From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Taehee Yoo <ap420073@gmail.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
osmocom-net-gprs@lists.osmocom.org, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 155/158] gtp: fix Illegal context switch in RCU read-side critical section.
Date: Mon, 15 Jul 2019 10:18:06 -0400 [thread overview]
Message-ID: <20190715141809.8445-155-sashal@kernel.org> (raw)
In-Reply-To: <20190715141809.8445-1-sashal@kernel.org>
From: Taehee Yoo <ap420073@gmail.com>
[ Upstream commit 3f167e1921865b379a9becf03828e7202c7b4917 ]
ipv4_pdp_add() is called in RCU read-side critical section.
So GFP_KERNEL should not be used in the function.
This patch make ipv4_pdp_add() to use GFP_ATOMIC instead of GFP_KERNEL.
Test commands:
gtp-link add gtp1 &
gtp-tunnel add gtp1 v1 100 200 1.1.1.1 2.2.2.2
Splat looks like:
[ 130.618881] =============================
[ 130.626382] WARNING: suspicious RCU usage
[ 130.626994] 5.2.0-rc6+ #50 Not tainted
[ 130.627622] -----------------------------
[ 130.628223] ./include/linux/rcupdate.h:266 Illegal context switch in RCU read-side critical section!
[ 130.629684]
[ 130.629684] other info that might help us debug this:
[ 130.629684]
[ 130.631022]
[ 130.631022] rcu_scheduler_active = 2, debug_locks = 1
[ 130.632136] 4 locks held by gtp-tunnel/1025:
[ 130.632925] #0: 000000002b93c8b7 (cb_lock){++++}, at: genl_rcv+0x15/0x40
[ 130.634159] #1: 00000000f17bc999 (genl_mutex){+.+.}, at: genl_rcv_msg+0xfb/0x130
[ 130.635487] #2: 00000000c644ed8e (rtnl_mutex){+.+.}, at: gtp_genl_new_pdp+0x18c/0x1150 [gtp]
[ 130.636936] #3: 0000000007a1cde7 (rcu_read_lock){....}, at: gtp_genl_new_pdp+0x187/0x1150 [gtp]
[ 130.638348]
[ 130.638348] stack backtrace:
[ 130.639062] CPU: 1 PID: 1025 Comm: gtp-tunnel Not tainted 5.2.0-rc6+ #50
[ 130.641318] Call Trace:
[ 130.641707] dump_stack+0x7c/0xbb
[ 130.642252] ___might_sleep+0x2c0/0x3b0
[ 130.642862] kmem_cache_alloc_trace+0x1cd/0x2b0
[ 130.643591] gtp_genl_new_pdp+0x6c5/0x1150 [gtp]
[ 130.644371] genl_family_rcv_msg+0x63a/0x1030
[ 130.645074] ? mutex_lock_io_nested+0x1090/0x1090
[ 130.645845] ? genl_unregister_family+0x630/0x630
[ 130.646592] ? debug_show_all_locks+0x2d0/0x2d0
[ 130.647293] ? check_flags.part.40+0x440/0x440
[ 130.648099] genl_rcv_msg+0xa3/0x130
[ ... ]
Fixes: 459aa660eb1d ("gtp: add initial driver for datapath of GPRS Tunneling Protocol (GTP-U)")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/gtp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c
index f45a806b6c06..6f1ad7ccaea6 100644
--- a/drivers/net/gtp.c
+++ b/drivers/net/gtp.c
@@ -958,7 +958,7 @@ static int ipv4_pdp_add(struct gtp_dev *gtp, struct sock *sk,
}
- pctx = kmalloc(sizeof(struct pdp_ctx), GFP_KERNEL);
+ pctx = kmalloc(sizeof(*pctx), GFP_ATOMIC);
if (pctx == NULL)
return -ENOMEM;
--
2.20.1
next prev parent reply other threads:[~2019-07-15 14:28 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-15 14:15 [PATCH AUTOSEL 4.19 001/158] wil6210: fix potential out-of-bounds read Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 002/158] ath10k: Do not send probe response template for mesh Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 003/158] ath9k: Check for errors when reading SREV register Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 004/158] ath6kl: add some bounds checking Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 005/158] ath10k: add peer id check in ath10k_peer_find_by_id Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 007/158] wil6210: fix spurious interrupts in 3-msi Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 008/158] ath: DFS JP domain W56 fixed pulse type 3 RADAR detection Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 010/158] batman-adv: fix for leaked TVLV handler Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 018/158] net: stmmac: dwmac1000: Clear unused address entries Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 019/158] net: stmmac: dwmac4/5: " Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 020/158] qed: Set the doorbell address correctly Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 023/158] af_key: fix leaks in key_pol_get_resp and dump_sp Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 024/158] xfrm: Fix xfrm sel prefix length validation Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 027/158] Revert "e1000e: fix cyclic resets at link up with active tx" Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 028/158] e1000e: start network tx queue only when link is up Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 032/158] net: phy: Check against net_device being NULL Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 036/158] batman-adv: Fix duplicated OGMs on NETDEV_UP Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 039/158] net: hns3: set ops to null when unregister ad_dev Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 043/158] net: stmmac: dwmac4: fix flow control issue Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 044/158] net: stmmac: modify default value of tx-frames Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 046/158] net: fec: Do not use netdev messages too early Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 047/158] net: axienet: Fix race condition causing TX hang Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 050/158] net: sfp: add mutex to prevent concurrent state checks Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 051/158] ipset: Fix memory accounting for hash types on resize Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 062/158] bpf: silence warning messages in core Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 069/158] qed: iWARP - Fix tc for MPA ll2 connection Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 070/158] net: hns3: fix for skb leak when doing selftest Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 073/158] xfrm: fix sa selector validation Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 079/158] vhost_net: disable zerocopy by default Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 090/158] ipsec: select crypto ciphers for xfrm_algo Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 091/158] ipvs: defer hook registration to avoid leaks Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 102/158] net: stmmac: sun8i: force select external PHY when no internal one Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 103/158] rtlwifi: rtl8192cu: fix error handle when usb probe failed Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 104/158] mt7601u: do not schedule rx_tasklet when the device has been disconnected Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 106/158] mt7601u: fix possible memory leak when the device is disconnected Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 107/158] ipvs: fix tinfo memory leak in start_sync_thread Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 108/158] ath10k: add missing error handling Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 109/158] ath10k: fix PCIE device wake up failed Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 114/158] xsk: Properly terminate assignment in xskq_produce_flush_desc Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 117/158] ixgbe: Check DDM existence in transceiver before access Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 121/158] wil6210: drop old event after wmi_call timeout Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 129/158] net: hns3: fix a -Wformat-nonliteral compile warning Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 130/158] net: hns3: add some error checking in hclge_tm module Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 131/158] ath10k: destroy sdio workqueue while remove sdio module Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 132/158] net: mvpp2: prs: Don't override the sign bit in SRAM parser shift Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 133/158] igb: clear out skb->tstamp after reading the txtime Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 134/158] iwlwifi: mvm: Drop large non sta frames Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 135/158] bpf: fix uapi bpf_prog_info fields alignment Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 138/158] bnx2x: Prevent ptp_task to be rescheduled indefinitely Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 139/158] net: usb: asix: init MAC address buffers Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 141/158] bpf, libbpf, smatch: Fix potential NULL pointer dereference Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 142/158] selftests: bpf: fix inlines in test_lwt_seg6local Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 143/158] bonding: validate ip header before check IPPROTO_IGMP Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 145/158] tools: bpftool: Fix json dump crash on powerpc Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 149/158] Bluetooth: 6lowpan: search for destination address in all peers Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 151/158] Bluetooth: Check state in l2cap_disconnect_rsp Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 152/158] gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 153/158] Bluetooth: validate BLE connection interval updates Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 154/158] gtp: fix suspicious RCU usage Sasha Levin
2019-07-15 14:18 ` Sasha Levin [this message]
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 156/158] gtp: fix use-after-free in gtp_encap_destroy() Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 157/158] gtp: fix use-after-free in gtp_newlink() Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 158/158] net: mvmdio: defer probe of orion-mdio if a clock is not ready Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190715141809.8445-155-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=ap420073@gmail.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=osmocom-net-gprs@lists.osmocom.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).