lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZZQxmg3QOxzXcrW0@nanopsycho>
Date: Tue, 2 Jan 2024 16:54:02 +0100
From: Jiri Pirko <jiri@...nulli.us>
To: Jamal Hadi Salim <jhs@...atatu.com>
Cc: Victor Nogueira <victor@...atatu.com>, davem@...emloft.net,
	edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
	xiyou.wangcong@...il.com, idosch@...sch.org, mleitner@...hat.com,
	vladbu@...dia.com, paulb@...dia.com, pctammela@...atatu.com,
	netdev@...r.kernel.org, kernel@...atatu.com,
	syzbot+84339b9e7330daae4d66@...kaller.appspotmail.com,
	syzbot+806b0572c8d06b66b234@...kaller.appspotmail.com,
	syzbot+0039110f932d438130f9@...kaller.appspotmail.com
Subject: Re: [PATCH net-next v2 1/1] net/sched: We should only add
 appropriate qdiscs blocks to ports' xarray

Tue, Jan 02, 2024 at 03:52:01PM CET, jhs@...atatu.com wrote:
>On Tue, Jan 2, 2024 at 9:29 AM Jiri Pirko <jiri@...nulli.us> wrote:
>>
>> Tue, Jan 02, 2024 at 03:06:28PM CET, jhs@...atatu.com wrote:
>> >On Tue, Jan 2, 2024 at 4:59 AM Jiri Pirko <jiri@...nulli.us> wrote:
>> >>
>> >> The patch subject should briefly describe the nature of the change. Not
>> >> what "we" should or should not do.
>> >>
>> >>
>> >> Sun, Dec 31, 2023 at 06:23:20PM CET, victor@...atatu.com wrote:
>> >> >We should only add qdiscs to the blocks ports' xarray in ingress that
>> >> >support ingress_block_set/get or in egress that support
>> >> >egress_block_set/get.
>> >>
>> >> Tell the codebase what to do, be imperative. Please read again:
>> >> https://www.kernel.org/doc/html/v6.6/process/submitting-patches.html#describe-your-changes
>> >>
>> >
>> >We need another rule in the doc on nit-picking which states that we
>> >need to make progress at some point. We made many changes to this
>> >patchset based on your suggestions for no other reason other that we
>> >can progress the discussion. This is a patch that fixes a bug of which
>> >there are multiple syzbot reports and consumers of the API(last one
>> >just reported from the MTCP people). There's some sense of urgency to
>> >apply this patch before the original goes into net. More importantly:
>> >This patch fixes the issue and follows the same common check which was
>> >already being done in the committed patchset to check if the qdisc
>> >supports the block set/get operations.
>> >
>> >There are about 3 ways to do this check, you objected to the original,
>> >we picked something that works fine,  and now you are picking a
>> >different way with tcf_block. I dont see how tcf_block check would
>> >help or solve this problem at all given this is a qdisc issue not a
>> >class issue. What am I missing?
>>
>> Perhaps I got something wrong, but I thought that the issue is
>> cl_ops->tcf_block being null for some qdiscs, isn't it?
>>
>
>We attach these ports/netdevs only on capable qdiscs i.e ones that
>have  in/egress_block_set/get() - which happen to be ingress and
>clsact only.
>The problem was we were blindly assuming that presence of
>cl->tcf_block() implies presence of in/egress_block_set/get(). The
>earlier patches surrounded this code with attribute checks and so it
>worked there.

Syskaller report says:

KASAN: null-ptr-deref in range [0x0000000000000048-0x000000000000004f]
CPU: 1 PID: 5061 Comm: syz-executor323 Not tainted 6.7.0-rc6-syzkaller-01658-gc2b2ee36250d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
RIP: 0010:qdisc_block_add_dev net/sched/sch_api.c:1190 [inline]

Line 1190 is:
block = cl_ops->tcf_block(sch, TC_H_MIN_INGRESS, NULL);

So the cl_ops->tcf_block == NULL

Why can't you just check it? Why do you want to check in/egress_block_set/get()
instead? I don't follow :/

Btw, the checks in __qdisc_destroy() do also look wrong.



>
>BTW: Do you have an example of a test case where we can test the class
>grafting (eg using htb with tcf_block)? It doesnt have any impact on
>this patcheset here but we want to add it as a regression checker on
>tdc in the future if someone makes a change.
>
>cheers,
>jamal
>
>> >
>> >cheers,
>> >jamal
>> >
>> >> >
>> >> >Fixes: 913b47d3424e ("net/sched: Introduce tc block netdev tracking infra")
>> >> >Signed-off-by: Victor Nogueira <victor@...atatu.com>
>> >> >Reviewed-by: Jamal Hadi Salim <jhs@...atatu.com>
>> >> >Reported-by: Ido Schimmel <idosch@...dia.com>
>> >> >Closes: https://lore.kernel.org/all/ZY1hBb8GFwycfgvd@shredder/
>> >> >Tested-by: Ido Schimmel <idosch@...dia.com>
>> >> >Reported-and-tested-by: syzbot+84339b9e7330daae4d66@...kaller.appspotmail.com
>> >> >Closes: https://lore.kernel.org/all/0000000000007c85f5060dcc3a28@google.com/
>> >> >Reported-and-tested-by: syzbot+806b0572c8d06b66b234@...kaller.appspotmail.com
>> >> >Closes: https://lore.kernel.org/all/00000000000082f2f2060dcc3a92@google.com/
>> >> >Reported-and-tested-by: syzbot+0039110f932d438130f9@...kaller.appspotmail.com
>> >> >Closes: https://lore.kernel.org/all/0000000000007fbc8c060dcc3a5c@google.com/
>> >> >---
>> >> >v1 -> v2:
>> >> >
>> >> >- Remove newline between fixes tag and Signed-off-by tag
>> >> >- Add Ido's Reported-by and Tested-by tags
>> >> >- Add syzbot's Reported-and-tested-by tags
>> >> >
>> >> > net/sched/sch_api.c | 34 ++++++++++++++++++++--------------
>> >> > 1 file changed, 20 insertions(+), 14 deletions(-)
>> >> >
>> >> >diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
>> >> >index 299086bb6205..426be81276f1 100644
>> >> >--- a/net/sched/sch_api.c
>> >> >+++ b/net/sched/sch_api.c
>> >> >@@ -1187,23 +1187,29 @@ static int qdisc_block_add_dev(struct Qdisc *sch, struct net_device *dev,
>> >> >       struct tcf_block *block;
>> >> >       int err;
>> >> >
>> >>
>> >> Why don't you just check cl_ops->tcf_block ?
>> >> In fact, there could be a helper to do it for you either call the op or
>> >> return NULL in case it is not defined.
>> >>
>> >>
>> >> >-      block = cl_ops->tcf_block(sch, TC_H_MIN_INGRESS, NULL);
>> >> >-      if (block) {
>> >> >-              err = xa_insert(&block->ports, dev->ifindex, dev, GFP_KERNEL);
>> >> >-              if (err) {
>> >> >-                      NL_SET_ERR_MSG(extack,
>> >> >-                                     "ingress block dev insert failed");
>> >> >-                      return err;
>> >> >+      if (sch->ops->ingress_block_get) {
>> >> >+              block = cl_ops->tcf_block(sch, TC_H_MIN_INGRESS, NULL);
>> >> >+              if (block) {
>> >> >+                      err = xa_insert(&block->ports, dev->ifindex, dev,
>> >> >+                                      GFP_KERNEL);
>> >> >+                      if (err) {
>> >> >+                              NL_SET_ERR_MSG(extack,
>> >> >+                                             "ingress block dev insert failed");
>> >> >+                              return err;
>> >> >+                      }
>> >> >               }
>> >> >       }
>> >> >
>> >> >-      block = cl_ops->tcf_block(sch, TC_H_MIN_EGRESS, NULL);
>> >> >-      if (block) {
>> >> >-              err = xa_insert(&block->ports, dev->ifindex, dev, GFP_KERNEL);
>> >> >-              if (err) {
>> >> >-                      NL_SET_ERR_MSG(extack,
>> >> >-                                     "Egress block dev insert failed");
>> >> >-                      goto err_out;
>> >> >+      if (sch->ops->egress_block_get) {
>> >> >+              block = cl_ops->tcf_block(sch, TC_H_MIN_EGRESS, NULL);
>> >> >+              if (block) {
>> >> >+                      err = xa_insert(&block->ports, dev->ifindex, dev,
>> >> >+                                      GFP_KERNEL);
>> >> >+                      if (err) {
>> >> >+                              NL_SET_ERR_MSG(extack,
>> >> >+                                             "Egress block dev insert failed");
>> >> >+                              goto err_out;
>> >> >+                      }
>> >> >               }
>> >> >       }
>> >> >
>> >> >--
>> >> >2.25.1
>> >> >

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ