netdev - Re: [PATCH net-next] ptr_ring: do not block hard interrupts in ptr_ring_resize

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <CACGkMEvuseZoHcLrLH6d0UeK12nrA-n=Prg0wt=57BP0UbmpqQ@mail.gmail.com>
Date: Wed, 18 Dec 2024 10:41:50 +0800
From: Jason Wang <jasowang@...hat.com>
To: "Michael S. Tsirkin" <mst@...hat.com>
Cc: Eric Dumazet <edumazet@...gle.com>, "David S . Miller" <davem@...emloft.net>, 
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, netdev@...r.kernel.org, 
	Simon Horman <horms@...nel.org>, eric.dumazet@...il.com, 
	syzbot+f56a5c5eac2b28439810@...kaller.appspotmail.com
Subject: Re: [PATCH net-next] ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()

On Tue, Dec 17, 2024 at 10:41 PM Michael S. Tsirkin <mst@...hat.com> wrote:
>
> On Tue, Dec 17, 2024 at 01:51:21PM +0000, Eric Dumazet wrote:
> > Jakub added a lockdep_assert_no_hardirq() check in __page_pool_put_page()
> > to increase test coverage.
> >
> > syzbot found a splat caused by hard irq blocking in
> > ptr_ring_resize_multiple() [1]
> >
> > As current users of ptr_ring_resize_multiple() do not require
> > hard irqs being masked, replace it to only block BH.
> >
> > Rename helpers to better reflect they are safe against BH only.
> >
> > - ptr_ring_resize_multiple() to ptr_ring_resize_multiple_bh()
> > - skb_array_resize_multiple() to skb_array_resize_multiple_bh()
> >
> > [1]
> >
> > WARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 __page_pool_put_page net/core/page_pool.c:709 [inline]
> > WARNING: CPU: 1 PID: 9150 at net/core/page_pool.c:709 page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780
> > Modules linked in:
> > CPU: 1 UID: 0 PID: 9150 Comm: syz.1.1052 Not tainted 6.11.0-rc3-syzkaller-00202-gf8669d7b5f5d #0
> > Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
> > RIP: 0010:__page_pool_put_page net/core/page_pool.c:709 [inline]
> > RIP: 0010:page_pool_put_unrefed_netmem+0x157/0xa40 net/core/page_pool.c:780
> > Code: 74 0e e8 7c aa fb f7 eb 43 e8 75 aa fb f7 eb 3c 65 8b 1d 38 a8 6a 76 31 ff 89 de e8 a3 ae fb f7 85 db 74 0b e8 5a aa fb f7 90 <0f> 0b 90 eb 1d 65 8b 1d 15 a8 6a 76 31 ff 89 de e8 84 ae fb f7 85
> > RSP: 0018:ffffc9000bda6b58 EFLAGS: 00010083
> > RAX: ffffffff8997e523 RBX: 0000000000000000 RCX: 0000000000040000
> > RDX: ffffc9000fbd0000 RSI: 0000000000001842 RDI: 0000000000001843
> > RBP: 0000000000000000 R08: ffffffff8997df2c R09: 1ffffd40003a000d
> > R10: dffffc0000000000 R11: fffff940003a000e R12: ffffea0001d00040
> > R13: ffff88802e8a4000 R14: dffffc0000000000 R15: 00000000ffffffff
> > FS:  00007fb7aaf716c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000
> > CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
> > CR2: 00007fa15a0d4b72 CR3: 00000000561b0000 CR4: 00000000003506f0
> > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
> > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
> > Call Trace:
> >  <TASK>
> >  tun_ptr_free drivers/net/tun.c:617 [inline]
> >  __ptr_ring_swap_queue include/linux/ptr_ring.h:571 [inline]
> >  ptr_ring_resize_multiple_noprof include/linux/ptr_ring.h:643 [inline]
> >  tun_queue_resize drivers/net/tun.c:3694 [inline]
> >  tun_device_event+0xaaf/0x1080 drivers/net/tun.c:3714
> >  notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93
> >  call_netdevice_notifiers_extack net/core/dev.c:2032 [inline]
> >  call_netdevice_notifiers net/core/dev.c:2046 [inline]
> >  dev_change_tx_queue_len+0x158/0x2a0 net/core/dev.c:9024
> >  do_setlink+0xff6/0x41f0 net/core/rtnetlink.c:2923
> >  rtnl_setlink+0x40d/0x5a0 net/core/rtnetlink.c:3201
> >  rtnetlink_rcv_msg+0x73f/0xcf0 net/core/rtnetlink.c:6647
> >  netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2550
> >
> > Fixes: ff4e538c8c3e ("page_pool: add a lockdep check for recycling in hardirq")
> > Reported-by: syzbot+f56a5c5eac2b28439810@...kaller.appspotmail.com
> > Closes: https://lore.kernel.org/netdev/671e10df.050a0220.2b8c0f.01cf.GAE@google.com/T/
> > Signed-off-by: Eric Dumazet <edumazet@...gle.com>
> > Cc: Jason Wang <jasowang@...hat.com>
> > Cc: Michael S. Tsirkin <mst@...hat.com>
>
>
> Acked-by: Michael S. Tsirkin <mst@...hat.com>
>

Acked-by: Jason Wang <jasowang@...hat.com>

Thanks