Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932523AbcKVROK (ORCPT ); Tue, 22 Nov 2016 12:14:10 -0500 Received: from mail-io0-f171.google.com ([209.85.223.171]:36649 "EHLO mail-io0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932411AbcKVROI (ORCPT ); Tue, 22 Nov 2016 12:14:08 -0500 MIME-Version: 1.0 In-Reply-To: <20161122170654.GA20022@kroah.com> References: <20161121092855.GA20976@kroah.com> <20161122165912.GA19939@tuebingen.mpg.de> <20161122170654.GA20022@kroah.com> From: Eric Dumazet Date: Tue, 22 Nov 2016 09:14:06 -0800 Message-ID: Subject: Re: Linux 4.4.34 To: Greg KH Cc: Andre Noll , LKML , stable@vger.kernel.org, Jiri Slaby , Yibin Yang , Alexander Duyck , Willem de Bruijn , Alexei Starovoitov , "David S. Miller" Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1516 Lines: 39 On Tue, Nov 22, 2016 at 9:06 AM, Greg KH wrote: > On Tue, Nov 22, 2016 at 05:59:12PM +0100, Andre Noll wrote: >> On Mon, Nov 21, 10:28, Greg KH wrote >> > I'm announcing the release of the 4.4.34 kernel. >> > >> > All users of the 4.4 kernel series must upgrade. >> >> This update broke PXE boot on our 4-way AMD boxes. The kernel panics in >> eth_type_trans(), presumably during kernel-level IP autoconfiguration, >> see [1]. Bisection points me at 5c67f947 (net: __skb_flow_dissect() >> must cap its return value). And indeed, reverting this commit fixes >> the problem for me. >> >> Investigation showed that the real problem is not the change in the >> above commit per se (i.e., capping ->thoff) but the fact that in the >> success case, where we jump to the "out_good" label, ->thoff is now >> set *after* ->n_proto and ->ip_proto. I fail to see how order matters >> here, but it clearly does, since the crash is 100% reproducible, >> and is fixed by the commit below (on top of v4.4.34). >> >> Please consider applying something like the patch below for mainline >> and -stable. > > If this issue is also the same for Linus's tree, we should cc: netdev so > that the patch can get into there, right? > > thanks, > > greg k-h We definitely want to fix the real bug, not working around it. Seems an aliasing problem, key_control and key_basic might point to adjacent memory and a barrier() would solve the issue as well. Adding a test in fast path looks overkill to me. Thanks.