From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Jiawei Ye <jiawei.ye@foxmail.com>,
Yonghong Song <yonghong.song@linux.dev>,
Martin KaFai Lau <martin.lau@kernel.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 23/39] bpf: Fix mismatched RCU unlock flavour in bpf_out_neigh_v6
Date: Fri, 15 Nov 2024 07:38:33 +0100 [thread overview]
Message-ID: <20241115063723.447182706@linuxfoundation.org> (raw)
In-Reply-To: <20241115063722.599985562@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Jiawei Ye <jiawei.ye@foxmail.com>
[ Upstream commit fb86c42a2a5d44e849ddfbc98b8d2f4f40d36ee3 ]
In the bpf_out_neigh_v6 function, rcu_read_lock() is used to begin an RCU
read-side critical section. However, when unlocking, one branch
incorrectly uses a different RCU unlock flavour rcu_read_unlock_bh()
instead of rcu_read_unlock(). This mismatch in RCU locking flavours can
lead to unexpected behavior and potential concurrency issues.
This possible bug was identified using a static analysis tool developed
by myself, specifically designed to detect RCU-related issues.
This patch corrects the mismatched unlock flavour by replacing the
incorrect rcu_read_unlock_bh() with the appropriate rcu_read_unlock(),
ensuring that the RCU critical section is properly exited. This change
prevents potential synchronization issues and aligns with proper RCU
usage patterns.
Fixes: 09eed1192cec ("neighbour: switch to standard rcu, instead of rcu_bh")
Signed-off-by: Jiawei Ye <jiawei.ye@foxmail.com>
Acked-by: Yonghong Song <yonghong.song@linux.dev>
Link: https://lore.kernel.org/r/tencent_CFD3D1C3D68B45EA9F52D8EC76D2C4134306@qq.com
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/filter.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/filter.c b/net/core/filter.c
index 3f3286cf438e7..2f6fef5f5864f 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -2226,7 +2226,7 @@ static int bpf_out_neigh_v6(struct net *net, struct sk_buff *skb,
rcu_read_unlock();
return ret;
}
- rcu_read_unlock_bh();
+ rcu_read_unlock();
if (dst)
IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES);
out_drop:
--
2.43.0
next prev parent reply other threads:[~2024-11-15 6:53 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-15 6:38 [PATCH 6.1 00/39] 6.1.118-rc1 review Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 01/39] Revert "Bluetooth: fix use-after-free in accessing skb after sending it" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 02/39] Revert "Bluetooth: hci_sync: Fix overwriting request callback" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 03/39] Revert "Bluetooth: af_bluetooth: Fix deadlock" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 04/39] Revert "Bluetooth: hci_core: Fix possible buffer overflow" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 05/39] Revert "Bluetooth: hci_conn: Consolidate code for aborting connections" Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 06/39] 9p: Avoid creating multiple slab caches with the same name Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 07/39] irqchip/ocelot: Fix trigger register address Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 08/39] nvme: tcp: avoid race between queue_lock lock and destroy Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 09/39] block: Fix elevator_get_default() checking for NULL q->tag_set Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 10/39] HID: multitouch: Add support for B2402FVA track point Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 11/39] HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 12/39] nvme: disable CC.CRIME (NVME_CC_CRIME) Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 13/39] bpf: use kvzmalloc to allocate BPF verifier environment Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 14/39] crypto: api - Fix liveliness check in crypto_alg_tested Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 15/39] crypto: marvell/cesa - Disable hash algorithms Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 16/39] sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 17/39] drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 18/39] kasan: Disable Software Tag-Based KASAN with GCC Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 19/39] nvme-multipath: defer partition scanning Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 20/39] powerpc/powernv: Free name on error in opal_event_init() Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 21/39] nvme: make keep-alive synchronous operation Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 22/39] vDPA/ifcvf: Fix pci_read_config_byte() return code handling Greg Kroah-Hartman
2024-11-15 6:38 ` Greg Kroah-Hartman [this message]
2024-11-15 6:38 ` [PATCH 6.1 24/39] fs: Fix uninitialized value issue in from_kuid and from_kgid Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 25/39] HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 26/39] HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 27/39] LoongArch: Use "Exception return address" to comment ERA Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 28/39] net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 29/39] md/raid10: improve code of mrdev in raid10_sync_request Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 30/39] io_uring: fix possible deadlock in io_register_iowq_max_workers() Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 31/39] uprobes: encapsulate preparation of uprobe args buffer Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 32/39] uprobe: avoid out-of-bounds memory access of fetching args Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 33/39] drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 34/39] ext4: fix timer use-after-free on failed mount Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 35/39] Bluetooth: L2CAP: Fix uaf in l2cap_connect Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 36/39] mm: krealloc: Fix MTE false alarm in __do_krealloc Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 37/39] platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 38/39] fs/ntfs3: Fix general protection fault in run_is_mapped_full Greg Kroah-Hartman
2024-11-15 6:38 ` [PATCH 6.1 39/39] 9p: fix slab cache name creation for real Greg Kroah-Hartman
2024-11-15 12:43 ` [PATCH 6.1 00/39] 6.1.118-rc1 review Peter Schneider
2024-11-15 18:11 ` Jon Hunter
2024-11-15 18:26 ` SeongJae Park
2024-11-15 19:14 ` Florian Fainelli
2024-11-15 21:26 ` Mark Brown
2024-11-16 0:04 ` Ron Economos
2024-11-16 12:24 ` Naresh Kamboju
2024-11-16 17:20 ` [PATCH 6.1] " Hardik Garg
2024-11-16 21:10 ` [PATCH 6.1 00/39] " Shuah Khan
2024-11-17 13:27 ` Pavel Machek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241115063723.447182706@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jiawei.ye@foxmail.com \
--cc=martin.lau@kernel.org \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=yonghong.song@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.