [PATCH net-next 3/3] liquidio: Removed droq lock
From: Felix Manlunas @ 2018-09-10 6:34 UTC (permalink / raw)
To: davem
Cc: netdev, raghu.vatsavayi, derek.chickles, satananda.burla,
felix.manlunas, intiyaz.basha
In-Reply-To: <20180910063322.GA4011@felix-thinkpad.cavium.com>
From: Intiyaz Basha <intiyaz.basha@cavium.com>
With the changes in patch 1 and 2, droq lock is not required.
So removing droq lock.
Signed-off-by: Intiyaz Basha <intiyaz.basha@cavium.com>
Acked-by: Derek Chickles <derek.chickles@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
---
.../net/ethernet/cavium/liquidio/octeon_device.c | 4 ---
drivers/net/ethernet/cavium/liquidio/octeon_droq.c | 33 ++--------------------
drivers/net/ethernet/cavium/liquidio/octeon_droq.h | 3 --
3 files changed, 3 insertions(+), 37 deletions(-)
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_device.c b/drivers/net/ethernet/cavium/liquidio/octeon_device.c
index d0ed6c4..0f0275c 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_device.c
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_device.c
@@ -1440,12 +1440,8 @@ void lio_enable_irq(struct octeon_droq *droq, struct octeon_instr_queue *iq)
/* the whole thing needs to be atomic, ideally */
if (droq) {
pkts_pend = (u32)atomic_read(&droq->pkts_pending);
- spin_lock_bh(&droq->lock);
writel(droq->pkt_count - pkts_pend, droq->pkts_sent_reg);
droq->pkt_count = pkts_pend;
- /* this write needs to be flushed before we release the lock */
- mmiowb();
- spin_unlock_bh(&droq->lock);
oct = droq->oct_dev;
}
if (iq) {
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_droq.c b/drivers/net/ethernet/cavium/liquidio/octeon_droq.c
index 53c25ee..ad621aa 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_droq.c
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_droq.c
@@ -301,8 +301,6 @@ int octeon_init_droq(struct octeon_device *oct,
dev_dbg(&oct->pci_dev->dev, "DROQ INIT: max_empty_descs: %d\n",
droq->max_empty_descs);
- spin_lock_init(&droq->lock);
-
INIT_LIST_HEAD(&droq->dispatch_list);
/* For 56xx Pass1, this function won't be called, so no checks. */
@@ -506,7 +504,6 @@ int octeon_retry_droq_refill(struct octeon_droq *droq)
int desc_refilled, reschedule = 1;
u32 pkts_credit;
- spin_lock_bh(&droq->lock);
pkts_credit = readl(droq->pkts_credit_reg);
desc_refilled = octeon_droq_refill(oct, droq);
if (desc_refilled) {
@@ -522,7 +519,6 @@ int octeon_retry_droq_refill(struct octeon_droq *droq)
if (pkts_credit + desc_refilled >= CN23XX_SLI_DEF_BP)
reschedule = 0;
}
- spin_unlock_bh(&droq->lock);
return reschedule;
}
@@ -756,25 +752,17 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
u32 pkt_count = 0;
struct list_head *tmp, *tmp2;
- /* Grab the droq lock */
- spin_lock(&droq->lock);
-
octeon_droq_check_hw_for_pkts(droq);
pkt_count = atomic_read(&droq->pkts_pending);
- if (!pkt_count) {
- spin_unlock(&droq->lock);
+ if (!pkt_count)
return 0;
- }
if (pkt_count > budget)
pkt_count = budget;
octeon_droq_fast_process_packets(oct, droq, pkt_count);
- /* Release the spin lock */
- spin_unlock(&droq->lock);
-
list_for_each_safe(tmp, tmp2, &droq->dispatch_list) {
struct __dispatch *rdisp = (struct __dispatch *)tmp;
@@ -809,8 +797,6 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
if (budget > droq->max_count)
budget = droq->max_count;
- spin_lock(&droq->lock);
-
while (total_pkts_processed < budget) {
octeon_droq_check_hw_for_pkts(droq);
@@ -827,8 +813,6 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
total_pkts_processed += pkts_processed;
}
- spin_unlock(&droq->lock);
-
list_for_each_safe(tmp, tmp2, &droq->dispatch_list) {
struct __dispatch *rdisp = (struct __dispatch *)tmp;
@@ -888,9 +872,8 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
int octeon_register_droq_ops(struct octeon_device *oct, u32 q_no,
struct octeon_droq_ops *ops)
{
- struct octeon_droq *droq;
- unsigned long flags;
struct octeon_config *oct_cfg = NULL;
+ struct octeon_droq *droq;
oct_cfg = octeon_get_conf(oct);
@@ -910,21 +893,15 @@ int octeon_register_droq_ops(struct octeon_device *oct, u32 q_no,
}
droq = oct->droq[q_no];
-
- spin_lock_irqsave(&droq->lock, flags);
-
memcpy(&droq->ops, ops, sizeof(struct octeon_droq_ops));
- spin_unlock_irqrestore(&droq->lock, flags);
-
return 0;
}
int octeon_unregister_droq_ops(struct octeon_device *oct, u32 q_no)
{
- unsigned long flags;
- struct octeon_droq *droq;
struct octeon_config *oct_cfg = NULL;
+ struct octeon_droq *droq;
oct_cfg = octeon_get_conf(oct);
@@ -945,14 +922,10 @@ int octeon_unregister_droq_ops(struct octeon_device *oct, u32 q_no)
return 0;
}
- spin_lock_irqsave(&droq->lock, flags);
-
droq->ops.fptr = NULL;
droq->ops.farg = NULL;
droq->ops.drop_on_max = 0;
- spin_unlock_irqrestore(&droq->lock, flags);
-
return 0;
}
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_droq.h b/drivers/net/ethernet/cavium/liquidio/octeon_droq.h
index b201936..c9b19e6 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_droq.h
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_droq.h
@@ -245,9 +245,6 @@ struct octeon_droq_ops {
* Octeon DROQ.
*/
struct octeon_droq {
- /** A spinlock to protect access to this ring. */
- spinlock_t lock;
-
u32 q_no;
u32 pkt_count;
--
1.8.3.1
^ permalink raw reply related
* [PATCH net-next 2/3] liquidio: Per queue oom work queue
From: Felix Manlunas @ 2018-09-10 6:34 UTC (permalink / raw)
To: davem
Cc: netdev, raghu.vatsavayi, derek.chickles, satananda.burla,
felix.manlunas, intiyaz.basha
In-Reply-To: <20180910063322.GA4011@felix-thinkpad.cavium.com>
From: Intiyaz Basha <intiyaz.basha@cavium.com>
Removed oom task unconditional rescheduling every 250ms and created per
queue oom work queue for refilling buffers.
The oom task refills only if the available descriptors is fallen to 64.
There will be no packets coming in after hitting this level. So NAPI will
not run until oom task refills the buffers.
Signed-off-by: Intiyaz Basha <intiyaz.basha@cavium.com>
Acked-by: Derek Chickles <derek.chickles@cavium.com>
Signed-off-by: Felix Manlunas <felix.manlunas@cavium.com>
---
drivers/net/ethernet/cavium/liquidio/lio_core.c | 77 +++++++++++-------
drivers/net/ethernet/cavium/liquidio/lio_ethtool.c | 7 ++
drivers/net/ethernet/cavium/liquidio/octeon_droq.c | 91 ++++++++++++----------
drivers/net/ethernet/cavium/liquidio/octeon_droq.h | 2 +-
drivers/net/ethernet/cavium/liquidio/octeon_main.h | 4 +
.../net/ethernet/cavium/liquidio/octeon_network.h | 2 +-
6 files changed, 110 insertions(+), 73 deletions(-)
diff --git a/drivers/net/ethernet/cavium/liquidio/lio_core.c b/drivers/net/ethernet/cavium/liquidio/lio_core.c
index 0284204..55ed20b 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_core.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_core.c
@@ -425,56 +425,73 @@ void octeon_pf_changed_vf_macaddr(struct octeon_device *oct, u8 *mac)
*/
}
+void octeon_schedule_rxq_oom_work(struct octeon_device *oct,
+ struct octeon_droq *droq)
+{
+ struct net_device *netdev = oct->props[0].netdev;
+ struct lio *lio = GET_LIO(netdev);
+ struct cavium_wq *wq = &lio->rxq_status_wq[droq->q_no];
+
+ queue_delayed_work(wq->wq, &wq->wk.work,
+ msecs_to_jiffies(LIO_OOM_POLL_INTERVAL_MS));
+}
+
static void octnet_poll_check_rxq_oom_status(struct work_struct *work)
{
struct cavium_wk *wk = (struct cavium_wk *)work;
struct lio *lio = (struct lio *)wk->ctxptr;
struct octeon_device *oct = lio->oct_dev;
- struct octeon_droq *droq;
- int q, q_no = 0;
+ int q_no = wk->ctxul;
+ struct octeon_droq *droq = oct->droq[q_no];
- if (ifstate_check(lio, LIO_IFSTATE_RUNNING)) {
- for (q = 0; q < lio->linfo.num_rxpciq; q++) {
- q_no = lio->linfo.rxpciq[q].s.q_no;
- droq = oct->droq[q_no];
- if (!droq)
- continue;
- octeon_droq_check_oom(droq);
- }
- }
- queue_delayed_work(lio->rxq_status_wq.wq,
- &lio->rxq_status_wq.wk.work,
- msecs_to_jiffies(LIO_OOM_POLL_INTERVAL_MS));
+ if (!ifstate_check(lio, LIO_IFSTATE_RUNNING) || !droq)
+ return;
+
+ if (octeon_retry_droq_refill(droq))
+ octeon_schedule_rxq_oom_work(oct, droq);
}
int setup_rx_oom_poll_fn(struct net_device *netdev)
{
struct lio *lio = GET_LIO(netdev);
struct octeon_device *oct = lio->oct_dev;
+ struct cavium_wq *wq;
+ int q, q_no;
- lio->rxq_status_wq.wq = alloc_workqueue("rxq-oom-status",
- WQ_MEM_RECLAIM, 0);
- if (!lio->rxq_status_wq.wq) {
- dev_err(&oct->pci_dev->dev, "unable to create cavium rxq oom status wq\n");
- return -ENOMEM;
+ for (q = 0; q < oct->num_oqs; q++) {
+ q_no = lio->linfo.rxpciq[q].s.q_no;
+ wq = &lio->rxq_status_wq[q_no];
+ wq->wq = alloc_workqueue("rxq-oom-status",
+ WQ_MEM_RECLAIM, 0);
+ if (!wq->wq) {
+ dev_err(&oct->pci_dev->dev, "unable to create cavium rxq oom status wq\n");
+ return -ENOMEM;
+ }
+
+ INIT_DELAYED_WORK(&wq->wk.work,
+ octnet_poll_check_rxq_oom_status);
+ wq->wk.ctxptr = lio;
+ wq->wk.ctxul = q_no;
}
- INIT_DELAYED_WORK(&lio->rxq_status_wq.wk.work,
- octnet_poll_check_rxq_oom_status);
- lio->rxq_status_wq.wk.ctxptr = lio;
- queue_delayed_work(lio->rxq_status_wq.wq,
- &lio->rxq_status_wq.wk.work,
- msecs_to_jiffies(LIO_OOM_POLL_INTERVAL_MS));
+
return 0;
}
void cleanup_rx_oom_poll_fn(struct net_device *netdev)
{
struct lio *lio = GET_LIO(netdev);
-
- if (lio->rxq_status_wq.wq) {
- cancel_delayed_work_sync(&lio->rxq_status_wq.wk.work);
- flush_workqueue(lio->rxq_status_wq.wq);
- destroy_workqueue(lio->rxq_status_wq.wq);
+ struct octeon_device *oct = lio->oct_dev;
+ struct cavium_wq *wq;
+ int q_no;
+
+ for (q_no = 0; q_no < oct->num_oqs; q_no++) {
+ wq = &lio->rxq_status_wq[q_no];
+ if (wq->wq) {
+ cancel_delayed_work_sync(&wq->wk.work);
+ flush_workqueue(wq->wq);
+ destroy_workqueue(wq->wq);
+ wq->wq = NULL;
+ }
}
}
diff --git a/drivers/net/ethernet/cavium/liquidio/lio_ethtool.c b/drivers/net/ethernet/cavium/liquidio/lio_ethtool.c
index e1e5808..9e53cdb 100644
--- a/drivers/net/ethernet/cavium/liquidio/lio_ethtool.c
+++ b/drivers/net/ethernet/cavium/liquidio/lio_ethtool.c
@@ -1115,6 +1115,8 @@ static int lio_reset_queues(struct net_device *netdev, uint32_t num_qs)
* steps like updating sriov_info for the octeon device need to be done.
*/
if (queue_count_update) {
+ cleanup_rx_oom_poll_fn(netdev);
+
lio_delete_glists(lio);
/* Delete mbox for PF which is SRIOV disabled because sriov_info
@@ -1214,6 +1216,11 @@ static int lio_reset_queues(struct net_device *netdev, uint32_t num_qs)
return -1;
}
+ if (setup_rx_oom_poll_fn(netdev)) {
+ dev_err(&oct->pci_dev->dev, "lio_setup_rx_oom_poll_fn failed\n");
+ return 1;
+ }
+
/* Send firmware the information about new number of queues
* if the interface is a VF or a PF that is SRIOV enabled.
*/
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_droq.c b/drivers/net/ethernet/cavium/liquidio/octeon_droq.c
index a71dbb7..53c25ee 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_droq.c
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_droq.c
@@ -333,8 +333,6 @@ int octeon_init_droq(struct octeon_device *oct,
* Returns:
* Success: Pointer to recv_info_t
* Failure: NULL.
- * Locks:
- * The droq->lock is held when this routine is called.
*/
static inline struct octeon_recv_info *octeon_create_recv_info(
struct octeon_device *octeon_dev,
@@ -433,8 +431,6 @@ static inline struct octeon_recv_info *octeon_create_recv_info(
* up buffers (that were not dispatched) to form a contiguous ring.
* Returns:
* No of descriptors refilled.
- * Locks:
- * This routine is called with droq->lock held.
*/
static u32
octeon_droq_refill(struct octeon_device *octeon_dev, struct octeon_droq *droq)
@@ -449,8 +445,7 @@ static inline struct octeon_recv_info *octeon_create_recv_info(
while (droq->refill_count && (desc_refilled < droq->max_count)) {
/* If a valid buffer exists (happens if there is no dispatch),
- * reuse
- * the buffer, else allocate.
+ * reuse the buffer, else allocate.
*/
if (!droq->recv_buf_list[droq->refill_idx].buffer) {
pg_info =
@@ -503,28 +498,33 @@ static inline struct octeon_recv_info *octeon_create_recv_info(
/** check if we can allocate packets to get out of oom.
* @param droq - Droq being checked.
- * @return does not return anything
+ * @return 1 if fails to refill minimum
*/
-void octeon_droq_check_oom(struct octeon_droq *droq)
+int octeon_retry_droq_refill(struct octeon_droq *droq)
{
- int desc_refilled;
struct octeon_device *oct = droq->oct_dev;
+ int desc_refilled, reschedule = 1;
+ u32 pkts_credit;
+
+ spin_lock_bh(&droq->lock);
+ pkts_credit = readl(droq->pkts_credit_reg);
+ desc_refilled = octeon_droq_refill(oct, droq);
+ if (desc_refilled) {
+ /* Flush the droq descriptor data to memory to be sure
+ * that when we update the credits the data in memory
+ * is accurate.
+ */
+ wmb();
+ writel(desc_refilled, droq->pkts_credit_reg);
+ /* make sure mmio write completes */
+ mmiowb();
- if (readl(droq->pkts_credit_reg) <= CN23XX_SLI_DEF_BP) {
- spin_lock_bh(&droq->lock);
- desc_refilled = octeon_droq_refill(oct, droq);
- if (desc_refilled) {
- /* Flush the droq descriptor data to memory to be sure
- * that when we update the credits the data in memory
- * is accurate.
- */
- wmb();
- writel(desc_refilled, droq->pkts_credit_reg);
- /* make sure mmio write completes */
- mmiowb();
- }
- spin_unlock_bh(&droq->lock);
+ if (pkts_credit + desc_refilled >= CN23XX_SLI_DEF_BP)
+ reschedule = 0;
}
+ spin_unlock_bh(&droq->lock);
+
+ return reschedule;
}
static inline u32
@@ -603,9 +603,9 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
struct octeon_droq *droq,
u32 pkts_to_process)
{
+ u32 pkt, total_len = 0, pkt_count, retval;
struct octeon_droq_info *info;
union octeon_rh *rh;
- u32 pkt, total_len = 0, pkt_count;
pkt_count = pkts_to_process;
@@ -709,30 +709,43 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
if (droq->refill_count >= droq->refill_threshold) {
int desc_refilled = octeon_droq_refill(oct, droq);
- /* Flush the droq descriptor data to memory to be sure
- * that when we update the credits the data in memory
- * is accurate.
- */
- wmb();
- writel((desc_refilled), droq->pkts_credit_reg);
- /* make sure mmio write completes */
- mmiowb();
+ if (desc_refilled) {
+ /* Flush the droq descriptor data to memory to
+ * be sure that when we update the credits the
+ * data in memory is accurate.
+ */
+ wmb();
+ writel(desc_refilled, droq->pkts_credit_reg);
+ /* make sure mmio write completes */
+ mmiowb();
+ }
}
-
} /* for (each packet)... */
/* Increment refill_count by the number of buffers processed. */
droq->stats.pkts_received += pkt;
droq->stats.bytes_received += total_len;
+ retval = pkt;
if ((droq->ops.drop_on_max) && (pkts_to_process - pkt)) {
octeon_droq_drop_packets(oct, droq, (pkts_to_process - pkt));
droq->stats.dropped_toomany += (pkts_to_process - pkt);
- return pkts_to_process;
+ retval = pkts_to_process;
}
- return pkt;
+ atomic_sub(retval, &droq->pkts_pending);
+
+ if (droq->refill_count >= droq->refill_threshold &&
+ readl(droq->pkts_credit_reg) < CN23XX_SLI_DEF_BP) {
+ octeon_droq_check_hw_for_pkts(droq);
+
+ /* Make sure there are no pkts_pending */
+ if (!atomic_read(&droq->pkts_pending))
+ octeon_schedule_rxq_oom_work(oct, droq);
+ }
+
+ return retval;
}
int
@@ -740,7 +753,7 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
struct octeon_droq *droq,
u32 budget)
{
- u32 pkt_count = 0, pkts_processed = 0;
+ u32 pkt_count = 0;
struct list_head *tmp, *tmp2;
/* Grab the droq lock */
@@ -757,9 +770,7 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
if (pkt_count > budget)
pkt_count = budget;
- pkts_processed = octeon_droq_fast_process_packets(oct, droq, pkt_count);
-
- atomic_sub(pkts_processed, &droq->pkts_pending);
+ octeon_droq_fast_process_packets(oct, droq, pkt_count);
/* Release the spin lock */
spin_unlock(&droq->lock);
@@ -813,8 +824,6 @@ static inline void octeon_droq_drop_packets(struct octeon_device *oct,
octeon_droq_fast_process_packets(oct, droq,
pkts_available);
- atomic_sub(pkts_processed, &droq->pkts_pending);
-
total_pkts_processed += pkts_processed;
}
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_droq.h b/drivers/net/ethernet/cavium/liquidio/octeon_droq.h
index f28f262..b201936 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_droq.h
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_droq.h
@@ -414,6 +414,6 @@ int octeon_droq_process_poll_pkts(struct octeon_device *oct,
int octeon_enable_irq(struct octeon_device *oct, u32 q_no);
-void octeon_droq_check_oom(struct octeon_droq *droq);
+int octeon_retry_droq_refill(struct octeon_droq *droq);
#endif /*__OCTEON_DROQ_H__ */
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_main.h b/drivers/net/ethernet/cavium/liquidio/octeon_main.h
index 38c055f..073d064 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_main.h
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_main.h
@@ -70,6 +70,10 @@ void octeon_update_tx_completion_counters(void *buf, int reqtype,
void octeon_report_tx_completion_to_bql(void *txq, unsigned int pkts_compl,
unsigned int bytes_compl);
void octeon_pf_changed_vf_macaddr(struct octeon_device *oct, u8 *mac);
+
+void octeon_schedule_rxq_oom_work(struct octeon_device *oct,
+ struct octeon_droq *droq);
+
/** Swap 8B blocks */
static inline void octeon_swap_8B_data(u64 *data, u32 blocks)
{
diff --git a/drivers/net/ethernet/cavium/liquidio/octeon_network.h b/drivers/net/ethernet/cavium/liquidio/octeon_network.h
index 9117b5a..beb3eec 100644
--- a/drivers/net/ethernet/cavium/liquidio/octeon_network.h
+++ b/drivers/net/ethernet/cavium/liquidio/octeon_network.h
@@ -173,7 +173,7 @@ struct lio {
struct cavium_wq txq_status_wq;
/* work queue for rxq oom status */
- struct cavium_wq rxq_status_wq;
+ struct cavium_wq rxq_status_wq[MAX_POSSIBLE_OCTEON_OUTPUT_QUEUES];
/* work queue for link status */
struct cavium_wq link_status_wq;
--
1.8.3.1
^ permalink raw reply related
* [PATCH net-next 0/3] liquidio: Removed droq lock from Rx path
From: Felix Manlunas @ 2018-09-10 6:33 UTC (permalink / raw)
To: davem
Cc: netdev, raghu.vatsavayi, derek.chickles, satananda.burla,
felix.manlunas, intiyaz.basha
From: Intiyaz Basha <intiyaz.basha@cavium.com>
Series of patches for removing droq lock from Rx Path.
Intiyaz Basha (3):
liquidio: Disabling tasklet when NAPI is active
liquidio: Per queue oom work queue
liquidio: Removed droq lock
drivers/net/ethernet/cavium/liquidio/lio_core.c | 77 +++++++------
drivers/net/ethernet/cavium/liquidio/lio_ethtool.c | 7 ++
drivers/net/ethernet/cavium/liquidio/lio_main.c | 14 ++-
drivers/net/ethernet/cavium/liquidio/lio_vf_main.c | 16 +++
.../net/ethernet/cavium/liquidio/octeon_device.c | 4 -
drivers/net/ethernet/cavium/liquidio/octeon_droq.c | 120 +++++++++------------
drivers/net/ethernet/cavium/liquidio/octeon_droq.h | 5 +-
drivers/net/ethernet/cavium/liquidio/octeon_main.h | 4 +
.../net/ethernet/cavium/liquidio/octeon_network.h | 2 +-
9 files changed, 140 insertions(+), 109 deletions(-)
--
1.8.3.1
^ permalink raw reply
* Re: [PATCH v2 net-next 2/2] tcp: fix the error count of tcpInSegs
From: Yafang Shao @ 2018-09-10 10:56 UTC (permalink / raw)
To: Eric Dumazet; +Cc: David Miller, netdev, LKML
In-Reply-To: <CANn89iLN9H8tUhjMh1o0N7Ng8fPuXqQdpgkpBANpLwywaS3kNA@mail.gmail.com>
On Mon, Sep 10, 2018 at 2:32 AM, Eric Dumazet <edumazet@google.com> wrote:
> On Sat, Sep 8, 2018 at 8:14 PM Yafang Shao <laoar.shao@gmail.com> wrote:
>>
>> In RFC1213, the tcpInSegs is the total number of segments received.
>> While currently it is the total number of SKBs received.
>> The number of SKBs may be not equal with the numer of segments because of
>> GRO.
>> So fix this error count.
>>
>
> We have discussed this in the past and the consensus was it was too
> late to change this.
>
> IP counters have the same issue, so after your patch, we would have
> quite a difference between transport and network layers.
>
> Adding all these max_t(u16, 1, skb_shinfo(skb)->gso_segs)) everywhere add a cost
May be we could give a comment here why we do it like this, otherwise
it may make a misunderstanding.
Thanks
Yafang
^ permalink raw reply
* Re: [PATCH net-next] virtio_net: ethtool tx napi configuration
From: Jason Wang @ 2018-09-10 6:01 UTC (permalink / raw)
To: Willem de Bruijn, netdev
Cc: davem, caleb.raitto, mst, jonolson, Willem de Bruijn
In-Reply-To: <20180909224449.203593-1-willemdebruijn.kernel@gmail.com>
On 2018年09月10日 06:44, Willem de Bruijn wrote:
> From: Willem de Bruijn <willemb@google.com>
>
> Implement ethtool .set_coalesce (-C) and .get_coalesce (-c) handlers.
> Interrupt moderation is currently not supported, so these accept and
> display the default settings of 0 usec and 1 frame.
>
> Toggle tx napi through a bit in tx-frames. So as to not interfere
> with possible future interrupt moderation, use bit 10, well outside
> the reasonable range of real interrupt moderation values.
>
> Changes are not atomic. The tx IRQ, napi BH and transmit path must
> be quiesced when switching modes. Only allow changing this setting
> when the device is down.
I cook a fixup, and it looks works in my setup:
diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
index b320b6b14749..9181c3f2f832 100644
--- a/drivers/net/virtio_net.c
+++ b/drivers/net/virtio_net.c
@@ -2204,10 +2204,17 @@ static int virtnet_set_coalesce(struct
net_device *dev,
return -EINVAL;
if (napi_weight ^ vi->sq[0].napi.weight) {
- if (dev->flags & IFF_UP)
- return -EBUSY;
- for (i = 0; i < vi->max_queue_pairs; i++)
+ for (i = 0; i < vi->max_queue_pairs; i++) {
+ struct netdev_queue *txq =
+ netdev_get_tx_queue(vi->dev, i);
+
+ virtnet_napi_tx_disable(&vi->sq[i].napi);
+ __netif_tx_lock_bh(txq);
vi->sq[i].napi.weight = napi_weight;
+ __netif_tx_unlock_bh(txq);
+ virtnet_napi_tx_enable(vi, vi->sq[i].vq,
+ &vi->sq[i].napi);
+ }
}
return 0;
The only left case is the speculative tx polling in RX NAPI. I think we
don't need to care in this case since it was not a must for correctness.
>
> Link: https://patchwork.ozlabs.org/patch/948149/
> Suggested-by: Jason Wang <jasowang@redhat.com>
> Signed-off-by: Willem de Bruijn <willemb@google.com>
> ---
> drivers/net/virtio_net.c | 52 ++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 52 insertions(+)
>
> diff --git a/drivers/net/virtio_net.c b/drivers/net/virtio_net.c
> index 765920905226..b320b6b14749 100644
> --- a/drivers/net/virtio_net.c
> +++ b/drivers/net/virtio_net.c
> @@ -66,6 +66,8 @@ DECLARE_EWMA(pkt_len, 0, 64)
>
> #define VIRTNET_DRIVER_VERSION "1.0.0"
>
> +static const u32 ethtool_coalesce_napi_mask = (1UL << 10);
> +
> static const unsigned long guest_offloads[] = {
> VIRTIO_NET_F_GUEST_TSO4,
> VIRTIO_NET_F_GUEST_TSO6,
> @@ -2181,6 +2183,54 @@ static int virtnet_get_link_ksettings(struct net_device *dev,
> return 0;
> }
>
> +static int virtnet_set_coalesce(struct net_device *dev,
> + struct ethtool_coalesce *ec)
> +{
> + const struct ethtool_coalesce ec_default = {
> + .cmd = ETHTOOL_SCOALESCE,
> + .rx_max_coalesced_frames = 1,
I think rx part is no necessary.
Thanks
> + .tx_max_coalesced_frames = 1,
> + };
> + struct virtnet_info *vi = netdev_priv(dev);
> + int i, napi_weight = 0;
> +
> + if (ec->tx_max_coalesced_frames & ethtool_coalesce_napi_mask) {
> + ec->tx_max_coalesced_frames &= ~ethtool_coalesce_napi_mask;
> + napi_weight = NAPI_POLL_WEIGHT;
> + }
> +
> + /* disallow changes to fields not explicitly tested above */
> + if (memcmp(ec, &ec_default, sizeof(ec_default)))
> + return -EINVAL;
> +
> + if (napi_weight ^ vi->sq[0].napi.weight) {
> + if (dev->flags & IFF_UP)
> + return -EBUSY;
> + for (i = 0; i < vi->max_queue_pairs; i++)
> + vi->sq[i].napi.weight = napi_weight;
> + }
> +
> + return 0;
> +}
> +
> +static int virtnet_get_coalesce(struct net_device *dev,
> + struct ethtool_coalesce *ec)
> +{
> + const struct ethtool_coalesce ec_default = {
> + .cmd = ETHTOOL_GCOALESCE,
> + .rx_max_coalesced_frames = 1,
> + .tx_max_coalesced_frames = 1,
> + };
> + struct virtnet_info *vi = netdev_priv(dev);
> +
> + memcpy(ec, &ec_default, sizeof(ec_default));
> +
> + if (vi->sq[0].napi.weight)
> + ec->tx_max_coalesced_frames |= ethtool_coalesce_napi_mask;
> +
> + return 0;
> +}
> +
> static void virtnet_init_settings(struct net_device *dev)
> {
> struct virtnet_info *vi = netdev_priv(dev);
> @@ -2219,6 +2269,8 @@ static const struct ethtool_ops virtnet_ethtool_ops = {
> .get_ts_info = ethtool_op_get_ts_info,
> .get_link_ksettings = virtnet_get_link_ksettings,
> .set_link_ksettings = virtnet_set_link_ksettings,
> + .set_coalesce = virtnet_set_coalesce,
> + .get_coalesce = virtnet_get_coalesce,
> };
>
> static void virtnet_freeze_down(struct virtio_device *vdev)
^ permalink raw reply related
* Re: [PATCH net-next] virtio_net: force_napi_tx module param.
From: Jason Wang @ 2018-09-10 5:59 UTC (permalink / raw)
To: Willem de Bruijn
Cc: Jon Olson (Google Drive), Michael S. Tsirkin, caleb.raitto,
David Miller, Network Development, Caleb Raitto
In-Reply-To: <CAF=yD-KPJukmNmNBugONfPZGHtauuDSEsOFCz1_AysZApKnCxw@mail.gmail.com>
On 2018年09月10日 07:07, Willem de Bruijn wrote:
> On Wed, Aug 29, 2018 at 9:01 AM Willem de Bruijn
> <willemdebruijn.kernel@gmail.com> wrote:
>> On Wed, Aug 29, 2018 at 3:56 AM Jason Wang <jasowang@redhat.com> wrote:
>>>
>>>
>>> On 2018年08月29日 03:57, Willem de Bruijn wrote:
>>>> On Mon, Jul 30, 2018 at 2:06 AM Jason Wang <jasowang@redhat.com> wrote:
>>>>>
>>>>> On 2018年07月25日 08:17, Jon Olson wrote:
>>>>>> On Tue, Jul 24, 2018 at 3:46 PM Michael S. Tsirkin <mst@redhat.com> wrote:
>>>>>>> On Tue, Jul 24, 2018 at 06:31:54PM -0400, Willem de Bruijn wrote:
>>>>>>>> On Tue, Jul 24, 2018 at 6:23 PM Michael S. Tsirkin <mst@redhat.com> wrote:
>>>>>>>>> On Tue, Jul 24, 2018 at 04:52:53PM -0400, Willem de Bruijn wrote:
>>>>>>>>>> >From the above linked patch, I understand that there are yet
>>>>>>>>>> other special cases in production, such as a hard cap on #tx queues to
>>>>>>>>>> 32 regardless of number of vcpus.
>>>>>>>>> I don't think upstream kernels have this limit - we can
>>>>>>>>> now use vmalloc for higher number of queues.
>>>>>>>> Yes. that patch* mentioned it as a google compute engine imposed
>>>>>>>> limit. It is exactly such cloud provider imposed rules that I'm
>>>>>>>> concerned about working around in upstream drivers.
>>>>>>>>
>>>>>>>> * for reference, I mean https://patchwork.ozlabs.org/patch/725249/
>>>>>>> Yea. Why does GCE do it btw?
>>>>>> There are a few reasons for the limit, some historical, some current.
>>>>>>
>>>>>> Historically we did this because of a kernel limit on the number of
>>>>>> TAP queues (in Montreal I thought this limit was 32). To my chagrin,
>>>>>> the limit upstream at the time we did it was actually eight. We had
>>>>>> increased the limit from eight to 32 internally, and it appears in
>>>>>> upstream it has subsequently increased upstream to 256. We no longer
>>>>>> use TAP for networking, so that constraint no longer applies for us,
>>>>>> but when looking at removing/raising the limit we discovered no
>>>>>> workloads that clearly benefited from lifting it, and it also placed
>>>>>> more pressure on our virtual networking stack particularly on the Tx
>>>>>> side. We left it as-is.
>>>>>>
>>>>>> In terms of current reasons there are really two. One is memory usage.
>>>>>> As you know, virtio-net uses rx/tx pairs, so there's an expectation
>>>>>> that the guest will have an Rx queue for every Tx queue. We run our
>>>>>> individual virtqueues fairly deep (4096 entries) to give guests a wide
>>>>>> time window for re-posting Rx buffers and avoiding starvation on
>>>>>> packet delivery. Filling an Rx vring with max-sized mergeable buffers
>>>>>> (4096 bytes) is 16MB of GFP_ATOMIC allocations. At 32 queues this can
>>>>>> be up to 512MB of memory posted for network buffers. Scaling this to
>>>>>> the largest VM GCE offers today (160 VCPUs -- n1-ultramem-160) keeping
>>>>>> all of the Rx rings full would (in the large average Rx packet size
>>>>>> case) consume up to 2.5 GB(!) of guest RAM. Now, those VMs have 3.8T
>>>>>> of RAM available, but I don't believe we've observed a situation where
>>>>>> they would have benefited from having 2.5 gigs of buffers posted for
>>>>>> incoming network traffic :)
>>>>> We can work to have async txq and rxq instead of paris if there's a
>>>>> strong requirement.
>>>>>
>>>>>> The second reason is interrupt related -- as I mentioned above, we
>>>>>> have found no workloads that clearly benefit from so many queues, but
>>>>>> we have found workloads that degrade. In particular workloads that do
>>>>>> a lot of small packet processing but which aren't extremely latency
>>>>>> sensitive can achieve higher PPS by taking fewer interrupt across
>>>>>> fewer VCPUs due to better batching (this also incurs higher latency,
>>>>>> but at the limit the "busy" cores end up suppressing most interrupts
>>>>>> and spending most of their cycles farming out work). Memcache is a
>>>>>> good example here, particularly if the latency targets for request
>>>>>> completion are in the ~milliseconds range (rather than the
>>>>>> microseconds we typically strive for with TCP_RR-style workloads).
>>>>>>
>>>>>> All of that said, we haven't been forthcoming with data (and
>>>>>> unfortunately I don't have it handy in a useful form, otherwise I'd
>>>>>> simply post it here), so I understand the hesitation to simply run
>>>>>> with napi_tx across the board. As Willem said, this patch seemed like
>>>>>> the least disruptive way to allow us to continue down the road of
>>>>>> "universal" NAPI Tx and to hopefully get data across enough workloads
>>>>>> (with VMs small, large, and absurdly large :) to present a compelling
>>>>>> argument in one direction or another. As far as I know there aren't
>>>>>> currently any NAPI related ethtool commands (based on a quick perusal
>>>>>> of ethtool.h)
>>>>> As I suggest before, maybe we can (ab)use tx-frames-irq.
>>>> I forgot to respond to this originally, but I agree.
>>>>
>>>> How about something like the snippet below. It would be simpler to
>>>> reason about if only allow switching while the device is down, but
>>>> napi does not strictly require that.
>>>>
>>>> +static int virtnet_set_coalesce(struct net_device *dev,
>>>> + struct ethtool_coalesce *ec)
>>>> +{
>>>> + const u32 tx_coalesce_napi_mask = (1 << 16);
>>>> + const struct ethtool_coalesce ec_default = {
>>>> + .cmd = ETHTOOL_SCOALESCE,
>>>> + .rx_max_coalesced_frames = 1,
>>>> + .tx_max_coalesced_frames = 1,
>>>> + };
>>>> + struct virtnet_info *vi = netdev_priv(dev);
>>>> + int napi_weight = 0;
>>>> + bool running;
>>>> + int i;
>>>> +
>>>> + if (ec->tx_max_coalesced_frames & tx_coalesce_napi_mask) {
>>>> + ec->tx_max_coalesced_frames &= ~tx_coalesce_napi_mask;
>>>> + napi_weight = NAPI_POLL_WEIGHT;
>>>> + }
>>>> +
>>>> + /* disallow changes to fields not explicitly tested above */
>>>> + if (memcmp(ec, &ec_default, sizeof(ec_default)))
>>>> + return -EINVAL;
>>>> +
>>>> + if (napi_weight ^ vi->sq[0].napi.weight) {
>>>> + running = netif_running(vi->dev);
>>>> +
>>>> + for (i = 0; i < vi->max_queue_pairs; i++) {
>>>> + vi->sq[i].napi.weight = napi_weight;
>>>> +
>>>> + if (!running)
>>>> + continue;
>>>> +
>>>> + if (napi_weight)
>>>> + virtnet_napi_tx_enable(vi, vi->sq[i].vq,
>>>> + &vi->sq[i].napi);
>>>> + else
>>>> + napi_disable(&vi->sq[i].napi);
>>>> + }
>>>> + }
>>>> +
>>>> + return 0;
>>>> +}
>>>> +
>>>> +static int virtnet_get_coalesce(struct net_device *dev,
>>>> + struct ethtool_coalesce *ec)
>>>> +{
>>>> + const u32 tx_coalesce_napi_mask = (1 << 16);
>>>> + const struct ethtool_coalesce ec_default = {
>>>> + .cmd = ETHTOOL_GCOALESCE,
>>>> + .rx_max_coalesced_frames = 1,
>>>> + .tx_max_coalesced_frames = 1,
>>>> + };
>>>> + struct virtnet_info *vi = netdev_priv(dev);
>>>> +
>>>> + memcpy(ec, &ec_default, sizeof(ec_default));
>>>> +
>>>> + if (vi->sq[0].napi.weight)
>>>> + ec->tx_max_coalesced_frames |= tx_coalesce_napi_mask;
>>>> +
>>>> + return 0;
>>>> +}
>>> Looks good. Just one nit, maybe it's better simply check against zero?
>> I wanted to avoid making napi and interrupt moderation mutually
>> exclusive. If the virtio-net driver ever gets true moderation support,
>> it should be able to work alongside napi.
>>
>> But I can make no-napi be 0 and napi be 1. That is future proof, in
>> the sense that napi is enabled if there is any interrupt moderation.
> It's not appearing on patchwork yet, but I just sent a patch.
>
> I implemented the above, but .tx_frames of 0 is technically incorrect
> and it would unnecessarily constrain interrupt moderation to one of two
> modes. I went back to using a high bit. That said, if you feel strongly
> I'll change it.
Rethink about this, how about something like:
- UINT_MAX: no tx interrupt
- other value: tx interrupt with possible interrupt moderation
>
> I also tried various ways of switching between napi and non napi
> mode without bringing the device down. This is quite fragile. At the
> very least napi.weight has to be updated without any interrupt or
> napi callback happening in between. So most of the datapath needs
> to be quiesced.
>
> I did code up a variant that manually stops all the queues, masks the
> interrupt and waits for napi to complete if scheduled. But in a stress
> test it still managed to trigger a BUG in napi_enable on this state.
>
> Napi is not switched at runtime in other devices, nor really needed. So
> instead I made this change conditional on the device being down.
I agree to start with this, but I cook a patch on top. Please refer the
thread of formal patch.
Thanks
^ permalink raw reply
* [PATCH v2 2/3] dt-bindings: can: rcar_can: Add r8a774a1 support
From: Fabrizio Castro @ 2018-09-10 10:43 UTC (permalink / raw)
To: Wolfgang Grandegger, Marc Kleine-Budde, Rob Herring, Mark Rutland
Cc: Fabrizio Castro, David S. Miller, Sergei Shtylyov, linux-can,
linux-kernel, netdev, devicetree, Simon Horman,
Geert Uytterhoeven, Chris Paterson, Biju Das, linux-renesas-soc
In-Reply-To: <1536576195-11520-1-git-send-email-fabrizio.castro@bp.renesas.com>
Document RZ/G2M (r8a774a1) SoC specific bindings.
Signed-off-by: Fabrizio Castro <fabrizio.castro@bp.renesas.com>
Signed-off-by: Chris Paterson <Chris.Paterson2@renesas.com>
Reviewed-by: Biju Das <biju.das@bp.renesas.com>
---
v1->v2:
* dropped "renesas,rzg-gen2-can" and fixed "clocks" property description
as per Geert's comments.
This patch applies on top of next-20180910.
Documentation/devicetree/bindings/net/can/rcar_can.txt | 18 +++++++++++++-----
1 file changed, 13 insertions(+), 5 deletions(-)
diff --git a/Documentation/devicetree/bindings/net/can/rcar_can.txt b/Documentation/devicetree/bindings/net/can/rcar_can.txt
index 94a7f33..f3b160c 100644
--- a/Documentation/devicetree/bindings/net/can/rcar_can.txt
+++ b/Documentation/devicetree/bindings/net/can/rcar_can.txt
@@ -4,6 +4,7 @@ Renesas R-Car CAN controller Device Tree Bindings
Required properties:
- compatible: "renesas,can-r8a7743" if CAN controller is a part of R8A7743 SoC.
"renesas,can-r8a7745" if CAN controller is a part of R8A7745 SoC.
+ "renesas,can-r8a774a1" if CAN controller is a part of R8A774A1 SoC.
"renesas,can-r8a7778" if CAN controller is a part of R8A7778 SoC.
"renesas,can-r8a7779" if CAN controller is a part of R8A7779 SoC.
"renesas,can-r8a7790" if CAN controller is a part of R8A7790 SoC.
@@ -16,15 +17,21 @@ Required properties:
"renesas,rcar-gen1-can" for a generic R-Car Gen1 compatible device.
"renesas,rcar-gen2-can" for a generic R-Car Gen2 or RZ/G1
compatible device.
- "renesas,rcar-gen3-can" for a generic R-Car Gen3 compatible device.
+ "renesas,rcar-gen3-can" for a generic R-Car Gen3 or RZ/G2
+ compatible device.
When compatible with the generic version, nodes must list the
SoC-specific version corresponding to the platform first
followed by the generic version.
- reg: physical base address and size of the R-Car CAN register map.
- interrupts: interrupt specifier for the sole interrupt.
-- clocks: phandles and clock specifiers for 3 CAN clock inputs.
-- clock-names: 3 clock input name strings: "clkp1", "clkp2", "can_clk".
+- clocks: phandles and clock specifiers for 2 CAN clock inputs for RZ/G2
+ devices.
+ phandles and clock specifiers for 3 CAN clock inputs for every other
+ SoC.
+- clock-names: 2 clock input name strings for RZ/G2: "clkp1", "can_clk".
+ 3 clock input name strings for every other SoC: "clkp1", "clkp2",
+ "can_clk".
- pinctrl-0: pin control group to be used for this controller.
- pinctrl-names: must be "default".
@@ -41,8 +48,9 @@ using the below properties:
Optional properties:
- renesas,can-clock-select: R-Car CAN Clock Source Select. Valid values are:
<0x0> (default) : Peripheral clock (clkp1)
- <0x1> : Peripheral clock (clkp2)
- <0x3> : Externally input clock
+ <0x1> : Peripheral clock (clkp2) (not supported by
+ RZ/G2 devices)
+ <0x3> : External input clock
Example
-------
--
2.7.4
^ permalink raw reply related
* [PATCH v2 0/3] Add can support to RZ/G2M
From: Fabrizio Castro @ 2018-09-10 10:43 UTC (permalink / raw)
To: Wolfgang Grandegger, Marc Kleine-Budde, Rob Herring, Mark Rutland
Cc: Fabrizio Castro, David S. Miller, Sergei Shtylyov, Simon Horman,
Magnus Damm, Chris Paterson, linux-can, netdev, devicetree,
linux-renesas-soc, linux-kernel, Geert Uytterhoeven, Biju Das
Dear All,
this series contains all that's necessary to add CAN support
for RZ/G2M (a.k.a. r8a774a1).
v1-v2:
* applied Geert's comments
Thanks,
Fab
Chris Paterson (1):
arm64: dts: renesas: r8a774a1: Add CAN nodes
Fabrizio Castro (2):
can: rcar_can: Fix erroneous registration
dt-bindings: can: rcar_can: Add r8a774a1 support
.../devicetree/bindings/net/can/rcar_can.txt | 18 +++++++++++-----
arch/arm64/boot/dts/renesas/r8a774a1.dtsi | 24 ++++++++++++++++++++++
drivers/net/can/rcar/rcar_can.c | 5 ++++-
3 files changed, 41 insertions(+), 6 deletions(-)
--
2.7.4
^ permalink raw reply
* Re: [PATCH 1/1] ipv6: Add sockopt IPV6_MULTICAST_ALL analogue to IP_MULTICAST_ALL
From: Andre Naujoks @ 2018-09-10 9:30 UTC (permalink / raw)
To: Maciej Żenczykowski
Cc: Linux NetDev, Kernel hackers, David S. Miller, kuznet,
Hideaki YOSHIFUJI, Greg Kroah-Hartman, Erik Kline,
Thomas Gleixner, Shaohua Li, Kate Stewart, Philippe Ombredanne
In-Reply-To: <CANP3RGfGkH33mYDrenwWVkQ4uG4qyrddA+yvJ+t+=y6wGd7uDA@mail.gmail.com>
On 9/10/18 11:07 AM, Maciej Żenczykowski wrote:
> Any reason not to use the same bit that is used by ipv4?
> (as in add the setsockopt/getsockopt but just toggle the v4 bit)
>
I wanted to keep the current behavior for an ipv6 socket as is. I think
user space api/behavioral changes are frowned upon!?
Currently the bit is settable for an ipv6 socket and changes the
handling for ipv4 multicasts for that socket. If I had just added the
socket option and set the v4 bit, you would get maybe unexpected
behavior from that, if you used it for ipv4 multicasts.
Another approach I tried, was to just honor the v4 bit in v6 context,
like this:
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 4ae54aaca373..af1659327d46 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -636,7 +636,7 @@ bool inet6_mc_check(struct sock *sk, const struct
in6_addr *mc_addr,
}
if (!mc) {
rcu_read_unlock();
- return true;
+ return inet_sk(sk)->mc_all;
}
read_lock(&mc->sflock);
psl = mc->sflist;
But that has the same problem of changing current behavior in a possibly
unexpected way.
Regards
Andre
^ permalink raw reply related
* 4.19-rc1: r8169 resume from suspend link negotiation issue
From: Neil MacLeod @ 2018-09-10 4:21 UTC (permalink / raw)
To: netdev
Since 4.19-rc1 (up to and including 4.19-rc3) there is now a problem
with the r8169 network interface when resuming from suspend - the
negotiated network speed after resume is only 10Mbit/s half-duplex.
There is no problem with 4.18.y, and when booting into 4.19-rc3 from
power-on the full 1000Mbit/s full duplex link is correctly negotiated.
Bisecting the kernel commits between 4.18.6 and 4.19-rc1 identifies
the following commit as the bad commit:
"r8169: remove rtl8169_set_speed_xmii"[1]
Before suspend: dmesg[2], ethtool eth0[3] - 1000Mbit/s full duplex
After resume from suspend: dmesg[4], ethtool eth0[5] - 10Mbit/s half duplex
Anyone else seeing this?
Thanks
Neil
1. https://github.com/torvalds/linux/commit/a2965f12fde696d3754347bd48a7149b8de45b21
2. http://ix.io/1mn8
3. http://ix.io/1ltR
4. http://ix.io/1mn9
5. http://ix.io/1ltO
^ permalink raw reply
* Re: [PATCH 1/1] ipv6: Add sockopt IPV6_MULTICAST_ALL analogue to IP_MULTICAST_ALL
From: Maciej Żenczykowski @ 2018-09-10 9:07 UTC (permalink / raw)
To: Andre Naujoks
Cc: Linux NetDev, Kernel hackers, David S. Miller, kuznet,
Hideaki YOSHIFUJI, Greg Kroah-Hartman, Erik Kline,
Thomas Gleixner, Shaohua Li, Kate Stewart, Philippe Ombredanne
In-Reply-To: <20180910082715.11506-2-nautsch2@gmail.com>
Any reason not to use the same bit that is used by ipv4?
(as in add the setsockopt/getsockopt but just toggle the v4 bit)
^ permalink raw reply
* Re: [PATCH 3/4] of: Convert to using %pOFn instead of device_node.name
From: Thierry Reding @ 2018-09-10 9:06 UTC (permalink / raw)
To: Joe Perches
Cc: Rob Herring, Frank Rowand, devicetree, linux-kernel, Andrew Lunn,
Florian Fainelli, netdev
In-Reply-To: <0999919005219fa94ccc69ff57659d47911d3abd.camel@perches.com>
[-- Attachment #1: Type: text/plain, Size: 3223 bytes --]
On Fri, Sep 07, 2018 at 05:30:23PM -0700, Joe Perches wrote:
> On Fri, 2018-09-07 at 14:29 +0200, Thierry Reding wrote:
> > On Tue, Aug 28, 2018 at 10:52:53AM -0500, Rob Herring wrote:
> > > In preparation to remove the node name pointer from struct device_node,
> > > convert printf users to use the %pOFn format specifier.
> > >
> > > Cc: Frank Rowand <frowand.list@gmail.com>
> > > Cc: Andrew Lunn <andrew@lunn.ch>
> > > Cc: Florian Fainelli <f.fainelli@gmail.com>
> > > Cc: devicetree@vger.kernel.org
> > > Cc: netdev@vger.kernel.org
> > > Signed-off-by: Rob Herring <robh@kernel.org>
> > > ---
> > > drivers/of/device.c | 4 ++--
> > > drivers/of/of_mdio.c | 12 ++++++------
> > > drivers/of/of_numa.c | 4 ++--
> > > drivers/of/overlay.c | 4 ++--
> > > drivers/of/platform.c | 8 ++++----
> > > drivers/of/unittest.c | 12 ++++++------
> > > 6 files changed, 22 insertions(+), 22 deletions(-)
> > >
> > > diff --git a/drivers/of/device.c b/drivers/of/device.c
> > > index 5957cd4fa262..daa075d87317 100644
> > > --- a/drivers/of/device.c
> > > +++ b/drivers/of/device.c
> > > @@ -219,7 +219,7 @@ static ssize_t of_device_get_modalias(struct device *dev, char *str, ssize_t len
> > > return -ENODEV;
> > >
> > > /* Name & Type */
> > > - csize = snprintf(str, len, "of:N%sT%s", dev->of_node->name,
> > > + csize = snprintf(str, len, "of:N%pOFnT%s", dev->of_node,
> > > dev->of_node->type);
> > > tsize = csize;
> > > len -= csize;
> >
> > This seems to cause the modalias to be improperly constructed. As a
> > consequence, automatic module loading at boot time is now broken. I
> > think the reason why this fails is because vsnprintf() will skip all
> > alpha-numeric characters after a call to pointer(). Presumably this
> > is meant to be a generic way of skipping whatever specifiers we throw
> > at it.
> >
> > Unfortunately for the case of OF modaliases, this means that the 'T'
> > character gets eaten, so we end up with something like this:
> >
> > # udevadm info /sys/bus/platform/devices/54200000.dc
> > [...]
> > E: MODALIAS=of:Ndc<NULL>Cnvidia,tegra124-dc
> > [...]
> >
> > instead of this:
> >
> > # udevadm info /sys/bus/platform/devices/54200000.dc
> > [...]
> > E: MODALIAS=of:NdcT<NULL>Cnvidia,tegra124-dc
> > [...]
> >
> > Everything is back to normal if I revert this patch. However, since
> > that's obviously not what we want, I think perhaps what we need is a
> > way for pointer() (and its implementations) to report back how many
> > characters in the format string it consumed so that we can support
> > these kinds of back-to-back strings.
> >
> > If nobody else has the time I can look into coding up a fix, but in the
> > meantime it might be best to back this one out until we can handle the
> > OF modalias format string.
>
> Or just use 2 consecutive snprintf calls
>
> csize = snprintf(str, len, "of:N%pOFn", dev->of_node);
> csize += snprintf(str + csize, len - csize, "T%s",
> dev->of_node->type);
Yeah, that's what I ended up doing. Rob came up with another alternative
which is to output the 'T' via %c, which also works around the issue.
Thierry
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply
* Reply For More Info
From: Mr Fridman Mikhail @ 2018-09-10 0:13 UTC (permalink / raw)
To: Recipients
I have a donation for you and for my charity work in your region. Please reply me ASAp for more info
^ permalink raw reply
* KASAN: use-after-free Read in sock_i_uid
From: syzbot @ 2018-09-10 8:36 UTC (permalink / raw)
To: davem, jon.maloy, linux-kernel, netdev, syzkaller-bugs,
tipc-discussion, ying.xue
Hello,
syzbot found the following crash on:
HEAD commit: 3d0e7a9e00fd Merge tag 'md/4.19-rc2' of git://git.kernel.o..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=1261e98e400000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f59875069d721b6
dashboard link: https://syzkaller.appspot.com/bug?extid=b239ac9b3c007f9cef90
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+b239ac9b3c007f9cef90@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: use-after-free in sock_i_uid+0x9c/0xb0 net/core/sock.c:1910
Read of size 4 at addr ffff8801c4333a34 by task syz-executor2/10612
CPU: 1 PID: 10612 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #6
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412
__asan_report_load4_noabort+0x14/0x20 mm/kasan/report.c:432
sock_i_uid+0x9c/0xb0 net/core/sock.c:1910
tipc_sk_fill_sock_diag+0x3f7/0xd90 net/tipc/socket.c:3317
__tipc_add_sock_diag+0x233/0x360 net/tipc/diag.c:62
tipc_nl_sk_walk+0x122/0x1d0 net/tipc/socket.c:3250
tipc_diag_dump+0x24/0x30 net/tipc/diag.c:73
netlink_dump+0x519/0xd50 net/netlink/af_netlink.c:2233
__netlink_dump_start+0x4f1/0x6f0 net/netlink/af_netlink.c:2329
netlink_dump_start include/linux/netlink.h:213 [inline]
tipc_sock_diag_handler_dump+0x28e/0x3d0 net/tipc/diag.c:91
__sock_diag_cmd net/core/sock_diag.c:232 [inline]
sock_diag_rcv_msg+0x31d/0x410 net/core/sock_diag.c:263
netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2454
sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:274
netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline]
netlink_unicast+0x5a5/0x760 net/netlink/af_netlink.c:1343
netlink_sendmsg+0xa18/0xfc0 net/netlink/af_netlink.c:1908
sock_sendmsg_nosec net/socket.c:621 [inline]
sock_sendmsg+0xd5/0x120 net/socket.c:631
___sys_sendmsg+0x7fd/0x930 net/socket.c:2114
__sys_sendmsg+0x11d/0x280 net/socket.c:2152
__do_sys_sendmsg net/socket.c:2161 [inline]
__se_sys_sendmsg net/socket.c:2159 [inline]
__x64_sys_sendmsg+0x78/0xb0 net/socket.c:2159
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457099
Code: fd b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 0f 83 cb b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00
RSP: 002b:00007f5a612d4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
RAX: ffffffffffffffda RBX: 00007f5a612d56d4 RCX: 0000000000457099
RDX: 0000000000000000 RSI: 0000000020000040 RDI: 0000000000000006
RBP: 0000000000930140 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff
R13: 00000000004d4bc0 R14: 00000000004c910b R15: 0000000000000001
Allocated by task 10609:
save_stack+0x43/0xd0 mm/kasan/kasan.c:448
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553
kasan_slab_alloc+0x12/0x20 mm/kasan/kasan.c:490
kmem_cache_alloc+0x12e/0x730 mm/slab.c:3554
sock_alloc_inode+0x1d/0x260 net/socket.c:244
alloc_inode+0x63/0x190 fs/inode.c:210
new_inode_pseudo+0x71/0x1a0 fs/inode.c:903
sock_alloc+0x41/0x270 net/socket.c:547
__sock_create+0x175/0x930 net/socket.c:1239
sock_create net/socket.c:1315 [inline]
__sys_socket+0x106/0x260 net/socket.c:1345
__do_sys_socket net/socket.c:1354 [inline]
__se_sys_socket net/socket.c:1352 [inline]
__x64_sys_socket+0x73/0xb0 net/socket.c:1352
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Freed by task 10609:
save_stack+0x43/0xd0 mm/kasan/kasan.c:448
set_track mm/kasan/kasan.c:460 [inline]
__kasan_slab_free+0x102/0x150 mm/kasan/kasan.c:521
kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528
__cache_free mm/slab.c:3498 [inline]
kmem_cache_free+0x83/0x290 mm/slab.c:3756
sock_destroy_inode+0x51/0x60 net/socket.c:272
destroy_inode+0x159/0x200 fs/inode.c:267
evict+0x5e0/0x980 fs/inode.c:575
iput_final fs/inode.c:1547 [inline]
iput+0x679/0xa90 fs/inode.c:1573
dentry_unlink_inode+0x461/0x5e0 fs/dcache.c:374
__dentry_kill+0x44c/0x7a0 fs/dcache.c:566
dentry_kill+0xc9/0x5a0 fs/dcache.c:685
dput.part.26+0x660/0x790 fs/dcache.c:846
dput+0x15/0x20 fs/dcache.c:828
__fput+0x4cf/0xa30 fs/file_table.c:291
____fput+0x15/0x20 fs/file_table.c:309
task_work_run+0x1e8/0x2a0 kernel/task_work.c:113
get_signal+0x155e/0x1980 kernel/signal.c:2343
do_signal+0x9c/0x21e0 arch/x86/kernel/signal.c:816
exit_to_usermode_loop+0x2e5/0x380 arch/x86/entry/common.c:162
prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
The buggy address belongs to the object at ffff8801c4333a00
which belongs to the cache sock_inode_cache of size 984
The buggy address is located 52 bytes inside of
984-byte region [ffff8801c4333a00, ffff8801c4333dd8)
The buggy address belongs to the page:
page:ffffea000710ccc0 count:1 mapcount:0 mapping:ffff8801d9489b40
index:0xffff8801c4333ffd
flags: 0x2fffc0000000100(slab)
raw: 02fffc0000000100 ffffea000726fac8 ffffea00074f1b88 ffff8801d9489b40
raw: ffff8801c4333ffd ffff8801c4333100 0000000100000003 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8801c4333900: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc
ffff8801c4333980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> ffff8801c4333a00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8801c4333a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8801c4333b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
^ permalink raw reply
* KASAN: use-after-free Read in psock_map_pop
From: syzbot @ 2018-09-10 8:31 UTC (permalink / raw)
To: ast, daniel, linux-kernel, netdev, syzkaller-bugs
Hello,
syzbot found the following crash on:
HEAD commit: 28619527b8a7 Merge git://git.kernel.org/pub/scm/linux/kern..
git tree: bpf
console output: https://syzkaller.appspot.com/x/log.txt?x=1442c149400000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f59875069d721b6
dashboard link: https://syzkaller.appspot.com/bug?extid=5bbe234204453085d43e
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
syz repro: https://syzkaller.appspot.com/x/repro.syz?x=17fb118e400000
C reproducer: https://syzkaller.appspot.com/x/repro.c?x=169f48be400000
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+5bbe234204453085d43e@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: use-after-free in __lock_acquire+0x37c2/0x4ec0
kernel/locking/lockdep.c:3291
Read of size 8 at addr ffff8801be270b88 by task syz-executor843/16792
CPU: 0 PID: 16792 Comm: syz-executor843 Not tainted 4.19.0-rc2+ #51
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
__lock_acquire+0x37c2/0x4ec0 kernel/locking/lockdep.c:3291
lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3901
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168
spin_lock_bh include/linux/spinlock.h:334 [inline]
psock_map_pop.isra.22+0x93/0x3b0 kernel/bpf/sockmap.c:298
bpf_tcp_close+0x6ca/0x10c0 kernel/bpf/sockmap.c:380
inet_release+0x104/0x1f0 net/ipv4/af_inet.c:428
inet6_release+0x50/0x70 net/ipv6/af_inet6.c:457
__sock_release+0xd7/0x250 net/socket.c:579
sock_close+0x19/0x20 net/socket.c:1139
__fput+0x385/0xa30 fs/file_table.c:278
____fput+0x15/0x20 fs/file_table.c:309
task_work_run+0x1e8/0x2a0 kernel/task_work.c:113
tracehook_notify_resume include/linux/tracehook.h:193 [inline]
exit_to_usermode_loop+0x318/0x380 arch/x86/entry/common.c:166
prepare_exit_to_usermode arch/x86/entry/common.c:197 [inline]
syscall_return_slowpath arch/x86/entry/common.c:268 [inline]
do_syscall_64+0x6be/0x820 arch/x86/entry/common.c:293
entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x4063c1
Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 b4 17 00 00 c3 48
83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48
89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01
RSP: 002b:00007ffdfa87cf10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003
RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00000000004063c1
RDX: 0000000000000000 RSI: 0000000000000080 RDI: 0000000000000003
RBP: 00000000006ddc30 R08: 00000000006ddc30 R09: 0000000000406c00
R10: 00007ffdfa87cf30 R11: 0000000000000293 R12: 00000000006ddc3c
R13: 00000000000003e8 R14: 0000000000000004 R15: 000000000000002d
Allocated by task 16796:
save_stack+0x43/0xd0 mm/kasan/kasan.c:448
set_track mm/kasan/kasan.c:460 [inline]
kasan_kmalloc+0xc7/0xe0 mm/kasan/kasan.c:553
kmem_cache_alloc_node_trace+0x14c/0x740 mm/slab.c:3663
kmalloc_node include/linux/slab.h:551 [inline]
kzalloc_node include/linux/slab.h:718 [inline]
smap_init_psock kernel/bpf/sockmap.c:1614 [inline]
__sock_map_ctx_update_elem.isra.23+0x7a9/0x12f0 kernel/bpf/sockmap.c:1918
sock_map_ctx_update_elem.isra.24+0x1a3/0xbe0 kernel/bpf/sockmap.c:1983
sock_map_update_elem+0x22a/0x5a0 kernel/bpf/sockmap.c:2109
map_update_elem+0x753/0xd50 kernel/bpf/syscall.c:799
__do_sys_bpf kernel/bpf/syscall.c:2363 [inline]
__se_sys_bpf kernel/bpf/syscall.c:2334 [inline]
__x64_sys_bpf+0x32d/0x510 kernel/bpf/syscall.c:2334
do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe
Freed by task 14:
save_stack+0x43/0xd0 mm/kasan/kasan.c:448
set_track mm/kasan/kasan.c:460 [inline]
__kasan_slab_free+0x102/0x150 mm/kasan/kasan.c:521
kasan_slab_free+0xe/0x10 mm/kasan/kasan.c:528
__cache_free mm/slab.c:3498 [inline]
kfree+0xcf/0x230 mm/slab.c:3813
smap_gc_work+0x910/0xc70 kernel/bpf/sockmap.c:1607
process_one_work+0xc90/0x1b90 kernel/workqueue.c:2153
worker_thread+0x17f/0x1390 kernel/workqueue.c:2296
kthread+0x35a/0x420 kernel/kthread.c:246
ret_from_fork+0x3a/0x50 arch/x86/entry/entry_64.S:413
The buggy address belongs to the object at ffff8801be270940
which belongs to the cache kmalloc-1024 of size 1024
The buggy address is located 584 bytes inside of
1024-byte region [ffff8801be270940, ffff8801be270d40)
The buggy address belongs to the page:
page:ffffea0006f89c00 count:1 mapcount:0 mapping:ffff8801da800ac0 index:0x0
compound_mapcount: 0
flags: 0x2fffc0000008100(slab|head)
raw: 02fffc0000008100 ffffea0006fa1408 ffffea0006f8ea08 ffff8801da800ac0
raw: 0000000000000000 ffff8801be270040 0000000100000007 0000000000000000
page dumped because: kasan: bad access detected
Memory state around the buggy address:
ffff8801be270a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8801be270b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
> ffff8801be270b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
^
ffff8801be270c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
ffff8801be270c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
==================================================================
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
syzbot can test patches for this bug, for details see:
https://goo.gl/tpsmEJ#testing-patches
^ permalink raw reply
* KASAN: use-after-free Read in bpf_prog_kallsyms_add
From: syzbot @ 2018-09-10 8:30 UTC (permalink / raw)
To: ast, daniel, linux-kernel, netdev, syzkaller-bugs
Hello,
syzbot found the following crash on:
HEAD commit: f6f3bac08ff9 tools/bpf: bpftool: add net support
git tree: bpf-next
console output: https://syzkaller.appspot.com/x/log.txt?x=151ff9b6400000
kernel config: https://syzkaller.appspot.com/x/.config?x=8f59875069d721b6
dashboard link: https://syzkaller.appspot.com/bug?extid=ac0311cfc9e80cd2e0e8
compiler: gcc (GCC) 8.0.1 20180413 (experimental)
Unfortunately, I don't have any reproducer for this crash yet.
IMPORTANT: if you fix the bug, please add the following tag to the commit:
Reported-by: syzbot+ac0311cfc9e80cd2e0e8@syzkaller.appspotmail.com
==================================================================
BUG: KASAN: use-after-free in __list_add_valid+0x8f/0xb0 lib/list_debug.c:26
Read of size 8 at addr ffff8801b843a220 by task syz-executor2/19913
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x1c4/0x2b4 lib/dump_stack.c:113
print_address_description.cold.8+0x9/0x1ff mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report.cold.9+0x242/0x309 mm/kasan/report.c:412
__asan_report_load8_noabort+0x14/0x20 mm/kasan/report.c:433
__list_add_valid+0x8f/0xb0 lib/list_debug.c:26
__list_add_rcu include/linux/rculist.h:52 [inline]
list_add_tail_rcu include/linux/rculist.h:101 [inline]
bpf_prog_ksym_node_add kernel/bpf/core.c:457 [inline]
bpf_prog_kallsyms_add+0x200/0x9b0 kernel/bpf/core.c:488
bpf_prog_load+0x13d1/0x1cb0 kernel/bpf/syscall.c:1442
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a041f598 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a041f710 R08: ffff880197a4a600 R09: ffffed003b584732
R10: ffffed003b584732 R11: ffff8801dac23993 R12: 1ffff10034083ed5
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#2] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a041ee38 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a041efb0 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff10034083de9
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#3] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a041e6d8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a041e850 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff10034083cfd
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#4] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a041df78 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a041e0f0 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff10034083c11
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#5] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a041d818 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a041d990 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff10034083b25
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#6] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a041d0b8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a041d230 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff10034083a39
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#7] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a041c958 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a041cad0 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff1003408394d
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#8] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a041c1f8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a041c370 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff10034083861
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#9] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a041ba98 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a041bc10 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff10034083775
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#10] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a041b338 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a041b4b0 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff10034083689
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#11] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a041abd8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a041ad50 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff1003408359d
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#12] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a041a478 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a041a5f0 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff100340834b1
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#13] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a0419d18 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a0419e90 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff100340833c5
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Oops: 0000 [#14] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a04195b8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a0419730 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff100340832d9
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Thread overran stack, or stack corrupted
Oops: 0000 [#15] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a0418e58 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a0418fd0 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff100340831ed
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Thread overran stack, or stack corrupted
Oops: 0000 [#16] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a04186f8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a0418870 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff10034083101
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Thread overran stack, or stack corrupted
Oops: 0000 [#17] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a0417f98 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a0418110 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff10034083015
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Thread overran stack, or stack corrupted
Oops: 0000 [#18] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a0417838 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a04179b0 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff10034082f29
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Thread overran stack, or stack corrupted
Oops: 0000 [#19] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a04170d8 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a0417250 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff10034082e3d
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
BUG: unable to handle kernel paging request at ffffc90001935030
PGD 1da948067 P4D 1da948067 PUD 1da949067 PMD 1d45bd067 PTE 0
Thread overran stack, or stack corrupted
Oops: 0000 [#20] PREEMPT SMP KASAN
CPU: 0 PID: 19913 Comm: syz-executor2 Not tainted 4.19.0-rc2+ #93
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS
Google 01/01/2011
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a0416978 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a0416af0 R08: ffff880197a4a600 R09: 0000000000000001
R10: ffffed003b584732 R11: 0000000000000000 R12: 1ffff10034082d51
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
Modules linked in:
Dumping ftrace buffer:
---------------------------------
CPU:0 [LOST 7646 EVENTS]
syz-exec-16687 0...1 217412324us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412329us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412334us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412339us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412344us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412349us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412354us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412359us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412364us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412369us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412374us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412379us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412384us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412389us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412394us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412399us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412404us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412409us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412414us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412419us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412424us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412429us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412434us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412439us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412445us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412449us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412454us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412459us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412463us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412469us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412473us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412479us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412484us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412489us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412507us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412513us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412518us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412523us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412528us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412532us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412538us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412543us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412548us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412553us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412558us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412563us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412568us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412573us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412578us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412583us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412588us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412593us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412598us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412603us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412609us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412614us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412619us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412624us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412629us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412635us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412640us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412645us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412650us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412655us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412660us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412665us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412670us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412676us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412681us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412686us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412691us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412696us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412701us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412706us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412711us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412716us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412722us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412727us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412732us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412737us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412742us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412748us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412761us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412767us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412772us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412777us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412782us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412788us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412793us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412798us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412802us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412807us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412812us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412817us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412822us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412826us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412832us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412837us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412842us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412846us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412851us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412856us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412863us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412868us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412873us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412878us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412883us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412888us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412893us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412898us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412903us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412908us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412913us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412918us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412924us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412929us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412934us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412939us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412944us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412949us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412954us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412959us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412965us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412970us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412975us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412980us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412985us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412990us : 0: u000000000958b6c8
syz-exec-16687 0...1 217412995us : 0: u000000000958b6c8
syz-exec-16687 0...1 217413000us : 0: u000000000958b6c8
syz-exec-16687 0...1 217413006us : 0: u000000000958b6c8
syz-exec-16687 0...1 217413011us : 0: u000000000958b6c8
syz-exec-16687 0.N.1 217413051us : 0: u000000000958b6c8
syz-exec-16687 0...1 217415442us : 0: u000000000958b6c8
syz-exec-16687 0...1 217415448us : 0: u000000000958b6c8
syz-exec-16687 0...1 217415453us : 0: u000000000958b6c8
syz-exec-16687 0...1 217415457us : 0: u000000000958b6c8
syz-exec-16687 0...1 217415462us : 0: u000000000958b6c8
syz-exec-16687 0...1 217415466us : 0: u000000000958b6c8
syz-exec-16687 0...1 217415470us : 0: u000000000958b6c8
syz-exec-16687 0...1 217415474us : 0: u000000000958b6c8
syz-exec-16687 0...1 217415479us : 0: u000000000958b6c8
syz-exec-16687 0.N.1 217415630us : 0: u000000000958b6c8
---------------------------------
CR2: ffffc90001935030
---[ end trace 4908ab663d8e7ff1 ]---
RIP: 0010:bpf_prog_ebpf_jited include/linux/filter.h:898 [inline]
RIP: 0010:bpf_get_prog_addr_region kernel/bpf/core.c:381 [inline]
RIP: 0010:bpf_tree_comp kernel/bpf/core.c:435 [inline]
RIP: 0010:__lt_find include/linux/rbtree_latch.h:115 [inline]
RIP: 0010:latch_tree_find include/linux/rbtree_latch.h:208 [inline]
RIP: 0010:bpf_prog_kallsyms_find+0x289/0x4a0 kernel/bpf/core.c:509
Code: 03 42 80 3c 30 00 0f 85 b1 01 00 00 4d 8b 6f 50 49 8d 7d 30 48 89 fa
48 c1 ea 03 42 80 3c 32 00 0f 85 ab 01 00 00 49 8d 7d 02 <4d> 8b 65 30 48
89 fa 48 89 f9 48 c1 ea 03 83 e1 07 42 0f b6 14 32
RSP: 0018:ffff8801a041f598 EFLAGS: 00010046
RAX: 0000000000000000 RBX: ffff8801b843a1f0 RCX: ffffffff818b41d1
RDX: 1ffff92000326a06 RSI: 0000000000000008 RDI: ffffc90001935002
RBP: ffff8801a041f710 R08: ffff880197a4a600 R09: ffffed003b584732
R10: ffffed003b584732 R11: ffff8801dac23993 R12: 1ffff10034083ed5
R13: ffffc90001935000 R14: dffffc0000000000 R15: ffff8801b843a1f0
FS: 00007f1716646700(0000) GS:ffff8801dac00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffc90001935030 CR3: 00000001cd5b5000 CR4: 00000000001406f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
---
This bug is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzkaller@googlegroups.com.
syzbot will keep track of this bug report. See:
https://goo.gl/tpsmEJ#bug-status-tracking for how to communicate with
syzbot.
^ permalink raw reply
* [PATCH 1/1] ipv6: Add sockopt IPV6_MULTICAST_ALL analogue to IP_MULTICAST_ALL
From: Andre Naujoks @ 2018-09-10 8:27 UTC (permalink / raw)
To: netdev, linux-kernel, davem, kuznet, yoshfuji, Greg Kroah-Hartman,
Erik Kline, Thomas Gleixner, Maciej Żenczykowski, Shaohua Li,
Andre Naujoks, Kate Stewart, Philippe Ombredanne
In-Reply-To: <20180910082715.11506-1-nautsch2@gmail.com>
The socket option will be enabled by default to ensure current behaviour
is not changed. This is the same for the IPv4 version.
A socket bound to in6addr_any and a specific port will receive all traffic
on that port. Analogue to IP_MULTICAST_ALL, disable this behaviour, if
one or more multicast groups were joined (using said socket) and only
pass on multicast traffic from groups, which were explicitly joined via
this socket.
Without this option disabled a socket (system even) joined to multiple
multicast groups is very hard to get right. Filtering by destination
address has to take place in user space to avoid receiving multicast
traffic from other multicast groups, which might have traffic on the same
port.
The extension of the IP_MULTICAST_ALL socketoption to just apply to ipv6,
too, is not done to avoid changing the behaviour of current applications.
Signed-off-by: Andre Naujoks <nautsch2@gmail.com>
Acked-By: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
---
include/linux/ipv6.h | 3 ++-
include/uapi/linux/in6.h | 1 +
net/ipv6/af_inet6.c | 1 +
net/ipv6/ipv6_sockglue.c | 11 +++++++++++
net/ipv6/mcast.c | 2 +-
5 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index 8415bf1a9776..495e834c1367 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -274,7 +274,8 @@ struct ipv6_pinfo {
*/
dontfrag:1,
autoflowlabel:1,
- autoflowlabel_set:1;
+ autoflowlabel_set:1,
+ mc_all:1;
__u8 min_hopcount;
__u8 tclass;
__be32 rcv_flowinfo;
diff --git a/include/uapi/linux/in6.h b/include/uapi/linux/in6.h
index ed291e55f024..71d82fe15b03 100644
--- a/include/uapi/linux/in6.h
+++ b/include/uapi/linux/in6.h
@@ -177,6 +177,7 @@ struct in6_flowlabel_req {
#define IPV6_V6ONLY 26
#define IPV6_JOIN_ANYCAST 27
#define IPV6_LEAVE_ANYCAST 28
+#define IPV6_MULTICAST_ALL 29
/* IPV6_MTU_DISCOVER values */
#define IPV6_PMTUDISC_DONT 0
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 9a4261e50272..77ef8478234f 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -209,6 +209,7 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol,
np->hop_limit = -1;
np->mcast_hops = IPV6_DEFAULT_MCASTHOPS;
np->mc_loop = 1;
+ np->mc_all = 1;
np->pmtudisc = IPV6_PMTUDISC_WANT;
np->repflow = net->ipv6.sysctl.flowlabel_reflect;
sk->sk_ipv6only = net->ipv6.sysctl.bindv6only;
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index c0cac9cc3a28..381ce38940ae 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -674,6 +674,13 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
retv = ipv6_sock_ac_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr);
break;
}
+ case IPV6_MULTICAST_ALL:
+ if (optlen < sizeof(int))
+ goto e_inval;
+ np->mc_all = valbool;
+ retv = 0;
+ break;
+
case MCAST_JOIN_GROUP:
case MCAST_LEAVE_GROUP:
{
@@ -1266,6 +1273,10 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
val = np->mcast_oif;
break;
+ case IPV6_MULTICAST_ALL:
+ val = np->mc_all;
+ break;
+
case IPV6_UNICAST_IF:
val = (__force int)htonl((__u32) np->ucast_oif);
break;
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 4ae54aaca373..6895e1dc0b03 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -636,7 +636,7 @@ bool inet6_mc_check(struct sock *sk, const struct in6_addr *mc_addr,
}
if (!mc) {
rcu_read_unlock();
- return true;
+ return np->mc_all;
}
read_lock(&mc->sflock);
psl = mc->sflist;
--
2.19.0.rc2
^ permalink raw reply related
* [PATCH 0/1] add IPV6_MULTICAST_ALL sockopt
From: Andre Naujoks @ 2018-09-10 8:27 UTC (permalink / raw)
To: netdev, linux-kernel, davem, kuznet, yoshfuji; +Cc: Andre Naujoks
The patch applies to the current net-next tree.
I tried to keep the impact of this to a minimum and to replicate the
behaviour of IP_MULTICAST_ALL.
Andre Naujoks (1):
ipv6: Add sockopt IPV6_MULTICAST_ALL analogue to IP_MULTICAST_ALL
include/linux/ipv6.h | 3 ++-
include/uapi/linux/in6.h | 1 +
net/ipv6/af_inet6.c | 1 +
net/ipv6/ipv6_sockglue.c | 11 +++++++++++
net/ipv6/mcast.c | 2 +-
5 files changed, 16 insertions(+), 2 deletions(-)
--
2.19.0.rc2
^ permalink raw reply
* [PATCH] ip6_gre: simplify gre header parsing in ip6gre_err
From: Haishuang Yan @ 2018-09-10 8:25 UTC (permalink / raw)
To: David S. Miller, Alexey Kuznetsov; +Cc: netdev, linux-kernel, Haishuang Yan
Same as ip_gre, use gre_parse_header to parse gre header in gre error
handler code.
Signed-off-by: Haishuang Yan <yanhaishuang@cmss.chinamobile.com>
---
net/ipv6/ip6_gre.c | 29 +++++++----------------------
1 file changed, 7 insertions(+), 22 deletions(-)
diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 18a3794..505d891 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -427,35 +427,20 @@ static void ip6gre_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
u8 type, u8 code, int offset, __be32 info)
{
struct net *net = dev_net(skb->dev);
- const struct gre_base_hdr *greh;
const struct ipv6hdr *ipv6h;
- int grehlen = sizeof(*greh);
+ struct tnl_ptk_info tpi;
+ bool csum_err = false;
struct ip6_tnl *t;
- int key_off = 0;
- __be16 flags;
- __be32 key;
- if (!pskb_may_pull(skb, offset + grehlen))
- return;
- greh = (const struct gre_base_hdr *)(skb->data + offset);
- flags = greh->flags;
- if (flags & (GRE_VERSION | GRE_ROUTING))
- return;
- if (flags & GRE_CSUM)
- grehlen += 4;
- if (flags & GRE_KEY) {
- key_off = grehlen + offset;
- grehlen += 4;
+ if (gre_parse_header(skb, &tpi, &csum_err, htons(ETH_P_IPV6),
+ offset) < 0) {
+ if (!csum_err) /* ignore csum errors. */
+ return;
}
- if (!pskb_may_pull(skb, offset + grehlen))
- return;
ipv6h = (const struct ipv6hdr *)skb->data;
- greh = (const struct gre_base_hdr *)(skb->data + offset);
- key = key_off ? *(__be32 *)(skb->data + key_off) : 0;
-
t = ip6gre_tunnel_lookup(skb->dev, &ipv6h->daddr, &ipv6h->saddr,
- key, greh->protocol);
+ tpi.key, tpi.proto);
if (!t)
return;
--
1.8.3.1
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox