From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=jPLy=QX=vger.kernel.org=netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.9 required=3.0 tests=DKIM_SIGNED,DKIM_VALID,
	DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS
	autolearn=ham autolearn_force=no version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 77D4AC43381
	for <netdev@archiver.kernel.org>; Sat, 16 Feb 2019 16:34:43 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 41107222E0
	for <netdev@archiver.kernel.org>; Sat, 16 Feb 2019 16:34:43 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="CAGxIxWy"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1731331AbfBPQel (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Sat, 16 Feb 2019 11:34:41 -0500
Received: from mail-lj1-f195.google.com ([209.85.208.195]:36128 "EHLO
        mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726689AbfBPQel (ORCPT
        <rfc822;netdev@vger.kernel.org>); Sat, 16 Feb 2019 11:34:41 -0500
Received: by mail-lj1-f195.google.com with SMTP id g11-v6so10955926ljk.3
        for <netdev@vger.kernel.org>; Sat, 16 Feb 2019 08:34:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=RrwCInYuX9Xtjy4HRWf4S925wG4vs6c5+kspk9dbp5o=;
        b=CAGxIxWyR4NloglEgOoM9hE/Hu8ftO/imH0qdbsiW5m2CMTikYLwtXyqxXh9G1czTa
         6hAd5Oc7lk5YYgajKkgR25Hr/us3QhQAbMTnORR0pX0UVtx1jPcgjW1CMPTCRf4oa11n
         yEuJx0/eLwJ5wjka4kRCMtC4jaehh+IlOt/9od69JyrwvevmiyVt9M/bQz8t3nEEQxEg
         8uTn3tDFIHoQc1XiiwI44BQTR03n0U9WkwHTay6UJKDfy9KUqB+itEXv8p3kQpQA7QE8
         8aQQSbi28zQZLPJwDG+JWJqvSbqUz3lPiMo1MZQcymwfBcEnsU+85T+49CE45IvAWNdq
         +XdA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=RrwCInYuX9Xtjy4HRWf4S925wG4vs6c5+kspk9dbp5o=;
        b=CNPIGlR2QTRjsIQKVtHjbPl6mr0ut+c+gjISCGp4mNJ9JCS6T0P4UfkxwGU/tPmWQO
         bpVeoi+0E6FbXCfxf/ERmVWkPReBdXKICa+npRNhOnHbB2L0NI2Lv9IDkLDgiEACxPb6
         BJP0qSVEXCgfeefWZeISRtFGxv7beU6qHf/PKv6M0tf3ewMaLkpDII9qo7wbXqxP3jqV
         3jlDFmYEXKosHr1aSt9fpee2HW3dbC1CsYEzaeDA+j4+BoJjVKh9U15GEgjDvxcgzmy5
         UW3GpcAzufN/rP22Kwo0HcdfxCgE7dv+oAIRCHGwAAtOMgM2il6mZErhhLnBT3wv6+WF
         rzIQ==
X-Gm-Message-State: AHQUAubjJiJJbCqJCs8TgyV9M4tAA/EE5dBpUVdayPwXgk4d1UmKuP6M
        xK9OgvMPxIfblnqvXSLdycqEm1Az4Tnmk4VTU4LNMn1T
X-Google-Smtp-Source: AHgI3IY/inaMZK5/vpZfQ1OalP8E+UYBDOK88eZt3yRrnoJySTGY1TbQEudHeDe7VMUktbtbG6QaGvJpZ+1mKysgoV4=
X-Received: by 2002:a2e:4c0a:: with SMTP id z10-v6mr9032157lja.85.1550334879221;
 Sat, 16 Feb 2019 08:34:39 -0800 (PST)
MIME-Version: 1.0
References: <1550278683-17239-1-git-send-email-wenxu@ucloud.cn>
In-Reply-To: <1550278683-17239-1-git-send-email-wenxu@ucloud.cn>
From:   Alexei Starovoitov <alexei.starovoitov@gmail.com>
Date:   Sat, 16 Feb 2019 08:34:27 -0800
Message-ID: <CAADnVQLnjFREuRCO2+fDzgiiGd3tbR3924NV7tAinoQbmdHL-g@mail.gmail.com>
Subject: Re: [PATCH net-next] ip_tunnel: Fix DST_METADATA dst_entry handle in tnl_update_pmtu
To:     wenxu@ucloud.cn
Cc:     "David S. Miller" <davem@davemloft.net>, rong.a.chen@intel.com,
        Network Development <netdev@vger.kernel.org>,
        Stephen Rothwell <sfr@canb.auug.org.au>, LKP <lkp@01.org>
Content-Type: text/plain; charset="UTF-8"
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

On Sat, Feb 16, 2019 at 2:11 AM <wenxu@ucloud.cn> wrote:
>
> From: wenxu <wenxu@ucloud.cn>
>
> BUG report in selftests: bpf: test_tunnel.sh
>
> Testing IPIP tunnel...
> BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
> PGD 0 P4D 0
> Oops: 0010 [#1] SMP PTI
> CPU: 0 PID: 16822 Comm: ping Not tainted 5.0.0-rc3-00352-gc8b34e6 #1
> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.10.2-1 04/01/2014
> RIP: 0010:          (null)
> Code: Bad RIP value.
> RSP: 0018:ffffc9000104f9c8 EFLAGS: 00010286
> RAX: 0000000000000000 RBX: ffffe8ffffc071a8 RCX: 0000000000000000
> RDX: ffff888054e33000 RSI: ffff88807796f500 RDI: ffffe8ffffc07130
> RBP: ffff88807796f500 R08: ffff88806da4f0a0 R09: 0000000000000000
> R10: 0000000000000004 R11: ffff888054e33000 R12: 0000000000000054
> R13: ffff88805e714000 R14: ffff88806da4f0a0 R15: 0000000000000000
> FS:  00007f4c00431500(0000) GS:ffff88813fc00000(0000) knlGS:0000000000000000
> CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> CR2: ffffffffffffffd6 CR3: 000000008276e000 CR4: 00000000000406f0
> Call Trace:
>  ? tnl_update_pmtu+0x21b/0x250 [ip_tunnel]
>  ? ip_md_tunnel_xmit+0x1b7/0xdc0 [ip_tunnel]
>  ? ipip_tunnel_xmit+0x90/0xc0 [ipip]
>  ? dev_hard_start_xmit+0x98/0x210
>  ? __dev_queue_xmit+0x6a9/0x8e0
>
> The bpf program set tunnel_key through bpf_skb_set_tunnel_key which will
> drop the old dst_entry and create a DST_METADATA dst_entry. It will lead
> the tunnel_update_pmtu operator the dst_entry incorrect. So It should be
> check the dst_entry is valid.
>
> Fixes: c8b34e680a09 ("ip_tunnel: Add tnl_update_pmtu in ip_md_tunnel_xmit")
> Signed-off-by: wenxu <wenxu@ucloud.cn>

different fix for this issue was sent earlier:
https://patchwork.ozlabs.org/patch/1042687/
I think it's more complete than this one.