Patch "net/mlx5e: Fix peer flow lists handling" has been added to the 6.6-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    net/mlx5e: Fix peer flow lists handling

to the 6.6-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-mlx5e-fix-peer-flow-lists-handling.patch
and it can be found in the queue-6.6 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit fc863a43647a9252fc4207aae912d7822ced707d
Author: Vlad Buslov <vladbu@xxxxxxxxxx>
Date:   Fri Nov 10 11:10:22 2023 +0100

    net/mlx5e: Fix peer flow lists handling
    
    [ Upstream commit d76fdd31f953ac5046555171620f2562715e9b71 ]
    
    The cited change refactored mlx5e_tc_del_fdb_peer_flow() to only clear DUP
    flag when list of peer flows has become empty. However, if any concurrent
    user holds a reference to a peer flow (for example, the neighbor update
    workqueue task is updating peer flow's parent encap entry concurrently),
    then the flow will not be removed from the peer list and, consecutively,
    DUP flag will remain set. Since mlx5e_tc_del_fdb_peers_flow() calls
    mlx5e_tc_del_fdb_peer_flow() for every possible peer index the algorithm
    will try to remove the flow from eswitch instances that it has never peered
    with causing either NULL pointer dereference when trying to remove the flow
    peer list head of peer_index that was never initialized or a warning if the
    list debug config is enabled[0].
    
    Fix the issue by always removing the peer flow from the list even when not
    releasing the last reference to it.
    
    [0]:
    
    [ 3102.985806] ------------[ cut here ]------------
    [ 3102.986223] list_del corruption, ffff888139110698->next is NULL
    [ 3102.986757] WARNING: CPU: 2 PID: 22109 at lib/list_debug.c:53 __list_del_entry_valid_or_report+0x4f/0xc0
    [ 3102.987561] Modules linked in: act_ct nf_flow_table bonding act_tunnel_key act_mirred act_skbedit vxlan cls_matchall nfnetlink_cttimeout act_gact cls_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa openvswitch nsh xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcg
    ss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5_core [last unloaded: bonding]
    [ 3102.991113] CPU: 2 PID: 22109 Comm: revalidator28 Not tainted 6.6.0-rc6+ #3
    [ 3102.991695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014
    [ 3102.992605] RIP: 0010:__list_del_entry_valid_or_report+0x4f/0xc0
    [ 3102.993122] Code: 39 c2 74 56 48 8b 32 48 39 fe 75 62 48 8b 51 08 48 39 f2 75 73 b8 01 00 00 00 c3 48 89 fe 48 c7 c7 48 fd 0a 82 e8 41 0b ad ff <0f> 0b 31 c0 c3 48 89 fe 48 c7 c7 70 fd 0a 82 e8 2d 0b ad ff 0f 0b
    [ 3102.994615] RSP: 0018:ffff8881383e7710 EFLAGS: 00010286
    [ 3102.995078] RAX: 0000000000000000 RBX: 0000000000000002 RCX: 0000000000000000
    [ 3102.995670] RDX: 0000000000000001 RSI: ffff88885f89b640 RDI: ffff88885f89b640
    [ 3102.997188] DEL flow 00000000be367878 on port 0
    [ 3102.998594] RBP: dead000000000122 R08: 0000000000000000 R09: c0000000ffffdfff
    [ 3102.999604] R10: 0000000000000008 R11: ffff8881383e7598 R12: dead000000000100
    [ 3103.000198] R13: 0000000000000002 R14: ffff888139110000 R15: ffff888101901240
    [ 3103.000790] FS:  00007f424cde4700(0000) GS:ffff88885f880000(0000) knlGS:0000000000000000
    [ 3103.001486] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [ 3103.001986] CR2: 00007fd42e8dcb70 CR3: 000000011e68a003 CR4: 0000000000370ea0
    [ 3103.002596] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
    [ 3103.003190] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
    [ 3103.003787] Call Trace:
    [ 3103.004055]  <TASK>
    [ 3103.004297]  ? __warn+0x7d/0x130
    [ 3103.004623]  ? __list_del_entry_valid_or_report+0x4f/0xc0
    [ 3103.005094]  ? report_bug+0xf1/0x1c0
    [ 3103.005439]  ? console_unlock+0x4a/0xd0
    [ 3103.005806]  ? handle_bug+0x3f/0x70
    [ 3103.006149]  ? exc_invalid_op+0x13/0x60
    [ 3103.006531]  ? asm_exc_invalid_op+0x16/0x20
    [ 3103.007430]  ? __list_del_entry_valid_or_report+0x4f/0xc0
    [ 3103.007910]  mlx5e_tc_del_fdb_peers_flow+0xcf/0x240 [mlx5_core]
    [ 3103.008463]  mlx5e_tc_del_flow+0x46/0x270 [mlx5_core]
    [ 3103.008944]  mlx5e_flow_put+0x26/0x50 [mlx5_core]
    [ 3103.009401]  mlx5e_delete_flower+0x25f/0x380 [mlx5_core]
    [ 3103.009901]  tc_setup_cb_destroy+0xab/0x180
    [ 3103.010292]  fl_hw_destroy_filter+0x99/0xc0 [cls_flower]
    [ 3103.010779]  __fl_delete+0x2d4/0x2f0 [cls_flower]
    [ 3103.011207]  fl_delete+0x36/0x80 [cls_flower]
    [ 3103.011614]  tc_del_tfilter+0x56f/0x750
    [ 3103.011982]  rtnetlink_rcv_msg+0xff/0x3a0
    [ 3103.012362]  ? netlink_ack+0x1c7/0x4e0
    [ 3103.012719]  ? rtnl_calcit.isra.44+0x130/0x130
    [ 3103.013134]  netlink_rcv_skb+0x54/0x100
    [ 3103.013533]  netlink_unicast+0x1ca/0x2b0
    [ 3103.013902]  netlink_sendmsg+0x361/0x4d0
    [ 3103.014269]  __sock_sendmsg+0x38/0x60
    [ 3103.014643]  ____sys_sendmsg+0x1f2/0x200
    [ 3103.015018]  ? copy_msghdr_from_user+0x72/0xa0
    [ 3103.015265]  ___sys_sendmsg+0x87/0xd0
    [ 3103.016608]  ? copy_msghdr_from_user+0x72/0xa0
    [ 3103.017014]  ? ___sys_recvmsg+0x9b/0xd0
    [ 3103.017381]  ? ttwu_do_activate.isra.137+0x58/0x180
    [ 3103.017821]  ? wake_up_q+0x49/0x90
    [ 3103.018157]  ? futex_wake+0x137/0x160
    [ 3103.018521]  ? __sys_sendmsg+0x51/0x90
    [ 3103.018882]  __sys_sendmsg+0x51/0x90
    [ 3103.019230]  ? exit_to_user_mode_prepare+0x56/0x130
    [ 3103.019670]  do_syscall_64+0x3c/0x80
    [ 3103.020017]  entry_SYSCALL_64_after_hwframe+0x46/0xb0
    [ 3103.020469] RIP: 0033:0x7f4254811ef4
    [ 3103.020816] Code: 89 f3 48 83 ec 10 48 89 7c 24 08 48 89 14 24 e8 42 eb ff ff 48 8b 14 24 41 89 c0 48 89 de 48 8b 7c 24 08 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 30 44 89 c7 48 89 04 24 e8 78 eb ff ff 48 8b
    [ 3103.022290] RSP: 002b:00007f424cdd9480 EFLAGS: 00000293 ORIG_RAX: 000000000000002e
    [ 3103.022970] RAX: ffffffffffffffda RBX: 00007f424cdd9510 RCX: 00007f4254811ef4
    [ 3103.023564] RDX: 0000000000000000 RSI: 00007f424cdd9510 RDI: 0000000000000012
    [ 3103.024158] RBP: 00007f424cdda238 R08: 0000000000000000 R09: 00007f41d801a4b0
    [ 3103.024748] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001
    [ 3103.025341] R13: 00007f424cdd9510 R14: 00007f424cdda240 R15: 00007f424cdd99a0
    [ 3103.025931]  </TASK>
    [ 3103.026182] ---[ end trace 0000000000000000 ]---
    [ 3103.027033] ------------[ cut here ]------------
    
    Fixes: 9be6c21fdcf8 ("net/mlx5e: Handle offloads flows per peer")
    Signed-off-by: Vlad Buslov <vladbu@xxxxxxxxxx>
    Reviewed-by: Mark Bloch <mbloch@xxxxxxxxxx>
    Signed-off-by: Saeed Mahameed <saeedm@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
index 25e44ee5121a..dc9b157a4499 100644
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
@@ -2012,9 +2012,10 @@ static void mlx5e_tc_del_fdb_peer_flow(struct mlx5e_tc_flow *flow,
 	list_for_each_entry_safe(peer_flow, tmp, &flow->peer_flows, peer_flows) {
 		if (peer_index != mlx5_get_dev_index(peer_flow->priv->mdev))
 			continue;
+
+		list_del(&peer_flow->peer_flows);
 		if (refcount_dec_and_test(&peer_flow->refcnt)) {
 			mlx5e_tc_del_fdb_flow(peer_flow->priv, peer_flow);
-			list_del(&peer_flow->peer_flows);
 			kfree(peer_flow);
 		}
 	}




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux