Fwd: Re: [PATCH] net: convert fib_treeref from int to refcount_t

All of lore.kernel.org
 help / color / mirror / Atom feed

From: yajun.deng@linux.dev
To: m.szyprowski@samsung.com
Cc: davem@davemloft.net, kuba@kernel.org, netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Fwd: Re: [PATCH] net: convert fib_treeref from int to refcount_t
Date: Tue, 03 Aug 2021 11:17:59 +0000	[thread overview]
Message-ID: <7177b79774f6be76431ff4af9fa164f8@linux.dev> (raw)
In-Reply-To: <2033809a-1a07-1f5d-7732-f10f6e094f3d@gmail.com>

[-- Attachment #1: Type: text/plain, Size: 697 bytes --]

This patch from David Ahern was applied in the newest net-next.

-------- Forwarded message -------
From: "David Ahern" <dsahern@gmail.com>
To: "Ioana Ciornei" <ciorneiioana@gmail.com>, "Yajun Deng" <yajun.deng@linux.dev>
CC: davem@davemloft.net, kuba@kernel.org, yoshfuji@linux-ipv6.org, dsahern@kernel.org,
netdev@vger.kernel.org, linux-kernel@vger.kernel.org, linux-decnet-user@lists.sourceforge.net
Sent: August 2, 2021 10:36 PM
Subject: Re: [PATCH] net: convert fib_treeref from int to refcount_t
On 8/2/21 7:37 AM, Ioana Ciornei wrote:

> Unfortunately, with this patch applied I get into the following WARNINGs
> when booting over NFS:

Can you test the attached?

Thanks,

[-- Attachment #2: 0001-ipv4-Fix-refcount-warning-for-new-fib_info.patch --]
[-- Type: application/octet-stream, Size: 1680 bytes --]

From ec9d169eb33e6a65db641792821cc6a259ed9362 Mon Sep 17 00:00:00 2001
From: David Ahern <dsahern@kernel.org>
Date: Mon, 2 Aug 2021 08:29:26 -0600
Subject: [PATCH net-next] ipv4: Fix refcount warning for new fib_info

Ioana reported a refcount warning when booting over NFS:

[    5.042532] ------------[ cut here ]------------
[    5.047184] refcount_t: addition on 0; use-after-free.
[    5.052324] WARNING: CPU: 7 PID: 1 at lib/refcount.c:25 refcount_warn_saturate+0xa4/0x150
...
[    5.167201] Call trace:
[    5.169635]  refcount_warn_saturate+0xa4/0x150
[    5.174067]  fib_create_info+0xc00/0xc90
[    5.177982]  fib_table_insert+0x8c/0x620
[    5.181893]  fib_magic.isra.0+0x110/0x11c
[    5.185891]  fib_add_ifaddr+0xb8/0x190
[    5.189629]  fib_inetaddr_event+0x8c/0x140

fib_treeref needs to be set after kzalloc. The old code had a ++ which
led to the confusion when the int was replaced by a refcount_t.

Fixes: 79976892f7ea ("net: convert fib_treeref from int to refcount_t")
Signed-off-by: David Ahern <dsahern@kernel.org>
Reported-by: Ioana Ciornei <ciorneiioana@gmail.com>
Cc: Yajun Deng <yajun.deng@linux.dev>
---
 net/ipv4/fib_semantics.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index fa19f4cdf3a4..f29feb7772da 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -1551,7 +1551,7 @@ struct fib_info *fib_create_info(struct fib_config *cfg,
 		return ofi;
 	}
 
-	refcount_inc(&fi->fib_treeref);
+	refcount_set(&fi->fib_treeref, 1);
 	refcount_set(&fi->fib_clntref, 1);
 	spin_lock_bh(&fib_info_lock);
 	hlist_add_head(&fi->fib_hash,
-- 
2.24.3 (Apple Git-128)

next prev parent reply	other threads:[~2021-08-03 11:18 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <CGME20210803110803eucas1p276a0010caad8fc21a7ea5ca5543294f8@eucas1p2.samsung.com>
2021-07-29  7:13 ` [PATCH] net: convert fib_treeref from int to refcount_t Yajun Deng
2021-07-29 14:55   ` David Ahern
2021-07-30 15:30   ` patchwork-bot+netdevbpf
2021-08-02 13:37   ` Ioana Ciornei
2021-08-02 14:36     ` David Ahern
2021-08-02 14:59       ` Ioana Ciornei
2021-08-03 11:17       ` yajun.deng [this message]
2021-08-03 11:24         ` Fwd: " Marek Szyprowski
2021-08-03 11:08   ` Marek Szyprowski
2021-08-03 14:43     ` David Ahern

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fa19f4cdf3a dfblob:f29feb7772d )
 OR (
bs:"ipv4: Fix refcount warning for new fib_info" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=7177b79774f6be76431ff4af9fa164f8@linux.dev \
    --to=yajun.deng@linux.dev \
    --cc=davem@davemloft.net \
    --cc=kuba@kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=m.szyprowski@samsung.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.