From: Taehee Yoo <ap420073@gmail.com>
To: intel-wired-lan@osuosl.org
Subject: [Intel-wired-lan] [PATCH net v2 8/9] bonding: fix suspicious RCU usage in bond_ipsec_offload_ok()
Date: Mon, 5 Jul 2021 15:38:13 +0000 [thread overview]
Message-ID: <20210705153814.11453-9-ap420073@gmail.com> (raw)
In-Reply-To: <20210705153814.11453-1-ap420073@gmail.com>
To dereference bond->curr_active_slave, it uses rcu_dereference().
But it and the caller doesn't acquire RCU so a warning occurs.
So add rcu_read_lock().
Splat looks like:
WARNING: suspicious RCU usage
5.13.0-rc6+ #1179 Not tainted
drivers/net/bonding/bond_main.c:571 suspicious
rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by ping/974:
#0: ffff888109e7db70 (sk_lock-AF_INET){+.+.}-{0:0},
at: raw_sendmsg+0x1303/0x2cb0
stack backtrace:
CPU: 2 PID: 974 Comm: ping Not tainted 5.13.0-rc6+ #1179
Call Trace:
dump_stack+0xa4/0xe5
bond_ipsec_offload_ok+0x1f4/0x260 [bonding]
xfrm_output+0x179/0x890
xfrm4_output+0xfa/0x410
? __xfrm4_output+0x4b0/0x4b0
? __ip_make_skb+0xecc/0x2030
? xfrm4_udp_encap_rcv+0x800/0x800
? ip_local_out+0x21/0x3a0
ip_send_skb+0x37/0xa0
raw_sendmsg+0x1bfd/0x2cb0
Fixes: 18cb261afd7b ("bonding: support hardware encryption offload to slaves")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
---
- no change
drivers/net/bonding/bond_main.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 9c44ec92eb72..a9cb06959320 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -573,24 +573,34 @@ static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs)
struct net_device *real_dev;
struct slave *curr_active;
struct bonding *bond;
+ int err;
bond = netdev_priv(bond_dev);
+ rcu_read_lock();
curr_active = rcu_dereference(bond->curr_active_slave);
real_dev = curr_active->dev;
- if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP)
- return true;
+ if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP) {
+ err = true;
+ goto out;
+ }
- if (!xs->xso.real_dev)
- return false;
+ if (!xs->xso.real_dev) {
+ err = false;
+ goto out;
+ }
if (!real_dev->xfrmdev_ops ||
!real_dev->xfrmdev_ops->xdo_dev_offload_ok ||
netif_is_bond_master(real_dev)) {
- return false;
+ err = false;
+ goto out;
}
- return real_dev->xfrmdev_ops->xdo_dev_offload_ok(skb, xs);
+ err = real_dev->xfrmdev_ops->xdo_dev_offload_ok(skb, xs);
+out:
+ rcu_read_unlock();
+ return err;
}
static const struct xfrmdev_ops bond_xfrmdev_ops = {
--
2.17.1
WARNING: multiple messages have this Message-ID (diff)
From: Taehee Yoo <ap420073@gmail.com>
To: davem@davemloft.net, kuba@kernel.org, dsahern@kernel.org,
netdev@vger.kernel.org, j.vosburgh@gmail.com, vfalico@gmail.com,
andy@greyhouse.net, jesse.brandeburg@intel.com,
anthony.l.nguyen@intel.com, jarod@redhat.com,
intel-wired-lan@lists.osuosl.org
Cc: ap420073@gmail.com
Subject: [PATCH net v2 8/9] bonding: fix suspicious RCU usage in bond_ipsec_offload_ok()
Date: Mon, 5 Jul 2021 15:38:13 +0000 [thread overview]
Message-ID: <20210705153814.11453-9-ap420073@gmail.com> (raw)
In-Reply-To: <20210705153814.11453-1-ap420073@gmail.com>
To dereference bond->curr_active_slave, it uses rcu_dereference().
But it and the caller doesn't acquire RCU so a warning occurs.
So add rcu_read_lock().
Splat looks like:
WARNING: suspicious RCU usage
5.13.0-rc6+ #1179 Not tainted
drivers/net/bonding/bond_main.c:571 suspicious
rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by ping/974:
#0: ffff888109e7db70 (sk_lock-AF_INET){+.+.}-{0:0},
at: raw_sendmsg+0x1303/0x2cb0
stack backtrace:
CPU: 2 PID: 974 Comm: ping Not tainted 5.13.0-rc6+ #1179
Call Trace:
dump_stack+0xa4/0xe5
bond_ipsec_offload_ok+0x1f4/0x260 [bonding]
xfrm_output+0x179/0x890
xfrm4_output+0xfa/0x410
? __xfrm4_output+0x4b0/0x4b0
? __ip_make_skb+0xecc/0x2030
? xfrm4_udp_encap_rcv+0x800/0x800
? ip_local_out+0x21/0x3a0
ip_send_skb+0x37/0xa0
raw_sendmsg+0x1bfd/0x2cb0
Fixes: 18cb261afd7b ("bonding: support hardware encryption offload to slaves")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
---
- no change
drivers/net/bonding/bond_main.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index 9c44ec92eb72..a9cb06959320 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -573,24 +573,34 @@ static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs)
struct net_device *real_dev;
struct slave *curr_active;
struct bonding *bond;
+ int err;
bond = netdev_priv(bond_dev);
+ rcu_read_lock();
curr_active = rcu_dereference(bond->curr_active_slave);
real_dev = curr_active->dev;
- if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP)
- return true;
+ if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP) {
+ err = true;
+ goto out;
+ }
- if (!xs->xso.real_dev)
- return false;
+ if (!xs->xso.real_dev) {
+ err = false;
+ goto out;
+ }
if (!real_dev->xfrmdev_ops ||
!real_dev->xfrmdev_ops->xdo_dev_offload_ok ||
netif_is_bond_master(real_dev)) {
- return false;
+ err = false;
+ goto out;
}
- return real_dev->xfrmdev_ops->xdo_dev_offload_ok(skb, xs);
+ err = real_dev->xfrmdev_ops->xdo_dev_offload_ok(skb, xs);
+out:
+ rcu_read_unlock();
+ return err;
}
static const struct xfrmdev_ops bond_xfrmdev_ops = {
--
2.17.1
next prev parent reply other threads:[~2021-07-05 15:38 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-05 15:38 [Intel-wired-lan] [PATCH net v2 0/9] net: fix bonding ipsec offload problems Taehee Yoo
2021-07-05 15:38 ` Taehee Yoo
2021-07-05 15:38 ` [Intel-wired-lan] [PATCH net v2 1/9] bonding: fix suspicious RCU usage in bond_ipsec_add_sa() Taehee Yoo
2021-07-05 15:38 ` Taehee Yoo
2021-07-05 15:38 ` [Intel-wired-lan] [PATCH net v2 2/9] bonding: fix null dereference " Taehee Yoo
2021-07-05 15:38 ` Taehee Yoo
2021-07-05 15:38 ` [Intel-wired-lan] [PATCH net v2 3/9] net: netdevsim: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops Taehee Yoo
2021-07-05 15:38 ` Taehee Yoo
2021-07-05 15:38 ` [Intel-wired-lan] [PATCH net v2 4/9] ixgbevf: " Taehee Yoo
2021-07-05 15:38 ` Taehee Yoo
2021-07-05 15:38 ` [Intel-wired-lan] [PATCH net v2 5/9] bonding: fix suspicious RCU usage in bond_ipsec_del_sa() Taehee Yoo
2021-07-05 15:38 ` Taehee Yoo
2021-07-05 15:38 ` [Intel-wired-lan] [PATCH net v2 6/9] bonding: disallow setting nested bonding + ipsec offload Taehee Yoo
2021-07-05 15:38 ` Taehee Yoo
2021-07-05 15:38 ` [Intel-wired-lan] [PATCH net v2 7/9] bonding: Add struct bond_ipesc to manage SA Taehee Yoo
2021-07-05 15:38 ` Taehee Yoo
2021-07-05 15:38 ` Taehee Yoo [this message]
2021-07-05 15:38 ` [PATCH net v2 8/9] bonding: fix suspicious RCU usage in bond_ipsec_offload_ok() Taehee Yoo
2021-07-05 15:38 ` [Intel-wired-lan] [PATCH net v2 9/9] bonding: fix incorrect return value of bond_ipsec_offload_ok() Taehee Yoo
2021-07-05 15:38 ` Taehee Yoo
2021-07-14 22:00 ` [Intel-wired-lan] [PATCH net v2 0/9] net: fix bonding ipsec offload problems Jay Vosburgh
2021-07-14 22:00 ` Jay Vosburgh
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210705153814.11453-9-ap420073@gmail.com \
--to=ap420073@gmail.com \
--cc=intel-wired-lan@osuosl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.