[RHEL8,COMMIT] ms/af_packet: set defaule value for tmo

Submitted by Konstantin Khorenko on Sept. 30, 2020, 2:25 p.m.

Details

Message ID 202009301425.08UEPab0067353@finist-co8.sw.ru
State New
Series "ms/af_packet: set defaule value for tmo"
Headers show

Commit Message

Konstantin Khorenko Sept. 30, 2020, 2:25 p.m.
The commit is pushed to "branch-rh8-4.18.0-193.6.3.vz8.4.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh8-4.18.0-193.6.3.vz8.4.9
------>
commit 045305fc5ab06ad33653fa0adac554df695d167c
Author: Mao Wenan <maowenan@huawei.com>
Date:   Wed Sep 30 17:25:36 2020 +0300

    ms/af_packet: set defaule value for tmo
    
    There is softlockup when using TPACKET_V3:
    ...
    NMI watchdog: BUG: soft lockup - CPU#2 stuck for 60010ms!
    (__irq_svc) from [<c0558a0c>] (_raw_spin_unlock_irqrestore+0x44/0x54)
    (_raw_spin_unlock_irqrestore) from [<c027b7e8>] (mod_timer+0x210/0x25c)
    (mod_timer) from [<c0549c30>]
    (prb_retire_rx_blk_timer_expired+0x68/0x11c)
    (prb_retire_rx_blk_timer_expired) from [<c027a7ac>]
    (call_timer_fn+0x90/0x17c)
    (call_timer_fn) from [<c027ab6c>] (run_timer_softirq+0x2d4/0x2fc)
    (run_timer_softirq) from [<c021eaf4>] (__do_softirq+0x218/0x318)
    (__do_softirq) from [<c021eea0>] (irq_exit+0x88/0xac)
    (irq_exit) from [<c0240130>] (msa_irq_exit+0x11c/0x1d4)
    (msa_irq_exit) from [<c0209cf0>] (handle_IPI+0x650/0x7f4)
    (handle_IPI) from [<c02015bc>] (gic_handle_irq+0x108/0x118)
    (gic_handle_irq) from [<c0558ee4>] (__irq_usr+0x44/0x5c)
    ...
    
    If __ethtool_get_link_ksettings() is failed in
    prb_calc_retire_blk_tmo(), msec and tmo will be zero, so tov_in_jiffies
    is zero and the timer expire for retire_blk_timer is turn to
    mod_timer(&pkc->retire_blk_timer, jiffies + 0),
    which will trigger cpu usage of softirq is 100%.
    
    Fixes: f6fb8f100b80 ("af-packet: TPACKET_V3 flexible buffer implementation.")
    Tested-by: Xiao Jiangfeng <xiaojiangfeng@huawei.com>
    Signed-off-by: Mao Wenan <maowenan@huawei.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>
    
    Commit b43d1f9f7067c6759b1051e8ecb84e82cef569fe in the mainline kernel.
    
    CVE-2019-20812
    https://jira.sw.ru/browse/PSBM-120644
    
    Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
---
 net/packet/af_packet.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 02e4ed3c3469..34de1bff282c 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -552,7 +552,8 @@  static int prb_calc_retire_blk_tmo(struct packet_sock *po,
 			msec = 1;
 			div = ecmd.base.speed / 1000;
 		}
-	}
+	} else
+		return DEFAULT_PRB_RETIRE_TOV;
 
 	mbits = (blk_size_in_bytes * 8) / (1024 * 1024);