From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH net] fib: fib_dump_info can no longer use __in_dev_get_rtnl Date: Fri, 03 Nov 2017 14:28:08 +0900 (KST) Message-ID: <20171103.142808.654415128418406242.davem@davemloft.net> References: <001a114a958cf58255055cfdccb2@google.com> <20171102150220.9865-1-fw@strlen.de> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com, bot+e52a2ae091b628f72765583c9faedc961c83b7e7@syzkaller.appspotmail.com To: fw@strlen.de Return-path: Received: from shards.monkeyblade.net ([184.105.139.130]:35328 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752284AbdKCF2L (ORCPT ); Fri, 3 Nov 2017 01:28:11 -0400 In-Reply-To: <20171102150220.9865-1-fw@strlen.de> Sender: netdev-owner@vger.kernel.org List-ID: From: Florian Westphal Date: Thu, 2 Nov 2017 16:02:20 +0100 > syzbot reported yet another regression added with DOIT_UNLOCKED. > When nexthop is marked as dead, fib_dump_info uses __in_dev_get_rtnl(): > > ./include/linux/inetdevice.h:230 suspicious rcu_dereference_protected() usage! > rcu_scheduler_active = 2, debug_locks = 1 > 1 lock held by syz-executor2/23859: > #0: (rcu_read_lock){....}, at: [] > inet_rtm_getroute+0xaa0/0x2d70 net/ipv4/route.c:2738 > [..] > lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4665 > __in_dev_get_rtnl include/linux/inetdevice.h:230 [inline] > fib_dump_info+0x1136/0x13d0 net/ipv4/fib_semantics.c:1377 > inet_rtm_getroute+0xf97/0x2d70 net/ipv4/route.c:2785 > .. > > This isn't safe anymore, callers either hold RTNL mutex or rcu read lock, > so these spots must use rcu_dereference_rtnl() or plain rcu_derefence() > (plus unconditional rcu read lock). > > This does the latter. > > Fixes: 394f51abb3d04f ("ipv4: route: set ipv4 RTM_GETROUTE to not use rtnl") > Reported-by: syzbot > Signed-off-by: Florian Westphal Applied, thanks Florian.