lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <55AF869E.4030304@yandex-team.ru>
Date:	Wed, 22 Jul 2015 15:03:42 +0300
From:	Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
To:	Daniel Borkmann <daniel@...earbox.net>
CC:	netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>,
	Tejun Heo <tj@...nel.org>, cgroups@...r.kernel.org,
	Li Zefan <lizefan@...wei.com>, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v2] cgroup: net_cls: fix false-positive "suspicious RCU
 usage"

On 22.07.2015 14:56, Daniel Borkmann wrote:
> On 07/22/2015 11:23 AM, Konstantin Khlebnikov wrote:
>> In dev_queue_xmit() net_cls protected with rcu-bh.
> ...
>> Signed-off-by: Konstantin Khlebnikov <khlebnikov@...dex-team.ru>
>> ---
>>   net/core/netclassid_cgroup.c |    3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/core/netclassid_cgroup.c b/net/core/netclassid_cgroup.c
>> index 1f2a126f4ffa..6441f47b1a8f 100644
>> --- a/net/core/netclassid_cgroup.c
>> +++ b/net/core/netclassid_cgroup.c
>> @@ -23,7 +23,8 @@ static inline struct cgroup_cls_state
>> *css_cls_state(struct cgroup_subsys_state
>>
>>   struct cgroup_cls_state *task_cls_state(struct task_struct *p)
>>   {
>> -    return css_cls_state(task_css(p, net_cls_cgrp_id));
>> +    return css_cls_state(task_css_check(p, net_cls_cgrp_id,
>> +                        rcu_read_lock_bh_held()));
>
> Did you also check that after your patch this doesn't trigger on ingress
> either? There, this code path could be invoked under rcu_read_lock(). So,
> perhaps you need to check for both.

I haven't seen warnings with this patch. rcu_read_lock_held() is
checked inside rcu_dereference_check() inside task_css_check().

So, overall check expression is:

lockdep_is_held(&cgroup_mutex) ||  <- in task_css_set_check
lockdep_is_held(&css_set_rwsem) ||
((task)->flags & PF_EXITING) ||
rcu_read_lock_bh_held() || <- mine
rcu_read_lock_held() <- in rcu_dereference_check

>
>>   }
>>   EXPORT_SYMBOL_GPL(task_cls_state);


-- 
Konstantin
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ