netdev - Re: [xdp] 9cb54e254c: kernel/bpf/devmap.c:#suspicious_rcu_dereference

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <87r2aaw55x.fsf@toke.dk>
Date:   Wed, 10 Apr 2019 12:00:58 +0200
From:   Toke Høiland-Jørgensen <toke@...hat.com>
To:     kernel test robot <rong.a.chen@...el.com>
Cc:     David Miller <davem@...emloft.net>, netdev@...r.kernel.org,
        Jesper Dangaard Brouer <brouer@...hat.com>,
        Daniel Borkmann <daniel@...earbox.net>,
        Alexei Starovoitov <ast@...nel.org>,
        Jakub Kicinski <jakub.kicinski@...ronome.com>,
        BjörnTöpel <bjorn.topel@...il.com>, lkp@...org
Subject: Re: [xdp] 9cb54e254c: kernel/bpf/devmap.c:#suspicious_rcu_dereference_check()

kernel test robot <rong.a.chen@...el.com> writes:

> FYI, we noticed the following commit (built with gcc-7):
>
> commit: 9cb54e254ca479ce636857a1fd1e1a3e9f8796b1 ("[PATCH net-next v4 4/6] xdp: Always use a devmap for XDP_REDIRECT to a device")
> url: https://github.com/0day-ci/linux/commits/Toke-H-iland-J-rgensen/xdp-Use-a-default-map-for-xdp_redirect-helper/20190409-161851
>
>
> in testcase: trinity
> with following parameters:
>
> 	runtime: 300s
>
> test-description: Trinity is a linux system call fuzz tester.
> test-url: http://codemonkey.org.uk/projects/trinity/
>
>
> on test machine: qemu-system-x86_64 -enable-kvm -cpu SandyBridge -smp 2 -m 8G
>
> caused below changes (please refer to attached dmesg/kmsg for entire log/backtrace):
>
>
> +--------------------------------------------------------------+------------+------------+
> |                                                              | c76c665440 | 9cb54e254c |
> +--------------------------------------------------------------+------------+------------+
> | boot_successes                                               | 0          | 0          |
> | boot_failures                                                | 40         | 38         |
> | BUG:kernel_reboot-without-warning_in_test_stage              | 28         | 10         |
> | BUG:kernel_hang_in_boot_stage                                | 12         | 12         |
> | WARNING:suspicious_RCU_usage                                 | 0          | 16         |
> | kernel/bpf/devmap.c:#suspicious_rcu_dereference_check()usage | 0          | 16         |
> +--------------------------------------------------------------+------------+------------+
>
>
>
> [  413.653218] WARNING: suspicious RCU usage
> [  413.654564] 5.1.0-rc4-00599-g9cb54e2 #43 Tainted: G                T
> [  413.656563] -----------------------------
> [  413.657808] kernel/bpf/devmap.c:807 suspicious rcu_dereference_check() usage!
> [  413.660285] 
> [  413.660285] other info that might help us debug this:
> [  413.660285] 
> [  413.662614] 
> [  413.662614] rcu_scheduler_active = 2, debug_locks = 1
> [  413.664483] 2 locks held by trinity-c3/2248:
> [  413.665800]  #0: 00000000713e8e50 (&f->f_pos_lock){+.+.}, at: __fdget_pos+0x81/0x90
> [  413.668184]  #1: 000000005e54a26c (&p->lock){+.+.}, at: seq_lseek+0x42/0x1c0
> [  413.670412] 
> [  413.670412] stack backtrace:
> [  413.671876] CPU: 0 PID: 2248 Comm: trinity-c3 Tainted: G                T 5.1.0-rc4-00599-g9cb54e2 #43
> [  413.674557] Call Trace:
> [  413.675374]  dump_stack+0x1e/0x28
> [  413.676366]  lockdep_rcu_suspicious+0xc6/0xd0
> [  413.677802]  dev_map_default_show+0x84/0xd0

Ah, right, seems I forgot an rcu_read_lock() here. Will fix :)

-Toke