From: Jiri Pirko <jiri@resnulli.us>
To: Eric Dumazet <edumazet@google.com>
Cc: "David S . Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
netdev@vger.kernel.org, eric.dumazet@gmail.com,
syzbot <syzkaller@googlegroups.com>, Jiri Pirko <jiri@nvidia.com>
Subject: Re: [PATCH net-next] inet6: expand rcu_read_lock() scope in inet6_dump_addr()
Date: Wed, 28 Feb 2024 08:39:03 +0100 [thread overview]
Message-ID: <Zd7jF8hfApfqLitR@nanopsycho> (raw)
In-Reply-To: <20240227222259.4081489-1-edumazet@google.com>
Tue, Feb 27, 2024 at 11:22:59PM CET, edumazet@google.com wrote:
>I missed that inet6_dump_addr() is calling in6_dump_addrs()
>from two points.
>
>First one under RTNL protection, and second one under rcu_read_lock().
>
>Since we want to remove RTNL use from inet6_dump_addr() very soon,
>no longer assume in6_dump_addrs() is protected by RTNL (even
>if this is still the case).
>
>Use rcu_read_lock() earlier to fix this lockdep splat:
>
>WARNING: suspicious RCU usage
>6.8.0-rc5-syzkaller-01618-gf8cbf6bde4c8 #0 Not tainted
>
>net/ipv6/addrconf.c:5317 suspicious rcu_dereference_check() usage!
>
>other info that might help us debug this:
>
>rcu_scheduler_active = 2, debug_locks = 1
>3 locks held by syz-executor.2/8834:
> #0: ffff88802f554678 (nlk_cb_mutex-ROUTE){+.+.}-{3:3}, at: __netlink_dump_start+0x119/0x780 net/netlink/af_netlink.c:2338
> #1: ffffffff8f377a88 (rtnl_mutex){+.+.}-{3:3}, at: netlink_dump+0x676/0xda0 net/netlink/af_netlink.c:2265
> #2: ffff88807e5f0580 (&ndev->lock){++--}-{2:2}, at: in6_dump_addrs+0xb8/0x1de0 net/ipv6/addrconf.c:5279
>
>stack backtrace:
>CPU: 1 PID: 8834 Comm: syz-executor.2 Not tainted 6.8.0-rc5-syzkaller-01618-gf8cbf6bde4c8 #0
>Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
>Call Trace:
> <TASK>
> __dump_stack lib/dump_stack.c:88 [inline]
> dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106
> lockdep_rcu_suspicious+0x220/0x340 kernel/locking/lockdep.c:6712
> in6_dump_addrs+0x1b47/0x1de0 net/ipv6/addrconf.c:5317
> inet6_dump_addr+0x1597/0x1690 net/ipv6/addrconf.c:5428
> netlink_dump+0x6a6/0xda0 net/netlink/af_netlink.c:2266
> __netlink_dump_start+0x59d/0x780 net/netlink/af_netlink.c:2374
> netlink_dump_start include/linux/netlink.h:340 [inline]
> rtnetlink_rcv_msg+0xcf7/0x10d0 net/core/rtnetlink.c:6555
> netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2547
> netlink_unicast_kernel net/netlink/af_netlink.c:1335 [inline]
> netlink_unicast+0x7ea/0x980 net/netlink/af_netlink.c:1361
> netlink_sendmsg+0x8e0/0xcb0 net/netlink/af_netlink.c:1902
> sock_sendmsg_nosec net/socket.c:730 [inline]
> __sock_sendmsg+0x221/0x270 net/socket.c:745
> ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584
> ___sys_sendmsg net/socket.c:2638 [inline]
> __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667
>
>Fixes: c3718936ec47 ("ipv6: anycast: complete RCU handling of struct ifacaddr6")
>Reported-by: syzbot <syzkaller@googlegroups.com>
>Signed-off-by: Eric Dumazet <edumazet@google.com>
>Cc: Jiri Pirko <jiri@nvidia.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
next prev parent reply other threads:[~2024-02-28 7:39 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-27 22:22 [PATCH net-next] inet6: expand rcu_read_lock() scope in inet6_dump_addr() Eric Dumazet
2024-02-28 7:39 ` Jiri Pirko [this message]
2024-02-29 4:40 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zd7jF8hfApfqLitR@nanopsycho \
--to=jiri@resnulli.us \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=jiri@nvidia.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.