Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp4141707pxb;
        Mon, 8 Feb 2021 08:54:26 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyExMNWUe07DS3A/k4V8IQU8J/ud1WKq1YjnXmVyqWAxuzO/kSOLkKqSCLsZ/nBJQoPREEe
X-Received: by 2002:a17:906:1712:: with SMTP id c18mr18094077eje.417.1612803266545;
        Mon, 08 Feb 2021 08:54:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1612803266; cv=none;
        d=google.com; s=arc-20160816;
        b=Z6qSKtTkXjPd3w/KCX9OBXywdJpCpnNZu5Ulo0JFjFBKm+/+riwy+d+ToaZrOyk0ni
         /mRBwZBJnBl8wmQF6MjW6553rRipDm4HnxWdofPNBcjJB3zm1S4jOg4E6K1zwdLXLdU7
         hDkazLEsBdD4TMSukzY97Fw2hEl/Im2QLQIivDJmy2OpPP+m4BHg+FVhLYCabnN7F25x
         gUOF7GvvsPQcMDxR/tldhecnVpx7cC44KhRMgnF5H7+9WxKONBPu811wYFEs5+tnJcOp
         xBkDNmJJ1kVrJyfO3YDHu4ENZzk4xSqLhGioefbpPhBgIA8RgEARSw1VPLFyynGdGTWD
         yjGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=rEC96U+VOQVrkkw2TpEzq27qVRJEUAxI9LBVYvtK7ow=;
        b=OtvNdA02AiQ/2/s0pnaACH2DtLZW3GMS3O6xk3b/3h5wWDuYdPvFWsXsL8BjdmFhjN
         H+vsZLgzJAYphR6a1Vw1eeZLqrxal7UbFBQCb8S09lgLMFNfvdrx43cNCbG50q9I4V9i
         Mtl6qKpIGxruRSwgSq2gZkJppANOHTZTi2rvE01IvkASixnE4722No8Q6jIFsbvXwdhK
         JWw43WCZ8JDTroXudB8PtiHUSzbyIYzpLdg1Ksk6tg2Ixwv+zaUewGtOVLZ4L+M59g50
         UCSG6iKd0a0XeYhsH9+uYF2KcL9SavG/5SOw0J3zCcdXi0ZVg10Y+iVLXHcIhbrmg5Qn
         tFPQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yHnLDMTV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id w11si11758973eju.458.2021.02.08.08.54.02;
        Mon, 08 Feb 2021 08:54:26 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=yHnLDMTV;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S233517AbhBHQuj (ORCPT <rfc822;lkml.email@gmail.com> + 99 others);
        Mon, 8 Feb 2021 11:50:39 -0500
Received: from mail.kernel.org ([198.145.29.99]:60022 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S233590AbhBHPRV (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 8 Feb 2021 10:17:21 -0500
Received: by mail.kernel.org (Postfix) with ESMTPSA id 6565E64ED9;
        Mon,  8 Feb 2021 15:11:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1612797115;
        bh=Qw10iDakeKlKSD45FkVc7ubZSlS3MT3oiOaDHsMZPnk=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=yHnLDMTVZFIVrJ+VyTMjNTvNAgFyruLNTXmeZ6RMB025jqVRsIwZvg5vtRSVk9rOl
         FJ25oIdCWj2dAyrsVuh06CWDpKveWKBvBTbZs97WcXeBjasrX823ODchN88d39FVNH
         /F8dYmdxmNuoE3h24e9GMYq07S1IeoxltfA34OGY=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Alexander Ovechkin <ovov@yandex-team.ru>,
        Alexander Kuznetsov <wwfq@yandex-team.ru>,
        Dmitry Monakhov <dmtrmonakhov@yandex-team.ru>,
        Dmitry Yakunin <zeil@yandex-team.ru>,
        Cong Wang <xiyou.wangcong@gmail.com>,
        Jakub Kicinski <kuba@kernel.org>
Subject: [PATCH 5.4 64/65] net: sched: replaced invalid qdisc tree flush helper in qdisc_replace
Date:   Mon,  8 Feb 2021 16:01:36 +0100
Message-Id: <20210208145812.696087611@linuxfoundation.org>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <20210208145810.230485165@linuxfoundation.org>
References: <20210208145810.230485165@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Alexander Ovechkin <ovov@yandex-team.ru>

commit 938e0fcd3253efdef8924714158911286d08cfe1 upstream.

Commit e5f0e8f8e456 ("net: sched: introduce and use qdisc tree flush/purge helpers")
introduced qdisc tree flush/purge helpers, but erroneously used flush helper
instead of purge helper in qdisc_replace function.
This issue was found in our CI, that tests various qdisc setups by configuring
qdisc and sending data through it. Call of invalid helper sporadically leads
to corruption of vt_tree/cf_tree of hfsc_class that causes kernel oops:

 Oops: 0000 [#1] SMP PTI
 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.11.0-8f6859df #1
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014
 RIP: 0010:rb_insert_color+0x18/0x190
 Code: c3 31 c0 c3 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 48 8b 07 48 85 c0 0f 84 05 01 00 00 48 8b 10 f6 c2 01 0f 85 34 01 00 00 <48> 8b 4a 08 49 89 d0 48 39 c1 74 7d 48 85 c9 74 32 f6 01 01 75 2d
 RSP: 0018:ffffc900000b8bb0 EFLAGS: 00010246
 RAX: ffff8881ef4c38b0 RBX: ffff8881d956e400 RCX: ffff8881ef4c38b0
 RDX: 0000000000000000 RSI: ffff8881d956f0a8 RDI: ffff8881d956e4b0
 RBP: 0000000000000000 R08: 000000d5c4e249da R09: 1600000000000000
 R10: ffffc900000b8be0 R11: ffffc900000b8b28 R12: 0000000000000001
 R13: 000000000000005a R14: ffff8881f0905000 R15: ffff8881f0387d00
 FS:  0000000000000000(0000) GS:ffff8881f8b00000(0000) knlGS:0000000000000000
 CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
 CR2: 0000000000000008 CR3: 00000001f4796004 CR4: 0000000000060ee0
 Call Trace:
  <IRQ>
  init_vf.isra.19+0xec/0x250 [sch_hfsc]
  hfsc_enqueue+0x245/0x300 [sch_hfsc]
  ? fib_rules_lookup+0x12a/0x1d0
  ? __dev_queue_xmit+0x4b6/0x930
  ? hfsc_delete_class+0x250/0x250 [sch_hfsc]
  __dev_queue_xmit+0x4b6/0x930
  ? ip6_finish_output2+0x24d/0x590
  ip6_finish_output2+0x24d/0x590
  ? ip6_output+0x6c/0x130
  ip6_output+0x6c/0x130
  ? __ip6_finish_output+0x110/0x110
  mld_sendpack+0x224/0x230
  mld_ifc_timer_expire+0x186/0x2c0
  ? igmp6_group_dropped+0x200/0x200
  call_timer_fn+0x2d/0x150
  run_timer_softirq+0x20c/0x480
  ? tick_sched_do_timer+0x60/0x60
  ? tick_sched_timer+0x37/0x70
  __do_softirq+0xf7/0x2cb
  irq_exit+0xa0/0xb0
  smp_apic_timer_interrupt+0x74/0x150
  apic_timer_interrupt+0xf/0x20
  </IRQ>

Fixes: e5f0e8f8e456 ("net: sched: introduce and use qdisc tree flush/purge helpers")
Signed-off-by: Alexander Ovechkin <ovov@yandex-team.ru>
Reported-by: Alexander Kuznetsov <wwfq@yandex-team.ru>
Acked-by: Dmitry Monakhov <dmtrmonakhov@yandex-team.ru>
Acked-by: Dmitry Yakunin <zeil@yandex-team.ru>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Link: https://lore.kernel.org/r/20210201200049.299153-1-ovov@yandex-team.ru
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 include/net/sch_generic.h |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
@@ -1158,7 +1158,7 @@ static inline struct Qdisc *qdisc_replac
 	old = *pold;
 	*pold = new;
 	if (old != NULL)
-		qdisc_tree_flush_backlog(old);
+		qdisc_purge_queue(old);
 	sch_tree_unlock(sch);
 
 	return old;