lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 28 Jan 2009 02:15:48 +0100
From:	Martin MOKREJŠ <mmokrejs@...osome.natur.cuni.cz>
To:	Andrew Morton <akpm@...ux-foundation.org>
CC:	netdev@...r.kernel.org, bugme-daemon@...zilla.kernel.org,
	Vegard Nossum <vegard.nossum@...il.com>,
	a.p.zijlstra@...llo.nl, Jarek Poplawski <jarkao2@...il.com>,
	"David S. Miller" <davem@...emloft.net>
Subject: Re: [Bugme-new] [Bug 12515] New: possible circular locking #0: (sk_lock-AF_PACKET){--..},
 at: [<c1279838>] sock_setsockopt+0x12b/0x4a4



Martin MOKREJŠ wrote:
> There has been some discussion under subject
> "Re: [PATCH] net: fix setsockopt() locking errors"
> and I hope it is archived somewhere via netdev@...r.kernel.org .
> If not, Jarek Poplawski and Peter Zijlstra have some clues
> what to do and I am waiting for Vegard Nossum to give me
> another patch to test.

I have tested the patch below in bugzilla and cannot reproduce anymore.
dmesg(1) output in bugzilla.

Martin


------- Comment #8 from vegard.nossum@...il.com  2009-01-27 14:38 -------
Created an attachment (id=20018)
 --> (http://bugzilla.kernel.org/attachment.cgi?id=20018&action=view)
[PATCH] net: fix setsockopt() locking errors #2

Andrew, I just missed a case because the actual call to copy_from_user was in a
different file altogether.

There might be more, but I didn't really have the time to look for everything
yet.

In the meantime, I give you this patch, which includes the SO_ATTACH_FILTER
socket option, which is what was reported to fail with the first patch applied.

I also don't REALLY think this is a regression, it's just lockdep that got
smarter (or the insertion of a might_fault() something something made it more
likely to show up -- I think this was info from Peter, but I don't remember
accurately).



> 
> 
> Here is some part of the discussion ,hopefully the most important
> part:
> 
> On Tue, Jan 27, 2009 at 09:52:49AM +0100, Peter Zijlstra wrote:
>>> On Tue, 2009-01-27 at 08:45 +0000, Jarek Poplawski wrote:
>>>>> On Mon, Jan 26, 2009 at 10:30:30PM +0100, Martin MOKREJŠ wrote:
>>>>>>> The patch really did not help:
>>>>>>> http://bugzilla.kernel.org/show_bug.cgi?id=12515#c5
>>>>>>> Martin
>>>>> Actually, there is a little change: the warning triggerd in another
>>>>> place (sock_setsockopt() -> sk_attach_filter()). So we could go deeper
>>>>> with these changes, but I'm not sure this is the right way to fix.
>>>>>
>>>>> It looks like the scenario is very old, but probably wasn't reported
>>>>> (maybe there is some lockdep improvement):
>>> Yes, they likely are very old, and yes we added a lockdep annotation to
>>> copy_to/from_user() to catch these.
>>>
>>>>> A) sys_mmap2() -> mm->mmap_sem -> packet_mmap() -> sk_lock
>>>>> B) sock_setsockopt() -> sk_lock -> copy_from_user() -> mm->mmap_sem
>>>>>
>>>>> packet_mmap() (net/packet/af_packet.c) seems to be the only place in
>>>>> net to implement mmap method, and using this lock order btw. On the
>>>>> other hand copy_from_user() could be more popular under sk_lock, and
>>>>> I'm not sure these changes are necessary.
>>>>>
>>>>> Since I don't know enough neither sock/packet nor sys_mmap, I guess
>>>>> some advice would be precious. It looks like Peter Zijlstra solved
>>>>> similar problems in nfs, so I CC him.
>>> The NFS/sunrpc case was special in that it did copy_to/from_kernel, that
>>> is, it never actually touched user memory -- we taught the might_fault()
>>> annotation about that.
>>>
>>> Can't you simply do the copy_from_user() before you take the sk_lock?
>>>
> 
> Since it's really needed, and Vegard started doing it like this, I
> guess he will try to add the missing pieces.
> 
> Thanks again,
> Jarek P.
> 
> 
> 
> 
> 
> Andrew Morton wrote:
>> (switched to email.  Please respond via emailed reply-to-all, not via the
>> bugzilla web interface).
>>
>> On Tue, 20 Jan 2009 10:16:38 -0800 (PST)
>> bugme-daemon@...zilla.kernel.org wrote:
>>
>>> http://bugzilla.kernel.org/show_bug.cgi?id=12515
>>>
>>>            Summary: possible circular locking #0:  (sk_lock-AF_PACKET){--
>>>                     ..}, at: [<c1279838>] sock_setsockopt+0x12b/0x4a4
>>>            Product: Networking
>>>            Version: 2.5
>>>      KernelVersion: 2.6.29-rc1-git4
>>>           Platform: All
>>>         OS/Version: Linux
>>>               Tree: Mainline
>>>             Status: NEW
>>>           Severity: normal
>>>           Priority: P1
>>>          Component: IPV4
>>>         AssignedTo: shemminger@...ux-foundation.org
>>>         ReportedBy: mmokrejs@...osome.natur.cuni.cz
>>>
>>>
>>> Latest working kernel version:
>>> Earliest failing kernel version:
>>> Distribution: Gentoo Linux
>>> Hardware Environment: ASUS L3C/S laptop
>>> Software Environment:
>>> Problem Description:
>>>
>>> Steps to reproduce: I have been reinstalling some apps while started tcpdump.
>>> It immediately hit the bug.
>>>
>> More info at the link.  Vegard did some analysis, had a shot at fixing
>> it, but it seems that he missed.

--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ