netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Paul E. McKenney" <paulmck@linux.ibm.com>
To: Dmitry Vyukov <dvyukov@google.com>
Cc: Stefano Brivio <sbrivio@redhat.com>,
	Eric Dumazet <eric.dumazet@gmail.com>,
	Arjan van de Ven <arjan@linux.intel.com>,
	syzbot <syzbot+43f6755d1c2e62743468@syzkaller.appspotmail.com>,
	Andrew Morton <akpm@linux-foundation.org>,
	Josh Triplett <josh@joshtriplett.org>,
	LKML <linux-kernel@vger.kernel.org>,
	Ingo Molnar <mingo@kernel.org>,
	syzkaller-bugs <syzkaller-bugs@googlegroups.com>,
	netdev <netdev@vger.kernel.org>,
	Cong Wang <xiyou.wangcong@gmail.com>,
	Xin Long <lucien.xin@gmail.com>
Subject: Re: WARNING in __rcu_read_unlock
Date: Tue, 18 Dec 2018 06:02:58 -0800	[thread overview]
Message-ID: <20181218140258.GQ4170@linux.ibm.com> (raw)
In-Reply-To: <CACT4Y+az3--Y2f0OKSbF0kxwckdkKSASVog=XkX=+cXCt5r3ew@mail.gmail.com>

On Tue, Dec 18, 2018 at 02:26:00PM +0100, Dmitry Vyukov wrote:
> On Tue, Dec 18, 2018 at 1:40 PM Stefano Brivio <sbrivio@redhat.com> wrote:
> >
> > On Tue, 18 Dec 2018 09:49:17 +0100
> > Dmitry Vyukov <dvyukov@google.com> wrote:
> >
> > > On Tue, Dec 18, 2018 at 12:18 AM Stefano Brivio <sbrivio@redhat.com> wrote:
> > > >
> > > > On Mon, 17 Dec 2018 16:53:36 +0100
> > > > Dmitry Vyukov <dvyukov@google.com> wrote:
> > > >
> > > > > On Mon, Dec 17, 2018 at 4:24 PM Stefano Brivio <sbrivio@redhat.com> wrote:
> > > > > >
> > > > > > On Mon, 17 Dec 2018 06:57:35 -0800
> > > > > > Eric Dumazet <eric.dumazet@gmail.com> wrote:
> > > > > >
> > > > > > > Might be cause by commit b8a51b38e4d4dec3e379d52c0fe1a66827f7cf1e
> > > > > > > fou, fou6: ICMP error handlers for FoU and GUE
> > > > > >
> > > > > > This:
> > > > > >
> > > > > > diff --git a/net/ipv4/fou.c b/net/ipv4/fou.c
> > > > > > index 0d0ad19ecb87..20a6de26d146 100644
> > > > > > --- a/net/ipv4/fou.c
> > > > > > +++ b/net/ipv4/fou.c
> > > > > > @@ -1008,6 +1008,9 @@ static int gue_err_proto_handler(int proto, struct sk_buff *skb, u32 info)
> > > > > >  {
> > > > > >         const struct net_protocol *ipprot = rcu_dereference(inet_protos[proto]);
> > > > > >
> > > > > > +       if (ipprot == IPPROTO_UDP)
> > > > > > +               return -EINVAL;
> > > > > > +
> > > > > >         if (ipprot && ipprot->err_handler) {
> > > > > >                 if (!ipprot->err_handler(skb, info))
> > > > > >                         return 0;
> > > > > >
> > > > > > should fix the issue, but I still have to run tests and make sure we
> > > > > > don't hit similar cases.
> > > > >
> > > > > Please don't forget to add a regression test for it too ;)
> > > >
> > > > Where would you suggest to add this? The only selftest that goes
> > >
> > > I dunno. But there must be some place for such tests, right?
> >
> > Not as far as I know. The selftests checking this path, by design, only
> > use supported configurations, they don't forge packets.
> >
> > Maybe it would be nice to have a semi-automated way to isolate and
> > describe/name specific conditions found by syzbot via fuzzing and turn
> > those into tests that are then repeated periodically. I'm not sure how
> > that would look like, but I think it's still more maintainable than a
> > pile of C reproducers with forged packets in selftests/net.
> 
> It would be nice to do something like this. Filed
> https://github.com/google/syzkaller/issues/884
> However, there are few open questions that I am not sure how to resolve yet...
> 
> 
> > Eric, Cong, Xin, as you also recently fixed a nice deal of similar cases
> > reported by syzbot, what do you think? Did you ever feel the need to
> > turn a syzbot reproducer into a regression test case?
> >
> > > > through this path currently is net/pmtu.sh, but as configuration of an
> > > > actual UDP-in-GUE tunnel is currently not supported, I would really
> > > > need to forge that specific packet, so that doesn't seem to be a good
> > > > fit.
> > > >
> > > > Won't syzbot add this to some list of reproducers that are checked in
> > > > the future?
> > >
> > > It won't. Also fuzzing is complementary to testing, not a replacement:
> >
> > Indeed, but that doesn't mean we need to limit the potential of fuzzing
> > because "it's not testing". It can be used to check for regressions,
> > too, especially in these cases.
> >
> > > https://twitter.com/dvyukov/status/1074719682962358272
> >
> > Now, I'm extremely thankful for the work you're doing and especially
> > for finding this subtle condition with syzbot, but this is quite
> > inaccurate. To be exposed to this issue, the user would need to
> > have the fou module loaded (it won't autoload), which is used quite
> > rarely, and, on top of that, have a UDP tunnel configured. It wouldn't
> > have been the kind of "evil packet crashes the internet" scenario you
> > were dreaming of ;)
> 
> Okay, I see. Full bug assessment is hard. I mess it both ways for
> different bugs.
> But I did not claim that it does not require some setup :)
> And maybe there is somebody important on the internet that uses such
> setup. Who knows.

Black hats, if no one else.  ;-)

							Thanx, Paul

  reply	other threads:[~2018-12-18 14:03 UTC|newest]

Thread overview: 22+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
     [not found] <0000000000005e47a2057d0edc49@google.com>
     [not found] ` <20181216190412.GE4170@linux.ibm.com>
2018-12-17  9:44   ` WARNING in __rcu_read_unlock Dmitry Vyukov
2018-12-17 11:29     ` Paul E. McKenney
2018-12-17 13:07       ` Dmitry Vyukov
2018-12-17 14:14       ` Arjan van de Ven
2018-12-17 14:40         ` Dmitry Vyukov
2018-12-17 14:49           ` Paul E. McKenney
2018-12-17 14:57           ` Eric Dumazet
2018-12-17 14:59             ` Stefano Brivio
2018-12-17 15:11               ` Dmitry Vyukov
2018-12-17 15:24             ` Stefano Brivio
2018-12-17 15:53               ` Dmitry Vyukov
2018-12-17 23:18                 ` Stefano Brivio
2018-12-18  8:49                   ` Dmitry Vyukov
2018-12-18 12:40                     ` Stefano Brivio
2018-12-18 13:26                       ` Dmitry Vyukov
2018-12-18 14:02                         ` Paul E. McKenney [this message]
2018-12-18 14:12                         ` Stefano Brivio
2018-12-18 16:05                           ` Dmitry Vyukov
2018-12-19  4:12                       ` Cong Wang
2018-12-17 18:21               ` Stefano Brivio
2018-12-17 18:45                 ` Dmitry Vyukov
2018-12-17 19:56                   ` Paul E. McKenney

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181218140258.GQ4170@linux.ibm.com \
    --to=paulmck@linux.ibm.com \
    --cc=akpm@linux-foundation.org \
    --cc=arjan@linux.intel.com \
    --cc=dvyukov@google.com \
    --cc=eric.dumazet@gmail.com \
    --cc=josh@joshtriplett.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=lucien.xin@gmail.com \
    --cc=mingo@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=sbrivio@redhat.com \
    --cc=syzbot+43f6755d1c2e62743468@syzkaller.appspotmail.com \
    --cc=syzkaller-bugs@googlegroups.com \
    --cc=xiyou.wangcong@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).