Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp4467573ybx; Mon, 4 Nov 2019 13:55:51 -0800 (PST) X-Google-Smtp-Source: APXvYqw030XWWhu+RRLpjApkn3xX0MvSE8nKzQ2GfEujnU0ntPkT98x1KzKAK6QtEofHAUWb2+X1 X-Received: by 2002:a50:f30c:: with SMTP id p12mr10349825edm.208.1572904551419; Mon, 04 Nov 2019 13:55:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572904551; cv=none; d=google.com; s=arc-20160816; b=wDdm4Osl89TCj4/yB3v1fMzDJ3OC2tKibvtJEudtJv3sJF+8JVr7V6Fj3VartZtMzR msqlfb7clz7pu1RqVkTmib2WdtrhHZAPhAVa7gAvKkIc62NOGxfbIyUNkM8woahm6qai zgHQVfJBErQtjw5ZdPNN6Y5jXeRqCaqG6/cmR/rUnSAFPeGdWHiIeMeU/n37C4kbGmUP xbPJ5CyN4cgI2sBDSFHTLQDzcs6Jv4G1rGwFtu5j+49pPH1LyOmsmNtKoN4TspIpZJ23 0AS4byqDinsbZcL7mM7SgBhFohh8FOB3bn3Kz7N9nNNHyO6YdFOkOe6tZCJBSlCINLWn Fz8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=OSZoA9KQUb844NcomQHsNu7Mdkl0+FaU+rMB0+heDss=; b=SFn9BHXXgvJGHHpz+lLz96k5FVpZXAoCjOAsa3zBiKQ0At2YJnqpB5XP4Czlk3wGXo 41zQUOUNPxNuqeWLOBf3QLG1WXcF7MS3vQh0Yp9SQIxus7it+thJ90W8gKL08YsV4hc0 Uxnc+gBv92OCs5zXLzxkv2iDbq6fKF2qiEUHFQFI6h3Md+Io+k/ZFCCAdwcLsb6LsMoh H/vpOe6WYcZR54EZUnmtpFjsqkk1BYqr9NtJJWH3d9EZNZiPMzs2vX67nYMpnBnqHi2Q bsYZKZVjGc2x72XpBuXFjHolAmRqttiVgbDo3Gauu4BjdBprGaAorGjmxrbbkpzd/yQD Rogw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bHQogHPh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z41si8288674edb.166.2019.11.04.13.55.28; Mon, 04 Nov 2019 13:55:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bHQogHPh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730585AbfKDVvl (ORCPT + 99 others); Mon, 4 Nov 2019 16:51:41 -0500 Received: from mail.kernel.org ([198.145.29.99]:44606 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730580AbfKDVvh (ORCPT ); Mon, 4 Nov 2019 16:51:37 -0500 Received: from localhost (6.204-14-84.ripe.coltfrance.com [84.14.204.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id BDCA6217F4; Mon, 4 Nov 2019 21:51:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572904296; bh=a9psc21UF2hLKX5untKHDutoPlCamDd27XADWrv/udc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bHQogHPhj7FxmdJw9ByTmCu60RZ43Um8ZHzE1ofK3CKjA8z4lRMvSIMb7CW3TEvZO x50QALEsvxvmJ7ZnTf8Bmjgd8r4GF1Lh2bvAxNWx09NMplQhj9T6WYHEm5hUM8gsgv 0CbTk3bNlv3J9UTTYLqhN5scqAhDMN0lvlia+HBc= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Dumazet , syzbot , "David S. Miller" Subject: [PATCH 4.9 55/62] sch_netem: fix rcu splat in netem_enqueue() Date: Mon, 4 Nov 2019 22:45:17 +0100 Message-Id: <20191104211956.516768563@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191104211901.387893698@linuxfoundation.org> References: <20191104211901.387893698@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Dumazet commit 159d2c7d8106177bd9a986fd005a311fe0d11285 upstream. qdisc_root() use from netem_enqueue() triggers a lockdep warning. __dev_queue_xmit() uses rcu_read_lock_bh() which is not equivalent to rcu_read_lock() + local_bh_disable_bh as far as lockdep is concerned. WARNING: suspicious RCU usage 5.3.0-rc7+ #0 Not tainted ----------------------------- include/net/sch_generic.h:492 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by syz-executor427/8855: #0: 00000000b5525c01 (rcu_read_lock_bh){....}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline] #0: 00000000b5525c01 (rcu_read_lock_bh){....}, at: ip_finish_output2+0x2dc/0x2570 net/ipv4/ip_output.c:214 #1: 00000000b5525c01 (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x20a/0x3650 net/core/dev.c:3804 #2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline] #2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: __dev_xmit_skb net/core/dev.c:3502 [inline] #2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: __dev_queue_xmit+0x14b8/0x3650 net/core/dev.c:3838 stack backtrace: CPU: 0 PID: 8855 Comm: syz-executor427 Not tainted 5.3.0-rc7+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5357 qdisc_root include/net/sch_generic.h:492 [inline] netem_enqueue+0x1cfb/0x2d80 net/sched/sch_netem.c:479 __dev_xmit_skb net/core/dev.c:3527 [inline] __dev_queue_xmit+0x15d2/0x3650 net/core/dev.c:3838 dev_queue_xmit+0x18/0x20 net/core/dev.c:3902 neigh_hh_output include/net/neighbour.h:500 [inline] neigh_output include/net/neighbour.h:509 [inline] ip_finish_output2+0x1726/0x2570 net/ipv4/ip_output.c:228 __ip_finish_output net/ipv4/ip_output.c:308 [inline] __ip_finish_output+0x5fc/0xb90 net/ipv4/ip_output.c:290 ip_finish_output+0x38/0x1f0 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip_mc_output+0x292/0xf40 net/ipv4/ip_output.c:417 dst_output include/net/dst.h:436 [inline] ip_local_out+0xbb/0x190 net/ipv4/ip_output.c:125 ip_send_skb+0x42/0xf0 net/ipv4/ip_output.c:1555 udp_send_skb.isra.0+0x6b2/0x1160 net/ipv4/udp.c:887 udp_sendmsg+0x1e96/0x2820 net/ipv4/udp.c:1174 inet_sendmsg+0x9e/0xe0 net/ipv4/af_inet.c:807 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:657 ___sys_sendmsg+0x3e2/0x920 net/socket.c:2311 __sys_sendmmsg+0x1bf/0x4d0 net/socket.c:2413 __do_sys_sendmmsg net/socket.c:2442 [inline] __se_sys_sendmmsg net/socket.c:2439 [inline] __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2439 do_syscall_64+0xfd/0x6a0 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- include/net/sch_generic.h | 5 +++++ net/sched/sch_netem.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) --- a/include/net/sch_generic.h +++ b/include/net/sch_generic.h @@ -276,6 +276,11 @@ static inline struct Qdisc *qdisc_root(c return q; } +static inline struct Qdisc *qdisc_root_bh(const struct Qdisc *qdisc) +{ + return rcu_dereference_bh(qdisc->dev_queue->qdisc); +} + static inline struct Qdisc *qdisc_root_sleeping(const struct Qdisc *qdisc) { return qdisc->dev_queue->qdisc_sleeping; --- a/net/sched/sch_netem.c +++ b/net/sched/sch_netem.c @@ -475,7 +475,7 @@ static int netem_enqueue(struct sk_buff * skb will be queued. */ if (count > 1 && (skb2 = skb_clone(skb, GFP_ATOMIC)) != NULL) { - struct Qdisc *rootq = qdisc_root(sch); + struct Qdisc *rootq = qdisc_root_bh(sch); u32 dupsave = q->duplicate; /* prevent duplicating a dup... */ q->duplicate = 0;