| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 20 Jul 2020 10:50:00 +0300
From: Ido Schimmel <idosch@...sch.org>
To: Jiri Pirko <jiri@...nulli.us>
Cc: netdev@...r.kernel.org, davem@...emloft.net, kuba@...nel.org,
jhs@...atatu.com, xiyou.wangcong@...il.com, idosch@...lanox.com,
mlxsw@...lanox.com
Subject: Re: [patch net-next] sched: sch_api: add missing rcu read lock to
silence the warning
On Mon, Jul 20, 2020 at 09:22:48AM +0200, Jiri Pirko wrote:
> From: Jiri Pirko <jiri@...lanox.com>
>
> In case the qdisc_match_from_root function() is called from non-rcu path
> with rtnl mutex held, a suspiciout rcu usage warning appears:
>
> [ 241.504354] =============================
> [ 241.504358] WARNING: suspicious RCU usage
> [ 241.504366] 5.8.0-rc4-custom-01521-g72a7c7d549c3 #32 Not tainted
> [ 241.504370] -----------------------------
> [ 241.504378] net/sched/sch_api.c:270 RCU-list traversed in non-reader section!!
> [ 241.504382]
> other info that might help us debug this:
> [ 241.504388]
> rcu_scheduler_active = 2, debug_locks = 1
> [ 241.504394] 1 lock held by tc/1391:
> [ 241.504398] #0: ffffffff85a27850 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x49a/0xbd0
> [ 241.504431]
> stack backtrace:
> [ 241.504440] CPU: 0 PID: 1391 Comm: tc Not tainted 5.8.0-rc4-custom-01521-g72a7c7d549c3 #32
> [ 241.504446] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-2.fc32 04/01/2014
> [ 241.504453] Call Trace:
> [ 241.504465] dump_stack+0x100/0x184
> [ 241.504482] lockdep_rcu_suspicious+0x153/0x15d
> [ 241.504499] qdisc_match_from_root+0x293/0x350
>
> Fix this by taking the rcu_lock for qdisc_hash iteration.
>
> Reported-by: Ido Schimmel <idosch@...lanox.com>
> Signed-off-by: Jiri Pirko <jiri@...lanox.com>
> ---
> net/sched/sch_api.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
> index 11ebba60da3b..c7cfd8dc6a77 100644
> --- a/net/sched/sch_api.c
> +++ b/net/sched/sch_api.c
> @@ -267,10 +267,12 @@ static struct Qdisc *qdisc_match_from_root(struct Qdisc *root, u32 handle)
> root->handle == handle)
> return root;
>
> + rcu_read_lock();
> hash_for_each_possible_rcu(qdisc_dev(root)->qdisc_hash, q, hash, handle) {
> if (q->handle == handle)
> return q;
You don't unlock here, but I'm not sure it's the best fix. It's weird to
return an object from an RCU critical section without taking a
reference. It can also hide a bug if someone calls
qdisc_match_from_root() without RTNL or RCU.
hash_for_each_possible_rcu() is basically hlist_for_each_entry_rcu()
which already accepts:
@cond: optional lockdep expression if called from non-RCU protection.
So maybe extend hash_for_each_possible_rcu() with 'cond' and pass a
lockdep expression to see if RTNL is held?
> }
> + rcu_read_unlock();
> return NULL;
> }
>
> --
> 2.21.3
>
Powered by blists - more mailing lists