[PATCH RT 05/10] net: add back the missing serialization in ip_send_unicast_reply()

2016-09-22 Thread Steven Rostedt 
3.14.79-rt85-rc1 stable review patch.
If anyone has any objections, please let me know.

--

From: Sebastian Andrzej Siewior 

Some time ago Sami Pietikainen reported a crash on -RT in
ip_send_unicast_reply() which was later fixed by Nicholas Mc Guire
(v3.12.8-rt11). Later (v3.18.8) the code was reworked and I dropped the
patch. As it turns out it was mistake.
I have reports that the same crash is possible with a similar backtrace.
It seems that vanilla protects access to this_cpu_ptr() via
local_bh_disable(). This does not work the on -RT since we can have
NET_RX and NET_TX running in parallel on the same CPU.
This is brings back the old locks.

|Unable to handle kernel NULL pointer dereference at virtual address 0010
|PC is at __ip_make_skb+0x198/0x3e8
|[] (__ip_make_skb) from [] 
(ip_push_pending_frames+0x20/0x40)
|[] (ip_push_pending_frames) from [] 
(ip_send_unicast_reply+0x210/0x22c)
|[] (ip_send_unicast_reply) from [] 
(tcp_v4_send_reset+0x190/0x1c0)
|[] (tcp_v4_send_reset) from [] (tcp_v4_do_rcv+0x22c/0x288)
|[] (tcp_v4_do_rcv) from [] (release_sock+0xb4/0x150)
|[] (release_sock) from [] (tcp_close+0x240/0x454)
|[] (tcp_close) from [] (inet_release+0x74/0x7c)
|[] (inet_release) from [] (sock_release+0x30/0xb0)
|[] (sock_release) from [] (sock_close+0x1c/0x24)
|[] (sock_close) from [] (__fput+0xe8/0x20c)
|[] (__fput) from [] (fput+0x18/0x1c)
|[] (fput) from [] (task_work_run+0xa4/0xb8)
|[] (task_work_run) from [] (do_work_pending+0xd0/0xe4)
|[] (do_work_pending) from [] (work_pending+0xc/0x20)
|Code: e3530001 8a01 e3a00040 ea11 (e5973010)

Cc: stable...@vger.kernel.org
Signed-off-by: Sebastian Andrzej Siewior 
Signed-off-by: Steven Rostedt 
---
 net/ipv4/tcp_ipv4.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 1b2a53e625cc..ded5b34eba27 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -62,6 +62,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -573,6 +574,7 @@ void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
 }
 EXPORT_SYMBOL(tcp_v4_send_check);
 
+static DEFINE_LOCAL_IRQ_LOCK(tcp_sk_lock);
 /*
  * This routine will send an RST to the other tcp.
  *
@@ -691,9 +693,12 @@ static void tcp_v4_send_reset(struct sock *sk, struct 
sk_buff *skb)
 
net = dev_net(skb_dst(skb)->dev);
arg.tos = ip_hdr(skb)->tos;
+
+   local_lock(tcp_sk_lock);
ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
  skb, ip_hdr(skb)->saddr,
  ip_hdr(skb)->daddr, , arg.iov[0].iov_len);
+   local_unlock(tcp_sk_lock);
 
TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
@@ -775,9 +780,11 @@ static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, 
u32 ack,
if (oif)
arg.bound_dev_if = oif;
arg.tos = tos;
+   local_lock(tcp_sk_lock);
ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
  skb, ip_hdr(skb)->saddr,
  ip_hdr(skb)->daddr, , arg.iov[0].iov_len);
+   local_unlock(tcp_sk_lock);
 
TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
 }
-- 
2.8.1

[PATCH RT 05/10] net: add back the missing serialization in ip_send_unicast_reply()

2016-09-22 Thread Steven Rostedt 
3.14.79-rt85-rc1 stable review patch.
If anyone has any objections, please let me know.

--

From: Sebastian Andrzej Siewior 

Some time ago Sami Pietikainen reported a crash on -RT in
ip_send_unicast_reply() which was later fixed by Nicholas Mc Guire
(v3.12.8-rt11). Later (v3.18.8) the code was reworked and I dropped the
patch. As it turns out it was mistake.
I have reports that the same crash is possible with a similar backtrace.
It seems that vanilla protects access to this_cpu_ptr() via
local_bh_disable(). This does not work the on -RT since we can have
NET_RX and NET_TX running in parallel on the same CPU.
This is brings back the old locks.

|Unable to handle kernel NULL pointer dereference at virtual address 0010
|PC is at __ip_make_skb+0x198/0x3e8
|[] (__ip_make_skb) from [] 
(ip_push_pending_frames+0x20/0x40)
|[] (ip_push_pending_frames) from [] 
(ip_send_unicast_reply+0x210/0x22c)
|[] (ip_send_unicast_reply) from [] 
(tcp_v4_send_reset+0x190/0x1c0)
|[] (tcp_v4_send_reset) from [] (tcp_v4_do_rcv+0x22c/0x288)
|[] (tcp_v4_do_rcv) from [] (release_sock+0xb4/0x150)
|[] (release_sock) from [] (tcp_close+0x240/0x454)
|[] (tcp_close) from [] (inet_release+0x74/0x7c)
|[] (inet_release) from [] (sock_release+0x30/0xb0)
|[] (sock_release) from [] (sock_close+0x1c/0x24)
|[] (sock_close) from [] (__fput+0xe8/0x20c)
|[] (__fput) from [] (fput+0x18/0x1c)
|[] (fput) from [] (task_work_run+0xa4/0xb8)
|[] (task_work_run) from [] (do_work_pending+0xd0/0xe4)
|[] (do_work_pending) from [] (work_pending+0xc/0x20)
|Code: e3530001 8a01 e3a00040 ea11 (e5973010)

Cc: stable...@vger.kernel.org
Signed-off-by: Sebastian Andrzej Siewior 
Signed-off-by: Steven Rostedt 
---
 net/ipv4/tcp_ipv4.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 1b2a53e625cc..ded5b34eba27 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -62,6 +62,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -573,6 +574,7 @@ void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
 }
 EXPORT_SYMBOL(tcp_v4_send_check);
 
+static DEFINE_LOCAL_IRQ_LOCK(tcp_sk_lock);
 /*
  * This routine will send an RST to the other tcp.
  *
@@ -691,9 +693,12 @@ static void tcp_v4_send_reset(struct sock *sk, struct 
sk_buff *skb)
 
net = dev_net(skb_dst(skb)->dev);
arg.tos = ip_hdr(skb)->tos;
+
+   local_lock(tcp_sk_lock);
ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
  skb, ip_hdr(skb)->saddr,
  ip_hdr(skb)->daddr, , arg.iov[0].iov_len);
+   local_unlock(tcp_sk_lock);
 
TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
@@ -775,9 +780,11 @@ static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, 
u32 ack,
if (oif)
arg.bound_dev_if = oif;
arg.tos = tos;
+   local_lock(tcp_sk_lock);
ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
  skb, ip_hdr(skb)->saddr,
  ip_hdr(skb)->daddr, , arg.iov[0].iov_len);
+   local_unlock(tcp_sk_lock);
 
TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
 }
-- 
2.8.1

[PATCH RT 05/10] net: add back the missing serialization in ip_send_unicast_reply()

2016-09-22 Thread Steven Rostedt 
3.18.42-rt45-rc1 stable review patch.
If anyone has any objections, please let me know.

--

From: Sebastian Andrzej Siewior 

Some time ago Sami Pietikainen reported a crash on -RT in
ip_send_unicast_reply() which was later fixed by Nicholas Mc Guire
(v3.12.8-rt11). Later (v3.18.8) the code was reworked and I dropped the
patch. As it turns out it was mistake.
I have reports that the same crash is possible with a similar backtrace.
It seems that vanilla protects access to this_cpu_ptr() via
local_bh_disable(). This does not work the on -RT since we can have
NET_RX and NET_TX running in parallel on the same CPU.
This is brings back the old locks.

|Unable to handle kernel NULL pointer dereference at virtual address 0010
|PC is at __ip_make_skb+0x198/0x3e8
|[] (__ip_make_skb) from [] 
(ip_push_pending_frames+0x20/0x40)
|[] (ip_push_pending_frames) from [] 
(ip_send_unicast_reply+0x210/0x22c)
|[] (ip_send_unicast_reply) from [] 
(tcp_v4_send_reset+0x190/0x1c0)
|[] (tcp_v4_send_reset) from [] (tcp_v4_do_rcv+0x22c/0x288)
|[] (tcp_v4_do_rcv) from [] (release_sock+0xb4/0x150)
|[] (release_sock) from [] (tcp_close+0x240/0x454)
|[] (tcp_close) from [] (inet_release+0x74/0x7c)
|[] (inet_release) from [] (sock_release+0x30/0xb0)
|[] (sock_release) from [] (sock_close+0x1c/0x24)
|[] (sock_close) from [] (__fput+0xe8/0x20c)
|[] (__fput) from [] (fput+0x18/0x1c)
|[] (fput) from [] (task_work_run+0xa4/0xb8)
|[] (task_work_run) from [] (do_work_pending+0xd0/0xe4)
|[] (do_work_pending) from [] (work_pending+0xc/0x20)
|Code: e3530001 8a01 e3a00040 ea11 (e5973010)

Cc: stable...@vger.kernel.org
Signed-off-by: Sebastian Andrzej Siewior 
Signed-off-by: Steven Rostedt 
---
 net/ipv4/tcp_ipv4.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 5d5390299277..7a9139da3854 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -62,6 +62,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -562,6 +563,7 @@ void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
 }
 EXPORT_SYMBOL(tcp_v4_send_check);
 
+static DEFINE_LOCAL_IRQ_LOCK(tcp_sk_lock);
 /*
  * This routine will send an RST to the other tcp.
  *
@@ -683,10 +685,13 @@ static void tcp_v4_send_reset(struct sock *sk, struct 
sk_buff *skb)
arg.bound_dev_if = sk->sk_bound_dev_if;
 
arg.tos = ip_hdr(skb)->tos;
+
+   local_lock(tcp_sk_lock);
ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
  skb, _SKB_CB(skb)->header.h4.opt,
  ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
  , arg.iov[0].iov_len);
+   local_unlock(tcp_sk_lock);
 
TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
@@ -768,10 +773,12 @@ static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, 
u32 ack,
if (oif)
arg.bound_dev_if = oif;
arg.tos = tos;
+   local_lock(tcp_sk_lock);
ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
  skb, _SKB_CB(skb)->header.h4.opt,
  ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
  , arg.iov[0].iov_len);
+   local_unlock(tcp_sk_lock);
 
TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
 }
-- 
2.8.1

[PATCH RT 05/10] net: add back the missing serialization in ip_send_unicast_reply()

2016-09-22 Thread Steven Rostedt 
3.18.42-rt45-rc1 stable review patch.
If anyone has any objections, please let me know.

--

From: Sebastian Andrzej Siewior 

Some time ago Sami Pietikainen reported a crash on -RT in
ip_send_unicast_reply() which was later fixed by Nicholas Mc Guire
(v3.12.8-rt11). Later (v3.18.8) the code was reworked and I dropped the
patch. As it turns out it was mistake.
I have reports that the same crash is possible with a similar backtrace.
It seems that vanilla protects access to this_cpu_ptr() via
local_bh_disable(). This does not work the on -RT since we can have
NET_RX and NET_TX running in parallel on the same CPU.
This is brings back the old locks.

|Unable to handle kernel NULL pointer dereference at virtual address 0010
|PC is at __ip_make_skb+0x198/0x3e8
|[] (__ip_make_skb) from [] 
(ip_push_pending_frames+0x20/0x40)
|[] (ip_push_pending_frames) from [] 
(ip_send_unicast_reply+0x210/0x22c)
|[] (ip_send_unicast_reply) from [] 
(tcp_v4_send_reset+0x190/0x1c0)
|[] (tcp_v4_send_reset) from [] (tcp_v4_do_rcv+0x22c/0x288)
|[] (tcp_v4_do_rcv) from [] (release_sock+0xb4/0x150)
|[] (release_sock) from [] (tcp_close+0x240/0x454)
|[] (tcp_close) from [] (inet_release+0x74/0x7c)
|[] (inet_release) from [] (sock_release+0x30/0xb0)
|[] (sock_release) from [] (sock_close+0x1c/0x24)
|[] (sock_close) from [] (__fput+0xe8/0x20c)
|[] (__fput) from [] (fput+0x18/0x1c)
|[] (fput) from [] (task_work_run+0xa4/0xb8)
|[] (task_work_run) from [] (do_work_pending+0xd0/0xe4)
|[] (do_work_pending) from [] (work_pending+0xc/0x20)
|Code: e3530001 8a01 e3a00040 ea11 (e5973010)

Cc: stable...@vger.kernel.org
Signed-off-by: Sebastian Andrzej Siewior 
Signed-off-by: Steven Rostedt 
---
 net/ipv4/tcp_ipv4.c | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 5d5390299277..7a9139da3854 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -62,6 +62,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 #include 
@@ -562,6 +563,7 @@ void tcp_v4_send_check(struct sock *sk, struct sk_buff *skb)
 }
 EXPORT_SYMBOL(tcp_v4_send_check);
 
+static DEFINE_LOCAL_IRQ_LOCK(tcp_sk_lock);
 /*
  * This routine will send an RST to the other tcp.
  *
@@ -683,10 +685,13 @@ static void tcp_v4_send_reset(struct sock *sk, struct 
sk_buff *skb)
arg.bound_dev_if = sk->sk_bound_dev_if;
 
arg.tos = ip_hdr(skb)->tos;
+
+   local_lock(tcp_sk_lock);
ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
  skb, _SKB_CB(skb)->header.h4.opt,
  ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
  , arg.iov[0].iov_len);
+   local_unlock(tcp_sk_lock);
 
TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
@@ -768,10 +773,12 @@ static void tcp_v4_send_ack(struct sk_buff *skb, u32 seq, 
u32 ack,
if (oif)
arg.bound_dev_if = oif;
arg.tos = tos;
+   local_lock(tcp_sk_lock);
ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
  skb, _SKB_CB(skb)->header.h4.opt,
  ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
  , arg.iov[0].iov_len);
+   local_unlock(tcp_sk_lock);
 
TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
 }
-- 
2.8.1

Re: [PATCH RT 05/10] net: add back the missing serialization in ip_send_unicast_reply()

2016-09-22 Thread Steven Rostedt 

And again. I need to fix quilt mail to handle this.

-- Steve


On Thu, 22 Sep 2016 17:57:52 -0400
Steven Rostedt  wrote:

> 4.1.33-rt38-rc1 stable review patch.
> If anyone has any objections, please let me know.
> 
> --
> 
> From: Sebastian Andrzej Siewior 
> 
> Some time ago Sami PietikÀinen reported a crash on -RT in
> ip_send_unicast_reply() which was later fixed by Nicholas Mc Guire
> (v3.12.8-rt11). Later (v3.18.8) the code was reworked and I dropped the
> patch. As it turns out it was mistake.
> I have reports that the same crash is possible with a similar backtrace.
> It seems that vanilla protects access to this_cpu_ptr() via
> local_bh_disable(). This does not work the on -RT since we can have
> NET_RX and NET_TX running in parallel on the same CPU.
> This is brings back the old locks.
> 
> |Unable to handle kernel NULL pointer dereference at virtual address 0010
> |PC is at __ip_make_skb+0x198/0x3e8
> |[] (__ip_make_skb) from [] 
> (ip_push_pending_frames+0x20/0x40)
> |[] (ip_push_pending_frames) from [] 
> (ip_send_unicast_reply+0x210/0x22c)
> |[] (ip_send_unicast_reply) from [] 
> (tcp_v4_send_reset+0x190/0x1c0)
> |[] (tcp_v4_send_reset) from [] 
> (tcp_v4_do_rcv+0x22c/0x288)
> |[] (tcp_v4_do_rcv) from [] (release_sock+0xb4/0x150)
> |[] (release_sock) from [] (tcp_close+0x240/0x454)
> |[] (tcp_close) from [] (inet_release+0x74/0x7c)
> |[] (inet_release) from [] (sock_release+0x30/0xb0)
> |[] (sock_release) from [] (sock_close+0x1c/0x24)
> |[] (sock_close) from [] (__fput+0xe8/0x20c)
> |[] (__fput) from [] (fput+0x18/0x1c)
> |[] (fput) from [] (task_work_run+0xa4/0xb8)
> |[] (task_work_run) from [] (do_work_pending+0xd0/0xe4)
> |[] (do_work_pending) from [] (work_pending+0xc/0x20)
> |Code: e3530001 8a01 e3a00040 ea11 (e5973010)
> 
> Cc: stable...@vger.kernel.org
> Signed-off-by: Sebastian Andrzej Siewior 
> Signed-off-by: Steven Rostedt 
> ---
>  net/ipv4/tcp_ipv4.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
> index 13b92d595138..6bfa68fb5f21 100644
> --- a/net/ipv4/tcp_ipv4.c
> +++ b/net/ipv4/tcp_ipv4.c
> @@ -62,6 +62,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  
>  #include 
>  #include 
> @@ -563,6 +564,7 @@ void tcp_v4_send_check(struct sock *sk, struct sk_buff 
> *skb)
>  }
>  EXPORT_SYMBOL(tcp_v4_send_check);
>  
> +static DEFINE_LOCAL_IRQ_LOCK(tcp_sk_lock);
>  /*
>   *   This routine will send an RST to the other tcp.
>   *
> @@ -684,10 +686,13 @@ static void tcp_v4_send_reset(struct sock *sk, struct 
> sk_buff *skb)
>   arg.bound_dev_if = sk->sk_bound_dev_if;
>  
>   arg.tos = ip_hdr(skb)->tos;
> +
> + local_lock(tcp_sk_lock);
>   ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
> skb, _SKB_CB(skb)->header.h4.opt,
> ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
> , arg.iov[0].iov_len);
> + local_unlock(tcp_sk_lock);
>  
>   TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
>   TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
> @@ -769,10 +774,12 @@ static void tcp_v4_send_ack(struct net *net,
>   if (oif)
>   arg.bound_dev_if = oif;
>   arg.tos = tos;
> + local_lock(tcp_sk_lock);
>   ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
> skb, _SKB_CB(skb)->header.h4.opt,
> ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
> , arg.iov[0].iov_len);
> + local_unlock(tcp_sk_lock);
>  
>   TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
>  }

Re: [PATCH RT 05/10] net: add back the missing serialization in ip_send_unicast_reply()

2016-09-22 Thread Steven Rostedt 

And again. I need to fix quilt mail to handle this.

-- Steve


On Thu, 22 Sep 2016 17:57:52 -0400
Steven Rostedt  wrote:

> 4.1.33-rt38-rc1 stable review patch.
> If anyone has any objections, please let me know.
> 
> --
> 
> From: Sebastian Andrzej Siewior 
> 
> Some time ago Sami PietikÀinen reported a crash on -RT in
> ip_send_unicast_reply() which was later fixed by Nicholas Mc Guire
> (v3.12.8-rt11). Later (v3.18.8) the code was reworked and I dropped the
> patch. As it turns out it was mistake.
> I have reports that the same crash is possible with a similar backtrace.
> It seems that vanilla protects access to this_cpu_ptr() via
> local_bh_disable(). This does not work the on -RT since we can have
> NET_RX and NET_TX running in parallel on the same CPU.
> This is brings back the old locks.
> 
> |Unable to handle kernel NULL pointer dereference at virtual address 0010
> |PC is at __ip_make_skb+0x198/0x3e8
> |[] (__ip_make_skb) from [] 
> (ip_push_pending_frames+0x20/0x40)
> |[] (ip_push_pending_frames) from [] 
> (ip_send_unicast_reply+0x210/0x22c)
> |[] (ip_send_unicast_reply) from [] 
> (tcp_v4_send_reset+0x190/0x1c0)
> |[] (tcp_v4_send_reset) from [] 
> (tcp_v4_do_rcv+0x22c/0x288)
> |[] (tcp_v4_do_rcv) from [] (release_sock+0xb4/0x150)
> |[] (release_sock) from [] (tcp_close+0x240/0x454)
> |[] (tcp_close) from [] (inet_release+0x74/0x7c)
> |[] (inet_release) from [] (sock_release+0x30/0xb0)
> |[] (sock_release) from [] (sock_close+0x1c/0x24)
> |[] (sock_close) from [] (__fput+0xe8/0x20c)
> |[] (__fput) from [] (fput+0x18/0x1c)
> |[] (fput) from [] (task_work_run+0xa4/0xb8)
> |[] (task_work_run) from [] (do_work_pending+0xd0/0xe4)
> |[] (do_work_pending) from [] (work_pending+0xc/0x20)
> |Code: e3530001 8a01 e3a00040 ea11 (e5973010)
> 
> Cc: stable...@vger.kernel.org
> Signed-off-by: Sebastian Andrzej Siewior 
> Signed-off-by: Steven Rostedt 
> ---
>  net/ipv4/tcp_ipv4.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
> index 13b92d595138..6bfa68fb5f21 100644
> --- a/net/ipv4/tcp_ipv4.c
> +++ b/net/ipv4/tcp_ipv4.c
> @@ -62,6 +62,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  
>  #include 
>  #include 
> @@ -563,6 +564,7 @@ void tcp_v4_send_check(struct sock *sk, struct sk_buff 
> *skb)
>  }
>  EXPORT_SYMBOL(tcp_v4_send_check);
>  
> +static DEFINE_LOCAL_IRQ_LOCK(tcp_sk_lock);
>  /*
>   *   This routine will send an RST to the other tcp.
>   *
> @@ -684,10 +686,13 @@ static void tcp_v4_send_reset(struct sock *sk, struct 
> sk_buff *skb)
>   arg.bound_dev_if = sk->sk_bound_dev_if;
>  
>   arg.tos = ip_hdr(skb)->tos;
> +
> + local_lock(tcp_sk_lock);
>   ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
> skb, _SKB_CB(skb)->header.h4.opt,
> ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
> , arg.iov[0].iov_len);
> + local_unlock(tcp_sk_lock);
>  
>   TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
>   TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
> @@ -769,10 +774,12 @@ static void tcp_v4_send_ack(struct net *net,
>   if (oif)
>   arg.bound_dev_if = oif;
>   arg.tos = tos;
> + local_lock(tcp_sk_lock);
>   ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
> skb, _SKB_CB(skb)->header.h4.opt,
> ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
> , arg.iov[0].iov_len);
> + local_unlock(tcp_sk_lock);
>  
>   TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
>  }

Re: [PATCH RT 05/10] net: add back the missing serialization in ip_send_unicast_reply()

2016-09-22 Thread Steven Rostedt 

This got rejected by vger.kernel.org because quilt mail can't handle
that funny symbol in Sami's name.

-- Steve


On Thu, 22 Sep 2016 17:47:57 -0400
Steven Rostedt  wrote:

> 4.4.21-rt31-rc1 stable review patch.
> If anyone has any objections, please let me know.
> 
> --
> 
> From: Sebastian Andrzej Siewior 
> 
> Some time ago Sami PietikÀinen reported a crash on -RT in
> ip_send_unicast_reply() which was later fixed by Nicholas Mc Guire
> (v3.12.8-rt11). Later (v3.18.8) the code was reworked and I dropped the
> patch. As it turns out it was mistake.
> I have reports that the same crash is possible with a similar backtrace.
> It seems that vanilla protects access to this_cpu_ptr() via
> local_bh_disable(). This does not work the on -RT since we can have
> NET_RX and NET_TX running in parallel on the same CPU.
> This is brings back the old locks.
> 
> |Unable to handle kernel NULL pointer dereference at virtual address 0010
> |PC is at __ip_make_skb+0x198/0x3e8
> |[] (__ip_make_skb) from [] 
> (ip_push_pending_frames+0x20/0x40)
> |[] (ip_push_pending_frames) from [] 
> (ip_send_unicast_reply+0x210/0x22c)
> |[] (ip_send_unicast_reply) from [] 
> (tcp_v4_send_reset+0x190/0x1c0)
> |[] (tcp_v4_send_reset) from [] 
> (tcp_v4_do_rcv+0x22c/0x288)
> |[] (tcp_v4_do_rcv) from [] (release_sock+0xb4/0x150)
> |[] (release_sock) from [] (tcp_close+0x240/0x454)
> |[] (tcp_close) from [] (inet_release+0x74/0x7c)
> |[] (inet_release) from [] (sock_release+0x30/0xb0)
> |[] (sock_release) from [] (sock_close+0x1c/0x24)
> |[] (sock_close) from [] (__fput+0xe8/0x20c)
> |[] (__fput) from [] (fput+0x18/0x1c)
> |[] (fput) from [] (task_work_run+0xa4/0xb8)
> |[] (task_work_run) from [] (do_work_pending+0xd0/0xe4)
> |[] (do_work_pending) from [] (work_pending+0xc/0x20)
> |Code: e3530001 8a01 e3a00040 ea11 (e5973010)
> 
> Cc: stable...@vger.kernel.org
> Signed-off-by: Sebastian Andrzej Siewior 
> Signed-off-by: Steven Rostedt 
> ---
>  net/ipv4/tcp_ipv4.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
> index 048418b049d8..7fcd8b60d751 100644
> --- a/net/ipv4/tcp_ipv4.c
> +++ b/net/ipv4/tcp_ipv4.c
> @@ -62,6 +62,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  
>  #include 
>  #include 
> @@ -566,6 +567,7 @@ void tcp_v4_send_check(struct sock *sk, struct sk_buff 
> *skb)
>  }
>  EXPORT_SYMBOL(tcp_v4_send_check);
>  
> +static DEFINE_LOCAL_IRQ_LOCK(tcp_sk_lock);
>  /*
>   *   This routine will send an RST to the other tcp.
>   *
> @@ -687,10 +689,13 @@ static void tcp_v4_send_reset(const struct sock *sk, 
> struct sk_buff *skb)
>   arg.bound_dev_if = sk->sk_bound_dev_if;
>  
>   arg.tos = ip_hdr(skb)->tos;
> +
> + local_lock(tcp_sk_lock);
>   ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
> skb, _SKB_CB(skb)->header.h4.opt,
> ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
> , arg.iov[0].iov_len);
> + local_unlock(tcp_sk_lock);
>  
>   TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
>   TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
> @@ -772,10 +777,12 @@ static void tcp_v4_send_ack(struct net *net,
>   if (oif)
>   arg.bound_dev_if = oif;
>   arg.tos = tos;
> + local_lock(tcp_sk_lock);
>   ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
> skb, _SKB_CB(skb)->header.h4.opt,
> ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
> , arg.iov[0].iov_len);
> + local_unlock(tcp_sk_lock);
>  
>   TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
>  }

Re: [PATCH RT 05/10] net: add back the missing serialization in ip_send_unicast_reply()

2016-09-22 Thread Steven Rostedt 

This got rejected by vger.kernel.org because quilt mail can't handle
that funny symbol in Sami's name.

-- Steve


On Thu, 22 Sep 2016 17:47:57 -0400
Steven Rostedt  wrote:

> 4.4.21-rt31-rc1 stable review patch.
> If anyone has any objections, please let me know.
> 
> --
> 
> From: Sebastian Andrzej Siewior 
> 
> Some time ago Sami PietikÀinen reported a crash on -RT in
> ip_send_unicast_reply() which was later fixed by Nicholas Mc Guire
> (v3.12.8-rt11). Later (v3.18.8) the code was reworked and I dropped the
> patch. As it turns out it was mistake.
> I have reports that the same crash is possible with a similar backtrace.
> It seems that vanilla protects access to this_cpu_ptr() via
> local_bh_disable(). This does not work the on -RT since we can have
> NET_RX and NET_TX running in parallel on the same CPU.
> This is brings back the old locks.
> 
> |Unable to handle kernel NULL pointer dereference at virtual address 0010
> |PC is at __ip_make_skb+0x198/0x3e8
> |[] (__ip_make_skb) from [] 
> (ip_push_pending_frames+0x20/0x40)
> |[] (ip_push_pending_frames) from [] 
> (ip_send_unicast_reply+0x210/0x22c)
> |[] (ip_send_unicast_reply) from [] 
> (tcp_v4_send_reset+0x190/0x1c0)
> |[] (tcp_v4_send_reset) from [] 
> (tcp_v4_do_rcv+0x22c/0x288)
> |[] (tcp_v4_do_rcv) from [] (release_sock+0xb4/0x150)
> |[] (release_sock) from [] (tcp_close+0x240/0x454)
> |[] (tcp_close) from [] (inet_release+0x74/0x7c)
> |[] (inet_release) from [] (sock_release+0x30/0xb0)
> |[] (sock_release) from [] (sock_close+0x1c/0x24)
> |[] (sock_close) from [] (__fput+0xe8/0x20c)
> |[] (__fput) from [] (fput+0x18/0x1c)
> |[] (fput) from [] (task_work_run+0xa4/0xb8)
> |[] (task_work_run) from [] (do_work_pending+0xd0/0xe4)
> |[] (do_work_pending) from [] (work_pending+0xc/0x20)
> |Code: e3530001 8a01 e3a00040 ea11 (e5973010)
> 
> Cc: stable...@vger.kernel.org
> Signed-off-by: Sebastian Andrzej Siewior 
> Signed-off-by: Steven Rostedt 
> ---
>  net/ipv4/tcp_ipv4.c | 7 +++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
> index 048418b049d8..7fcd8b60d751 100644
> --- a/net/ipv4/tcp_ipv4.c
> +++ b/net/ipv4/tcp_ipv4.c
> @@ -62,6 +62,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  
>  #include 
>  #include 
> @@ -566,6 +567,7 @@ void tcp_v4_send_check(struct sock *sk, struct sk_buff 
> *skb)
>  }
>  EXPORT_SYMBOL(tcp_v4_send_check);
>  
> +static DEFINE_LOCAL_IRQ_LOCK(tcp_sk_lock);
>  /*
>   *   This routine will send an RST to the other tcp.
>   *
> @@ -687,10 +689,13 @@ static void tcp_v4_send_reset(const struct sock *sk, 
> struct sk_buff *skb)
>   arg.bound_dev_if = sk->sk_bound_dev_if;
>  
>   arg.tos = ip_hdr(skb)->tos;
> +
> + local_lock(tcp_sk_lock);
>   ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
> skb, _SKB_CB(skb)->header.h4.opt,
> ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
> , arg.iov[0].iov_len);
> + local_unlock(tcp_sk_lock);
>  
>   TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
>   TCP_INC_STATS_BH(net, TCP_MIB_OUTRSTS);
> @@ -772,10 +777,12 @@ static void tcp_v4_send_ack(struct net *net,
>   if (oif)
>   arg.bound_dev_if = oif;
>   arg.tos = tos;
> + local_lock(tcp_sk_lock);
>   ip_send_unicast_reply(*this_cpu_ptr(net->ipv4.tcp_sk),
> skb, _SKB_CB(skb)->header.h4.opt,
> ip_hdr(skb)->saddr, ip_hdr(skb)->daddr,
> , arg.iov[0].iov_len);
> + local_unlock(tcp_sk_lock);
>  
>   TCP_INC_STATS_BH(net, TCP_MIB_OUTSEGS);
>  }