• Guillaume Nault's avatar
    l2tp: fix configuration passed to setup_udp_tunnel_sock() · a5c5e2da
    Guillaume Nault authored
    Unused fields of udp_cfg must be all zeros. Otherwise
    setup_udp_tunnel_sock() fills ->gro_receive and ->gro_complete
    callbacks with garbage, eventually resulting in panic when used by
    udp_gro_receive().
    
    [   72.694123] BUG: unable to handle kernel paging request at ffff880033f87d78
    [   72.695518] IP: [<ffff880033f87d78>] 0xffff880033f87d78
    [   72.696530] PGD 26e2067 PUD 26e3067 PMD 342ed063 PTE 8000000033f87163
    [   72.696530] Oops: 0011 [#1] SMP KASAN
    [   72.696530] Modules linked in: l2tp_ppp l2tp_netlink l2tp_core ip6_udp_tunnel udp_tunnel pptp gre pppox ppp_generic slhc crc32c_intel ghash_clmulni_intel jitterentropy_rng sha256_generic hmac drbg ansi_cprng aesni_intel evdev aes_x86_64 ablk_helper cryptd lrw gf128mul glue_helper serio_raw acpi_cpufreq button proc\
    essor ext4 crc16 jbd2 mbcache virtio_blk virtio_net virtio_pci virtio_ring virtio
    [   72.696530] CPU: 3 PID: 0 Comm: swapper/3 Not tainted 4.7.0-rc1 #1
    [   72.696530] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Debian-1.8.2-1 04/01/2014
    [   72.696530] task: ffff880035b59700 ti: ffff880035b70000 task.ti: ffff880035b70000
    [   72.696530] RIP: 0010:[<ffff880033f87d78>]  [<ffff880033f87d78>] 0xffff880033f87d78
    [   72.696530] RSP: 0018:ffff880035f87bc0  EFLAGS: 00010246
    [   72.696530] RAX: ffffed000698f996 RBX: ffff88003326b840 RCX: ffffffff814cc823
    [   72.696530] RDX: ffff88003326b840 RSI: ffff880033e48038 RDI: ffff880034c7c780
    [   72.696530] RBP: ffff880035f87c18 R08: 000000000000a506 R09: 0000000000000000
    [   72.696530] R10: ffff880035f87b38 R11: ffff880034b9344d R12: 00000000ebfea715
    [   72.696530] R13: 0000000000000000 R14: ffff880034c7c780 R15: 0000000000000000
    [   72.696530] FS:  0000000000000000(0000) GS:ffff880035f80000(0000) knlGS:0000000000000000
    [   72.696530] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [   72.696530] CR2: ffff880033f87d78 CR3: 0000000033c98000 CR4: 00000000000406a0
    [   72.696530] Stack:
    [   72.696530]  ffffffff814cc834 ffff880034b93468 0000001481416818 ffff88003326b874
    [   72.696530]  ffff880034c7ccb0 ffff880033e48038 ffff88003326b840 ffff880034b93462
    [   72.696530]  ffff88003326b88a ffff88003326b88c ffff880034b93468 ffff880035f87c70
    [   72.696530] Call Trace:
    [   72.696530]  <IRQ>
    [   72.696530]  [<ffffffff814cc834>] ? udp_gro_receive+0x1c6/0x1f9
    [   72.696530]  [<ffffffff814ccb1c>] udp4_gro_receive+0x2b5/0x310
    [   72.696530]  [<ffffffff814d989b>] inet_gro_receive+0x4a3/0x4cd
    [   72.696530]  [<ffffffff81431b32>] dev_gro_receive+0x584/0x7a3
    [   72.696530]  [<ffffffff810adf7a>] ? __lock_is_held+0x29/0x64
    [   72.696530]  [<ffffffff814321f7>] napi_gro_receive+0x124/0x21d
    [   72.696530]  [<ffffffffa000b145>] virtnet_receive+0x8df/0x8f6 [virtio_net]
    [   72.696530]  [<ffffffffa000b27e>] virtnet_poll+0x1d/0x8d [virtio_net]
    [   72.696530]  [<ffffffff81431350>] net_rx_action+0x15b/0x3b9
    [   72.696530]  [<ffffffff815893d6>] __do_softirq+0x216/0x546
    [   72.696530]  [<ffffffff81062392>] irq_exit+0x49/0xb6
    [   72.696530]  [<ffffffff81588e9a>] do_IRQ+0xe2/0xfa
    [   72.696530]  [<ffffffff81587a49>] common_interrupt+0x89/0x89
    [   72.696530]  <EOI>
    [   72.696530]  [<ffffffff810b05df>] ? trace_hardirqs_on_caller+0x229/0x270
    [   72.696530]  [<ffffffff8102b3c7>] ? default_idle+0x1c/0x2d
    [   72.696530]  [<ffffffff8102b3c5>] ? default_idle+0x1a/0x2d
    [   72.696530]  [<ffffffff8102bb8c>] arch_cpu_idle+0xa/0xc
    [   72.696530]  [<ffffffff810a6c39>] default_idle_call+0x1a/0x1c
    [   72.696530]  [<ffffffff810a6d96>] cpu_startup_entry+0x15b/0x20f
    [   72.696530]  [<ffffffff81039a81>] start_secondary+0x12c/0x133
    [   72.696530] Code: ff ff ff ff ff ff ff ff ff ff 7f ff ff ff ff ff ff ff 7f 00 7e f8 33 00 88 ff ff 6d 61 58 81 ff ff ff ff 5e de 0a 81 ff ff ff ff <00> 5c e2 34 00 88 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00
    [   72.696530] RIP  [<ffff880033f87d78>] 0xffff880033f87d78
    [   72.696530]  RSP <ffff880035f87bc0>
    [   72.696530] CR2: ffff880033f87d78
    [   72.696530] ---[ end trace ad7758b9a1dccf99 ]---
    [   72.696530] Kernel panic - not syncing: Fatal exception in interrupt
    [   72.696530] Kernel Offset: disabled
    [   72.696530] ---[ end Kernel panic - not syncing: Fatal exception in interrupt
    
    v2: use empty initialiser instead of "{ NULL }" to avoid relying on
        first field's type.
    
    Fixes: 38fd2af2 ("udp: Add socket based GRO and config")
    Signed-off-by: default avatarGuillaume Nault <g.nault@alphalink.fr>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    a5c5e2da
l2tp_core.c 51.2 KB