lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <ZdZDWVdjMaQkXBgW@shredder>
Date: Wed, 21 Feb 2024 20:39:21 +0200
From: Ido Schimmel <idosch@...dia.com>
To: Eric Dumazet <edumazet@...gle.com>
Cc: "David S . Miller" <davem@...emloft.net>,
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
	netdev@...r.kernel.org, eric.dumazet@...il.com
Subject: Re: [PATCH net-next 04/13] ipv6: use xarray iterator to implement
 inet6_dump_ifinfo()

On Wed, Feb 21, 2024 at 10:59:06AM +0000, Eric Dumazet wrote:
> Prepare inet6_dump_ifinfo() to run with RCU protection
> instead of RTNL and use for_each_netdev_dump() interface.
> 
> Also properly return 0 at the end of a dump, avoiding
> an extra recvmsg() system call and RTNL acquisition.
> 
> Note that RTNL-less dumps need core changes, yet to come.
> 
> Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> Cc: Ido Schimmel <idosch@...dia.com>

Reviewed-by: Ido Schimmel <idosch@...dia.com>

BTW, not sure if you saw, but there's a failure in the fib_nexthops test
in Jakub's CI due to a lockdep splat [1]. Reproducer:

# ip link add name dummy1 up type dummy
# ip nexthop add id 1 dev dummy1
# ip nexthop add id 2 dev dummy1
# ip nexthop add id 10 group 1/2
# ip route add 198.51.100.0/24 nhid 10
# ip -4 r s

Seems like an oversight in nexthop code and fixed by:

diff --git a/include/net/nexthop.h b/include/net/nexthop.h
index 6647ad509faa..77e99cba60ad 100644
--- a/include/net/nexthop.h
+++ b/include/net/nexthop.h
@@ -317,7 +317,7 @@ static inline
 int nexthop_mpath_fill_node(struct sk_buff *skb, struct nexthop *nh,
                            u8 rt_family)
 {
-       struct nh_group *nhg = rtnl_dereference(nh->nh_grp);
+       struct nh_group *nhg = rcu_dereference_rtnl(nh->nh_grp);
        int i;
 
        for (i = 0; i < nhg->num_nh; i++) {

[1]
=============================
WARNING: suspicious RCU usage
6.8.0-rc4-custom-g85d71c2cf96e #20 Not tainted
-----------------------------
include/net/nexthop.h:320 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:


rcu_scheduler_active = 2, debug_locks = 1
2 locks held by ip/668:
 #0: ffff88801c1a3eb0 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x155/0x9e0
 #1: ffffffff85d4fba0 (rcu_read_lock){....}-{1:2}, at: inet_dump_fib+0x133/0xab0

stack backtrace:
CPU: 19 PID: 668 Comm: ip Not tainted 6.8.0-rc4-custom-g85d71c2cf96e #20
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-1.fc38 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xbd/0xe0
 lockdep_rcu_suspicious+0x211/0x3b0
 fib_dump_info+0x1ae2/0x1e10
 fib_table_dump+0xc2e/0xf70
 inet_dump_fib+0x7fa/0xab0
 netlink_dump+0xd47/0x10f0
 __netlink_dump_start+0x702/0x9e0
 rtnetlink_rcv_msg+0xb6e/0xf20
 netlink_rcv_skb+0x170/0x440
 netlink_unicast+0x540/0x820
 netlink_sendmsg+0x8d8/0xda0
 __sys_sendto+0x27a/0x3f0
 __x64_sys_sendto+0xe5/0x1c0
 do_syscall_64+0xc5/0x1d0
 entry_SYSCALL_64_after_hwframe+0x63/0x6b

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ