lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 30 Jun 2021 08:57:53 +0200
From:   Steffen Klassert <steffen.klassert@...unet.com>
To:     Frederic Weisbecker <frederic@...nel.org>
CC:     LKML <linux-kernel@...r.kernel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        "David S . Miller" <davem@...emloft.net>,
        "Ahmed S . Darwish" <a.darwish@...utronix.de>,
        <stable@...r.kernel.org>, Varad Gautam <varad.gautam@...e.com>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        <netdev@...r.kernel.org>
Subject: Re: [PATCH] xfrm: Fix RCU vs hash_resize_mutex lock inversion

On Mon, Jun 28, 2021 at 03:34:28PM +0200, Frederic Weisbecker wrote:
> xfrm_bydst_resize() calls synchronize_rcu() while holding
> hash_resize_mutex. But then on PREEMPT_RT configurations,
> xfrm_policy_lookup_bytype() may acquire that mutex while running in an
> RCU read side critical section. This results in a deadlock.
> 
> In fact the scope of hash_resize_mutex is way beyond the purpose of
> xfrm_policy_lookup_bytype() to just fetch a coherent and stable policy
> for a given destination/direction, along with other details.
> 
> The lower level net->xfrm.xfrm_policy_lock, which among other things
> protects per destination/direction references to policy entries, is
> enough to serialize and benefit from priority inheritance against the
> write side. As a bonus, it makes it officially a per network namespace
> synchronization business where a policy table resize on namespace A
> shouldn't block a policy lookup on namespace B.
> 
> Fixes: 77cc278f7b20 (xfrm: policy: Use sequence counters with associated lock)
> Cc: stable@...r.kernel.org
> Cc: Ahmed S. Darwish <a.darwish@...utronix.de>
> Cc: Peter Zijlstra (Intel) <peterz@...radead.org>
> Cc: Varad Gautam <varad.gautam@...e.com>
> Cc: Steffen Klassert <steffen.klassert@...unet.com>
> Cc: Herbert Xu <herbert@...dor.apana.org.au>
> Cc: David S. Miller <davem@...emloft.net>
> Signed-off-by: Frederic Weisbecker <frederic@...nel.org>

Your patch has a conflicht with ("commit d7b0408934c7 xfrm: policy: Read
seqcount outside of rcu-read side in xfrm_policy_lookup_bytype")
from Varad. Can you please rebase onto the ipsec tree?

Btw. Varad, your above mentioned patch tried to fix the same issue.
Do we still need it, or is it obsolete with the fix from Frederic?

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ