lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20240722095403.dmnewl7g7ti6fqat@quack3>
Date: Mon, 22 Jul 2024 11:54:03 +0200
From: Jan Kara <jack@...e.cz>
To: Zqiang <qiang.zhang1211@...il.com>
Cc: viro@...iv.linux.org.uk, brauner@...nel.org, jack@...e.cz,
	paulmck@...nel.org, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org, syzkaller-bugs@...glegroups.com
Subject: Re: [PATCH] nsfs: Fix the missed rcu_read_unlock() invoking in
 ns_ioctl()

On Mon 22-07-24 16:51:49, Zqiang wrote:
> Currently, the syzbot report follow wanings:
> 
> Voluntary context switch within RCU read-side critical section!
> WARNING: CPU: 0 PID: 3460 at kernel/rcu/tree_plugin.h:330 rcu_note_context_switch+0x354/0x49c
> Call trace:
> rcu_note_context_switch+0x354/0x49c kernel/rcu/tree_plugin.h:330
> __schedule+0xb0/0x850 kernel/sched/core.c:6417
> __schedule_loop kernel/sched/core.c:6606 [inline]
> schedule+0x34/0x104 kernel/sched/core.c:6621
> do_notify_resume+0xe4/0x164 arch/arm64/kernel/entry-common.c:136
> exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline]
> exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline]
> el0_interrupt+0xc4/0xc8 arch/arm64/kernel/entry-common.c:797
> __el0_irq_handler_common+0x18/0x24 arch/arm64/kernel/entry-common.c:802
> el0t_64_irq_handler+0x10/0x1c arch/arm64/kernel/entry-common.c:807
> el0t_64_irq+0x19c/0x1a0 arch/arm64/kernel/entry.S:599
> 
> This happens when the tsk pointer is null and a call to rcu_read_unlock()
> is missed in ns_ioctl(), this commit therefore invoke rcu_read_lock()
> when tsk pointer is null.
> 
> Reported-by: syzbot+784d0a1246a539975f05@...kaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=784d0a1246a539975f05
> Fixes: ca567df74a28 ("nsfs: add pid translation ioctls")
> Signed-off-by: Zqiang <qiang.zhang1211@...il.com>

Thanks for the fix but this should be already fixed by commit
280e36f0d5b9971 ("nsfs: use cleanup guard") that was recently merged
upstream.

								Honza

> ---
>  fs/nsfs.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/nsfs.c b/fs/nsfs.c
> index a4a925dce331..e228d06f0949 100644
> --- a/fs/nsfs.c
> +++ b/fs/nsfs.c
> @@ -188,8 +188,10 @@ static long ns_ioctl(struct file *filp, unsigned int ioctl,
>  			tsk = find_task_by_vpid(arg);
>  		else
>  			tsk = find_task_by_pid_ns(arg, pid_ns);
> -		if (!tsk)
> +		if (!tsk) {
> +			rcu_read_unlock();
>  			break;
> +		}
>  
>  		switch (ioctl) {
>  		case NS_GET_PID_FROM_PIDNS:
> -- 
> 2.17.1
> 
-- 
Jan Kara <jack@...e.com>
SUSE Labs, CR

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ