From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AC0F428466C; Mon, 14 Apr 2025 18:15:38 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744654538; cv=none; b=YdwZhEj0LowFLKNiPmJuUTwSTb+XGhAYcB3FjGEpoNt9PQBwpSjXUQmOeYEK2vwRs76LpJj60Uu1tM+9zUscVd5F47zsC4zj1omuFsm3/rKqGZCODL+RdxRrVqzGb6CWAuEpxM6NMsuLzguUPJMTO5qs0ydXH/HDd0FbUyQvXK8= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1744654538; c=relaxed/simple; bh=PAL6Fdin15ZsYYISJz3KRiYem+ZfqDMCAM39+28DJTo=; h=Date:From:To:Cc:Subject:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=t7Tky3D9P1XpOaCHgfy3EMDH/2eSBynIw8OjoY+dpdXwS1hsiNr1C0X8OCaHYBCv77Grv/w6opL3fKBH6fqJ/t4Bpkfl/1/Ahx7svLoARafNmG4AErBeCDw3PRGzQihvvBCd97Ve/Qz9RZPbILJdsY/CLlESmGP5gAHrC+TV2vs= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fGO+gefx; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fGO+gefx" Received: by smtp.kernel.org (Postfix) with ESMTPSA id CCA19C4CEE5; Mon, 14 Apr 2025 18:15:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1744654538; bh=PAL6Fdin15ZsYYISJz3KRiYem+ZfqDMCAM39+28DJTo=; h=Date:From:To:Cc:Subject:In-Reply-To:References:From; b=fGO+gefxTykAXxVmbAHAthGqtbgISn4JDy/pM0b8+8AyL3wLnIhk2GD1mIZlQm63f dqZmW8HUF2e0w+jLqKhYMx0JbmmMVMbRgcG2Lp3mitSKf6m+PU0ZQswcTaa/zIViMt EZXpUTpbafzYFQ7yaSS/UcUliHk40EdzjrjBsd5+kRPG5e3jmh0QacAngkkQsdWry8 6eA2F9LlY9+KFnLpIlytULgk8ERUdndF08myN9I1Gag1TNHA7Sfaek7nphUqu3XT53 Lhd3yF7zdPH5ujaFL0m7lTCu5pueZzHD090IcCaba1xiIwrACtlZ50b5KmwKvKS8cn 3nlTnx8u5Fjtg== Date: Mon, 14 Apr 2025 11:15:36 -0700 From: Jakub Kicinski To: Kuniyuki Iwashima Cc: , , , , , , , , , Subject: Re: [syzbot] [net?] general protection fault in rtnl_create_link Message-ID: <20250414111536.6d6493f1@kernel.org> In-Reply-To: <20250414180257.24176-1-kuniyu@amazon.com> References: <20250414103727.0ea92049@kernel.org> <20250414180257.24176-1-kuniyu@amazon.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit On Mon, 14 Apr 2025 11:01:59 -0700 Kuniyuki Iwashima wrote: > From: Jakub Kicinski > Date: Mon, 14 Apr 2025 10:37:27 -0700 > > On Sun, 13 Apr 2025 19:30:46 -0700 Kuniyuki Iwashima wrote: > > > diff --git a/include/net/netdev_lock.h b/include/net/netdev_lock.h > > > index 5706835a660c..270e157a4a79 100644 > > > --- a/include/net/netdev_lock.h > > > +++ b/include/net/netdev_lock.h > > > @@ -30,7 +30,8 @@ static inline bool netdev_need_ops_lock(const struct net_device *dev) > > > bool ret = dev->request_ops_lock || !!dev->queue_mgmt_ops; > > > > > > #if IS_ENABLED(CONFIG_NET_SHAPER) > > > - ret |= !!dev->netdev_ops->net_shaper_ops; > > > + if (dev->netdev_ops) > > > + ret |= !!dev->netdev_ops->net_shaper_ops; > > > #endif > > > > This is a bit surprising, we pretty much never validate if dev has ops. > > > > I think we're guaranteed that IFF_UP will not be set if we just > > allocated the device, so we can remove the locks in rtnl_create_link() > > and to double confirm add a netdev_ops_assert_locked_or_invisible() > > in netif_state_change() ? > > Removing the lock from NEWLINK makes sense, but my concern > was NETDEV_CHANGE, which will requires more caution ? > > commit 04efcee6ef8d0f01eef495db047e7216d6e6e38f > Author: Stanislav Fomichev > Date: Fri Apr 4 09:11:22 2025 -0700 > > net: hold instance lock during NETDEV_CHANGE How could we fire a notifier for a device that hasn't been initialized, let alone registered? I'm hoping that the _or_invisible assert in my suggestion will flag to future developers trying to change netif_state_change() that the device here may not be fully constructed.