lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Mon, 20 Jul 2020 10:10:58 +0200
From:   Jiri Pirko <jiri@...nulli.us>
To:     Ido Schimmel <idosch@...sch.org>
Cc:     netdev@...r.kernel.org, davem@...emloft.net, kuba@...nel.org,
        jhs@...atatu.com, xiyou.wangcong@...il.com, idosch@...lanox.com,
        mlxsw@...lanox.com
Subject: Re: [patch net-next] sched: sch_api: add missing rcu read lock to
 silence the warning

Mon, Jul 20, 2020 at 09:50:00AM CEST, idosch@...sch.org wrote:
>On Mon, Jul 20, 2020 at 09:22:48AM +0200, Jiri Pirko wrote:
>> From: Jiri Pirko <jiri@...lanox.com>
>> 
>> In case the qdisc_match_from_root function() is called from non-rcu path
>> with rtnl mutex held, a suspiciout rcu usage warning appears:
>> 
>> [  241.504354] =============================
>> [  241.504358] WARNING: suspicious RCU usage
>> [  241.504366] 5.8.0-rc4-custom-01521-g72a7c7d549c3 #32 Not tainted
>> [  241.504370] -----------------------------
>> [  241.504378] net/sched/sch_api.c:270 RCU-list traversed in non-reader section!!
>> [  241.504382]
>>                other info that might help us debug this:
>> [  241.504388]
>>                rcu_scheduler_active = 2, debug_locks = 1
>> [  241.504394] 1 lock held by tc/1391:
>> [  241.504398]  #0: ffffffff85a27850 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x49a/0xbd0
>> [  241.504431]
>>                stack backtrace:
>> [  241.504440] CPU: 0 PID: 1391 Comm: tc Not tainted 5.8.0-rc4-custom-01521-g72a7c7d549c3 #32
>> [  241.504446] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-2.fc32 04/01/2014
>> [  241.504453] Call Trace:
>> [  241.504465]  dump_stack+0x100/0x184
>> [  241.504482]  lockdep_rcu_suspicious+0x153/0x15d
>> [  241.504499]  qdisc_match_from_root+0x293/0x350
>> 
>> Fix this by taking the rcu_lock for qdisc_hash iteration.
>> 
>> Reported-by: Ido Schimmel <idosch@...lanox.com>
>> Signed-off-by: Jiri Pirko <jiri@...lanox.com>
>> ---
>>  net/sched/sch_api.c | 2 ++
>>  1 file changed, 2 insertions(+)
>> 
>> diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
>> index 11ebba60da3b..c7cfd8dc6a77 100644
>> --- a/net/sched/sch_api.c
>> +++ b/net/sched/sch_api.c
>> @@ -267,10 +267,12 @@ static struct Qdisc *qdisc_match_from_root(struct Qdisc *root, u32 handle)
>>  	    root->handle == handle)
>>  		return root;
>>  
>> +	rcu_read_lock();
>>  	hash_for_each_possible_rcu(qdisc_dev(root)->qdisc_hash, q, hash, handle) {
>>  		if (q->handle == handle)
>>  			return q;
>
>You don't unlock here, but I'm not sure it's the best fix. It's weird to
>return an object from an RCU critical section without taking a
>reference. It can also hide a bug if someone calls
>qdisc_match_from_root() without RTNL or RCU.
>
>hash_for_each_possible_rcu() is basically hlist_for_each_entry_rcu()
>which already accepts:
>
>@cond:       optional lockdep expression if called from non-RCU protection.
>
>So maybe extend hash_for_each_possible_rcu() with 'cond' and pass a
>lockdep expression to see if RTNL is held?

Makes sense. Sent v2. Thanks!


>
>>  	}
>> +	rcu_read_unlock();
>>  	return NULL;
>>  }
>>  
>> -- 
>> 2.21.3
>> 

Powered by blists - more mailing lists