lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <ff82a4ad-179e-6a81-eacc-addc8ed12b0f@suse.com>
Date:   Wed, 30 Jun 2021 14:11:24 +0200
From:   Varad Gautam <varad.gautam@...e.com>
To:     Steffen Klassert <steffen.klassert@...unet.com>,
        Frederic Weisbecker <frederic@...nel.org>
CC:     LKML <linux-kernel@...r.kernel.org>,
        Peter Zijlstra <peterz@...radead.org>,
        "David S . Miller" <davem@...emloft.net>,
        "Ahmed S . Darwish" <a.darwish@...utronix.de>,
        stable@...r.kernel.org, Herbert Xu <herbert@...dor.apana.org.au>,
        netdev@...r.kernel.org
Subject: Re: [PATCH] xfrm: Fix RCU vs hash_resize_mutex lock inversion

On 6/30/21 8:57 AM, Steffen Klassert wrote:
> On Mon, Jun 28, 2021 at 03:34:28PM +0200, Frederic Weisbecker wrote:
>> xfrm_bydst_resize() calls synchronize_rcu() while holding
>> hash_resize_mutex. But then on PREEMPT_RT configurations,
>> xfrm_policy_lookup_bytype() may acquire that mutex while running in an
>> RCU read side critical section. This results in a deadlock.
>>
>> In fact the scope of hash_resize_mutex is way beyond the purpose of
>> xfrm_policy_lookup_bytype() to just fetch a coherent and stable policy
>> for a given destination/direction, along with other details.
>>
>> The lower level net->xfrm.xfrm_policy_lock, which among other things
>> protects per destination/direction references to policy entries, is
>> enough to serialize and benefit from priority inheritance against the
>> write side. As a bonus, it makes it officially a per network namespace
>> synchronization business where a policy table resize on namespace A
>> shouldn't block a policy lookup on namespace B.
>>
>> Fixes: 77cc278f7b20 (xfrm: policy: Use sequence counters with associated lock)
>> Cc: stable@...r.kernel.org
>> Cc: Ahmed S. Darwish <a.darwish@...utronix.de>
>> Cc: Peter Zijlstra (Intel) <peterz@...radead.org>
>> Cc: Varad Gautam <varad.gautam@...e.com>
>> Cc: Steffen Klassert <steffen.klassert@...unet.com>
>> Cc: Herbert Xu <herbert@...dor.apana.org.au>
>> Cc: David S. Miller <davem@...emloft.net>
>> Signed-off-by: Frederic Weisbecker <frederic@...nel.org>
> 
> Your patch has a conflicht with ("commit d7b0408934c7 xfrm: policy: Read
> seqcount outside of rcu-read side in xfrm_policy_lookup_bytype")
> from Varad. Can you please rebase onto the ipsec tree?
> 
> Btw. Varad, your above mentioned patch tried to fix the same issue.
> Do we still need it, or is it obsolete with the fix from Frederic?
> 

The patch "xfrm: policy: Read seqcount outside of rcu-read side in
xfrm_policy_lookup_bytype" shouldn't be needed after Frederic's fix since
the offending mutex is now gone. It can be dropped.

Regards,
Varad

> Thanks!
> 

-- 
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nürnberg
Germany

HRB 36809, AG Nürnberg
Geschäftsführer: Felix Imendörffer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ