lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240722085149.32479-1-qiang.zhang1211@gmail.com>
Date: Mon, 22 Jul 2024 16:51:49 +0800
From: Zqiang <qiang.zhang1211@...il.com>
To: viro@...iv.linux.org.uk,
	brauner@...nel.org,
	jack@...e.cz,
	paulmck@...nel.org
Cc: qiang.zhang1211@...il.com,
	linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	syzkaller-bugs@...glegroups.com
Subject: [PATCH] nsfs: Fix the missed rcu_read_unlock() invoking in ns_ioctl()

Currently, the syzbot report follow wanings:

Voluntary context switch within RCU read-side critical section!
WARNING: CPU: 0 PID: 3460 at kernel/rcu/tree_plugin.h:330 rcu_note_context_switch+0x354/0x49c
Call trace:
rcu_note_context_switch+0x354/0x49c kernel/rcu/tree_plugin.h:330
__schedule+0xb0/0x850 kernel/sched/core.c:6417
__schedule_loop kernel/sched/core.c:6606 [inline]
schedule+0x34/0x104 kernel/sched/core.c:6621
do_notify_resume+0xe4/0x164 arch/arm64/kernel/entry-common.c:136
exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
el0_interrupt+0xc4/0xc8 arch/arm64/kernel/entry-common.c:797
__el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:802
el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:807
el0t_64_irq+0x19c/0x1a0 arch/arm64/kernel/entry.S:599

This happens when the tsk pointer is null and a call to rcu_read_unlock()
is missed in ns_ioctl(), this commit therefore invoke rcu_read_lock()
when tsk pointer is null.

Reported-by: syzbot+784d0a1246a539975f05@...kaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=784d0a1246a539975f05
Fixes: ca567df74a28 ("nsfs: add pid translation ioctls")
Signed-off-by: Zqiang <qiang.zhang1211@...il.com>
---
 fs/nsfs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/fs/nsfs.c b/fs/nsfs.c
index a4a925dce331..e228d06f0949 100644
--- a/fs/nsfs.c
+++ b/fs/nsfs.c
@@ -188,8 +188,10 @@ static long ns_ioctl(struct file *filp, unsigned int ioctl,
 			tsk = find_task_by_vpid(arg);
 		else
 			tsk = find_task_by_pid_ns(arg, pid_ns);
-		if (!tsk)
+		if (!tsk) {
+			rcu_read_unlock();
 			break;
+		}
 
 		switch (ioctl) {
 		case NS_GET_PID_FROM_PIDNS:
-- 
2.17.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ