From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, syzbot <syzkaller@googlegroups.com>,
Eric Dumazet <edumazet@google.com>, Jiri Pirko <jiri@nvidia.com>,
Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.1 15/64] netdevsim: avoid potential loop in nsim_dev_trap_report_work()
Date: Tue, 13 Feb 2024 18:21:01 +0100 [thread overview]
Message-ID: <20240213171845.206368942@linuxfoundation.org> (raw)
In-Reply-To: <20240213171844.702064831@linuxfoundation.org>
6.1-stable review patch. If anyone has any objections, please let me know.
------------------
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit ba5e1272142d051dcc57ca1d3225ad8a089f9858 ]
Many syzbot reports include the following trace [1]
If nsim_dev_trap_report_work() can not grab the mutex,
it should rearm itself at least one jiffie later.
[1]
Sending NMI from CPU 1 to CPUs 0:
NMI backtrace for cpu 0
CPU: 0 PID: 32383 Comm: kworker/0:2 Not tainted 6.8.0-rc2-syzkaller-00031-g861c0981648f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
Workqueue: events nsim_dev_trap_report_work
RIP: 0010:bytes_is_nonzero mm/kasan/generic.c:89 [inline]
RIP: 0010:memory_is_nonzero mm/kasan/generic.c:104 [inline]
RIP: 0010:memory_is_poisoned_n mm/kasan/generic.c:129 [inline]
RIP: 0010:memory_is_poisoned mm/kasan/generic.c:161 [inline]
RIP: 0010:check_region_inline mm/kasan/generic.c:180 [inline]
RIP: 0010:kasan_check_range+0x101/0x190 mm/kasan/generic.c:189
Code: 07 49 39 d1 75 0a 45 3a 11 b8 01 00 00 00 7c 0b 44 89 c2 e8 21 ed ff ff 83 f0 01 5b 5d 41 5c c3 48 85 d2 74 4f 48 01 ea eb 09 <48> 83 c0 01 48 39 d0 74 41 80 38 00 74 f2 eb b6 41 bc 08 00 00 00
RSP: 0018:ffffc90012dcf998 EFLAGS: 00000046
RAX: fffffbfff258af1e RBX: fffffbfff258af1f RCX: ffffffff8168eda3
RDX: fffffbfff258af1f RSI: 0000000000000004 RDI: ffffffff92c578f0
RBP: fffffbfff258af1e R08: 0000000000000000 R09: fffffbfff258af1e
R10: ffffffff92c578f3 R11: ffffffff8acbcbc0 R12: 0000000000000002
R13: ffff88806db38400 R14: 1ffff920025b9f42 R15: ffffffff92c578e8
FS: 0000000000000000(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000c00994e078 CR3: 000000002c250000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<NMI>
</NMI>
<TASK>
instrument_atomic_read include/linux/instrumented.h:68 [inline]
atomic_read include/linux/atomic/atomic-instrumented.h:32 [inline]
queued_spin_is_locked include/asm-generic/qspinlock.h:57 [inline]
debug_spin_unlock kernel/locking/spinlock_debug.c:101 [inline]
do_raw_spin_unlock+0x53/0x230 kernel/locking/spinlock_debug.c:141
__raw_spin_unlock_irqrestore include/linux/spinlock_api_smp.h:150 [inline]
_raw_spin_unlock_irqrestore+0x22/0x70 kernel/locking/spinlock.c:194
debug_object_activate+0x349/0x540 lib/debugobjects.c:726
debug_work_activate kernel/workqueue.c:578 [inline]
insert_work+0x30/0x230 kernel/workqueue.c:1650
__queue_work+0x62e/0x11d0 kernel/workqueue.c:1802
__queue_delayed_work+0x1bf/0x270 kernel/workqueue.c:1953
queue_delayed_work_on+0x106/0x130 kernel/workqueue.c:1989
queue_delayed_work include/linux/workqueue.h:563 [inline]
schedule_delayed_work include/linux/workqueue.h:677 [inline]
nsim_dev_trap_report_work+0x9c0/0xc80 drivers/net/netdevsim/dev.c:842
process_one_work+0x886/0x15d0 kernel/workqueue.c:2633
process_scheduled_works kernel/workqueue.c:2706 [inline]
worker_thread+0x8b9/0x1290 kernel/workqueue.c:2787
kthread+0x2c6/0x3a0 kernel/kthread.c:388
ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147
ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242
</TASK>
Fixes: 012ec02ae441 ("netdevsim: convert driver to use unlocked devlink API during init/fini")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Link: https://lore.kernel.org/r/20240201175324.3752746-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
drivers/net/netdevsim/dev.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/drivers/net/netdevsim/dev.c b/drivers/net/netdevsim/dev.c
index c3fbdd6b68ba..f3fa4bd12116 100644
--- a/drivers/net/netdevsim/dev.c
+++ b/drivers/net/netdevsim/dev.c
@@ -835,14 +835,14 @@ static void nsim_dev_trap_report_work(struct work_struct *work)
trap_report_dw.work);
nsim_dev = nsim_trap_data->nsim_dev;
- /* For each running port and enabled packet trap, generate a UDP
- * packet with a random 5-tuple and report it.
- */
if (!devl_trylock(priv_to_devlink(nsim_dev))) {
- schedule_delayed_work(&nsim_dev->trap_data->trap_report_dw, 0);
+ schedule_delayed_work(&nsim_dev->trap_data->trap_report_dw, 1);
return;
}
+ /* For each running port and enabled packet trap, generate a UDP
+ * packet with a random 5-tuple and report it.
+ */
list_for_each_entry(nsim_dev_port, &nsim_dev->port_list, list) {
if (!netif_running(nsim_dev_port->ns->netdev))
continue;
--
2.43.0
next prev parent reply other threads:[~2024-02-13 17:23 UTC|newest]
Thread overview: 80+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-13 17:20 [PATCH 6.1 00/64] 6.1.78-rc1 review Greg Kroah-Hartman
2024-02-13 17:20 ` [PATCH 6.1 01/64] ext4: regenerate buddy after block freeing failed if under fc replay Greg Kroah-Hartman
2024-02-13 17:20 ` [PATCH 6.1 02/64] dmaengine: fsl-dpaa2-qdma: Fix the size of dma pools Greg Kroah-Hartman
2024-02-13 17:20 ` [PATCH 6.1 03/64] dmaengine: ti: k3-udma: Report short packet errors Greg Kroah-Hartman
2024-02-13 17:20 ` [PATCH 6.1 04/64] dmaengine: fsl-qdma: Fix a memory leak related to the status queue DMA Greg Kroah-Hartman
2024-02-13 17:20 ` [PATCH 6.1 05/64] dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA Greg Kroah-Hartman
2024-02-13 17:20 ` [PATCH 6.1 06/64] phy: renesas: rcar-gen3-usb2: Fix returning wrong error code Greg Kroah-Hartman
2024-02-13 17:20 ` [PATCH 6.1 07/64] dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV Greg Kroah-Hartman
2024-02-13 17:20 ` [PATCH 6.1 08/64] phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP Greg Kroah-Hartman
2024-02-13 17:20 ` [PATCH 6.1 09/64] cifs: failure to add channel on iface should bump up weight Greg Kroah-Hartman
2024-02-13 17:20 ` [PATCH 6.1 10/64] drm/msms/dp: fixed link clock divider bits be over written in BPC unknown case Greg Kroah-Hartman
2024-02-13 17:20 ` [PATCH 6.1 11/64] drm/msm/dp: return correct Colorimetry for DP_TEST_DYNAMIC_RANGE_CEA case Greg Kroah-Hartman
2024-02-13 17:20 ` [PATCH 6.1 12/64] drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup Greg Kroah-Hartman
2024-02-13 17:20 ` [PATCH 6.1 13/64] net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 14/64] wifi: mac80211: fix waiting for beacons logic Greg Kroah-Hartman
2024-02-13 17:21 ` Greg Kroah-Hartman [this message]
2024-02-13 17:21 ` [PATCH 6.1 16/64] net: atlantic: Fix DMA mapping for PTP hwts ring Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 17/64] selftests: net: cut more slack for gro fwd tests Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 18/64] selftests: net: avoid just another constant wait Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 19/64] tunnels: fix out of bounds access when building IPv6 PMTU error Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 20/64] atm: idt77252: fix a memleak in open_card_ubr0 Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 21/64] octeontx2-pf: Fix a memleak otx2_sq_init Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 22/64] hwmon: (aspeed-pwm-tacho) mutex for tach reading Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 23/64] hwmon: (coretemp) Fix out-of-bounds memory access Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 24/64] hwmon: (coretemp) Fix bogus core_id to attr name mapping Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 25/64] inet: read sk->sk_family once in inet_recv_error() Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 26/64] drm/i915/gvt: Fix uninitialized variable in handle_mmio() Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 27/64] rxrpc: Fix response to PING RESPONSE ACKs to a dead call Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 28/64] tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 29/64] af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 30/64] ppp_async: limit MRU to 64K Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 31/64] selftests: cmsg_ipv6: repeat the exact packet Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 32/64] netfilter: nft_compat: narrow down revision to unsigned 8-bits Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 33/64] netfilter: nft_compat: reject unused compat flag Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 34/64] netfilter: nft_compat: restrict match/target protocol to u16 Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 35/64] drm/amd/display: Implement bounds check for stream encoder creation in DCN301 Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 36/64] netfilter: nft_ct: reject direction for ct id Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 37/64] netfilter: nft_set_pipapo: store index in scratch maps Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 38/64] netfilter: nft_set_pipapo: add helper to release pcpu scratch area Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 39/64] netfilter: nft_set_pipapo: remove scratch_aligned pointer Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 40/64] fs/ntfs3: Fix an NULL dereference bug Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 41/64] scsi: core: Move scsi_host_busy() out of host lock if it is for per-command Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 42/64] blk-iocost: Fix an UBSAN shift-out-of-bounds warning Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 43/64] fs: dlm: dont put dlm_local_addrs on heap Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 44/64] mtd: parsers: ofpart: add workaround for #size-cells 0 Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 45/64] ALSA: usb-audio: Add delay quirk for MOTU M Series 2nd revision Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 46/64] ALSA: usb-audio: Add a quirk for Yamaha YIT-W12TX transmitter Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 47/64] ALSA: usb-audio: add quirk for RODE NT-USB+ Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 48/64] USB: serial: qcserial: add new usb-id for Dell Wireless DW5826e Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 49/64] USB: serial: option: add Fibocom FM101-GL variant Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 50/64] USB: serial: cp210x: add ID for IMST iM871A-USB Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 51/64] usb: dwc3: host: Set XHCI_SG_TRB_CACHE_SIZE_QUIRK Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 52/64] usb: host: xhci-plat: Add support for XHCI_SG_TRB_CACHE_SIZE_QUIRK Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 53/64] xhci: process isoc TD properly when there was a transaction error mid TD Greg Kroah-Hartman
2024-02-13 18:47 ` Michał Pecio
2024-02-14 14:23 ` Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 54/64] xhci: handle isoc Babble and Buffer Overrun events properly Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 55/64] hrtimer: Report offline hrtimer enqueue Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 56/64] Input: i8042 - fix strange behavior of touchpad on Clevo NS70PU Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 57/64] Input: atkbd - skip ATKBD_CMD_SETLEDS when skipping ATKBD_CMD_GETID Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 58/64] io_uring/net: fix sr->len for IORING_OP_RECV with MSG_WAITALL and buffers Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 59/64] Revert "ASoC: amd: Add new dmi entries for acp5x platform" Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 60/64] vhost: use kzalloc() instead of kmalloc() followed by memset() Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 61/64] RDMA/irdma: Fix support for 64k pages Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 62/64] f2fs: add helper to check compression level Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 63/64] block: treat poll queue enter similarly to timeouts Greg Kroah-Hartman
2024-02-13 17:21 ` [PATCH 6.1 64/64] clocksource: Skip watchdog check for large watchdog intervals Greg Kroah-Hartman
2024-02-13 19:03 ` [PATCH 6.1 00/64] 6.1.78-rc1 review SeongJae Park
2024-02-13 19:34 ` Pavel Machek
2024-02-13 21:04 ` Kelsey Steele
2024-02-13 21:15 ` Florian Fainelli
2024-02-13 22:46 ` Allen
2024-02-14 0:17 ` Shuah Khan
2024-02-14 9:03 ` Jon Hunter
2024-02-14 13:08 ` Greg Kroah-Hartman
2024-02-14 13:15 ` Jon Hunter
2024-02-14 14:23 ` Greg Kroah-Hartman
2024-02-14 11:07 ` Naresh Kamboju
2024-02-14 11:22 ` Yann Sionneau
2024-02-14 16:44 ` Sven Joachim
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240213171845.206368942@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=edumazet@google.com \
--cc=jiri@nvidia.com \
--cc=kuba@kernel.org \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzkaller@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).