lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20241217181712.049b5524@kmaincent-XPS-13-7390>
Date: Tue, 17 Dec 2024 18:17:12 +0100
From: Kory Maincent <kory.maincent@...tlin.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
 linux-kernel@...r.kernel.org,
 syzbot+a344326c05c98ba19682@...kaller.appspotmail.com,
 thomas.petazzoni@...tlin.com, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
 <pabeni@...hat.com>, Simon Horman <horms@...nel.org>
Subject: Re: [PATCH net-next] net: ethtool: Fix suspicious rcu_dereference
 usage

On Tue, 17 Dec 2024 16:47:07 +0100
Eric Dumazet <edumazet@...gle.com> wrote:

> On Tue, Dec 17, 2024 at 3:03 PM Kory Maincent <kory.maincent@...tlin.com>
> wrote:
> >
> > The __ethtool_get_ts_info function can be called with or without the
> > rtnl lock held. When the rtnl lock is not held, using rtnl_dereference()
> > triggers a warning due to improper lock context.
> >
> > Replace rtnl_dereference() with rcu_dereference_rtnl() to safely
> > dereference the RCU pointer in both scenarios, ensuring proper handling
> > regardless of the rtnl lock state.
> >
> > Reported-by: syzbot+a344326c05c98ba19682@...kaller.appspotmail.com
> > Closes:
> > https://lore.kernel.org/netdev/676147f8.050a0220.37aaf.0154.GAE@google.com/
> > Fixes: b9e3f7dc9ed9 ("net: ethtool: tsinfo: Enhance tsinfo to support
> > several hwtstamp by net topology") Signed-off-by: Kory Maincent
> > <kory.maincent@...tlin.com> --- net/ethtool/common.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/net/ethtool/common.c b/net/ethtool/common.c
> > index 02f941f667dd..ec6f2e2caaf9 100644
> > --- a/net/ethtool/common.c
> > +++ b/net/ethtool/common.c
> > @@ -870,7 +870,7 @@ int __ethtool_get_ts_info(struct net_device *dev,
> >  {
> >         struct hwtstamp_provider *hwprov;
> >
> > -       hwprov = rtnl_dereference(dev->hwprov);
> > +       hwprov = rcu_dereference_rtnl(dev->hwprov);
> >         /* No provider specified, use default behavior */
> >         if (!hwprov) {
> >                 const struct ethtool_ops *ops = dev->ethtool_ops;  
> 
> I have to ask : Can you tell how this patch has been tested ?

Oh, it was not at all sufficiently tested. Sorry!
I thought I had spotted the issue but I hadn't.

> rcu is not held according to syzbot report.
> 
> If rtnl and rcu are not held, lockdep will still complain.

You are totally right.
I may be able to see it with the timestamping kselftest. I will try.

Regards,
-- 
Köry Maincent, Bootlin
Embedded Linux and kernel engineering
https://bootlin.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ