Re: Linux 4.4.34

From: Andre Noll
Date: Tue Nov 22 2016 - 13:11:03 EST

Next message: Cong Wang: "Re: net/icmp: null-ptr-deref in icmp6_send"
Previous message: Andrey Ryabinin: "Re: [PATCH 07/10] mm: warn about vfree from atomic context"
In reply to: Greg KH: "Re: Linux 4.4.34"
Next in thread: Greg KH: "Re: Linux 4.4.34"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Nov 21, 10:28, Greg KH wrote
> I'm announcing the release of the 4.4.34 kernel.
>
> All users of the 4.4 kernel series must upgrade.

This update broke PXE boot on our 4-way AMD boxes. The kernel panics in
eth_type_trans(), presumably during kernel-level IP autoconfiguration,
see [1]. Bisection points me at 5c67f947 (net: __skb_flow_dissect()
must cap its return value). And indeed, reverting this commit fixes
the problem for me.

Investigation showed that the real problem is not the change in the
above commit per se (i.e., capping ->thoff) but the fact that in the
success case, where we jump to the "out_good" label, ->thoff is now
set *after* ->n_proto and ->ip_proto. I fail to see how order matters
here, but it clearly does, since the crash is 100% reproducible,
and is fixed by the commit below (on top of v4.4.34).

Please consider applying something like the patch below for mainline
and -stable.

Thanks
Andre

[1] http://people.tuebingen.mpg.de/maan/.eth_type_trans_panic.png
---
commit 3494d99764da2b7bbac5d0eed364d03552fefd36
Author: Andre Noll <maan@xxxxxxxxxxxxxxxx>
Date: Tue Nov 22 11:34:11 2016 +0100

net: __skb_flow_dissect() must set ->thoff *after* ->n_proto and ->ip_proto

Without this, PXE boot fails on some AMD Opteron machines.

Signed-off-by: Andre Noll <maan@xxxxxxxxxxxxxxxx>

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 9aba9e9..fde26e4 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -491,18 +491,17 @@ ip_proto_again:

out_good:
ret = true;
-
- key_control->thoff = (u16)nhoff;
+ goto out;
+out_bad:
+ ret = false;
out:
key_basic->n_proto = proto;
key_basic->ip_proto = ip_proto;
-
+ if (ret)
+ key_control->thoff = (u16)nhoff;
+ else
+ key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen);
return ret;
-
-out_bad:
- ret = false;
- key_control->thoff = min_t(u16, nhoff, skb ? skb->len : hlen);
- goto out;
}
EXPORT_SYMBOL(__skb_flow_dissect);
--
Max Planck Institute for Developmental Biology
SpemannstraÃe 35, 72076 TÃbingen, Germany. Phone: (+49) 7071 601 829
http://people.tuebingen.mpg.de/maan/

Attachment: signature.asc
Description: Digital signature

Next message: Cong Wang: "Re: net/icmp: null-ptr-deref in icmp6_send"
Previous message: Andrey Ryabinin: "Re: [PATCH 07/10] mm: warn about vfree from atomic context"
In reply to: Greg KH: "Re: Linux 4.4.34"
Next in thread: Greg KH: "Re: Linux 4.4.34"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]