Re: [GIT] Networking

[Eric Dumazet]

On 8/6/20 2:39 PM, John Stultz wrote:
> On Wed, Aug 5, 2020 at 6:57 PM David Miller <davem@xxxxxxxxxxxxx> wrote:
>> There is a minor conflict in net/ipv6/ip6_flowlabel.c, it's because of
>> the commit that did the tree-wide removal of uninitialized_var().  The
>> resolution is simple, kill all of the conflict markers and content
>> within, and remove the uninitialized_var() marker that got moved
>> elsewhere in the file in the net-next tree.
>>
>> Otherwise, we have:
>>
>> 1) Support 6Ghz band in ath11k driver, from Rajkumar Manoharan.
>>
>> 2) Support UDP segmentation in code TSO code, from Eric Dumazet.
>>
>> 3) Allow flashing different flash images in cxgb4 driver, from Vishal
>>    Kulkarni.
>>
>> 4) Add drop frames counter and flow status to tc flower offloading,
>>    from Po Liu.
>>
>> 5) Support n-tuple filters in cxgb4, from Vishal Kulkarni.
>>
>> 6) Various new indirect call avoidance, from Eric Dumazet and Brian
>>    Vazquez.
>>
>> 7) Fix BPF verifier failures on 32-bit pointer arithmetic, from
>>    Yonghong Song.
>>
>> 8) Support querying and setting hardware address of a port function
>>    via devlink, use this in mlx5, from Parav Pandit.
>>
>> 9) Support hw ipsec offload on bonding slaves, from Jarod Wilson.
>>
>> 10) Switch qca8k driver over to phylink, from Jonathan McDowell.
>>
>> 11) In bpftool, show list of processes holding BPF FD references to
>>     maps, programs, links, and btf objects.  From Andrii Nakryiko.
>>
>> 12) Several conversions over to generic power management, from Vaibhav
>>     Gupta.
>>
>> 13) Add support for SO_KEEPALIVE et al. to bpf_setsockopt(), from
>>     Dmitry Yakunin.
>>
>> 14) Various https url conversions, from Alexander A. Klimov.
>>
>> 15) Timestamping and PHC support for mscc PHY driver, from Antoine
>>     Tenart.
>>
>> 16) Support bpf iterating over tcp and udp sockets, from Yonghong
>>     Song.
>>
>> 17) Support 5GBASE-T i40e NICs, from Aleksandr Loktionov.
>>
>> 18) Add kTLS RX HW offload support to mlx5e, from Tariq Toukan.
>>
>> 19) Fix the ->ndo_start_xmit() return type to be netdev_tx_t in several
>>     drivers.  From Luc Van Oostenryck.
>>
>> 20) XDP support for xen-netfront, from Denis Kirjanov.
>>
>> 21) Support receive buffer autotuning in MPTCP, from Florian Westphal.
>>
>> 22) Support EF100 chip in sfc driver, from Edward Cree.
>>
>> 23) Add XDP support to mvpp2 driver, from Matteo Croce.
>>
>> 24) Support MPTCP in sock_diag, from Paolo Abeni.
>>
>> 25) Commonize UDP tunnel offloading code by creating udp_tunnel_nic
>>     infrastructure, from Jakub Kicinski.
>>
>> 26) Several pci_ --> dma_ API conversions, from Christophe JAILLET.
>>
>> 27) Add FLOW_ACTION_POLICE support to mlxsw, from Ido Schimmel.
>>
>> 28) Add SK_LOOKUP bpf program type, from Jakub Sitnicki.
>>
>> 29) Refactor a lot of networking socket option handling code in
>>     order to avoid set_fs() calls, from Christoph Hellwig.
>>
>> 30) Add rfc4884 support to icmp code, from Willem de Bruijn.
>>
>> 31) Support TBF offload in dpaa2-eth driver, from Ioana Ciornei.
>>
>> 32) Support XDP_REDIRECT in qede driver, from Alexander Lobakin.
>>
>> 33) Support PCI relaxed ordering in mlx5 driver, from Aya Levin.
>>
>> 34) Support TCP syncookies in MPTCP, from Flowian Westphal.
>>
>> 35) Fix several tricky cases of PMTU handling wrt. briding, from
>>     Stefano Brivio.
>>
>> Please pull, thanks a lot!
>>
>> The following changes since commit ac3a0c8472969a03c0496ae774b3a29eb26c8d5a:
>>
>>   Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net (2020-08-01 16:47:24 -0700)
>>
>> are available in the Git repository at:
>>
>>   git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git
> 
> Hey David, All,
>   Just as a heads up, after net-next was merged into Linus' tree, I
> started hitting the following crash on boot on the Dragonboard 845c
> booting AOSP.
> 
> I've bisected it down to the net-next merge, but haven't bisected it
> further yet, as I still have a handful of (unrelated to networking)
> out of tree patches needed to boot the board.
> 
> [   19.709492] Unable to handle kernel access to user memory outside
> uaccess routines at virtual address 0000006f53337070
> [   19.726539] Mem abort info:
> [   19.726544]   ESR = 0x9600000f
> [   19.741323]   EC = 0x25: DABT (current EL), IL = 32 bits
> [   19.741326]   SET = 0, FnV = 0
> [   19.761185]   EA = 0, S1PTW = 0
> [   19.761188] Data abort info:
> [   19.761190]   ISV = 0, ISS = 0x0000000f
> [   19.761192]   CM = 0, WnR = 0
> [   19.761199] user pgtable: 4k pages, 39-bit VAs, pgdp=000000016e9e9000
> [   19.777584] [0000006f53337070] pgd=000000016e99e003,
> p4d=000000016e99e003, pud=000000016e99e003, pmd=000000016e99a003,
> pte=00e800016d3c7f53
> [   19.789205] Internal error: Oops: 9600000f [#1] PREEMPT SMP
> [   19.789211] Modules linked in:
> [   19.797153] CPU: 7 PID: 364 Comm: iptables-restor Tainted: G
> W         5.8.0-mainline-08255-gf9e74a8eb6f3 #3350
> [   19.797156] Hardware name: Thundercomm Dragonboard 845c (DT)
> [   19.797161] pstate: a0400005 (NzCv daif +PAN -UAO BTYPE=--)
> [   19.797177] pc : do_ipt_set_ctl+0x304/0x610
> [   19.807891] lr : do_ipt_set_ctl+0x50/0x610
> [   19.807894] sp : ffffffc0139bbba0
> [   19.807898] x29: ffffffc0139bbba0 x28: ffffff80f07a3800
> [   19.846468] x27: 0000000000000000 x26: 0000000000000000
> [   19.846472] x25: 0000000000000000 x24: 0000000000000698
> [   19.846476] x23: ffffffec8eb0cc80 x22: 0000000000000040
> [   19.846480] x21: b400006f53337070 x20: ffffffec8eb0c000
> [   19.846484] x19: ffffffec8e9e9000 x18: 0000000000000000
> [   19.846487] x17: 0000000000000000 x16: 0000000000000000
> [   19.846491] x15: 0000000000000000 x14: 0000000000000000
> [   19.846495] x13: 0000000000000000 x12: 0000000000000000
> [   19.846501] x11: 0000000000000000 x10: 0000000000000000
> [   19.856005] x9 : 0000000000000000 x8 : 0000000000000000
> [   19.856008] x7 : ffffffec8e9e9d08 x6 : 0000000000000000
> [   19.856012] x5 : 0000000000000000 x4 : 0000000000000213
> [   19.856015] x3 : 00000001ffdeffef x2 : 11ded3fb0bb85e00
> [   19.856019] x1 : 0000000000000027 x0 : 0000008000000000
> [   19.856024] Call trace:
> [   19.866319]  do_ipt_set_ctl+0x304/0x610
> [   19.866327]  nf_setsockopt+0x64/0xa8
> [   19.866332]  ip_setsockopt+0x21c/0x1710
> [   19.866338]  raw_setsockopt+0x50/0x1b8
> [   19.866347]  sock_common_setsockopt+0x50/0x68
> [   19.882672]  __sys_setsockopt+0x120/0x1c8
> [   19.882677]  __arm64_sys_setsockopt+0x30/0x40
> [   19.882686]  el0_svc_common.constprop.3+0x78/0x188
> [   19.882691]  do_el0_svc+0x80/0xa0
> [   19.882699]  el0_sync_handler+0x134/0x1a0
> [   19.901555]  el0_sync+0x140/0x180
> [   19.901564] Code: aa1503e0 97fffd3e 2a0003f5 17ffff80 (a9401ea6)
> [   19.901569] ---[ end trace 22010e9688ae248f ]---
> [   19.913033] Kernel panic - not syncing: Fatal exception
> [   19.913042] SMP: stopping secondary CPUs
> [   20.138885] Kernel Offset: 0x2c7d080000 from 0xffffffc010000000
> [   20.138887] PHYS_OFFSET: 0xfffffffa80000000
> [   20.138894] CPU features: 0x0040002,2a80a218
> [   20.138898] Memory Limit: none
> 
> I'll continue to work on bisecting this down further, but figured I'd
> share now as you or someone else might be able to tell whats wrong
> from the trace.
> 

Can you try at commit c2f12630c60ff33a9cafd221646053fc10ec59b6 ("netfilter: switch nf_setsockopt to sockptr_t") 
(and right before it)

do_replace(.... unsigned int len) ignore @len parameter.

This means that the access_ok() in init_user_sockptr() might have received a too small @size

Presumably on old kernels your command was silently failing.

Thanks.