From: Christoph Paasch <christoph.paasch@gmail.com>
To: David Miller <davem@davemloft.net>
Cc: daniel@iogearbox.net, herbert@gondor.apana.org.au, tgraf@suug.ch,
torvalds@linux-foundation.org, netdev@vger.kernel.org
Subject: Re: [PATCH net] netlink: make sure -EBUSY won't escape from netlink_insert
Date: Wed, 16 Sep 2015 22:41:14 -0700 [thread overview]
Message-ID: <20150917054114.GN1983@Chimay.local> (raw)
In-Reply-To: <20150810.110015.1616067694505641781.davem@davemloft.net>
Hello,
On 10/08/15 - 11:00:15, David Miller wrote:
> From: Daniel Borkmann <daniel@iogearbox.net>
> Date: Fri, 7 Aug 2015 00:26:41 +0200
> > Linus reports the following deadlock on rtnl_mutex; triggered only
> > once so far (extract):
> ...
> > It seems so far plausible that the recursive call into rtnetlink_rcv()
> > looks suspicious. One way, where this could trigger is that the senders
> > NETLINK_CB(skb).portid was wrongly 0 (which is rtnetlink socket), so
> > the rtnl_getlink() request's answer would be sent to the kernel instead
> > to the actual user process, thus grabbing rtnl_mutex() twice.
> >
> > One theory would be that netlink_autobind() triggered via netlink_sendmsg()
> > internally overwrites the -EBUSY error to 0, but where it is wrongly
> > originating from __netlink_insert() instead. That would reset the
> > socket's portid to 0, which is then filled into NETLINK_CB(skb).portid
> > later on. As commit d470e3b483dc ("[NETLINK]: Fix two socket hashing bugs.")
> > also puts it, -EBUSY should not be propagated from netlink_insert().
> >
> > It looks like it's very unlikely to reproduce. We need to trigger the
> > rhashtable_insert_rehash() handler under a situation where rehashing
> > currently occurs (one /rare/ way would be to hit ht->elasticity limits
> > while not filled enough to expand the hashtable, but that would rather
> > require a specifically crafted bind() sequence with knowledge about
> > destination slots, seems unlikely). It probably makes sense to guard
> > __netlink_insert() in any case and remap that error. It was suggested
> > that EOVERFLOW might be better than an already overloaded ENOMEM.
> >
> > Reference: http://thread.gmane.org/gmane.linux.network/372676
> > Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
> > Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
>
> Applied and queued up for -stable, thanks.
can this patch get queued up for 4.1 as well?
It seems to fix a similar issue in 4.1.6.
Thanks,
Christoph
next prev parent reply other threads:[~2015-09-17 5:41 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-06 22:26 [PATCH net] netlink: make sure -EBUSY won't escape from netlink_insert Daniel Borkmann
2015-08-06 23:57 ` Herbert Xu
2015-08-08 17:23 ` Thomas Graf
2015-08-10 18:00 ` David Miller
2015-09-17 5:41 ` Christoph Paasch [this message]
2015-09-17 18:47 ` Linus Torvalds
2015-09-18 2:09 ` Herbert Xu
2015-09-18 8:05 ` Daniel Borkmann
2015-09-28 23:46 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150917054114.GN1983@Chimay.local \
--to=christoph.paasch@gmail.com \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=netdev@vger.kernel.org \
--cc=tgraf@suug.ch \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.