[{"id":1763057,"web_url":"http://patchwork.ozlabs.org/comment/1763057/","msgid":"<59AE5CDB.3020506@iogearbox.net>","list_archive_url":null,"date":"2017-09-05T08:14:19","subject":"Re: [PATCH net-next] bpf: fix numa_node validation","submitter":{"id":65705,"url":"http://patchwork.ozlabs.org/api/people/65705/","name":"Daniel Borkmann","email":"daniel@iogearbox.net"},"content":"On 09/05/2017 07:41 AM, Eric Dumazet wrote:\n> From: Eric Dumazet \n>\n> syzkaller reported crashes in bpf map creation or map update [1]\n>\n> Problem is that nr_node_ids is a signed integer,\n> NUMA_NO_NODE is also an integer, so it is very tempting\n> to declare numa_node as a signed integer.\n>\n> This means the typical test to validate a user provided value :\n>\n> if (numa_node != NUMA_NO_NODE &&\n> (numa_node >= nr_node_ids ||\n> !node_online(numa_node)))\n>\n> must be written :\n>\n> if (numa_node != NUMA_NO_NODE &&\n> ((unsigned int)numa_node >= nr_node_ids ||\n> !node_online(numa_node)))\n>\n>\n> [1]\n> kernel BUG at mm/slab.c:3256!\n> invalid opcode: 0000 [#1] SMP KASAN\n> Dumping ftrace buffer:\n> (ftrace buffer empty)\n> Modules linked in:\n> CPU: 0 PID: 2946 Comm: syzkaller916108 Not tainted 4.13.0-rc7+ #35\n> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n> task: ffff8801d2bc60c0 task.stack: ffff8801c0c90000\n> RIP: 0010:____cache_alloc_node+0x1d4/0x1e0 mm/slab.c:3292\n> RSP: 0018:ffff8801c0c97638 EFLAGS: 00010096\n> RAX: ffffffffffff8b7b RBX: 0000000001080220 RCX: 0000000000000000\n> RDX: 00000000ffff8b7b RSI: 0000000001080220 RDI: ffff8801dac00040\n> RBP: ffff8801c0c976c0 R08: 0000000000000000 R09: 0000000000000000\n> R10: ffff8801c0c97620 R11: 0000000000000001 R12: ffff8801dac00040\n> R13: ffff8801dac00040 R14: 0000000000000000 R15: 00000000ffff8b7b\n> FS: 0000000002119940(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000\n> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n> CR2: 0000000020001fec CR3: 00000001d2980000 CR4: 00000000001406f0\n> Call Trace:\n> __do_kmalloc_node mm/slab.c:3688 [inline]\n> __kmalloc_node+0x33/0x70 mm/slab.c:3696\n> kmalloc_node include/linux/slab.h:535 [inline]\n> alloc_htab_elem+0x2a8/0x480 kernel/bpf/hashtab.c:740\n> htab_map_update_elem+0x740/0xb80 kernel/bpf/hashtab.c:820\n> map_update_elem kernel/bpf/syscall.c:587 [inline]\n> SYSC_bpf kernel/bpf/syscall.c:1468 [inline]\n> SyS_bpf+0x20c5/0x4c40 kernel/bpf/syscall.c:1443\n> entry_SYSCALL_64_fastpath+0x1f/0xbe\n> RIP: 0033:0x440409\n> RSP: 002b:00007ffd1f1792b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141\n> RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440409\n> RDX: 0000000000000020 RSI: 0000000020006000 RDI: 0000000000000002\n> RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000\n> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401d70\n> R13: 0000000000401e00 R14: 0000000000000000 R15: 0000000000000000\n> Code: 83 c2 01 89 50 18 4c 03 70 08 e8 38 f4 ff ff 4d 85 f6 0f 85 3e ff ff ff 44 89 fe 4c 89 ef e8 94 fb ff ff 49 89 c6 e9 2b ff ff ff <0f> 0b 0f 0b 0f 0b 66 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41\n> RIP: ____cache_alloc_node+0x1d4/0x1e0 mm/slab.c:3292 RSP: ffff8801c0c97638\n> ---[ end trace d745f355da2e33ce ]---\n> Kernel panic - not syncing: Fatal exception\n>\n> Fixes: 96eabe7a40aa (\"bpf: Allow selecting numa node during map creation\")\n> Signed-off-by: Eric Dumazet \n> Cc: Martin KaFai Lau \n> Cc: Alexei Starovoitov \n> Cc: Daniel Borkmann \n\nYeah, thanks for catching this, Eric!\n\nAcked-by: Daniel Borkmann ","headers":{"Return-Path":"","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xmfdh35B4z9s0g\n\tfor ;\n\tTue, 5 Sep 2017 18:14:48 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751820AbdIEIOp (ORCPT );\n\tTue, 5 Sep 2017 04:14:45 -0400","from www62.your-server.de ([213.133.104.62]:39298 \"EHLO\n\twww62.your-server.de\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751677AbdIEIOZ (ORCPT\n\t); Tue, 5 Sep 2017 04:14:25 -0400","from [92.105.166.74] (helo=localhost.localdomain)\n\tby www62.your-server.de with esmtpsa (TLSv1.2:DHE-RSA-AES256-SHA:256)\n\t(Exim 4.85_2) (envelope-from )\n\tid 1dp902-0006re-Ml; Tue, 05 Sep 2017 10:14:22 +0200"],"Message-ID":"<59AE5CDB.3020506@iogearbox.net>","Date":"Tue, 05 Sep 2017 10:14:19 +0200","From":"Daniel Borkmann ","User-Agent":"Mozilla/5.0 (X11; Linux x86_64;\n\trv:31.0) Gecko/20100101 Thunderbird/31.7.0","MIME-Version":"1.0","To":"Eric Dumazet , David Miller ","CC":"netdev , Martin KaFai Lau ,\n\tAlexei Starovoitov ","Subject":"Re: [PATCH net-next] bpf: fix numa_node validation","References":"<1504590062.15310.36.camel@edumazet-glaptop3.roam.corp.google.com>","In-Reply-To":"<1504590062.15310.36.camel@edumazet-glaptop3.roam.corp.google.com>","Content-Type":"text/plain; charset=utf-8; format=flowed","Content-Transfer-Encoding":"7bit","X-Authenticated-Sender":"daniel@iogearbox.net","X-Virus-Scanned":"Clear (ClamAV 0.99.2/23774/Tue Sep 5 06:34:50 2017)","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netdev@vger.kernel.org"}},{"id":1763410,"web_url":"http://patchwork.ozlabs.org/comment/1763410/","msgid":"<8bcc1ff5-7b0e-1d4e-fb4e-8e5033630443@fb.com>","list_archive_url":null,"date":"2017-09-05T14:43:12","subject":"Re: [PATCH net-next] bpf: fix numa_node validation","submitter":{"id":68234,"url":"http://patchwork.ozlabs.org/api/people/68234/","name":"Alexei Starovoitov","email":"ast@fb.com"},"content":"On 9/4/17 10:41 PM, Eric Dumazet wrote:\n> Call Trace:\n> __do_kmalloc_node mm/slab.c:3688 [inline]\n> __kmalloc_node+0x33/0x70 mm/slab.c:3696\n> kmalloc_node include/linux/slab.h:535 [inline]\n> alloc_htab_elem+0x2a8/0x480 kernel/bpf/hashtab.c:740\n> htab_map_update_elem+0x740/0xb80 kernel/bpf/hashtab.c:820\n> map_update_elem kernel/bpf/syscall.c:587 [inline]\n> SYSC_bpf kernel/bpf/syscall.c:1468 [inline]\n> SyS_bpf+0x20c5/0x4c40 kernel/bpf/syscall.c:1443\n> entry_SYSCALL_64_fastpath+0x1f/0xbe\n> RIP: 0033:0x440409\n> RSP: 002b:00007ffd1f1792b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141\n> RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440409\n> RDX: 0000000000000020 RSI: 0000000020006000 RDI: 0000000000000002\n> RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000\n> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401d70\n> R13: 0000000000401e00 R14: 0000000000000000 R15: 0000000000000000\n> Code: 83 c2 01 89 50 18 4c 03 70 08 e8 38 f4 ff ff 4d 85 f6 0f 85 3e ff ff ff 44 89 fe 4c 89 ef e8 94 fb ff ff 49 89 c6 e9 2b ff ff ff <0f> 0b 0f 0b 0f 0b 66 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41\n> RIP: ____cache_alloc_node+0x1d4/0x1e0 mm/slab.c:3292 RSP: ffff8801c0c97638\n> ---[ end trace d745f355da2e33ce ]---\n> Kernel panic - not syncing: Fatal exception\n>\n> Fixes: 96eabe7a40aa (\"bpf: Allow selecting numa node during map creation\")\n> Signed-off-by: Eric Dumazet \n\nGood catch. Thanks!\nAcked-by: Alexei Starovoitov ","headers":{"Return-Path":"","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=)","ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=fb.com header.i=@fb.com header.b=\"K+BBxGmQ\";\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n\tunprotected) header.d=fb.onmicrosoft.com header.i=@fb.onmicrosoft.com\n\theader.b=\"DI3tVZ52\"; dkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xmqFw4P54z9t2W\n\tfor ;\n\tWed, 6 Sep 2017 00:43:16 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751763AbdIEOnO (ORCPT );\n\tTue, 5 Sep 2017 10:43:14 -0400","from mx0a-00082601.pphosted.com ([67.231.145.42]:49938 \"EHLO\n\tmx0a-00082601.pphosted.com\" rhost-flags-OK-OK-OK-OK)\n\tby vger.kernel.org with ESMTP id S1751345AbdIEOnM (ORCPT\n\t); Tue, 5 Sep 2017 10:43:12 -0400","from pps.filterd (m0044008.ppops.net [127.0.0.1])\n\tby mx0a-00082601.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id\n\tv85EdeRB017241; Tue, 5 Sep 2017 07:42:59 -0700","from maileast.thefacebook.com ([199.201.65.23])\n\tby mx0a-00082601.pphosted.com with ESMTP id 2csk8va133-1\n\t(version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT);\n\tTue, 05 Sep 2017 07:42:59 -0700","from NAM02-BL2-obe.outbound.protection.outlook.com (192.168.183.28)\n\tby o365-in.thefacebook.com (192.168.177.30) with Microsoft SMTP\n\tServer (TLS) id 14.3.319.2; Tue, 5 Sep 2017 10:42:57 -0400","from [IPv6:2620:10d:c082:1055:987e:6df3:c02a:1cd3]\n\t(2620:10d:c090:200::7:6a49) by\n\tSN2PR15MB0975.namprd15.prod.outlook.com\n\t(2603:10b6:804:20::25) with Microsoft SMTP Server (version=TLS1_2,\n\tcipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.13.10;\n\tTue, 5 Sep 2017 14:42:55 +0000"],"DKIM-Signature":["v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com;\n\th=subject : to : references\n\t: cc : from : message-id : date : mime-version : in-reply-to :\n\tcontent-type : content-transfer-encoding; s=facebook;\n\tbh=ByEuRHuglr2g12itIjOJhj1GVmLjEccpGZnaYvwV4fo=;\n\tb=K+BBxGmQYH1hhj5bOwINialDojjwtzhbcu/RnC3wdXHYPeI/au0x17zUI/k4ZzZaXF6Z\n\tHzOvumnSlGaIMfVArKoelM5JDzYcK4C0QIlen+HxVbHQYYIjwbwU6ujzky1yKraygsUR\n\tKKTEh9c/Img+Z1YVPsf2lTKGiKj+MQHV/08= ","v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.onmicrosoft.com; \n\ts=selector1-fb-com;\n\th=From:Date:Subject:Message-ID:Content-Type:MIME-Version; \n\tbh=ByEuRHuglr2g12itIjOJhj1GVmLjEccpGZnaYvwV4fo=;\n\tb=DI3tVZ52W9ar4ySUe7poTPAuhBJC5HScabJ5QLcZXbvsbdxEjNue7GF9Aj1uQyxTWodoGGV+Ij7PjjBKhpg/FrubjS+Qe0PHM/iP4WfZL6pQ3VdkBz2HVynKlfGgnfLsJVBDaNR6NBZa9McBtpCVIz6ZAc2OTiQYiTmCU1o6tck="],"Subject":"Re: [PATCH net-next] bpf: fix numa_node validation","To":"Eric Dumazet , David Miller ","References":"<1504590062.15310.36.camel@edumazet-glaptop3.roam.corp.google.com>","CC":"netdev , Martin KaFai Lau ,\n\tDaniel Borkmann ","From":"Alexei Starovoitov ","Message-ID":"<8bcc1ff5-7b0e-1d4e-fb4e-8e5033630443@fb.com>","Date":"Tue, 5 Sep 2017 07:43:12 -0700","User-Agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.12; rv:45.0)\n\tGecko/20100101 Thunderbird/45.8.0","MIME-Version":"1.0","In-Reply-To":"<1504590062.15310.36.camel@edumazet-glaptop3.roam.corp.google.com>","Content-Type":"text/plain; charset=\"utf-8\"; format=flowed","Content-Transfer-Encoding":"7bit","X-Originating-IP":"[2620:10d:c090:200::7:6a49]","X-ClientProxiedBy":"BN6PR08CA0055.namprd08.prod.outlook.com\n\t(2603:10b6:404:b9::17) To SN2PR15MB0975.namprd15.prod.outlook.com\n\t(2603:10b6:804:20::25)","X-MS-PublicTrafficType":"Email","X-MS-Office365-Filtering-Correlation-Id":"11ebbd75-d255-45c7-7826-08d4f46c65cb","X-Microsoft-Antispam":"UriScan:; BCL:0; PCL:0;\n\tRULEID:(300000500095)(300135000095)(300000501095)(300135300095)(300000502095)(300135100095)(22001)(2017030254152)(300000503095)(300135400095)(2017052603199)(201703131423075)(201703031133081)(201702281549075)(300000504095)(300135200095)(300000505095)(300135600095)(300000506095)(300135500095);\n\tSRVR:SN2PR15MB0975; ","X-Microsoft-Exchange-Diagnostics":["1; SN2PR15MB0975;\n\t3:LpHz0LvMz7cUeeubF8N3QGzZv5pqndAV8k+XF/Qx0Autf7SyUAdKr5WLadZpJnxlh70BuDQOOEdmw/qB2xTSCXYXHreJ58YdSbjHxihEJWpHaVn5SAVOech92206zsr7vNRSeoB4UTAR8c2uIY152xQrJgdFN7IBOvblnGUp3tMhVR9ezelhOUtFaDSlYud9NFlTgk2Plo3TH6lcG04QoatGdyftavJmC9zcS9wui3p74z6Jh6EsPC9eNXSXkLaj;\n\t25:+h8WQ2MxOgFbq3dowq6RTT4Mq0Ihf0++osPlJ/YXTCf4sltVNtwPNs9des9l/lhtbhnNUoL9nxpb6ZWYfjWJVxbJgFn7T2oWAvQjJrzC/B5NI7hTQu1xNkUGog0a80xKGqtBB7d/OxEyUZB1MlfPjPSOMPhyNQl3/CbL+RQxdTDPSl91bZxOpS2JXvxfP932ECKp+QPq35XVfwGUqJZi40G3f8XKoAVlDQPvW7T8bIo0cfEhE55+qrrz4MVU7hl/y5KnZHjFP9rRSrTgXHjAzEuqxonvwLEJYtin7Vp2ylFt3Dg6fMiPcvs22leLFndDjcOS8H6alq0woBMX+8NDoA==;\n\t31:o9wMinejxucfFerw+YKh6qJ9wrh9ry2MKhblY92JYG3UktKXwylkaf4Np8qyp6Smyfm7lMmG3P/KRtWCR+ehebLZqi4kJS6odVLw4Dvegmv3NDY4i0SL5c+SSb2DSiEGBPTqYZvDE8wZ6/PsCy2l7vgXzbApuOUyOCYyt6IcI7bfZf9uMgkRkft4XH0mx4wfjs4kRix5jY7hO1C9AGEWfu1kAoOHkNcz0j3vUXNVJ7M=","1; SN2PR15MB0975;\n\t20:ShEfi5h++EvyZGSkiYinOvLej+yvWYRMlBGd+5/MpYc18iz4ywU19Qp1rBC6WhvZM4gVZ1MbbDWAnG1b1P1jma9FY0NaO0VC2i1DGAxrurWvRWpL6/5n+VpIrQoNGMvweMAqG4eSqvaYmxzNOV2VuJGvbNMIarGwyj+ALMgjHoSKinGQm3XbNmK+fmBFHkveOLYtChLTNVvKHerO2Ws/fNnvOI0uUOp27vinPARsA+CNvItWTLR3w1xuUQqbMmptBFMk81zhBUHpRR5zXhxJwl2X213qPxrom8SJfpAYlN8ND/hUhvAfPbCtncruUYNWPtljFMgbSO06+weyJ8XtPR7ZpYesPA3kMpu2Dx6yVRJzafR4yKYfBQ7RkLH93pxphhpFWIgQc1K6Xr9lslVKlgdssaZ8aqUXT6emXXMLXRTDlCZOYURBGiOlh+M9DW4EcoUJFgpHCKokuTf6uZYht1yaN1zVsYHAhbM55NLHtvL7FF5GXzwtpV+PEqU7m/Ek;\n\t4:5hDLFT1hAYCFe7wS0z+ftIdEvrl5C6bLJTsA4ebfusV8hLjEpR24o1TUhxncvPYstlWdRVCtyBg3E7W0A8rEhZuzDBaHUY6atu6OYGA3S18Z0GLAtbKz2gPerBFLDAqvW/zz52xKZYH/1OxkA3SQRmOVG+XT7BlfCi1n7wNo092hO/yAbF1c0xWwX3G8vGzQ9ZjyQ0U2+27yBZq4tnhac2d6Hexn1CNmu/ese9Bl3KLFaAXqMJOrsIEMr5y529e43+ya76FttoXj2pGQ5koeBTc+wkyFfqqaH+TB65+a9bN+RV7mhiHyadArKellhtvUYJCtJbp88bO7BZMW1YySpw==","=?utf-8?q?1=3BSN2PR15MB0975=3B23=3ALKPs?=\n\t=?utf-8?q?yjS6afXqcBbLxPeVBeVRmwAvGo6A4qsk60XvyQV+slwr96hwN8Pciv/7?=\n\t=?utf-8?q?ZMmvJtzjcfgI3p8KZeOFTUgkRARoLrAK7SlPyi60KfmZ3gqdTBxdJA0r?=\n\t=?utf-8?q?HA9YPv6F3ArygOBdVphijO0xN0Bu0nJreLUSV0dGipU7T26SHMzTsoH8?=\n\t=?utf-8?q?CozjFhLs2w2tCB1bd8aP/8jK3DyWF8cTs46yhr3o4UYewJr0durI9TuK?=\n\t=?utf-8?q?PFazf520snQae4ld8V1loo+rffAPtRMC9FfgTT+oq9KeGNtkjTZt82VA?=\n\t=?utf-8?q?N+mfMFE+xTgoeZVLNHUFV+UaS5feF6cXmmbFE+HAjq6pCYHA7J1+K1Zj?=\n\t=?utf-8?q?KQKIgxLymSVabE5EiLq6PRLaTyk/KUluqLyAoAqlzx245uS9FcWQ9GUp?=\n\t=?utf-8?q?1Zt2Lzm6pblAvLpsbjchmcIA46W1g3wz/kij3U/SC3NIyLl1/ZSdWCo0?=\n\t=?utf-8?q?NituxGsp7ww1SPuI0kAOM8LISLBORGqyI9IQgesWRWzXE/FZQ3PST3cz?=\n\t=?utf-8?q?6BUw6Tl/U11/2WO6xveldCIWKFJacsi17EPethVJkhL6Sptx21wa9xPz?=\n\t=?utf-8?q?zlYqw/7sR6auUbIG6bgwvmBU1UqbRSHVghv1HOoCO0ELByBwi12iRhV9?=\n\t=?utf-8?q?WkkttdWDqBqYTfKbwQH+qc9cID18LU88c3szFU6HT7XDTMkERPSbgReC?=\n\t=?utf-8?q?UG0iTPAAjFfwYK8p1W+iDjza1FcjB/IT2apSoNwkVdLgmwsSC3M19H8H?=\n\t=?utf-8?q?jKcO1G19Joqu9g8I34KkaEPBDtH8SOx/LduPMSwTxaBP08KPcqQQ55Q2?=\n\t=?utf-8?q?XOYBDTVOXA9setPP24/nWhOo/lW2UvDfUnxA8G7yj4h/9q1qLBb/lfz5?=\n\t=?utf-8?q?do4gAdGmTcNW3AEtSQiBi1RKuSmYFgJOL8BcQ+o4O9dsd4nGMyswK1T2?=\n\t=?utf-8?q?eocI8962Rqk7fHmfyQ9i0xY4iJIcQ89HmC2NNhcOYHKwI51sTLlSUNnd?=\n\t=?utf-8?q?obaTmuRErXeI5+AUIbDQ+UEi9cqyrv1Wczq9e+KLCTHzOPB23wpspaW1?=\n\t=?utf-8?q?tJETHROaNe0tV9MqrAzk2KFPnUmiWY184AoPStY+vjDQFqgJkYH+kHS+?=\n\t=?utf-8?q?AgHMHZEU4UNWr5VDZUZurhy/paJn0ijm95v+oJwDbT+cAPR0SjJPhnFg?=\n\t=?utf-8?q?oN+hgoUu9ZJvMKbte016t3EKCh1syQLVXg5wKp2EefrdcARUoI64iCL2?=\n\t=?utf-8?q?tal0MGYtQtR+KBtbs5vJZ/TarDsu+qaIFYWHcn/hch79zuU1K3dTKXWR?=\n\t=?utf-8?q?I/yumcsv4P0GkJw+vdMR8b8ItixuXeTTiUQAq7k9SuKzJp0apPb+nEmA?=\n\t=?utf-8?q?p+KfWlHBdNi8vYtQUJOkPtMpWQTF0tk=3D?=","1; SN2PR15MB0975;\n\t6:707ezMSzVeWWVyo7QNpNXR9Inec1Yo01sJHGHA87Gqp5uZOTRgmUCwIYN8HkJ39Dm5kiz1iatoQjh9Z3eS5Mwf1TWGY36CCdQp+jJe7sHI2j5JmsZdDyDrVuejsmnBpnv97ZVwM7gueFEbSRb2bUv0o4Quo9k9axXtOXEwCx80GtgvAn6AQYH8ie1qFS+6rllLU5PZaCoZFV70iVzVoUjKy7Bo0SWFYCdYpwLP7x/SzO3UcPDKTgne7/oAK49qvWXFwSjjNw1X3yvWqO2Lrow7VHuZV6tNiRkOS/1AM1R+pkBr2TFX7Sw5YBJG6KrCt5WHAUloVk/N9WVskKzKfYyg==;\n\t5:iAZ3QnVoKulA88vFGSDmwVgCD2yFa8Vr2Q6VDfi33GwWY2EdNfUTwdRCgq52qYQdAdexWBAJENHKC7GY3MMiPKHhin6fI2R94QSAcafujMJw+UJhrjStoYfWuwD1o+000YevOI1+sa6Ky84R3sRlHI8x6bR0PMzvvwwZ7QfHX1Q=;\n\t24:1wtOzIBnRXysykFlG8yckJM3ezJqFnDyr0PyWq6iQRqteoJJMc/WtR+LzonD2HsrSo46Xsvrf1lecNI4Gyoh/CK11YG8MKlZS7/6Cat3dJQ=;\n\t7:1ue/MJ6gR7VGUZXuZkdMdWLGpOk68BUdaneapsudlAY8QtB1FhZDrV8tVOUfW8IWx0PQGA/QRx5BoFbCmuzwLT6X14FrXqGdZDiZdsMQrdOlgHxmFlSiV4op82vCuSakFGdyE91kbe97UnNQKYrfVTf8UTA8sJriaYMzQ6vE0QQ+0gh4dt4hmWeF/GMHY8jCeqa/KCj3GvHSNxpOACGDgqUgzW3CbIykPLo6qBNtxTY=","1; SN2PR15MB0975;\n\t20:bc/+VbDWOQRzwIcYy5cEjrjQufAkZqVek7NDIwj/sDENmFxrNpe3S5zFKtvNe6J8uCkm+6vrZ50DYV+faMm8cknr5DTMuNv8JN6VM7I3WlJS5psO3TFn+hhQ96bsukMLm282kDkI4boN70BLSGPvT1nhs3Wp7sqnewctj6yD4hk="],"X-MS-TrafficTypeDiagnostic":"SN2PR15MB0975:","X-Exchange-Antispam-Report-Test":"UriScan:(211936372134217)(153496737603132); ","X-Microsoft-Antispam-PRVS":"","X-Exchange-Antispam-Report-CFA-Test":"BCL:0; PCL:0;\n\tRULEID:(100000700101)(100105000095)(100000701101)(100105300095)(100000702101)(100105100095)(6040450)(2401047)(5005006)(8121501046)(3002001)(93006095)(93001095)(100000703101)(100105400095)(10201501046)(920507026)(6041248)(20161123558100)(20161123560025)(20161123555025)(20161123562025)(201703131423075)(201702281528075)(201703061421075)(201703061406153)(20161123564025)(6072148)(201708071742011)(100000704101)(100105200095)(100000705101)(100105500095);\n\tSRVR:SN2PR15MB0975; BCL:0; PCL:0;\n\tRULEID:(100000800101)(100110000095)(100000801101)(100110300095)(100000802101)(100110100095)(100000803101)(100110400095)(100000804101)(100110200095)(100000805101)(100110500095);\n\tSRVR:SN2PR15MB0975; ","X-Forefront-PRVS":"0421BF7135","X-Forefront-Antispam-Report":"SFV:NSPM;\n\tSFS:(10019020)(6009001)(189002)(24454002)(199003)(377454003)(31696002)(68736007)(575784001)(50466002)(23676002)(86362001)(229853002)(6486002)(2906002)(64126003)(6246003)(39060400002)(230700001)(2950100002)(189998001)(34040400001)(53936002)(106356001)(65806001)(65956001)(47776003)(105586002)(36756003)(6666003)(54906002)(31686004)(33646002)(65826007)(6116002)(1706002)(42186005)(5660300001)(81166006)(97736004)(83506001)(4001350100001)(4326008)(8936002)(8676002)(25786009)(7736002)(53546010)(305945005)(101416001)(54356999)(76176999)(478600001)(81156014)(50986999)(42262002);\n\tDIR:OUT; SFP:1102; SCL:1; SRVR:SN2PR15MB0975;\n\tH:[IPv6:2620:10d:c082:1055:987e:6df3:c02a:1cd3]; FPR:;\n\tSPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; ","Received-SPF":"None (protection.outlook.com: fb.com does not designate\n\tpermitted sender hosts)","SpamDiagnosticOutput":"1:99","SpamDiagnosticMetadata":"NSPM","X-MS-Exchange-CrossTenant-OriginalArrivalTime":"05 Sep 2017 14:42:55.9279\n\t(UTC)","X-MS-Exchange-CrossTenant-FromEntityHeader":"Hosted","X-MS-Exchange-CrossTenant-Id":"8ae927fe-1255-47a7-a2af-5f3a069daaa2","X-MS-Exchange-Transport-CrossTenantHeadersStamped":"SN2PR15MB0975","X-OriginatorOrg":"fb.com","X-Proofpoint-Spam-Reason":"safe","X-FB-Internal":"Safe","X-Proofpoint-Virus-Version":"vendor=fsecure engine=2.50.10432:, ,\n\tdefinitions=2017-09-05_07:, , signatures=0","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netdev@vger.kernel.org"}},{"id":1763474,"web_url":"http://patchwork.ozlabs.org/comment/1763474/","msgid":"<20170905.091027.204977527174006202.davem@davemloft.net>","list_archive_url":null,"date":"2017-09-05T16:10:27","subject":"Re: [PATCH net-next] bpf: fix numa_node validation","submitter":{"id":15,"url":"http://patchwork.ozlabs.org/api/people/15/","name":"David Miller","email":"davem@davemloft.net"},"content":"From: Eric Dumazet \nDate: Mon, 04 Sep 2017 22:41:02 -0700\n\n> From: Eric Dumazet \n> \n> syzkaller reported crashes in bpf map creation or map update [1]\n> \n> Problem is that nr_node_ids is a signed integer,\n> NUMA_NO_NODE is also an integer, so it is very tempting\n> to declare numa_node as a signed integer.\n> \n> This means the typical test to validate a user provided value :\n> \n> if (numa_node != NUMA_NO_NODE &&\n> (numa_node >= nr_node_ids ||\n> !node_online(numa_node)))\n> \n> must be written :\n> \n> if (numa_node != NUMA_NO_NODE &&\n> ((unsigned int)numa_node >= nr_node_ids ||\n> !node_online(numa_node)))\n> \n> \n> [1]\n ...\n> Fixes: 96eabe7a40aa (\"bpf: Allow selecting numa node during map creation\")\n> Signed-off-by: Eric Dumazet \n\nApplied, thanks.","headers":{"Return-Path":"","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xmsBg0JTYz9t16\n\tfor ;\n\tWed, 6 Sep 2017 02:10:35 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1752043AbdIEQKd (ORCPT );\n\tTue, 5 Sep 2017 12:10:33 -0400","from shards.monkeyblade.net ([184.105.139.130]:34284 \"EHLO\n\tshards.monkeyblade.net\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1750858AbdIEQKb (ORCPT\n\t); Tue, 5 Sep 2017 12:10:31 -0400","from localhost (74-93-104-98-Washington.hfc.comcastbusiness.net\n\t[74.93.104.98]) (using TLSv1 with cipher AES256-SHA (256/256 bits))\n\t(Client did not present a certificate)\n\t(Authenticated sender: davem-davemloft)\n\tby shards.monkeyblade.net (Postfix) with ESMTPSA id 747F713D752DB;\n\tTue, 5 Sep 2017 09:10:30 -0700 (PDT)"],"Date":"Tue, 05 Sep 2017 09:10:27 -0700 (PDT)","Message-Id":"<20170905.091027.204977527174006202.davem@davemloft.net>","To":"eric.dumazet@gmail.com","Cc":"netdev@vger.kernel.org, kafai@fb.com, daniel@iogearbox.net, ast@fb.com","Subject":"Re: [PATCH net-next] bpf: fix numa_node validation","From":"David Miller ","In-Reply-To":"<1504590062.15310.36.camel@edumazet-glaptop3.roam.corp.google.com>","References":"<1504590062.15310.36.camel@edumazet-glaptop3.roam.corp.google.com>","X-Mailer":"Mew version 6.7 on Emacs 25.2 / Mule 6.0 (HANACHIRUSATO)","Mime-Version":"1.0","Content-Type":"Text/Plain; charset=us-ascii","Content-Transfer-Encoding":"7bit","X-Greylist":"Sender succeeded SMTP AUTH, not delayed by\n\tmilter-greylist-4.5.12 (shards.monkeyblade.net\n\t[149.20.54.216]); Tue, 05 Sep 2017 09:10:30 -0700 (PDT)","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netdev@vger.kernel.org"}},{"id":1763707,"web_url":"http://patchwork.ozlabs.org/comment/1763707/","msgid":"<20170905223021.uclihvksjmunfikj@kafai-mba.dhcp.thefacebook.com>","list_archive_url":null,"date":"2017-09-05T22:30:21","subject":"Re: [PATCH net-next] bpf: fix numa_node validation","submitter":{"id":64907,"url":"http://patchwork.ozlabs.org/api/people/64907/","name":"Martin KaFai Lau","email":"kafai@fb.com"},"content":"On Mon, Sep 04, 2017 at 10:41:02PM -0700, Eric Dumazet wrote:\n> From: Eric Dumazet \n>\n> syzkaller reported crashes in bpf map creation or map update [1]\n>\n> Problem is that nr_node_ids is a signed integer,\n> NUMA_NO_NODE is also an integer, so it is very tempting\n> to declare numa_node as a signed integer.\n>\n> This means the typical test to validate a user provided value :\n>\n> if (numa_node != NUMA_NO_NODE &&\n> (numa_node >= nr_node_ids ||\n> !node_online(numa_node)))\n>\n> must be written :\n>\n> if (numa_node != NUMA_NO_NODE &&\n> ((unsigned int)numa_node >= nr_node_ids ||\nThanks for fixing it.\n\n> !node_online(numa_node)))\n>\n>\n> [1]\n> kernel BUG at mm/slab.c:3256!\n> invalid opcode: 0000 [#1] SMP KASAN\n> Dumping ftrace buffer:\n> (ftrace buffer empty)\n> Modules linked in:\n> CPU: 0 PID: 2946 Comm: syzkaller916108 Not tainted 4.13.0-rc7+ #35\n> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\n> task: ffff8801d2bc60c0 task.stack: ffff8801c0c90000\n> RIP: 0010:____cache_alloc_node+0x1d4/0x1e0 mm/slab.c:3292\n> RSP: 0018:ffff8801c0c97638 EFLAGS: 00010096\n> RAX: ffffffffffff8b7b RBX: 0000000001080220 RCX: 0000000000000000\n> RDX: 00000000ffff8b7b RSI: 0000000001080220 RDI: ffff8801dac00040\n> RBP: ffff8801c0c976c0 R08: 0000000000000000 R09: 0000000000000000\n> R10: ffff8801c0c97620 R11: 0000000000000001 R12: ffff8801dac00040\n> R13: ffff8801dac00040 R14: 0000000000000000 R15: 00000000ffff8b7b\n> FS: 0000000002119940(0000) GS:ffff8801db200000(0000) knlGS:0000000000000000\n> CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n> CR2: 0000000020001fec CR3: 00000001d2980000 CR4: 00000000001406f0\n> Call Trace:\n> __do_kmalloc_node mm/slab.c:3688 [inline]\n> __kmalloc_node+0x33/0x70 mm/slab.c:3696\n> kmalloc_node include/linux/slab.h:535 [inline]\n> alloc_htab_elem+0x2a8/0x480 kernel/bpf/hashtab.c:740\n> htab_map_update_elem+0x740/0xb80 kernel/bpf/hashtab.c:820\n> map_update_elem kernel/bpf/syscall.c:587 [inline]\n> SYSC_bpf kernel/bpf/syscall.c:1468 [inline]\n> SyS_bpf+0x20c5/0x4c40 kernel/bpf/syscall.c:1443\n> entry_SYSCALL_64_fastpath+0x1f/0xbe\n> RIP: 0033:0x440409\n> RSP: 002b:00007ffd1f1792b8 EFLAGS: 00000246 ORIG_RAX: 0000000000000141\n> RAX: ffffffffffffffda RBX: 00000000004002c8 RCX: 0000000000440409\n> RDX: 0000000000000020 RSI: 0000000020006000 RDI: 0000000000000002\n> RBP: 0000000000000086 R08: 0000000000000000 R09: 0000000000000000\n> R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000401d70\n> R13: 0000000000401e00 R14: 0000000000000000 R15: 0000000000000000\n> Code: 83 c2 01 89 50 18 4c 03 70 08 e8 38 f4 ff ff 4d 85 f6 0f 85 3e ff ff ff 44 89 fe 4c 89 ef e8 94 fb ff ff 49 89 c6 e9 2b ff ff ff <0f> 0b 0f 0b 0f 0b 66 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41\n> RIP: ____cache_alloc_node+0x1d4/0x1e0 mm/slab.c:3292 RSP: ffff8801c0c97638\n> ---[ end trace d745f355da2e33ce ]---\n> Kernel panic - not syncing: Fatal exception\n>\n> Fixes: 96eabe7a40aa (\"bpf: Allow selecting numa node during map creation\")\n> Signed-off-by: Eric Dumazet \n> Cc: Martin KaFai Lau \n> Cc: Alexei Starovoitov \n> Cc: Daniel Borkmann \n> ---\n> kernel/bpf/syscall.c | 3 ++-\n> 1 file changed, 2 insertions(+), 1 deletion(-)\n>\n> diff --git a/kernel/bpf/syscall.c b/kernel/bpf/syscall.c\n> index 021a05d9d80095303bdfed51ee85bd9067582774..70ad8e220343c7825c8e331f19c1f65c78fdb796 100644\n> --- a/kernel/bpf/syscall.c\n> +++ b/kernel/bpf/syscall.c\n> @@ -323,7 +323,8 @@ static int map_create(union bpf_attr *attr)\n> \t\treturn -EINVAL;\n>\n> \tif (numa_node != NUMA_NO_NODE &&\n> -\t (numa_node >= nr_node_ids || !node_online(numa_node)))\n> +\t ((unsigned int)numa_node >= nr_node_ids ||\n> +\t !node_online(numa_node)))\n> \t\treturn -EINVAL;\n>\n> \t/* find map type and init map: hashtable vs rbtree vs bloom vs ... */\n>\n>","headers":{"Return-Path":"","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=)","ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=fb.com header.i=@fb.com header.b=\"q7/RLuG0\";\n\tdkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xn1dQ4KQFz9sCZ\n\tfor ;\n\tWed, 6 Sep 2017 08:30:50 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1753791AbdIEWaq (ORCPT );\n\tTue, 5 Sep 2017 18:30:46 -0400","from mx0a-00082601.pphosted.com ([67.231.145.42]:58651 \"EHLO\n\tmx0a-00082601.pphosted.com\" rhost-flags-OK-OK-OK-OK)\n\tby vger.kernel.org with ESMTP id S1753074AbdIEWap (ORCPT\n\t); Tue, 5 Sep 2017 18:30:45 -0400","from pps.filterd (m0044012.ppops.net [127.0.0.1])\n\tby mx0a-00082601.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id\n\tv85MTtUv026245; Tue, 5 Sep 2017 15:30:26 -0700","from mail.thefacebook.com ([199.201.64.23])\n\tby mx0a-00082601.pphosted.com with ESMTP id 2ct1sdgrt0-1\n\t(version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT);\n\tTue, 05 Sep 2017 15:30:26 -0700","from kafai-mba.dhcp.thefacebook.com (192.168.52.123) by\n\tmail.thefacebook.com (192.168.16.11) with Microsoft SMTP Server (TLS)\n\tid 14.3.319.2; Tue, 5 Sep 2017 15:30:23 -0700"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com;\n\th=date : from : to : cc :\n\tsubject : message-id : references : mime-version : content-type :\n\tin-reply-to; s=facebook;\n\tbh=moMD802/CmbyXbBbHrHhW5MsTywXdf6X53q+MmCvyU4=; \n\tb=q7/RLuG0XSq7xvkmNUsyQ0xKRlPJ8QYO94tI+nsUR/FaEn9LB1KbZ6GgsvdeaJoI+71e\n\ttG9XEPJtKVojB4KNVYY4Zvd+g9iMQHnKBSx5UYB7qUo4/FsvfFcgEOU/PXuxAPSoTnv9\n\tClIkYbX+LttQHldaUeuPObCTSoaX70PIm6k= ","Date":"Tue, 5 Sep 2017 15:30:21 -0700","From":"Martin KaFai Lau ","To":"Eric Dumazet ","CC":"David Miller , netdev ,\n\tDaniel Borkmann , Alexei Starovoitov ","Subject":"Re: [PATCH net-next] bpf: fix numa_node validation","Message-ID":"<20170905223021.uclihvksjmunfikj@kafai-mba.dhcp.thefacebook.com>","References":"<1504590062.15310.36.camel@edumazet-glaptop3.roam.corp.google.com>","MIME-Version":"1.0","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Disposition":"inline","In-Reply-To":"<1504590062.15310.36.camel@edumazet-glaptop3.roam.corp.google.com>","User-Agent":"NeoMutt/20170714 (1.8.3)","X-Originating-IP":"[192.168.52.123]","X-Proofpoint-Spam-Reason":"safe","X-FB-Internal":"Safe","X-Proofpoint-Virus-Version":"vendor=fsecure engine=2.50.10432:, ,\n\tdefinitions=2017-09-05_10:, , signatures=0","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"","X-Mailing-List":"netdev@vger.kernel.org"}}]