Re: Oops with CONFIG_VMAP_STCK and bond device + virtio-net

2016-12-06 Thread Cong Wang 
On Mon, Dec 5, 2016 at 3:53 PM, Laura Abbott  wrote:
> This looks like an issue with CONFIG_VMAP_STACK since bond_enslave uses
> struct sockaddr from the stack and virtnet_set_mac_address calls
> sg_init_one which triggers BUG_ON(!virt_addr_valid(buf));
>
> I know there have been a lot of CONFIG_VMAP_STACK fixes around but I
> didn't find this one reported yet.

Fixed by:

commit e37e2ff350a321ad9c36b588e76f34fbba305be6
Author: Andy Lutomirski 
Date:   Mon Dec 5 18:10:58 2016 -0800

virtio-net: Fix DMA-from-the-stack in virtnet_set_mac_address()

Oops with CONFIG_VMAP_STCK and bond device + virtio-net

2016-12-05 Thread Laura Abbott 
Hi,

Fedora got a bug report https://bugzilla.redhat.com/show_bug.cgi?id=1401612
In qemu with two virtio-net interfaces:

$ ip l
...
5: ens14:  mtu 1500 qdisc noop state DOWN mode DEFAULT 
group default qlen 1000
link/ether 52:54:00:e9:64:41 brd ff:ff:ff:ff:ff:ff
6: ens15:  mtu 1500 qdisc noop state DOWN mode DEFAULT 
group default qlen 1000
link/ether 52:54:00:e9:64:42 brd ff:ff:ff:ff:ff:ff

$ sudo ip link add bond1 type bond
$ sudo ip link set ens14 master bond1
Segmentation fault

 [ cut here ]
 kernel BUG at ./include/linux/scatterlist.h:140!
 invalid opcode:  [#1] SMP
 Modules linked in: bonding ip6t_rpfilter ip6t_REJECT nf_reject_ipv6 
xt_conntrack ip
  ata_generic crc32c_intel qxl drm_kms_helper virtio_pci serio_raw ttm drm 
pata_acpi
 CPU: 5 PID: 1983 Comm: ip Not tainted 4.9.0-0.rc6.git2.1.fc26.x86_64 #1
 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 0.0.0 02/06/2015
 task: 9d50a3583240 task.stack: b06e4104
 RIP: 0010:[]  [] sg_init_one+0x8c/0xa0
 RSP: 0018:b06e41043698  EFLAGS: 00010246
 RAX:  RBX: b06e41043774 RCX: 0028
 RDX: 131ec1043774 RSI: 0013 RDI: b06ec1043774
 RBP: b06e410436b0 R08: 001ddbe0 R09: b06e410436c8
 R10: 0001 R11:  R12: 0006
 R13: b06e410436c8 R14: 9d50b2dc1800 R15: 9d50b3db9600
 FS:  7f15347e5700() GS:9d50bb00() knlGS:
 CS:  0010 DS:  ES:  CR0: 80050033
 CR2: 7ffc09bc4000 CR3: 000135797000 CR4: 000406e0
 Stack:
  9d50b229d000  b06e41043772 b06e41043720
  c0051123 9d50a3583240 87654321 0002
     7b8f5301
 Call Trace:
  [] virtnet_set_mac_address+0xb3/0x140 [virtio_net]
  [] dev_set_mac_address+0x55/0xc0
  [] bond_enslave+0x34e/0x1180 [bonding]
  [] do_setlink+0x6cf/0xd10
  [] ? get_page_from_freelist+0x6ba/0xca0
  [] ? sched_clock+0x9/0x10
  [] ? kvm_sched_clock_read+0x25/0x40
  [] ? __lock_acquire+0x346/0x1290
  [] ? nla_parse+0xa6/0x120
  [] rtnl_newlink+0x5c8/0x870
  [] ? avc_has_perm_noaudit+0x32/0x210
  [] ? ns_capable_common+0x7a/0x90
  [] ? ns_capable+0x13/0x20
  [] rtnetlink_rcv_msg+0xe6/0x210
  [] ? rtnetlink_rcv+0x1b/0x40
  [] ? rtnetlink_rcv+0x1b/0x40
  [] ? rtnl_newlink+0x870/0x870
  [] netlink_rcv_skb+0xa4/0xc0
  [] rtnetlink_rcv+0x2a/0x40
  [] netlink_unicast+0x1f7/0x2f0
  [] ? netlink_unicast+0x16f/0x2f0
  [] netlink_sendmsg+0x302/0x3c0
  [] sock_sendmsg+0x38/0x50
  [] ___sys_sendmsg+0x2e3/0x2f0
  [] ? __audit_syscall_entry+0xad/0xf0
  [] ? kvm_sched_clock_read+0x25/0x40
  [] ? sched_clock+0x9/0x10
  [] ? __audit_syscall_entry+0xad/0xf0
  [] ? __audit_syscall_entry+0xad/0xf0
  [] ? trace_hardirqs_on_caller+0xf5/0x1b0
  [] __sys_sendmsg+0x54/0x90
  [] SyS_sendmsg+0x12/0x20
  [] do_syscall_64+0x6c/0x1f0
  [] entry_SYSCALL64_slow_path+0x25/0x25
 Code: ca 75 2c 49 8b 55 08 f6 c2 01 75 25 83 e2 03 81 e3 ff 0f 00 00 45 89 65 
14 48
 RIP  [] sg_init_one+0x8c/0xa0
  RSP 
 ---[ end trace 9076d2284efbf735 ]---

This looks like an issue with CONFIG_VMAP_STACK since bond_enslave uses
struct sockaddr from the stack and virtnet_set_mac_address calls
sg_init_one which triggers BUG_ON(!virt_addr_valid(buf));

I know there have been a lot of CONFIG_VMAP_STACK fixes around but I
didn't find this one reported yet.

Thanks,
Laura