• Hangbin Liu's avatar
    net_sched: Fix missing res info when create new tc_index filter · e125b1cc
    Hangbin Liu authored
    [ Upstream commit 008369dcc5f7bfba526c98054f8525322acf0ea3 ]
    
    Li Shuang reported the following warn:
    
    [  733.484610] WARNING: CPU: 6 PID: 21123 at net/sched/sch_cbq.c:1418 cbq_destroy_class+0x5d/0x70 [sch_cbq]
    [  733.495190] Modules linked in: sch_cbq cls_tcindex sch_dsmark rpcsec_gss_krb5 auth_rpcgss nfsv4 dns_resolver nfs lockd grace fscache xt_CHECKSUM iptable_mangle ipt_MASQUERADE iptable_nat l
    [  733.574155]  syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm igb ixgbe ahci libahci i2c_algo_bit libata i40e i2c_core dca mdio megaraid_sas dm_mirror dm_region_hash dm_log dm_mod
    [  733.592500] CPU: 6 PID: 21123 Comm: tc Not tainted 4.18.0-rc8.latest+ #131
    [  733.600169] Hardware name: Dell Inc. PowerEdge R730/0WCJNT, BIOS 2.1.5 04/11/2016
    [  733.608518] RIP: 0010:cbq_destroy_class+0x5d/0x70 [sch_cbq]
    [  733.614734] Code: e7 d9 d2 48 8b 7b 48 e8 61 05 da d2 48 8d bb f8 00 00 00 e8 75 ae d5 d2 48 39 eb 74 0a 48 89 df 5b 5d e9 16 6c 94 d2 5b 5d c3 <0f> 0b eb b6 0f 1f 44 00 00 66 2e 0f 1f 84
    [  733.635798] RSP: 0018:ffffbfbb066bb9d8 EFLAGS: 00010202
    [  733.641627] RAX: 0000000000000001 RBX: ffff9cdd17392800 RCX: 000000008010000f
    [  733.649588] RDX: ffff9cdd1df547e0 RSI: ffff9cdd17392800 RDI: ffff9cdd0f84c800
    [  733.657547] RBP: ffff9cdd0f84c800 R08: 0000000000000001 R09: 0000000000000000
    [  733.665508] R10: ffff9cdd0f84d000 R11: 0000000000000001 R12: 0000000000000001
    [  733.673469] R13: 0000000000000000 R14: 0000000000000001 R15: ffff9cdd17392200
    [  733.681430] FS:  00007f911890a740(0000) GS:ffff9cdd1f8c0000(0000) knlGS:0000000000000000
    [  733.690456] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [  733.696864] CR2: 0000000000b5544c CR3: 0000000859374002 CR4: 00000000001606e0
    [  733.704826] Call Trace:
    [  733.707554]  cbq_destroy+0xa1/0xd0 [sch_cbq]
    [  733.712318]  qdisc_destroy+0x62/0x130
    [  733.716401]  dsmark_destroy+0x2a/0x70 [sch_dsmark]
    [  733.721745]  qdisc_destroy+0x62/0x130
    [  733.725829]  qdisc_graft+0x3ba/0x470
    [  733.729817]  tc_get_qdisc+0x2a6/0x2c0
    [  733.733901]  ? cred_has_capability+0x7d/0x130
    [  733.738761]  rtnetlink_rcv_msg+0x263/0x2d0
    [  733.743330]  ? rtnl_calcit.isra.30+0x110/0x110
    [  733.748287]  netlink_rcv_skb+0x4d/0x130
    [  733.752576]  netlink_unicast+0x1a3/0x250
    [  733.756949]  netlink_sendmsg+0x2ae/0x3a0
    [  733.761324]  sock_sendmsg+0x36/0x40
    [  733.765213]  ___sys_sendmsg+0x26f/0x2d0
    [  733.769493]  ? handle_pte_fault+0x586/0xdf0
    [  733.774158]  ? __handle_mm_fault+0x389/0x500
    [  733.778919]  ? __sys_sendmsg+0x5e/0xa0
    [  733.783099]  __sys_sendmsg+0x5e/0xa0
    [  733.787087]  do_syscall_64+0x5b/0x180
    [  733.791171]  entry_SYSCALL_64_after_hwframe+0x44/0xa9
    [  733.796805] RIP: 0033:0x7f9117f23f10
    [  733.800791] Code: c3 48 8b 05 82 6f 2c 00 f7 db 64 89 18 48 83 cb ff eb dd 0f 1f 80 00 00 00 00 83 3d 8d d0 2c 00 00 75 10 b8 2e 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8
    [  733.821873] RSP: 002b:00007ffe96818398 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
    [  733.830319] RAX: ffffffffffffffda RBX: 000000005b71244c RCX: 00007f9117f23f10
    [  733.838280] RDX: 0000000000000000 RSI: 00007ffe968183e0 RDI: 0000000000000003
    [  733.846241] RBP: 00007ffe968183e0 R08: 000000000000ffff R09: 0000000000000003
    [  733.854202] R10: 00007ffe96817e20 R11: 0000000000000246 R12: 0000000000000000
    [  733.862161] R13: 0000000000662ee0 R14: 0000000000000000 R15: 0000000000000000
    [  733.870121] ---[ end trace 28edd4aad712ddca ]---
    
    This is because we didn't update f->result.res when create new filter. Then in
    tcindex_delete() -> tcf_unbind_filter(), we will failed to find out the res
    and unbind filter, which will trigger the WARN_ON() in cbq_destroy_class().
    
    Fix it by updating f->result.res when create new filter.
    
    Fixes: 6e056569 ("net_sched: fix another crash in cls_tcindex")
    Reported-by: 's avatarLi Shuang <shuali@redhat.com>
    Signed-off-by: 's avatarHangbin Liu <liuhangbin@gmail.com>
    Acked-by: 's avatarCong Wang <xiyou.wangcong@gmail.com>
    Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    e125b1cc