| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <7549d1fa-dc76-477a-95b4-edfc09085fd2@oracle.com>
Date: Mon, 19 May 2025 02:40:23 +0530
From: ALOK TIWARI <alok.a.tiwari@...cle.com>
To: Saurabh Sengar <ssengar@...ux.microsoft.com>, kys@...rosoft.com,
haiyangz@...rosoft.com, wei.liu@...nel.org, decui@...rosoft.com,
andrew+netdev@...n.ch, davem@...emloft.net, edumazet@...gle.com,
pabeni@...hat.com, horms@...nel.org, ast@...nel.org,
daniel@...earbox.net, hawk@...nel.org, john.fastabend@...il.com,
sdf@...ichev.me, kuniyu@...zon.com, ahmed.zaki@...el.com,
aleksander.lobakin@...el.com, linux-hyperv@...r.kernel.org,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
bpf@...r.kernel.org
Cc: ssengar@...rosoft.com, stable@...r.kernel.org
Subject: Re: [PATCH net] hv_netvsc: fix potential deadlock in
netvsc_vf_setxdp()
On 18-05-2025 09:17, Saurabh Sengar wrote:
> The MANA driver's probe registers netdevice via the following call chain:
>
> mana_probe()
> register_netdev()
> register_netdevice()
>
> register_netdevice() calls notifier callback for netvsc driver,
> holding the netdev mutex via netdev_lock_ops().
>
> Further this netvsc notifier callback end up attempting to acquire the
> same lock again in dev_xdp_propagate() leading to deadlock.
>
> netvsc_netdev_event()
> netvsc_vf_setxdp()
> dev_xdp_propagate()
>
> This deadlock was not observed so far because net_shaper_ops was never
> set and this lock in noop in this case. Fix this by using
> netif_xdp_propagate instead of dev_xdp_propagate to avoid recursive
> locking in this path.
>
> This issue has not observed so far because net_shaper_ops was unset,
> making the lock path effectively a no-op. To prevent recursive locking
> and avoid this deadlock, replace dev_xdp_propagate() with
> netif_xdp_propagate(), which does not acquire the lock again.
avoid noop and repetition (because the paragraph about net_shaper_ops is
repeated):
"This deadlock was not observed so far because net_shaper_ops was never
set, and thus the lock was effectively a no-op in this case. Fix this by
using netif_xdp_propagate() instead of dev_xdp_propagate() to avoid
recursive locking in this path.
Also, clean up the unregistration path by removing the unnecessary call
to netvsc_vf_setxdp(), since unregister_netdevice_many_notify() already
performs this cleanup via dev_xdp_uninstall()."
>
> Also, clean up the unregistration path by removing unnecessary call to
> netvsc_vf_setxdp(), since unregister_netdevice_many_notify() already
> performs this cleanup via dev_xdp_uninstall.
>
> Fixes: 97246d6d21c2 ("net: hold netdev instance lock during ndo_bpf")
> Cc: stable@...r.kernel.org
> Signed-off-by: Saurabh Sengar <ssengar@...ux.microsoft.com>
> ---
> drivers/net/hyperv/netvsc_bpf.c | 2 +-
> drivers/net/hyperv/netvsc_drv.c | 2 --
> net/core/dev.c | 1 +
> 3 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/drivers/net/hyperv/netvsc_bpf.c b/drivers/net/hyperv/netvsc_bpf.c
> index e01c5997a551..1dd3755d9e6d 100644
> --- a/drivers/net/hyperv/netvsc_bpf.c
> +++ b/drivers/net/hyperv/netvsc_bpf.c
> @@ -183,7 +183,7 @@ int netvsc_vf_setxdp(struct net_device *vf_netdev, struct bpf_prog *prog)
Thanks,
Alok
Powered by blists - more mailing lists