lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <a4cf0e03-98b7-49a5-bbb6-040fc41aa2d6@linux.ibm.com>
Date: Mon, 23 Sep 2024 10:16:14 +0200
From: Wenjia Zhang <wenjia@...ux.ibm.com>
To: Cong Wang <xiyou.wangcong@...il.com>,
        "D. Wythe"
 <alibuda@...ux.alibaba.com>,
        Paolo Abeni <pabeni@...hat.com>
Cc: netdev@...r.kernel.org, Cong Wang <cong.wang@...edance.com>,
        syzbot+c75d1de73d3b8b76272f@...kaller.appspotmail.com,
        Jan Karcher <jaka@...ux.ibm.com>, Tony Lu <tonylu@...ux.alibaba.com>,
        Wen Gu <guwen@...ux.alibaba.com>
Subject: Re: [Patch net] smc: use RCU version of lower netdev searching



On 19.09.24 17:46, D. Wythe wrote:
> 
> 
> On 9/19/24 5:30 PM, Paolo Abeni wrote:
>> Hi,
>> On 9/18/24 04:23, D. Wythe wrote:
>>> On 9/14/24 11:32 AM, Cong Wang wrote:
>>>> On Sat, Sep 14, 2024 at 10:28:15AM +0800, D. Wythe wrote:
>>>>>
>>>>>
>>>>> On 9/14/24 8:53 AM, Cong Wang wrote:
>>>>>> On Thu, Sep 12, 2024 at 02:20:47PM +0800, D. Wythe wrote:
>>>>>>>
>>>>>>>
>>>>>>> On 9/12/24 8:04 AM, Cong Wang wrote:
>>>>>>>> From: Cong Wang <cong.wang@...edance.com>
>>>>>>>>
>>>>>>>> Both netdev_walk_all_lower_dev() and netdev_lower_get_next() have a
>>>>>>>> RCU version, which are netdev_walk_all_lower_dev_rcu() and
>>>>>>>> netdev_next_lower_dev_rcu(). Switching to the RCU version would
>>>>>>>> eliminate the need for RTL lock, thus could amend the deadlock
>>>>>>>> complaints from syzbot. And it could also potentially speed up its
>>>>>>>> callers like smc_connect().
>>>>>>>>
>>>>>>>> Reported-by: syzbot+c75d1de73d3b8b76272f@...kaller.appspotmail.com
>>>>>>>> Closes: 
>>>>>>>> https://syzkaller.appspot.com/bug?extid=c75d1de73d3b8b76272f
>>>>>>>> Cc: Wenjia Zhang <wenjia@...ux.ibm.com>
>>>>>>>> Cc: Jan Karcher <jaka@...ux.ibm.com>
>>>>>>>> Cc: "D. Wythe" <alibuda@...ux.alibaba.com>
>>>>>>>> Cc: Tony Lu <tonylu@...ux.alibaba.com>
>>>>>>>> Cc: Wen Gu <guwen@...ux.alibaba.com>
>>>>>>>> Signed-off-by: Cong Wang <cong.wang@...edance.com>
>>>>>>>
>>>>>>>
>>>>>>> Haven't looked at your code yet, but the issue you fixed doesn't 
>>>>>>> exist.
>>>>>>> The real reason is that we lacks some lockdep annotations for
>>>>>>> IPPROTO_SMC.
>>>>>>
>>>>>> If you look at the code, it is not about sock lock annotations, it is
>>>>>> about RTNL lock which of course has annotations.
>>>>>>
>>>>>
>>>>> If so, please explain the deadlock issue mentioned in sysbot and
>>>>> how it triggers deadlocks.
>>>>
>>>> Sure, but what questions do you have here? To me, the lockdep output is
>>>> self-explained. Please kindly let me know if you have any troubles
>>>> understanding it, I am always happy to help.
>>>>
>>>> Thanks.
>>>
>>> Just explain 
>>> (https://syzkaller.appspot.com/bug?extid=c75d1de73d3b8b76272f)
>>>
>>> -> #1 (sk_lock-AF_INET6){+.+.}-{0:0}:
>>>          lock_sock_nested+0x3a/0xf0 net/core/sock.c:3543
>>>          lock_sock include/net/sock.h:1607 [inline]
>>>          sockopt_lock_sock net/core/sock.c:1061 [inline]
>>>          sockopt_lock_sock+0x54/0x70 net/core/sock.c:1052
>>>          do_ipv6_setsockopt+0x216a/0x47b0 net/ipv6/ipv6_sockglue.c:567
>>>          ipv6_setsockopt+0xe3/0x1a0 net/ipv6/ipv6_sockglue.c:993
>>>          udpv6_setsockopt+0x7d/0xd0 net/ipv6/udp.c:1702
>>>          do_sock_setsockopt+0x222/0x480 net/socket.c:2324
>>>          __sys_setsockopt+0x1a4/0x270 net/socket.c:2347
>>>          __do_sys_setsockopt net/socket.c:2356 [inline]
>>>          __se_sys_setsockopt net/socket.c:2353 [inline]
>>>          __x64_sys_setsockopt+0xbd/0x160 net/socket.c:2353
>>>          do_syscall_x64 arch/x86/entry/common.c:52 [inline]
>>>          do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
>>>          entry_SYSCALL_64_after_hwframe+0x77/0x7f
>>>
>>> Why is that udpv6_setsockopt was reported here.
>>
>> If I read correctly, your doubt is somewhat alike the following: the 
>> SMC code does not call UDP sockopt-related function, so the above 
>> stacktrace refers to a non SMC socket and the reported splat is really 
>> harmless, as no deadlock will really happens (UDP sockets do not 
>> acquire nested rtnl lock, smc does not acquire nested socket lock).
>>
>> Still the splat happens we need - or at least we should - address it, 
>> because this splat prevents syzkaller from finding other possibly more 
>> significant issues.
>>
>> One way for addressing the splat would be adding the proper annotation 
>> to the socket lock. Another way is the present patch, which looks 
>> legit to me and should give performances benefit (every time we don't 
>> need to acquire the rtnl lock is a win!)
>>
>> @Wythe: does the above clarify a bit?
>>
>> Thanks!
>>
>> Paolo
> 
> 
> Hi Paolo,
> 
> Thanks for your explanation. I did not question the value of this patch,
> I just think that it did not fix a deadlock issue as it described. What 
> it really does
> is to avoid a false position from syzbot, and also has brought potential 
> performance
> benefits, which I totally agree with.
> 
> 
> Last week, we also discussed this issue with Eric. In fact, we already 
> have a patch
> that addresses this problem by modifying the lockdep class of 
> IPPROTO_SMC. However,
> I'm not entirely satisfied with this change because I prefer that 
> IPPROTO_SMC socks remain consistent with other AF_INET socks. So, it 
> appears that this patch is the best solution now.
> 
> Anyway, I support this patch now. But I believe the description needs to 
> be more accurate.
> 
> Thanks,
> D. Wythe
> 
> 

I like the idea with the RCU version and it might solve the issue what 
the syzbot reported. However, I also agree with D. Wythe on lack of 
accurate description regarding this issue itself. That means where is 
the knot and how the RCU version solves the knot. That would also help 
people solve the similar problem later.
@Cong Wang, could you please add a bit more description I mentioned above?

Thanks,
Wenjia

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ