lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <ebded533-8c29-6ceb-6384-f02a77291434@huawei.com>
Date:   Mon, 23 Dec 2019 11:21:57 +0000
From:   John Garry <john.garry@...wei.com>
To:     "jmorris@...ei.org" <jmorris@...ei.org>,
        "serge@...lyn.com" <serge@...lyn.com>
CC:     Anders Roxell <anders.roxell@...aro.org>,
        "paulmck@...nel.org" <paulmck@...nel.org>,
        <linux-security-module@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Report: suspicious RCU usage in security code

Hi guys,

I have noticed this WARN on Kernel v5.5-rc3 on my arm64 system:

[   25.952600] =============================
[   25.952602] WARNING: suspicious RCU usage
[   25.952606] 5.5.0-rc3-dirty #816 Not tainted
[   25.952609] -----------------------------
[   25.952613] security/device_cgroup.c:355 RCU-list traversed in 
non-reader section!!
[   25.952615]
                other info that might help us debug this:

[   25.952618]
                rcu_scheduler_active = 2, debug_locks = 1
[   25.952621] 4 locks held by systemd/1:
[   25.952624]  #0: ffff0023de3c4410 (sb_writers#8){.+.+}, at: 
vfs_write+0x1c0/0x1e0
[   25.952637]  #1: ffff0023e732f880 (&of->mutex){+.+.}, at: 
kernfs_fop_write+0x12c/0x250
[   25.952648]  #2: ffff0023e45c4288 (kn->count#30){++++}, at: 
kernfs_fop_write+0x134/0x250
[   25.952656]  #3: ffff800011c4e098 (devcgroup_mutex){+.+.}, at: 
devcgroup_access_write+0x4c/0x6d0
[   25.952663]
                stack backtrace:
[   25.952668] CPU: 6 PID: 1 Comm: systemd Not tainted 5.5.0-rc3-dirty #816
[   25.952670] Hardware name: Huawei D06 /D06, BIOS Hisilicon D06 UEFI 
RC0 - V1.16.01 03/15/2019
[   25.952672] Call trace:
[   25.952675]  dump_backtrace+0x0/0x1a0
[   25.952678]  show_stack+0x14/0x20
[   25.952681]  dump_stack+0xe8/0x150
[   25.952685]  lockdep_rcu_suspicious+0xcc/0x110
[   25.952689]  match_exception_partial+0x118/0x120
[   25.952691]  verify_new_ex+0x64/0xf0
[   25.952694]  devcgroup_access_write+0x3c8/0x6d0
[   25.952697]  cgroup_file_write+0x88/0x1e0
[   25.952700]  kernfs_fop_write+0x15c/0x250
[   25.952703]  __vfs_write+0x18/0x38
[   25.952705]  vfs_write+0xb4/0x1e0
[   25.952708]  ksys_write+0x68/0xf8
[   25.952711]  __arm64_sys_write+0x18/0x20
[   25.952715]  el0_svc_common.constprop.2+0x74/0x170
[   25.952717]  el0_svc_handler+0x20/0x80
[   25.952720]  el0_sync_handler+0x114/0x1d0
[   25.952722]  el0_sync+0x140/0x180
john@...ntu:~$
john@...ntu:~$


RCU Kconfig options:

more .config | grep RCU
# RCU Subsystem
CONFIG_PREEMPT_RCU=y
CONFIG_RCU_EXPERT=y
CONFIG_SRCU=y
CONFIG_TREE_SRCU=y
CONFIG_TASKS_RCU=y
CONFIG_RCU_STALL_COMMON=y
CONFIG_RCU_NEED_SEGCBLIST=y
CONFIG_RCU_FANOUT=64
CONFIG_RCU_FANOUT_LEAF=16
# CONFIG_RCU_FAST_NO_HZ is not set
# CONFIG_RCU_BOOST is not set
# CONFIG_RCU_NOCB_CPU is not set
# end of RCU Subsystem
CONFIG_HAVE_RCU_TABLE_FREE=y
# RCU Debugging
CONFIG_PROVE_RCU=y
CONFIG_PROVE_RCU_LIST=y
# CONFIG_RCU_PERF_TEST is not set
# CONFIG_RCU_TORTURE_TEST is not set
CONFIG_RCU_CPU_STALL_TIMEOUT=21
# CONFIG_RCU_TRACE is not set
# CONFIG_RCU_EQS_DEBUG is not set
# end of RCU Debugging
john@...n-ThinkCentre-M93p:~/kernel-dev$

I notice that verfiy_new_ex() has a RCU lockdep check warning, so the 
condition may just need to be extended to the match_exception_partial() 
RCU list iterator just to remove the WARN.

Note: I am finishing for Christmas vacation today, so can't help further 
ATM.

Cheers,
John

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ