Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp681811yba; Sat, 4 May 2019 10:22:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqxs3wUK6lWotpSHrV0GwrnfwfqBiv+7DauY5iXMFiKF0vTedyrHZIeojd3xotFs32bg+4Np X-Received: by 2002:a62:b411:: with SMTP id h17mr20683765pfn.61.1556990579208; Sat, 04 May 2019 10:22:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1556990579; cv=none; d=google.com; s=arc-20160816; b=pJUkxSUnpBrX/i7ccLo9WFl4eaLxXXgJurlwDD86PrgGY6bDsDBvTdIPliG0S4YXMv OZgYx0jGbvo64BlRgttSjAw5XN0iamWfT5OScwJQmNCImBnR4OvFp1huDs99d9UlFg5F A7am/GfQvspkfTfeHFR9swfFyFEJaD7Zu3pVt5+qKvpKyRtN2e7APwIeirq0CGXiwerY Sf/jwG8a0UbQ2rDHK1eSmRvCKTIAowtcx+yRhfrZc5CZTerFz8ZWhJuauICXA1Z4JNzC /4dfhKd/9vD8A8pCWIeumnNCbxQ1Xf1t6ZxGhHMd+TANuoVSDQnP4sr3RD2cfolVgTMd IB0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=YSkXaDPBOA/b+YO8gJUNYSpehIoc3/HpDYDPdzfh6NQ=; b=ghOpoi+9hnWbyTDc0Uluv/z2ekFuj0vtAm9Jmq7Mxy0h4Q9vjoxskDXo9c3Wmq2XbT P1cyk93BHvXloO00AQ7iF7okQRvpA3ctZSusIAou2U/3DtRjQYjbjzBQotUU8JnluyM5 VjgyBr8+lLfBSihunHP+UV+IZBQNIh96QWo65EJrRc4sivpvfbaC7FuVf7NPHtj7dcH7 ZYPBWpv5YG6NhWh6qtWV09Ov/PESRp/Zum/xSejwcQXPhOn/Wt9qeXSlO4uearuO4Yf8 bLdkGH2vxNu6rf9nqq/AYUxFYYfxyGfHQb5jTrP7QTZGmvraT43JXna8y2B5CuI5ncpW 8LIA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id i7si2970436pgb.597.2019.05.04.10.22.42; Sat, 04 May 2019 10:22:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726900AbfEDRKa (ORCPT + 99 others); Sat, 4 May 2019 13:10:30 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:62459 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726323AbfEDRKa (ORCPT ); Sat, 4 May 2019 13:10:30 -0400 Received: from fsav302.sakura.ne.jp (fsav302.sakura.ne.jp [153.120.85.133]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id x44HA0uA033874; Sun, 5 May 2019 02:10:00 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav302.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav302.sakura.ne.jp); Sun, 05 May 2019 02:10:00 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav302.sakura.ne.jp) Received: from [192.168.1.8] (softbank126012062002.bbtec.net [126.12.62.2]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id x44H9xub033633 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NO); Sun, 5 May 2019 02:10:00 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Subject: Re: [PATCH] ipv4: Delete uncached routes upon unregistration of loopback device. To: Eric Dumazet , "David S. Miller" Cc: David Ahern , Julian Anastasov , Cong Wang , syzbot , ddstreet@ieee.org, dvyukov@google.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com, Linus Torvalds , Mahesh Bandewar References: <0000000000007d22100573d66078@google.com> <4684eef5-ea50-2965-86a0-492b8b1e4f52@I-love.SAKURA.ne.jp> <9d430543-33c3-0d9b-dc77-3a179a8e3919@I-love.SAKURA.ne.jp> <920ebaf1-ee87-0dbb-6805-660c1cbce3d0@I-love.SAKURA.ne.jp> <15b353e9-49a2-f08b-dc45-2e9bad3abfe2@i-love.sakura.ne.jp> <057735f0-4475-7a7b-815f-034b1095fa6c@gmail.com> <6e57bc11-1603-0898-dfd4-0f091901b422@i-love.sakura.ne.jp> <117fcc49-d389-c389-918f-86ccaef82e51@i-love.sakura.ne.jp> <70be7d61-a6fe-e703-978a-d17f544efb44@gmail.com> <40199494-8eb7-d861-2e3b-6e20fcebc0dc@i-love.sakura.ne.jp> <519ea12b-4c24-9e8e-c5eb-ca02c9c7d264@i-love.sakura.ne.jp> From: Tetsuo Handa Message-ID: Date: Sun, 5 May 2019 02:09:59 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019/05/05 0:56, Eric Dumazet wrote:> > Well, you have not fixed a bug, you simply made sure that whatever cpu is using the > routes you forcibly deleted is going to crash the host very soon (use-after-frees have > undefined behavior, but KASAN should crash most of the times) I confirmed that this patch survives "#syz test:" before submitting. But you know that this patch is deleting the route entry too early. OK. > > Please do not send patches like that with a huge CC list, keep networking patches > to netdev mailing list. If netdev people started working on this "minutely crashing bug" earlier, I would not have written a patch... > > Mahesh has an alternative patch, adding a fake device that can not be dismantled > to make sure we fully intercept skbs sent through a dead route, instead of relying > on loopback dropping them later at some point. So, the reason to temporarily move the refcount is to give enough period so that the route entry is no longer used. But moving the refcount to a loopback device in a namespace was wrong. Is this understanding correct? Compared to moving the refcount to the loopback device in the init namespace, the fake device can somehow drop the refcount moved via rt_flush_dev(), can't it? Anyway, I'll wait for Mahesh.