[PATCH net 8/8] bonding: fix suspicious RCU usage in bond_ipsec_offload_ok()

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Taehee Yoo <ap420073@gmail.com>
To: davem@davemloft.net, kuba@kernel.org, j.vosburgh@gmail.com,
	vfalico@gmail.com, andy@greyhouse.net,
	jesse.brandeburg@intel.com, anthony.l.nguyen@intel.com,
	jarod@redhat.com, netdev@vger.kernel.org,
	intel-wired-lan@lists.osuosl.org
Cc: ap420073@gmail.com
Subject: [PATCH net 8/8] bonding: fix suspicious RCU usage in bond_ipsec_offload_ok()
Date: Fri,  2 Jul 2021 14:26:48 +0000	[thread overview]
Message-ID: <20210702142648.7677-9-ap420073@gmail.com> (raw)
In-Reply-To: <20210702142648.7677-1-ap420073@gmail.com>

To dereference bond->curr_active_slave, it uses rcu_dereference().
But it and the caller doesn't acquire RCU so a warning occurs.
So add rcu_read_lock().

Splat looks like:
WARNING: suspicious RCU usage
5.13.0-rc6+ #1179 Not tainted
drivers/net/bonding/bond_main.c:571 suspicious
rcu_dereference_check() usage!

other info that might help us debug this:

rcu_scheduler_active = 2, debug_locks = 1
1 lock held by ping/974:
 #0: ffff888109e7db70 (sk_lock-AF_INET){+.+.}-{0:0},
at: raw_sendmsg+0x1303/0x2cb0

stack backtrace:
CPU: 2 PID: 974 Comm: ping Not tainted 5.13.0-rc6+ #1179
Call Trace:
 dump_stack+0xa4/0xe5
 bond_ipsec_offload_ok+0x1f4/0x260 [bonding]
 xfrm_output+0x179/0x890
 xfrm4_output+0xfa/0x410
 ? __xfrm4_output+0x4b0/0x4b0
 ? __ip_make_skb+0xecc/0x2030
 ? xfrm4_udp_encap_rcv+0x800/0x800
 ? ip_local_out+0x21/0x3a0
 ip_send_skb+0x37/0xa0
 raw_sendmsg+0x1bfd/0x2cb0

Fixes: 18cb261afd7b ("bonding: support hardware encryption offload to slaves")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
---
 drivers/net/bonding/bond_main.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/drivers/net/bonding/bond_main.c b/drivers/net/bonding/bond_main.c
index d2d37efb61b6..44c4509528f8 100644
--- a/drivers/net/bonding/bond_main.c
+++ b/drivers/net/bonding/bond_main.c
@@ -568,24 +568,34 @@ static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs)
 	struct net_device *real_dev;
 	struct slave *curr_active;
 	struct bonding *bond;
+	int err;
 
 	bond = netdev_priv(bond_dev);
+	rcu_read_lock();
 	curr_active = rcu_dereference(bond->curr_active_slave);
 	real_dev = curr_active->dev;
 
-	if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP)
-		return true;
+	if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP) {
+		err = true;
+		goto out;
+	}
 
-	if (!xs->xso.real_dev)
-		return false;
+	if (!xs->xso.real_dev) {
+		err = false;
+		goto out;
+	}
 
 	if (!real_dev->xfrmdev_ops ||
 	    !real_dev->xfrmdev_ops->xdo_dev_offload_ok ||
 	    netif_is_bond_master(real_dev)) {
-		return false;
+		err = false;
+		goto out;
 	}
 
-	return real_dev->xfrmdev_ops->xdo_dev_offload_ok(skb, xs);
+	err = real_dev->xfrmdev_ops->xdo_dev_offload_ok(skb, xs);
+out:
+	rcu_read_unlock();
+	return err;
 }
 
 static const struct xfrmdev_ops bond_xfrmdev_ops = {
-- 
2.17.1

     prev parent reply	other threads:[~2021-07-02 14:27 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-07-02 14:26 [PATCH net 0/8] net: fix bonding ipsec offload problems Taehee Yoo
2021-07-02 14:26 ` [PATCH net 1/8] bonding: fix suspicious RCU usage in bond_ipsec_add_sa() Taehee Yoo
2021-07-02 14:26 ` [PATCH net 2/8] bonding: fix null dereference " Taehee Yoo
2021-07-02 14:26 ` [PATCH net 3/8] net: netdevsim: use xso.real_dev instead of xso.dev in callback functions of struct xfrmdev_ops Taehee Yoo
2021-07-02 14:26 ` [PATCH net 4/8] ixgbevf: " Taehee Yoo
2021-07-02 14:26 ` [PATCH net 5/8] bonding: fix suspicious RCU usage in bond_ipsec_del_sa() Taehee Yoo
2021-07-02 14:26 ` [PATCH net 6/8] bonding: disallow setting nested bonding + ipsec offload Taehee Yoo
2021-07-02 21:14   ` Jay Vosburgh
2021-07-03  6:37     ` Taehee Yoo
2021-07-02 21:26   ` Jay Vosburgh
2021-07-03  6:46     ` Taehee Yoo
2021-07-02 14:26 ` [PATCH net 7/8] bonding: Add struct bond_ipesc to manage SA Taehee Yoo
2021-07-02 14:26 ` Taehee Yoo [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d2d37efb61b dfblob:44c4509528f )
 OR (
bs:"[PATCH net 8/8] bonding: fix suspicious RCU usage in bond_ipsec_offload_ok()" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210702142648.7677-9-ap420073@gmail.com \
    --to=ap420073@gmail.com \
    --cc=andy@greyhouse.net \
    --cc=anthony.l.nguyen@intel.com \
    --cc=davem@davemloft.net \
    --cc=intel-wired-lan@lists.osuosl.org \
    --cc=j.vosburgh@gmail.com \
    --cc=jarod@redhat.com \
    --cc=jesse.brandeburg@intel.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=vfalico@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).