Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp4185129pxb; Mon, 8 Feb 2021 09:53:37 -0800 (PST) X-Google-Smtp-Source: ABdhPJzwxGcJeOLeZfYLU5pBYjVzV5Kxvjbtejg9UUrkjJ/QtX+Qg6BkUDFTeSlvKIYByPAWIjXy X-Received: by 2002:a19:385d:: with SMTP id d29mr7322747lfj.555.1612806817352; Mon, 08 Feb 2021 09:53:37 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1612806817; cv=none; d=google.com; s=arc-20160816; b=BsURlQABAkY9BykKvvskwqbv2eH7pk6+jeOoA8qnarzTmJWTos2ZA/vGTyzjrzeZfl B6we6txkEANXEVxvdoq+Uj0O1wUoZRVdx8oTI9JXSVfN8nfpXlso8TxdGv8ngMCUzg7H udRQqttR9KG6+VYl2alSnBt0Zg2nR2JL1U7Iv7KU0D5t6WOwo6hoaCqlhZ/AV1pyFgez RT5hk95C+EWL0YxJ3CzIblhgptec38oAcPZ7OLaDCRIUJm9iyG0NXyGAKWTtO+zCgELG nyP8HEhPGlZn5GXDYTSxF1L8zGTY5/K08+TJXEqdEjIi/JPcTqE2iVhLcKL+nuDf9FMz 39wA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=e5mSn6jcejw/R6nHY4iLlODHv38Rlo+nU9lAg+baR7c=; b=jCv1HnALSE5m1LGFW9FHRqNqdpYGexDiaai5rwJOrVF/FDsZ1NI9MviERc84OHhXa7 thStrLJ7FW+jPi7BnGB4u3xhAuV04mlyv01JYDcKmFBdRs4qQjRocz/EZKWPWNIirZDP 9oO0ssVLXOzMxjjm0+n4lOYvuH594jg2BmsqrijSfiJU/+hrt/WToi/z8oCVeMvAkKPI 4G3vZV/VhG7kzRq+7NX20ARQ6AKGsme6VmLN8X7Z4lx+iKKCtfE8TmW6+Pc7vVuK+BC0 3L8Ig58k02dRSnlS+SUqzB3xCXXbwzxjTurqG1YpxYUTvGOGbOEskFoVKP0XHkWronoy Bj0g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aS0PBWkT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id m19si13632667edd.458.2021.02.08.09.53.12; Mon, 08 Feb 2021 09:53:37 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=aS0PBWkT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232037AbhBHRuZ (ORCPT + 99 others); Mon, 8 Feb 2021 12:50:25 -0500 Received: from mail.kernel.org ([198.145.29.99]:37828 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S233950AbhBHPcA (ORCPT ); Mon, 8 Feb 2021 10:32:00 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id ED53364F3F; Mon, 8 Feb 2021 15:17:46 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1612797467; bh=lMZ3lImxeRs+GZ78Yf6enKngygz8zpWXwEO7ZCCpzIg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aS0PBWkT0eoj2SOkXH2Z3mRIIK3b5wjPWn2b6S+BHPUQY+RKkrva1wTBWSEjlZ5Ou i9PHDjNmq13hDRS98PrvzSQTtfoHiCU+tPtiVQ6LJyYw2zFD0p5bQTr+LYK0RO9c7J tf1ObPdNaOArHZC98tMVhnJMEDG2cu8WRyuRKccI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Alexander Ovechkin , Alexander Kuznetsov , Dmitry Monakhov , Dmitry Yakunin , Cong Wang , Jakub Kicinski Subject: [PATCH 5.10 120/120] net: sched: replaced invalid qdisc tree flush helper in qdisc_replace Date: Mon, 8 Feb 2021 16:01:47 +0100 Message-Id: <20210208145823.161661750@linuxfoundation.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210208145818.395353822@linuxfoundation.org> References: <20210208145818.395353822@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Alexander Ovechkin commit 938e0fcd3253efdef8924714158911286d08cfe1 upstream. Commit e5f0e8f8e456 ("net: sched: introduce and use qdisc tree flush/purge helpers") introduced qdisc tree flush/purge helpers, but erroneously used flush helper instead of purge helper in qdisc_replace function. This issue was found in our CI, that tests various qdisc setups by configuring qdisc and sending data through it. Call of invalid helper sporadically leads to corruption of vt_tree/cf_tree of hfsc_class that causes kernel oops: Oops: 0000 [#1] SMP PTI CPU: 1 PID: 0 Comm: swapper/1 Not tainted 5.11.0-8f6859df #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org 04/01/2014 RIP: 0010:rb_insert_color+0x18/0x190 Code: c3 31 c0 c3 0f 1f 40 00 66 2e 0f 1f 84 00 00 00 00 00 48 8b 07 48 85 c0 0f 84 05 01 00 00 48 8b 10 f6 c2 01 0f 85 34 01 00 00 <48> 8b 4a 08 49 89 d0 48 39 c1 74 7d 48 85 c9 74 32 f6 01 01 75 2d RSP: 0018:ffffc900000b8bb0 EFLAGS: 00010246 RAX: ffff8881ef4c38b0 RBX: ffff8881d956e400 RCX: ffff8881ef4c38b0 RDX: 0000000000000000 RSI: ffff8881d956f0a8 RDI: ffff8881d956e4b0 RBP: 0000000000000000 R08: 000000d5c4e249da R09: 1600000000000000 R10: ffffc900000b8be0 R11: ffffc900000b8b28 R12: 0000000000000001 R13: 000000000000005a R14: ffff8881f0905000 R15: ffff8881f0387d00 FS: 0000000000000000(0000) GS:ffff8881f8b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000008 CR3: 00000001f4796004 CR4: 0000000000060ee0 Call Trace: init_vf.isra.19+0xec/0x250 [sch_hfsc] hfsc_enqueue+0x245/0x300 [sch_hfsc] ? fib_rules_lookup+0x12a/0x1d0 ? __dev_queue_xmit+0x4b6/0x930 ? hfsc_delete_class+0x250/0x250 [sch_hfsc] __dev_queue_xmit+0x4b6/0x930 ? ip6_finish_output2+0x24d/0x590 ip6_finish_output2+0x24d/0x590 ? ip6_output+0x6c/0x130 ip6_output+0x6c/0x130 ? __ip6_finish_output+0x110/0x110 mld_sendpack+0x224/0x230 mld_ifc_timer_expire+0x186/0x2c0 ? igmp6_group_dropped+0x200/0x200 call_timer_fn+0x2d/0x150 run_timer_softirq+0x20c/0x480 ? tick_sched_do_timer+0x60/0x60 ? tick_sched_timer+0x37/0x70 __do_softirq+0xf7/0x2cb irq_exit+0xa0/0xb0 smp_apic_timer_interrupt+0x74/0x150 apic_timer_interrupt+0xf/0x20 Fixes: e5f0e8f8e456 ("net: sched: introduce and use qdisc tree flush/purge helpers") Signed-off-by: Alexander Ovechkin Reported-by: Alexander Kuznetsov Acked-by: Dmitry Monakhov Acked-by: Dmitry Yakunin Acked-by: Cong Wang Link: https://lore.kernel.org/r/20210201200049.299153-1-ovov@yandex-team.ru Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman --- include/net/sch_generic.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/include/net/sch_generic.h +++ b/include/net/sch_generic.h @@ -1155,7 +1155,7 @@ static inline struct Qdisc *qdisc_replac old = *pold; *pold = new; if (old != NULL) - qdisc_tree_flush_backlog(old); + qdisc_purge_queue(old); sch_tree_unlock(sch); return old;