Message ID | 20180503190140.2976-1-ja@ssi.bg |
---|---|
State | Accepted |
Delegated to: | Pablo Neira |
Headers | show |
Series | [net] ipvs: fix refcount usage for conns in ops mode | expand |
On Thu, May 03, 2018 at 10:01:40PM +0300, Julian Anastasov wrote: > Connections in One-packet scheduling mode (-o, --ops) are > removed with refcnt=0 because they are not hashed in conn table. > To avoid refcount_dec reporting this as error, change them to be > removed with refcount_dec_if_one as all other connections. > > refcount_t hit zero at ip_vs_conn_put+0x31/0x40 [ip_vs] > in sh[15519], uid/euid: 497/497 > WARNING: CPU: 0 PID: 15519 at ../kernel/panic.c:657 > refcount_error_report+0x94/0x9e > Modules linked in: ip_vs_rr cirrus ttm sb_edac > edac_core drm_kms_helper crct10dif_pclmul crc32_pclmul > ghash_clmulni_intel pcbc mousedev drm aesni_intel aes_x86_64 > crypto_simd glue_helper cryptd psmouse evdev input_leds led_class > intel_agp fb_sys_fops syscopyarea sysfillrect intel_rapl_perf mac_hid > intel_gtt serio_raw sysimgblt agpgart i2c_piix4 i2c_core ata_generic > pata_acpi floppy cfg80211 rfkill button loop macvlan ip_vs > nf_conntrack libcrc32c crc32c_generic ip_tables x_tables ipv6 > crc_ccitt autofs4 ext4 crc16 mbcache jbd2 fscrypto ata_piix libata > atkbd libps2 scsi_mod crc32c_intel i8042 rtc_cmos serio af_packet > dm_mod dax fuse xen_netfront xen_blkfront > CPU: 0 PID: 15519 Comm: sh Tainted: G W > 4.15.17 #1-NixOS > Hardware name: Xen HVM domU, BIOS 4.2.amazon 08/24/2006 > RIP: 0010:refcount_error_report+0x94/0x9e > RSP: 0000:ffffa344dde039c8 EFLAGS: 00010296 > RAX: 0000000000000057 RBX: ffffffff92f20e06 RCX: 0000000000000006 > RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffa344dde165c0 > RBP: ffffa344dde03b08 R08: 0000000000000218 R09: 0000000000000004 > R10: ffffffff93006a80 R11: 0000000000000001 R12: ffffa344d68cd100 > R13: 00000000000001f1 R14: ffffffff92f12fb0 R15: 0000000000000004 > FS: 00007fc9d2040fc0(0000) GS:ffffa344dde00000(0000) > knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 000000000262a000 CR3: 0000000016a0c004 CR4: 00000000001606f0 > Call Trace: > <IRQ> > ex_handler_refcount+0x4e/0x80 > fixup_exception+0x33/0x40 > do_trap+0x83/0x140 > do_error_trap+0x83/0xf0 > ? ip_vs_conn_drop_conntrack+0x120/0x1a5 [ip_vs] > ? ip_finish_output2+0x29c/0x390 > ? ip_finish_output2+0x1a2/0x390 > invalid_op+0x1b/0x40 > RIP: 0010:ip_vs_conn_put+0x31/0x40 [ip_vs] > RSP: 0000:ffffa344dde03bb8 EFLAGS: 00010246 > RAX: 0000000000000001 RBX: ffffa344df31cf00 RCX: ffffa344d7450198 > RDX: 0000000000000003 RSI: 00000000fffffe01 RDI: ffffa344d7450140 > RBP: 0000000000000002 R08: 0000000000000476 R09: 0000000000000000 > R10: ffffa344dde03b28 R11: ffffa344df200000 R12: ffffa344d7d09000 > R13: ffffa344def3a980 R14: ffffffffc04f6e20 R15: 0000000000000008 > ip_vs_in.part.29.constprop.36+0x34f/0x640 [ip_vs] > ? ip_vs_conn_out_get+0xe0/0xe0 [ip_vs] > ip_vs_remote_request4+0x47/0xa0 [ip_vs] > ? ip_vs_in.part.29.constprop.36+0x640/0x640 [ip_vs] > nf_hook_slow+0x43/0xc0 > ip_local_deliver+0xac/0xc0 > ? ip_rcv_finish+0x400/0x400 > ip_rcv+0x26c/0x380 > __netif_receive_skb_core+0x3a0/0xb10 > ? inet_gro_receive+0x23c/0x2b0 > ? netif_receive_skb_internal+0x24/0xb0 > netif_receive_skb_internal+0x24/0xb0 > napi_gro_receive+0xb8/0xe0 > xennet_poll+0x676/0xb40 [xen_netfront] > net_rx_action+0x139/0x3a0 > __do_softirq+0xde/0x2b4 > irq_exit+0xae/0xb0 > xen_evtchn_do_upcall+0x2c/0x40 > xen_hvm_callback_vector+0x7d/0x90 > </IRQ> > RIP: 0033:0x7fc9d11c91f9 > RSP: 002b:00007ffebe8a2ea0 EFLAGS: 00000202 ORIG_RAX: > ffffffffffffff0c > RAX: 00000000ffffffff RBX: 0000000002609808 RCX: 0000000000000054 > RDX: 0000000000000001 RSI: 0000000002605440 RDI: 00000000025f940e > RBP: 00000000025f940e R08: 000000000260213d R09: 1999999999999999 > R10: 000000000262a808 R11: 00000000025f942d R12: 00000000025f940e > R13: 00007fc9d1301e20 R14: 00000000025f9408 R15: 00007fc9d1302720 > Code: 48 8b 95 80 00 00 00 41 55 49 8d 8c 24 e0 05 00 > 00 45 8b 84 24 38 04 00 00 41 89 c1 48 89 de 48 c7 c7 a8 2f f2 92 e8 > 7c fa ff ff <0f> 0b 58 5b 5d 41 5c 41 5d c3 0f 1f 44 00 00 55 48 89 e5 > 41 56 > > Reported-by: Net Filter <netfilternetfilter@gmail.com> > Fixes: b54ab92b84b6 ("netfilter: refcounter conversions") > Signed-off-by: Julian Anastasov <ja@ssi.bg> Acked-by: Simon Horman <horms+renesas@verge.net.au> Pablo, can you take this into nf? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, May 07, 2018 at 01:17:40PM +0200, Simon Horman wrote: > On Thu, May 03, 2018 at 10:01:40PM +0300, Julian Anastasov wrote: > > Connections in One-packet scheduling mode (-o, --ops) are > > removed with refcnt=0 because they are not hashed in conn table. > > To avoid refcount_dec reporting this as error, change them to be > > removed with refcount_dec_if_one as all other connections. > > > > refcount_t hit zero at ip_vs_conn_put+0x31/0x40 [ip_vs] > > in sh[15519], uid/euid: 497/497 > > WARNING: CPU: 0 PID: 15519 at ../kernel/panic.c:657 > > refcount_error_report+0x94/0x9e > > Modules linked in: ip_vs_rr cirrus ttm sb_edac > > edac_core drm_kms_helper crct10dif_pclmul crc32_pclmul > > ghash_clmulni_intel pcbc mousedev drm aesni_intel aes_x86_64 > > crypto_simd glue_helper cryptd psmouse evdev input_leds led_class > > intel_agp fb_sys_fops syscopyarea sysfillrect intel_rapl_perf mac_hid > > intel_gtt serio_raw sysimgblt agpgart i2c_piix4 i2c_core ata_generic > > pata_acpi floppy cfg80211 rfkill button loop macvlan ip_vs > > nf_conntrack libcrc32c crc32c_generic ip_tables x_tables ipv6 > > crc_ccitt autofs4 ext4 crc16 mbcache jbd2 fscrypto ata_piix libata > > atkbd libps2 scsi_mod crc32c_intel i8042 rtc_cmos serio af_packet > > dm_mod dax fuse xen_netfront xen_blkfront > > CPU: 0 PID: 15519 Comm: sh Tainted: G W > > 4.15.17 #1-NixOS > > Hardware name: Xen HVM domU, BIOS 4.2.amazon 08/24/2006 > > RIP: 0010:refcount_error_report+0x94/0x9e > > RSP: 0000:ffffa344dde039c8 EFLAGS: 00010296 > > RAX: 0000000000000057 RBX: ffffffff92f20e06 RCX: 0000000000000006 > > RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffa344dde165c0 > > RBP: ffffa344dde03b08 R08: 0000000000000218 R09: 0000000000000004 > > R10: ffffffff93006a80 R11: 0000000000000001 R12: ffffa344d68cd100 > > R13: 00000000000001f1 R14: ffffffff92f12fb0 R15: 0000000000000004 > > FS: 00007fc9d2040fc0(0000) GS:ffffa344dde00000(0000) > > knlGS:0000000000000000 > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > CR2: 000000000262a000 CR3: 0000000016a0c004 CR4: 00000000001606f0 > > Call Trace: > > <IRQ> > > ex_handler_refcount+0x4e/0x80 > > fixup_exception+0x33/0x40 > > do_trap+0x83/0x140 > > do_error_trap+0x83/0xf0 > > ? ip_vs_conn_drop_conntrack+0x120/0x1a5 [ip_vs] > > ? ip_finish_output2+0x29c/0x390 > > ? ip_finish_output2+0x1a2/0x390 > > invalid_op+0x1b/0x40 > > RIP: 0010:ip_vs_conn_put+0x31/0x40 [ip_vs] > > RSP: 0000:ffffa344dde03bb8 EFLAGS: 00010246 > > RAX: 0000000000000001 RBX: ffffa344df31cf00 RCX: ffffa344d7450198 > > RDX: 0000000000000003 RSI: 00000000fffffe01 RDI: ffffa344d7450140 > > RBP: 0000000000000002 R08: 0000000000000476 R09: 0000000000000000 > > R10: ffffa344dde03b28 R11: ffffa344df200000 R12: ffffa344d7d09000 > > R13: ffffa344def3a980 R14: ffffffffc04f6e20 R15: 0000000000000008 > > ip_vs_in.part.29.constprop.36+0x34f/0x640 [ip_vs] > > ? ip_vs_conn_out_get+0xe0/0xe0 [ip_vs] > > ip_vs_remote_request4+0x47/0xa0 [ip_vs] > > ? ip_vs_in.part.29.constprop.36+0x640/0x640 [ip_vs] > > nf_hook_slow+0x43/0xc0 > > ip_local_deliver+0xac/0xc0 > > ? ip_rcv_finish+0x400/0x400 > > ip_rcv+0x26c/0x380 > > __netif_receive_skb_core+0x3a0/0xb10 > > ? inet_gro_receive+0x23c/0x2b0 > > ? netif_receive_skb_internal+0x24/0xb0 > > netif_receive_skb_internal+0x24/0xb0 > > napi_gro_receive+0xb8/0xe0 > > xennet_poll+0x676/0xb40 [xen_netfront] > > net_rx_action+0x139/0x3a0 > > __do_softirq+0xde/0x2b4 > > irq_exit+0xae/0xb0 > > xen_evtchn_do_upcall+0x2c/0x40 > > xen_hvm_callback_vector+0x7d/0x90 > > </IRQ> > > RIP: 0033:0x7fc9d11c91f9 > > RSP: 002b:00007ffebe8a2ea0 EFLAGS: 00000202 ORIG_RAX: > > ffffffffffffff0c > > RAX: 00000000ffffffff RBX: 0000000002609808 RCX: 0000000000000054 > > RDX: 0000000000000001 RSI: 0000000002605440 RDI: 00000000025f940e > > RBP: 00000000025f940e R08: 000000000260213d R09: 1999999999999999 > > R10: 000000000262a808 R11: 00000000025f942d R12: 00000000025f940e > > R13: 00007fc9d1301e20 R14: 00000000025f9408 R15: 00007fc9d1302720 > > Code: 48 8b 95 80 00 00 00 41 55 49 8d 8c 24 e0 05 00 > > 00 45 8b 84 24 38 04 00 00 41 89 c1 48 89 de 48 c7 c7 a8 2f f2 92 e8 > > 7c fa ff ff <0f> 0b 58 5b 5d 41 5c 41 5d c3 0f 1f 44 00 00 55 48 89 e5 > > 41 56 > > > > Reported-by: Net Filter <netfilternetfilter@gmail.com> > > Fixes: b54ab92b84b6 ("netfilter: refcounter conversions") > > Signed-off-by: Julian Anastasov <ja@ssi.bg> > > Acked-by: Simon Horman <horms+renesas@verge.net.au> s/+renesas// > Pablo, can you take this into nf? > > -- > To unsubscribe from this list: send the line "unsubscribe lvs-devel" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, May 07, 2018 at 01:17:40PM +0200, Simon Horman wrote: > On Thu, May 03, 2018 at 10:01:40PM +0300, Julian Anastasov wrote: > > Connections in One-packet scheduling mode (-o, --ops) are > > removed with refcnt=0 because they are not hashed in conn table. > > To avoid refcount_dec reporting this as error, change them to be > > removed with refcount_dec_if_one as all other connections. > > > > refcount_t hit zero at ip_vs_conn_put+0x31/0x40 [ip_vs] > > in sh[15519], uid/euid: 497/497 > > WARNING: CPU: 0 PID: 15519 at ../kernel/panic.c:657 > > refcount_error_report+0x94/0x9e > > Modules linked in: ip_vs_rr cirrus ttm sb_edac > > edac_core drm_kms_helper crct10dif_pclmul crc32_pclmul > > ghash_clmulni_intel pcbc mousedev drm aesni_intel aes_x86_64 > > crypto_simd glue_helper cryptd psmouse evdev input_leds led_class > > intel_agp fb_sys_fops syscopyarea sysfillrect intel_rapl_perf mac_hid > > intel_gtt serio_raw sysimgblt agpgart i2c_piix4 i2c_core ata_generic > > pata_acpi floppy cfg80211 rfkill button loop macvlan ip_vs > > nf_conntrack libcrc32c crc32c_generic ip_tables x_tables ipv6 > > crc_ccitt autofs4 ext4 crc16 mbcache jbd2 fscrypto ata_piix libata > > atkbd libps2 scsi_mod crc32c_intel i8042 rtc_cmos serio af_packet > > dm_mod dax fuse xen_netfront xen_blkfront > > CPU: 0 PID: 15519 Comm: sh Tainted: G W > > 4.15.17 #1-NixOS > > Hardware name: Xen HVM domU, BIOS 4.2.amazon 08/24/2006 > > RIP: 0010:refcount_error_report+0x94/0x9e > > RSP: 0000:ffffa344dde039c8 EFLAGS: 00010296 > > RAX: 0000000000000057 RBX: ffffffff92f20e06 RCX: 0000000000000006 > > RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffa344dde165c0 > > RBP: ffffa344dde03b08 R08: 0000000000000218 R09: 0000000000000004 > > R10: ffffffff93006a80 R11: 0000000000000001 R12: ffffa344d68cd100 > > R13: 00000000000001f1 R14: ffffffff92f12fb0 R15: 0000000000000004 > > FS: 00007fc9d2040fc0(0000) GS:ffffa344dde00000(0000) > > knlGS:0000000000000000 > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > CR2: 000000000262a000 CR3: 0000000016a0c004 CR4: 00000000001606f0 > > Call Trace: > > <IRQ> > > ex_handler_refcount+0x4e/0x80 > > fixup_exception+0x33/0x40 > > do_trap+0x83/0x140 > > do_error_trap+0x83/0xf0 > > ? ip_vs_conn_drop_conntrack+0x120/0x1a5 [ip_vs] > > ? ip_finish_output2+0x29c/0x390 > > ? ip_finish_output2+0x1a2/0x390 > > invalid_op+0x1b/0x40 > > RIP: 0010:ip_vs_conn_put+0x31/0x40 [ip_vs] > > RSP: 0000:ffffa344dde03bb8 EFLAGS: 00010246 > > RAX: 0000000000000001 RBX: ffffa344df31cf00 RCX: ffffa344d7450198 > > RDX: 0000000000000003 RSI: 00000000fffffe01 RDI: ffffa344d7450140 > > RBP: 0000000000000002 R08: 0000000000000476 R09: 0000000000000000 > > R10: ffffa344dde03b28 R11: ffffa344df200000 R12: ffffa344d7d09000 > > R13: ffffa344def3a980 R14: ffffffffc04f6e20 R15: 0000000000000008 > > ip_vs_in.part.29.constprop.36+0x34f/0x640 [ip_vs] > > ? ip_vs_conn_out_get+0xe0/0xe0 [ip_vs] > > ip_vs_remote_request4+0x47/0xa0 [ip_vs] > > ? ip_vs_in.part.29.constprop.36+0x640/0x640 [ip_vs] > > nf_hook_slow+0x43/0xc0 > > ip_local_deliver+0xac/0xc0 > > ? ip_rcv_finish+0x400/0x400 > > ip_rcv+0x26c/0x380 > > __netif_receive_skb_core+0x3a0/0xb10 > > ? inet_gro_receive+0x23c/0x2b0 > > ? netif_receive_skb_internal+0x24/0xb0 > > netif_receive_skb_internal+0x24/0xb0 > > napi_gro_receive+0xb8/0xe0 > > xennet_poll+0x676/0xb40 [xen_netfront] > > net_rx_action+0x139/0x3a0 > > __do_softirq+0xde/0x2b4 > > irq_exit+0xae/0xb0 > > xen_evtchn_do_upcall+0x2c/0x40 > > xen_hvm_callback_vector+0x7d/0x90 > > </IRQ> > > RIP: 0033:0x7fc9d11c91f9 > > RSP: 002b:00007ffebe8a2ea0 EFLAGS: 00000202 ORIG_RAX: > > ffffffffffffff0c > > RAX: 00000000ffffffff RBX: 0000000002609808 RCX: 0000000000000054 > > RDX: 0000000000000001 RSI: 0000000002605440 RDI: 00000000025f940e > > RBP: 00000000025f940e R08: 000000000260213d R09: 1999999999999999 > > R10: 000000000262a808 R11: 00000000025f942d R12: 00000000025f940e > > R13: 00007fc9d1301e20 R14: 00000000025f9408 R15: 00007fc9d1302720 > > Code: 48 8b 95 80 00 00 00 41 55 49 8d 8c 24 e0 05 00 > > 00 45 8b 84 24 38 04 00 00 41 89 c1 48 89 de 48 c7 c7 a8 2f f2 92 e8 > > 7c fa ff ff <0f> 0b 58 5b 5d 41 5c 41 5d c3 0f 1f 44 00 00 55 48 89 e5 > > 41 56 > > > > Reported-by: Net Filter <netfilternetfilter@gmail.com> > > Fixes: b54ab92b84b6 ("netfilter: refcounter conversions") > > Signed-off-by: Julian Anastasov <ja@ssi.bg> > > Acked-by: Simon Horman <horms+renesas@verge.net.au> > > Pablo, can you take this into nf? Done, thanks! -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Mon, May 07, 2018 at 01:18:53PM +0200, Simon Horman wrote: > On Mon, May 07, 2018 at 01:17:40PM +0200, Simon Horman wrote: > > On Thu, May 03, 2018 at 10:01:40PM +0300, Julian Anastasov wrote: > > > Connections in One-packet scheduling mode (-o, --ops) are > > > removed with refcnt=0 because they are not hashed in conn table. > > > To avoid refcount_dec reporting this as error, change them to be > > > removed with refcount_dec_if_one as all other connections. > > > > > > refcount_t hit zero at ip_vs_conn_put+0x31/0x40 [ip_vs] > > > in sh[15519], uid/euid: 497/497 > > > WARNING: CPU: 0 PID: 15519 at ../kernel/panic.c:657 > > > refcount_error_report+0x94/0x9e > > > Modules linked in: ip_vs_rr cirrus ttm sb_edac > > > edac_core drm_kms_helper crct10dif_pclmul crc32_pclmul > > > ghash_clmulni_intel pcbc mousedev drm aesni_intel aes_x86_64 > > > crypto_simd glue_helper cryptd psmouse evdev input_leds led_class > > > intel_agp fb_sys_fops syscopyarea sysfillrect intel_rapl_perf mac_hid > > > intel_gtt serio_raw sysimgblt agpgart i2c_piix4 i2c_core ata_generic > > > pata_acpi floppy cfg80211 rfkill button loop macvlan ip_vs > > > nf_conntrack libcrc32c crc32c_generic ip_tables x_tables ipv6 > > > crc_ccitt autofs4 ext4 crc16 mbcache jbd2 fscrypto ata_piix libata > > > atkbd libps2 scsi_mod crc32c_intel i8042 rtc_cmos serio af_packet > > > dm_mod dax fuse xen_netfront xen_blkfront > > > CPU: 0 PID: 15519 Comm: sh Tainted: G W > > > 4.15.17 #1-NixOS > > > Hardware name: Xen HVM domU, BIOS 4.2.amazon 08/24/2006 > > > RIP: 0010:refcount_error_report+0x94/0x9e > > > RSP: 0000:ffffa344dde039c8 EFLAGS: 00010296 > > > RAX: 0000000000000057 RBX: ffffffff92f20e06 RCX: 0000000000000006 > > > RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffa344dde165c0 > > > RBP: ffffa344dde03b08 R08: 0000000000000218 R09: 0000000000000004 > > > R10: ffffffff93006a80 R11: 0000000000000001 R12: ffffa344d68cd100 > > > R13: 00000000000001f1 R14: ffffffff92f12fb0 R15: 0000000000000004 > > > FS: 00007fc9d2040fc0(0000) GS:ffffa344dde00000(0000) > > > knlGS:0000000000000000 > > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > > CR2: 000000000262a000 CR3: 0000000016a0c004 CR4: 00000000001606f0 > > > Call Trace: > > > <IRQ> > > > ex_handler_refcount+0x4e/0x80 > > > fixup_exception+0x33/0x40 > > > do_trap+0x83/0x140 > > > do_error_trap+0x83/0xf0 > > > ? ip_vs_conn_drop_conntrack+0x120/0x1a5 [ip_vs] > > > ? ip_finish_output2+0x29c/0x390 > > > ? ip_finish_output2+0x1a2/0x390 > > > invalid_op+0x1b/0x40 > > > RIP: 0010:ip_vs_conn_put+0x31/0x40 [ip_vs] > > > RSP: 0000:ffffa344dde03bb8 EFLAGS: 00010246 > > > RAX: 0000000000000001 RBX: ffffa344df31cf00 RCX: ffffa344d7450198 > > > RDX: 0000000000000003 RSI: 00000000fffffe01 RDI: ffffa344d7450140 > > > RBP: 0000000000000002 R08: 0000000000000476 R09: 0000000000000000 > > > R10: ffffa344dde03b28 R11: ffffa344df200000 R12: ffffa344d7d09000 > > > R13: ffffa344def3a980 R14: ffffffffc04f6e20 R15: 0000000000000008 > > > ip_vs_in.part.29.constprop.36+0x34f/0x640 [ip_vs] > > > ? ip_vs_conn_out_get+0xe0/0xe0 [ip_vs] > > > ip_vs_remote_request4+0x47/0xa0 [ip_vs] > > > ? ip_vs_in.part.29.constprop.36+0x640/0x640 [ip_vs] > > > nf_hook_slow+0x43/0xc0 > > > ip_local_deliver+0xac/0xc0 > > > ? ip_rcv_finish+0x400/0x400 > > > ip_rcv+0x26c/0x380 > > > __netif_receive_skb_core+0x3a0/0xb10 > > > ? inet_gro_receive+0x23c/0x2b0 > > > ? netif_receive_skb_internal+0x24/0xb0 > > > netif_receive_skb_internal+0x24/0xb0 > > > napi_gro_receive+0xb8/0xe0 > > > xennet_poll+0x676/0xb40 [xen_netfront] > > > net_rx_action+0x139/0x3a0 > > > __do_softirq+0xde/0x2b4 > > > irq_exit+0xae/0xb0 > > > xen_evtchn_do_upcall+0x2c/0x40 > > > xen_hvm_callback_vector+0x7d/0x90 > > > </IRQ> > > > RIP: 0033:0x7fc9d11c91f9 > > > RSP: 002b:00007ffebe8a2ea0 EFLAGS: 00000202 ORIG_RAX: > > > ffffffffffffff0c > > > RAX: 00000000ffffffff RBX: 0000000002609808 RCX: 0000000000000054 > > > RDX: 0000000000000001 RSI: 0000000002605440 RDI: 00000000025f940e > > > RBP: 00000000025f940e R08: 000000000260213d R09: 1999999999999999 > > > R10: 000000000262a808 R11: 00000000025f942d R12: 00000000025f940e > > > R13: 00007fc9d1301e20 R14: 00000000025f9408 R15: 00007fc9d1302720 > > > Code: 48 8b 95 80 00 00 00 41 55 49 8d 8c 24 e0 05 00 > > > 00 45 8b 84 24 38 04 00 00 41 89 c1 48 89 de 48 c7 c7 a8 2f f2 92 e8 > > > 7c fa ff ff <0f> 0b 58 5b 5d 41 5c 41 5d c3 0f 1f 44 00 00 55 48 89 e5 > > > 41 56 > > > > > > Reported-by: Net Filter <netfilternetfilter@gmail.com> > > > Fixes: b54ab92b84b6 ("netfilter: refcounter conversions") > > > Signed-off-by: Julian Anastasov <ja@ssi.bg> > > > > Acked-by: Simon Horman <horms+renesas@verge.net.au> > > s/+renesas// I have fixed this before applying, no problem. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Tue, May 08, 2018 at 02:16:23PM +0200, Pablo Neira Ayuso wrote: > On Mon, May 07, 2018 at 01:18:53PM +0200, Simon Horman wrote: > > On Mon, May 07, 2018 at 01:17:40PM +0200, Simon Horman wrote: > > > On Thu, May 03, 2018 at 10:01:40PM +0300, Julian Anastasov wrote: > > > > Connections in One-packet scheduling mode (-o, --ops) are > > > > removed with refcnt=0 because they are not hashed in conn table. > > > > To avoid refcount_dec reporting this as error, change them to be > > > > removed with refcount_dec_if_one as all other connections. > > > > > > > > refcount_t hit zero at ip_vs_conn_put+0x31/0x40 [ip_vs] > > > > in sh[15519], uid/euid: 497/497 > > > > WARNING: CPU: 0 PID: 15519 at ../kernel/panic.c:657 > > > > refcount_error_report+0x94/0x9e > > > > Modules linked in: ip_vs_rr cirrus ttm sb_edac > > > > edac_core drm_kms_helper crct10dif_pclmul crc32_pclmul > > > > ghash_clmulni_intel pcbc mousedev drm aesni_intel aes_x86_64 > > > > crypto_simd glue_helper cryptd psmouse evdev input_leds led_class > > > > intel_agp fb_sys_fops syscopyarea sysfillrect intel_rapl_perf mac_hid > > > > intel_gtt serio_raw sysimgblt agpgart i2c_piix4 i2c_core ata_generic > > > > pata_acpi floppy cfg80211 rfkill button loop macvlan ip_vs > > > > nf_conntrack libcrc32c crc32c_generic ip_tables x_tables ipv6 > > > > crc_ccitt autofs4 ext4 crc16 mbcache jbd2 fscrypto ata_piix libata > > > > atkbd libps2 scsi_mod crc32c_intel i8042 rtc_cmos serio af_packet > > > > dm_mod dax fuse xen_netfront xen_blkfront > > > > CPU: 0 PID: 15519 Comm: sh Tainted: G W > > > > 4.15.17 #1-NixOS > > > > Hardware name: Xen HVM domU, BIOS 4.2.amazon 08/24/2006 > > > > RIP: 0010:refcount_error_report+0x94/0x9e > > > > RSP: 0000:ffffa344dde039c8 EFLAGS: 00010296 > > > > RAX: 0000000000000057 RBX: ffffffff92f20e06 RCX: 0000000000000006 > > > > RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffa344dde165c0 > > > > RBP: ffffa344dde03b08 R08: 0000000000000218 R09: 0000000000000004 > > > > R10: ffffffff93006a80 R11: 0000000000000001 R12: ffffa344d68cd100 > > > > R13: 00000000000001f1 R14: ffffffff92f12fb0 R15: 0000000000000004 > > > > FS: 00007fc9d2040fc0(0000) GS:ffffa344dde00000(0000) > > > > knlGS:0000000000000000 > > > > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > > > > CR2: 000000000262a000 CR3: 0000000016a0c004 CR4: 00000000001606f0 > > > > Call Trace: > > > > <IRQ> > > > > ex_handler_refcount+0x4e/0x80 > > > > fixup_exception+0x33/0x40 > > > > do_trap+0x83/0x140 > > > > do_error_trap+0x83/0xf0 > > > > ? ip_vs_conn_drop_conntrack+0x120/0x1a5 [ip_vs] > > > > ? ip_finish_output2+0x29c/0x390 > > > > ? ip_finish_output2+0x1a2/0x390 > > > > invalid_op+0x1b/0x40 > > > > RIP: 0010:ip_vs_conn_put+0x31/0x40 [ip_vs] > > > > RSP: 0000:ffffa344dde03bb8 EFLAGS: 00010246 > > > > RAX: 0000000000000001 RBX: ffffa344df31cf00 RCX: ffffa344d7450198 > > > > RDX: 0000000000000003 RSI: 00000000fffffe01 RDI: ffffa344d7450140 > > > > RBP: 0000000000000002 R08: 0000000000000476 R09: 0000000000000000 > > > > R10: ffffa344dde03b28 R11: ffffa344df200000 R12: ffffa344d7d09000 > > > > R13: ffffa344def3a980 R14: ffffffffc04f6e20 R15: 0000000000000008 > > > > ip_vs_in.part.29.constprop.36+0x34f/0x640 [ip_vs] > > > > ? ip_vs_conn_out_get+0xe0/0xe0 [ip_vs] > > > > ip_vs_remote_request4+0x47/0xa0 [ip_vs] > > > > ? ip_vs_in.part.29.constprop.36+0x640/0x640 [ip_vs] > > > > nf_hook_slow+0x43/0xc0 > > > > ip_local_deliver+0xac/0xc0 > > > > ? ip_rcv_finish+0x400/0x400 > > > > ip_rcv+0x26c/0x380 > > > > __netif_receive_skb_core+0x3a0/0xb10 > > > > ? inet_gro_receive+0x23c/0x2b0 > > > > ? netif_receive_skb_internal+0x24/0xb0 > > > > netif_receive_skb_internal+0x24/0xb0 > > > > napi_gro_receive+0xb8/0xe0 > > > > xennet_poll+0x676/0xb40 [xen_netfront] > > > > net_rx_action+0x139/0x3a0 > > > > __do_softirq+0xde/0x2b4 > > > > irq_exit+0xae/0xb0 > > > > xen_evtchn_do_upcall+0x2c/0x40 > > > > xen_hvm_callback_vector+0x7d/0x90 > > > > </IRQ> > > > > RIP: 0033:0x7fc9d11c91f9 > > > > RSP: 002b:00007ffebe8a2ea0 EFLAGS: 00000202 ORIG_RAX: > > > > ffffffffffffff0c > > > > RAX: 00000000ffffffff RBX: 0000000002609808 RCX: 0000000000000054 > > > > RDX: 0000000000000001 RSI: 0000000002605440 RDI: 00000000025f940e > > > > RBP: 00000000025f940e R08: 000000000260213d R09: 1999999999999999 > > > > R10: 000000000262a808 R11: 00000000025f942d R12: 00000000025f940e > > > > R13: 00007fc9d1301e20 R14: 00000000025f9408 R15: 00007fc9d1302720 > > > > Code: 48 8b 95 80 00 00 00 41 55 49 8d 8c 24 e0 05 00 > > > > 00 45 8b 84 24 38 04 00 00 41 89 c1 48 89 de 48 c7 c7 a8 2f f2 92 e8 > > > > 7c fa ff ff <0f> 0b 58 5b 5d 41 5c 41 5d c3 0f 1f 44 00 00 55 48 89 e5 > > > > 41 56 > > > > > > > > Reported-by: Net Filter <netfilternetfilter@gmail.com> > > > > Fixes: b54ab92b84b6 ("netfilter: refcounter conversions") > > > > Signed-off-by: Julian Anastasov <ja@ssi.bg> > > > > > > Acked-by: Simon Horman <horms+renesas@verge.net.au> > > > > s/+renesas// > > I have fixed this before applying, no problem. > Great, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c index 370abbf..75de465 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c @@ -232,7 +232,10 @@ static inline int ip_vs_conn_unhash(struct ip_vs_conn *cp) static inline bool ip_vs_conn_unlink(struct ip_vs_conn *cp) { unsigned int hash; - bool ret; + bool ret = false; + + if (cp->flags & IP_VS_CONN_F_ONE_PACKET) + return refcount_dec_if_one(&cp->refcnt); hash = ip_vs_conn_hashkey_conn(cp); @@ -240,15 +243,13 @@ static inline bool ip_vs_conn_unlink(struct ip_vs_conn *cp) spin_lock(&cp->lock); if (cp->flags & IP_VS_CONN_F_HASHED) { - ret = false; /* Decrease refcnt and unlink conn only if we are last user */ if (refcount_dec_if_one(&cp->refcnt)) { hlist_del_rcu(&cp->c_list); cp->flags &= ~IP_VS_CONN_F_HASHED; ret = true; } - } else - ret = refcount_read(&cp->refcnt) ? false : true; + } spin_unlock(&cp->lock); ct_write_unlock_bh(hash); @@ -454,12 +455,6 @@ ip_vs_conn_out_get_proto(struct netns_ipvs *ipvs, int af, } EXPORT_SYMBOL_GPL(ip_vs_conn_out_get_proto); -static void __ip_vs_conn_put_notimer(struct ip_vs_conn *cp) -{ - __ip_vs_conn_put(cp); - ip_vs_conn_expire(&cp->timer); -} - /* * Put back the conn and restart its timer with its timeout */ @@ -478,7 +473,7 @@ void ip_vs_conn_put(struct ip_vs_conn *cp) (refcount_read(&cp->refcnt) == 1) && !timer_pending(&cp->timer)) /* expire connection immediately */ - __ip_vs_conn_put_notimer(cp); + ip_vs_conn_expire(&cp->timer); else __ip_vs_conn_put_timer(cp); }
Connections in One-packet scheduling mode (-o, --ops) are removed with refcnt=0 because they are not hashed in conn table. To avoid refcount_dec reporting this as error, change them to be removed with refcount_dec_if_one as all other connections. refcount_t hit zero at ip_vs_conn_put+0x31/0x40 [ip_vs] in sh[15519], uid/euid: 497/497 WARNING: CPU: 0 PID: 15519 at ../kernel/panic.c:657 refcount_error_report+0x94/0x9e Modules linked in: ip_vs_rr cirrus ttm sb_edac edac_core drm_kms_helper crct10dif_pclmul crc32_pclmul ghash_clmulni_intel pcbc mousedev drm aesni_intel aes_x86_64 crypto_simd glue_helper cryptd psmouse evdev input_leds led_class intel_agp fb_sys_fops syscopyarea sysfillrect intel_rapl_perf mac_hid intel_gtt serio_raw sysimgblt agpgart i2c_piix4 i2c_core ata_generic pata_acpi floppy cfg80211 rfkill button loop macvlan ip_vs nf_conntrack libcrc32c crc32c_generic ip_tables x_tables ipv6 crc_ccitt autofs4 ext4 crc16 mbcache jbd2 fscrypto ata_piix libata atkbd libps2 scsi_mod crc32c_intel i8042 rtc_cmos serio af_packet dm_mod dax fuse xen_netfront xen_blkfront CPU: 0 PID: 15519 Comm: sh Tainted: G W 4.15.17 #1-NixOS Hardware name: Xen HVM domU, BIOS 4.2.amazon 08/24/2006 RIP: 0010:refcount_error_report+0x94/0x9e RSP: 0000:ffffa344dde039c8 EFLAGS: 00010296 RAX: 0000000000000057 RBX: ffffffff92f20e06 RCX: 0000000000000006 RDX: 0000000000000007 RSI: 0000000000000086 RDI: ffffa344dde165c0 RBP: ffffa344dde03b08 R08: 0000000000000218 R09: 0000000000000004 R10: ffffffff93006a80 R11: 0000000000000001 R12: ffffa344d68cd100 R13: 00000000000001f1 R14: ffffffff92f12fb0 R15: 0000000000000004 FS: 00007fc9d2040fc0(0000) GS:ffffa344dde00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000262a000 CR3: 0000000016a0c004 CR4: 00000000001606f0 Call Trace: <IRQ> ex_handler_refcount+0x4e/0x80 fixup_exception+0x33/0x40 do_trap+0x83/0x140 do_error_trap+0x83/0xf0 ? ip_vs_conn_drop_conntrack+0x120/0x1a5 [ip_vs] ? ip_finish_output2+0x29c/0x390 ? ip_finish_output2+0x1a2/0x390 invalid_op+0x1b/0x40 RIP: 0010:ip_vs_conn_put+0x31/0x40 [ip_vs] RSP: 0000:ffffa344dde03bb8 EFLAGS: 00010246 RAX: 0000000000000001 RBX: ffffa344df31cf00 RCX: ffffa344d7450198 RDX: 0000000000000003 RSI: 00000000fffffe01 RDI: ffffa344d7450140 RBP: 0000000000000002 R08: 0000000000000476 R09: 0000000000000000 R10: ffffa344dde03b28 R11: ffffa344df200000 R12: ffffa344d7d09000 R13: ffffa344def3a980 R14: ffffffffc04f6e20 R15: 0000000000000008 ip_vs_in.part.29.constprop.36+0x34f/0x640 [ip_vs] ? ip_vs_conn_out_get+0xe0/0xe0 [ip_vs] ip_vs_remote_request4+0x47/0xa0 [ip_vs] ? ip_vs_in.part.29.constprop.36+0x640/0x640 [ip_vs] nf_hook_slow+0x43/0xc0 ip_local_deliver+0xac/0xc0 ? ip_rcv_finish+0x400/0x400 ip_rcv+0x26c/0x380 __netif_receive_skb_core+0x3a0/0xb10 ? inet_gro_receive+0x23c/0x2b0 ? netif_receive_skb_internal+0x24/0xb0 netif_receive_skb_internal+0x24/0xb0 napi_gro_receive+0xb8/0xe0 xennet_poll+0x676/0xb40 [xen_netfront] net_rx_action+0x139/0x3a0 __do_softirq+0xde/0x2b4 irq_exit+0xae/0xb0 xen_evtchn_do_upcall+0x2c/0x40 xen_hvm_callback_vector+0x7d/0x90 </IRQ> RIP: 0033:0x7fc9d11c91f9 RSP: 002b:00007ffebe8a2ea0 EFLAGS: 00000202 ORIG_RAX: ffffffffffffff0c RAX: 00000000ffffffff RBX: 0000000002609808 RCX: 0000000000000054 RDX: 0000000000000001 RSI: 0000000002605440 RDI: 00000000025f940e RBP: 00000000025f940e R08: 000000000260213d R09: 1999999999999999 R10: 000000000262a808 R11: 00000000025f942d R12: 00000000025f940e R13: 00007fc9d1301e20 R14: 00000000025f9408 R15: 00007fc9d1302720 Code: 48 8b 95 80 00 00 00 41 55 49 8d 8c 24 e0 05 00 00 45 8b 84 24 38 04 00 00 41 89 c1 48 89 de 48 c7 c7 a8 2f f2 92 e8 7c fa ff ff <0f> 0b 58 5b 5d 41 5c 41 5d c3 0f 1f 44 00 00 55 48 89 e5 41 56 Reported-by: Net Filter <netfilternetfilter@gmail.com> Fixes: b54ab92b84b6 ("netfilter: refcounter conversions") Signed-off-by: Julian Anastasov <ja@ssi.bg> --- net/netfilter/ipvs/ip_vs_conn.c | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-)