lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20180710105551.ds6weeo7y7keekb5@pathway.suse.cz>
Date:   Tue, 10 Jul 2018 12:55:51 +0200
From:   Petr Mladek <pmladek@...e.com>
To:     Eric Dumazet <eric.dumazet@...il.com>
Cc:     Dmitry Vyukov <dvyukov@...gle.com>,
        syzbot <syzbot+e9f364d3b15ce41d8451@...kaller.appspotmail.com>,
        Samuel Ortiz <sameo@...ux.intel.com>,
        David Miller <davem@...emloft.net>,
        linux-wireless@...r.kernel.org, netdev <netdev@...r.kernel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Steven Rostedt <rostedt@...dmis.org>,
        Sergey Senozhatsky <sergey.senozhatsky@...il.com>,
        syzkaller-bugs <syzkaller-bugs@...glegroups.com>
Subject: Re: INFO: rcu detected stall in llcp_sock_sendmsg

On Mon 2018-07-09 14:05:08, Eric Dumazet wrote:
> 
> 
> On 07/09/2018 01:50 PM, Dmitry Vyukov wrote:
> > On Mon, Jul 9, 2018 at 10:34 PM, syzbot
> > <syzbot+e9f364d3b15ce41d8451@...kaller.appspotmail.com> wrote:
> >> Hello,
> >>
> >> syzbot found the following crash on:
> >>
> >> HEAD commit:    1e4b044d2251 Linux 4.18-rc4
> >> git tree:       upstream
> >> console output: https://syzkaller.appspot.com/x/log.txt?x=1414c2c2400000
> >> kernel config:  https://syzkaller.appspot.com/x/.config?x=25856fac4e580aa7
> >> dashboard link: https://syzkaller.appspot.com/bug?extid=e9f364d3b15ce41d8451
> >> compiler:       gcc (GCC) 8.0.1 20180413 (experimental)
> >>
> >> Unfortunately, I don't have any reproducer for this crash yet.
> >>
> >> IMPORTANT: if you fix the bug, please add the following tag to the commit:
> >> Reported-by: syzbot+e9f364d3b15ce41d8451@...kaller.appspotmail.com
> > 
> > Looks like the problem is actually in nfc, so +nfc maintainers.
> 
> Note this issue was discussed before, maybe we should patch NFC without waiting for nfc maintainer.

Do you have any particular solution in mind, please? See below.

> ----------------------------------------------------
> 
> On 06/25/2018 10:12 PM, Sergey Senozhatsky wrote:
> > On (06/26/18 07:07), Dmitry Vyukov wrote:
> > [..]
> >>>  #include <net/nfc/nfc.h>
> >>> @@ -755,7 +756,8 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
> >>>                 pdu = nfc_alloc_send_skb(sock->dev, &sock->sk, MSG_DONTWAIT,
> >>>                                          frag_len + LLCP_HEADER_SIZE, &err);
> >>>                 if (pdu == NULL) {
> >>> -                       pr_err("Could not allocate PDU\n");
> >>> +                       pr_err_ratelimited("Could not allocate PDU\n");
> >>> +                       cond_resched();
> >>>                         continue;
> >>>                 }
> >>
> >>
> >> But this thread is still in an infinite (unkillable?) loop? If yes, we
> >> are waiting for the next syzbot report 
> >
> > The loop is still infinite, correct, but we have a preemption point now.
> > Sure, net people can come with a much better solution, I'll be happy to
> > scratch my patch.
> >
> 
> This can not be the right solution, think about current thread being real time,
> cond_resched() might be a nop.
> 
> We should probably not loop at all, or not use MSG_DONTWAIT.

These two solutions look promising. But they both need to
get reviewed by someone familiar with the code.

On one hand, nfc_llcp_send_ui_frame() already returns some errors
before sending anything. But I am not sure how to deal with situation
when a fragment of the message has already been sent.

Best Regards,
Petr

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ