Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp6675328yba;
        Wed, 1 May 2019 17:49:39 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzPSJ9XYtQket9cSTSXndw6mKjB8WdkPV3fCqKlTVwMDYXWBUGDRFSdyqF29ISIAUdklC2F
X-Received: by 2002:a63:8b4b:: with SMTP id j72mr956529pge.318.1556758178978;
        Wed, 01 May 2019 17:49:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1556758178; cv=none;
        d=google.com; s=arc-20160816;
        b=uyOUa/g+JWCn61lU7kQunpyGrtOOzoGNtXhbCgC1csVA5OioUYDJsaSAqmDI7DFBEW
         88ynGq5RsQdEuPiXZbyL79c5eXCG3M3fUoOLmJja52LDO0qP3dhyec91PJ5JxqUo1YpO
         4E/GBFN1SLQir11IaPOM5Ao+2CQbsTKDOblXGhTJ8EGa10+Zh7XtX76LlyuI/6Xe51cH
         28Wpw2CbFwu+Tzy5aWBpqXOOTSvh4seI3QE4dEXaCX2Ki72/1GfUDnw26l8UpnEVQSJs
         ysb27Rf+RFTdBaSFsk8icfGhQFdsCJjOhmM+xSRrpiJeuCT0iXBTRw/Z3mvuf+vivk5Q
         26tw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:dkim-signature;
        bh=zgtlpUluE15XFZp7lLxAuNyJeOtodD5ENmV00jQLwaM=;
        b=kSpLTN75hp65naaFS4T736VwXQjOG92gAxq82JYgbER1vl/nbpo0bhn/UqA1MaX0MW
         cIO22LxXxCN7kZNFqs6KsY3Td1Qd4xXDFJdfrwWOJfpIYrgUZ3MND1emOs6UGXtjyUc4
         bnIjr819/kQVvZJKaD08ZvW9znImry44hES7MkfrIYgQQPnFSZgJ+0IKbCj8F/e6VgtL
         0Jax/avpG1lm37cDiMAsA5AwhY2os5nhdFS/Qp4Q0tgr04AVKqqJqp9aBSh1z9fK5tRJ
         uy2fkIMjKJWe9ILvaTs6zrmzrvR5GhXepXU87sm+mQt5CBohM53oH4jmOGC//XjCldae
         UOjg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=OFpuR83N;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id s9si42026043plr.17.2019.05.01.17.49.23;
        Wed, 01 May 2019 17:49:38 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20161025 header.b=OFpuR83N;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726278AbfEBAsb (ORCPT <rfc822;charleyewang@gmail.com>
        + 99 others); Wed, 1 May 2019 20:48:31 -0400
Received: from mail-pf1-f193.google.com ([209.85.210.193]:42078 "EHLO
        mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726152AbfEBAsb (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 1 May 2019 20:48:31 -0400
Received: by mail-pf1-f193.google.com with SMTP id w25so245686pfi.9;
        Wed, 01 May 2019 17:48:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=zgtlpUluE15XFZp7lLxAuNyJeOtodD5ENmV00jQLwaM=;
        b=OFpuR83Np2ZHuYo1i9jf55GwlEXwD5YoeeAHb/aWd/gPrHw3+t/QGBBpAYUT4zb84G
         daPs1WLFCwxlkBfTKAYTP/PSRkSpaBWe74oLbDl+bPHwetJipbwsnd0SaErnxmExuz7V
         vAPhvOK+ANONizglQKcKTlDFeG7Ik18eqPMYHkZ+z5pENqCRD3/hLiQS+skuTz/uskjb
         3kwwzM97v6/3QAzJ0A6lf2mZMpCXNvSUV8vod34LFB42eIkazL7LXW+9ea3vy+KXJahj
         kvzpIQYudeNE5pJ8fGhparkGFD21VuVC2Z79mEnOrCG9kywYC8HwbA5KJtlnxK+pD9S+
         45/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=zgtlpUluE15XFZp7lLxAuNyJeOtodD5ENmV00jQLwaM=;
        b=IMHw5shf5uRF8y0skGPBW7eRi+RRqoYgMWm7h8J9NniKvUfcchJ0kGj/FuwnY6r4pS
         W00ftadhjGD1/gKH8f4rECM+XnmoP8T9M1cOIBhFczvuPl7sSpGo5dnKFHPPfk6oQ/NT
         qyIAmwgZwjIlRkwZoybHY0XesCsl1jyBz8XYVux9L5lFeAGSrIZrtEt5u3OQJdes2HlT
         CWaITLF93ff22has9e8b8d3hwac+TH78zl8Vs/RxyrFntYNaEVl3Td3VRHHXU4Ll4tAP
         i3coQGEoNgsSBOghtf4TGbRU051wcb211gX4SjMDpdJTFVYx7tqp6KiAw7kdmN6aGmSp
         SxSA==
X-Gm-Message-State: APjAAAXC8qw30EyoaJMWBeZVoWHNi2xH37oA5MNBlDbb0wNQVo7/FKm1
        ftkgV6nrBSsyqf3a908PKTBMgDBnJ1ZOGAbS7/c=
X-Received: by 2002:a62:e101:: with SMTP id q1mr965126pfh.160.1556758110283;
 Wed, 01 May 2019 17:48:30 -0700 (PDT)
MIME-Version: 1.0
References: <20190429173805.4455-1-mcroce@redhat.com> <CAM_iQpXB83o+Nnbef8-h_8cg6rTVZn194uZvP1-VKPcJ+xMEjA@mail.gmail.com>
 <CAGnkfhzPZjqnemq+Sh=pAQPsoadYD2UYfdVf8UHt-Dd7gqhVOg@mail.gmail.com>
In-Reply-To: <CAGnkfhzPZjqnemq+Sh=pAQPsoadYD2UYfdVf8UHt-Dd7gqhVOg@mail.gmail.com>
From:   Cong Wang <xiyou.wangcong@gmail.com>
Date:   Wed, 1 May 2019 17:48:19 -0700
Message-ID: <CAM_iQpXNdZPAWiGuwRGhgX4WdRGEwVnax5VyMrXZ+hM9xhhzCQ@mail.gmail.com>
Subject: Re: [PATCH net] cls_matchall: avoid panic when receiving a packet
 before filter set
To:     Matteo Croce <mcroce@redhat.com>
Cc:     Vlad Buslov <vladbu@mellanox.com>,
        Linux Kernel Network Developers <netdev@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        Jamal Hadi Salim <jhs@mojatatu.com>,
        Jiri Pirko <jiri@resnulli.us>,
        "David S. Miller" <davem@davemloft.net>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, May 1, 2019 at 2:27 AM Matteo Croce <mcroce@redhat.com> wrote:
>
> On Tue, Apr 30, 2019 at 11:25 PM Cong Wang <xiyou.wangcong@gmail.com> wrote:
> >
> > On Mon, Apr 29, 2019 at 10:38 AM Matteo Croce <mcroce@redhat.com> wrote:
> > >
> > > When a matchall classifier is added, there is a small time interval in
> > > which tp->root is NULL. If we receive a packet in this small time slice
> > > a NULL pointer dereference will happen, leading to a kernel panic:
> >
> > Hmm, why not just check tp->root against NULL in mall_classify()?
> >
> > Also, which is the offending commit here? Please add a Fixes: tag.
> >
> > Thanks.
>
> Hi,
>
> I just want to avoid an extra check which would be made for every packet.
> Probably the benefit over a check is negligible, but it's still a
> per-packet thing.
> If you prefer a simple check, I can make a v2 that way.

Yeah, I think that is better, you can add an unlikely() for performance
concern, as NULL is a rare case.


>
> For the fixes tag, I didn't put it as I'm not really sure about the
> offending commit. I guess it's the following, what do you think?
>
> commit ed76f5edccc98fa66f2337f0b3b255d6e1a568b7
> Author: Vlad Buslov <vladbu@mellanox.com>
> Date:   Mon Feb 11 10:55:38 2019 +0200
>
>     net: sched: protect filter_chain list with filter_chain_lock mutex

I think you are right, this is the commit introduced the code
that inserts the tp before fully initializing it. Please Cc Vlad
for your v2, in case we blame a wrong commit here.


BTW, it looks like cls_cgroup needs a same fix. Please audit
other tc filters as well.

Thanks!