Fwd: Re: [Patch net] ppp: defer netns reference release for ppp channel

Simon Arlott simon at fire.lp0.eu
Wed Nov 9 22:29:02 UTC 2016

Could this be added to 4.4?

It's really inconvenient hitting the BUG() in ppp_pernet via ppp_ioctl
as it holds a global ppp mutex and then no new ppp channels can be
established because pppd just hangs in ppp_ioctl.

commit 205e1e255c479f3fd77446415706463b282f94e4
Author: WANG Cong <xiyou.wangcong at gmail.com>
Date:   Tue Jul 5 22:12:36 2016 -0700

    ppp: defer netns reference release for ppp channel
    Matt reported that we have a NULL pointer dereference
    in ppp_pernet() from ppp_connect_channel(),
    i.e. pch->chan_net is NULL.
    This is due to that a parallel ppp_unregister_channel()
    could happen while we are in ppp_connect_channel(), during
    which pch->chan_net set to NULL. Since we need a reference
    to net per channel, it makes sense to sync the refcnt
    with the life time of the channel, therefore we should
    release this reference when we destroy it.
    Fixes: 1f461dcdd296 ("ppp: take reference on channels netns")
    Reported-by: Matt Bennett <Matt.Bennett at alliedtelesis.co.nz>
    Cc: Paul Mackerras <paulus at samba.org>
    Cc: linux-ppp at vger.kernel.org
    Cc: Guillaume Nault <g.nault at alphalink.fr>
    Cc: Cyrill Gorcunov <gorcunov at openvz.org>
    Signed-off-by: Cong Wang <xiyou.wangcong at gmail.com>
    Reviewed-by: Cyrill Gorcunov <gorcunov at openvz.org>
    Signed-off-by: David S. Miller <davem at davemloft.net>

[1594078.537465] ------------[ cut here ]------------
[1594078.537753] kernel BUG at /build/linux-kOWph6/linux-4.4.0/drivers/net/ppp/ppp_generic.c:293!
[1594078.538065] invalid opcode: 0000 [#1] SMP 
[1594078.538382] Modules linked in: it87 hwmon_vid cpuid tcp_diag inet_diag nf_conntrack_netlink vhost_net vhost macvtap macvlan act_mirred cls_basic sch_ingress sch_fq_codel sch_tbf drbg ansi_cprng ctr ccm ip6table_nat nf_nat_ipv6 ip6t_REJECT nf_reject_ipv6 nf_conntrack_ipv6 nf_defrag_ipv6 ip6table_filter ip6_tables pppoe xt_nat iptable_nat nf_nat_ipv4 pppox nf_nat ts_kmp xt_tcpudp ipt_REJECT nf_reject_ipv4 nf_conntrack_ipv4 nf_defrag_ipv4 xt_owner xt_conntrack xt_string xt_set iptable_filter ip_tables ip_set_hash_netport ip_set_hash_ip ip_set_hash_ipportnet ip_set_hash_ipport ip_set_bitmap_port ip_set_hash_net ip_set nfnetlink ebt_ip6 ebt_ip ebtable_filter ebtables x_tables binfmt_misc arc4 intel_rapl x86_pkg_temp_thermal intel_powerclamp dm_snapshot coretemp dm_bufio crct10dif_pclmul ppdev crc32_pclmul
[1594078.540148]  snd_hda_codec_hdmi snd_hda_codec_realtek snd_hda_codec_generic rt2800usb aesni_intel rt2x00usb aes_x86_64 rt2800lib snd_hda_intel lrw rt2x00lib hci_uart snd_hda_codec gf128mul mac80211 snd_hda_core btbcm cfg80211 bridge crc_ccitt stp glue_helper btqca ablk_helper snd_hwdep llc kvm_intel acpi_als snd_pcm serio_raw btintel cryptd bluetooth kfifo_buf snd_timer kvm cdc_acm snd irqbypass parport_pc intel_lpss_acpi mei_me industrialio mac_hid 8250_fintek parport tpm_infineon soundcore intel_lpss shpchp mei acpi_pad nfsd auth_rpcgss ifb dummy nfs_acl nf_conntrack_ftp nf_conntrack lockd grace sunrpc autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid0 multipath linear raid1 hid_generic usbhid i915_bpo psmouse intel_ips e1000e i2c_algo_bit
[1594078.542642]  drm_kms_helper ptp syscopyarea sysfillrect r8169 pps_core sysimgblt fb_sys_fops mii drm ahci libahci video wmi pinctrl_sunrisepoint i2c_hid pinctrl_intel hid fjes
[1594078.543929] CPU: 0 PID: 10769 Comm: pppd Tainted: G        W       4.4.0-45-generic #66-Ubuntu
[1594078.544433] Hardware name: Gigabyte Technology Co., Ltd. To be filled by O.E.M./H170-HD3-CF, BIOS F2 07/27/2015
[1594078.544962] task: ffff880830a43b00 ti: ffff8805b48c4000 task.ti: ffff8805b48c4000
[1594078.545502] RIP: 0010:[<ffffffff81601fdb>]  [<ffffffff81601fdb>] ppp_ioctl+0xb1b/0xd80
[1594078.546055] RSP: 0018:ffff8805b48c7e30  EFLAGS: 00010246
[1594078.546599] RAX: 0000000000000000 RBX: 000000004004743a RCX: 00005562f1345588
[1594078.547160] RDX: 0000000000000001 RSI: 000000004004743a RDI: ffffffff81ee2fe0
[1594078.547735] RBP: ffff8805b48c7e98 R08: 0000000000008010 R09: 0000000000000000
[1594078.548301] R10: 0000000000004000 R11: 0000000000000246 R12: 00005562f1345588
[1594078.548880] R13: ffff88084ab13800 R14: 0000000000000001 R15: ffff8807f7546d00
[1594078.549481] FS:  00007f151d460700(0000) GS:ffff880873c00000(0000) knlGS:0000000000000000
[1594078.550079] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[1594078.550683] CR2: 000055ebce1e6000 CR3: 00000001facf6000 CR4: 00000000003426f0
[1594078.551304] Stack:
[1594078.551923]  ffffffff8138ccb5 0000000000000000 ffffffff81ea1a40 ffff88084a495000
[1594078.552566]  0000000100000000 ffff88084a495010 ffff88084f00c808 0000000099837d1a
[1594078.553215]  ffff880848c33628 00005562f1345588 ffff8807f7546d00 000000004004743a
[1594078.553881] Call Trace:
[1594078.554544]  [<ffffffff8138ccb5>] ? common_file_perm+0x55/0x180
[1594078.555222]  [<ffffffff8122124f>] do_vfs_ioctl+0x29f/0x490
[1594078.555904]  [<ffffffff8120d9e9>] ? vfs_write+0x149/0x1a0
[1594078.556591]  [<ffffffff8120c8df>] ? do_sys_open+0x1bf/0x2a0
[1594078.557274]  [<ffffffff812214b9>] SyS_ioctl+0x79/0x90
[1594078.557985]  [<ffffffff818318b2>] entry_SYSCALL_64_fastpath+0x16/0x71
[1594078.558697] Code: ff 41 8b 84 95 a0 00 00 00 48 8d 75 b8 ba 08 00 00 00 4c 89 e7 89 45 bc e8 13 cc df ff 48 85 c0 0f 85 5a f7 ff ff e9 c0 f5 ff ff <0f> 0b 4d 8d b7 80 00 00 00 4c 89 f7 e8 c4 f3 22 00 49 8d 57 7c 
[1594078.559526] RIP  [<ffffffff81601fdb>] ppp_ioctl+0xb1b/0xd80
[1594078.560289]  RSP <ffff8805b48c7e30>
[1594078.561059] ---[ end trace 346282bfc75d9db7 ]---

Simon Arlott

More information about the kernel-team mailing list