Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932523AbcKVROK (ORCPT <rfc822;w@1wt.eu>);
        Tue, 22 Nov 2016 12:14:10 -0500
Received: from mail-io0-f171.google.com ([209.85.223.171]:36649 "EHLO
        mail-io0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932411AbcKVROI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 22 Nov 2016 12:14:08 -0500
MIME-Version: 1.0
In-Reply-To: <20161122170654.GA20022@kroah.com>
References: <20161121092855.GA20976@kroah.com> <20161122165912.GA19939@tuebingen.mpg.de>
 <20161122170654.GA20022@kroah.com>
From: Eric Dumazet <edumazet@google.com>
Date: Tue, 22 Nov 2016 09:14:06 -0800
Message-ID: <CANn89iJCkHxOpE3TW8+gW8+UCVvT0mY8y8j_GJC1GK0i05dgbg@mail.gmail.com>
Subject: Re: Linux 4.4.34
To: Greg KH <gregkh@linuxfoundation.org>
Cc: Andre Noll <maan@tuebingen.mpg.de>,
        LKML <linux-kernel@vger.kernel.org>, stable@vger.kernel.org,
        Jiri Slaby <jslaby@suse.cz>, Yibin Yang <yibyang@cisco.com>,
        Alexander Duyck <alexander.h.duyck@intel.com>,
        Willem de Bruijn <willemb@google.com>,
        Alexei Starovoitov <ast@kernel.org>,
        "David S. Miller" <davem@davemloft.net>
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1516
Lines: 39

On Tue, Nov 22, 2016 at 9:06 AM, Greg KH <gregkh@linuxfoundation.org> wrote:
> On Tue, Nov 22, 2016 at 05:59:12PM +0100, Andre Noll wrote:
>> On Mon, Nov 21, 10:28, Greg KH wrote
>> > I'm announcing the release of the 4.4.34 kernel.
>> >
>> > All users of the 4.4 kernel series must upgrade.
>>
>> This update broke PXE boot on our 4-way AMD boxes. The kernel panics in
>> eth_type_trans(), presumably during kernel-level IP autoconfiguration,
>> see [1]. Bisection points me at 5c67f947 (net: __skb_flow_dissect()
>> must cap its return value). And indeed, reverting this commit fixes
>> the problem for me.
>>
>> Investigation showed that the real problem is not the change in the
>> above commit per se (i.e., capping ->thoff) but the fact that in the
>> success case, where we jump to the "out_good" label, ->thoff is now
>> set *after* ->n_proto and ->ip_proto. I fail to see how order matters
>> here, but it clearly does, since the crash is 100% reproducible,
>> and is fixed by the commit below (on top of v4.4.34).
>>
>> Please consider applying something like the patch below for mainline
>> and -stable.
>
> If this issue is also the same for Linus's tree, we should cc: netdev so
> that the patch can get into there, right?
>
> thanks,
>
> greg k-h

We definitely want to fix the real bug, not working around it.

Seems an aliasing problem, key_control and key_basic might point to
adjacent memory
and a barrier() would solve the issue as well.

Adding a test in fast path looks overkill to me.

Thanks.