Received: by 2002:a25:31c3:0:0:0:0:0 with SMTP id x186csp4493612ybx; Mon, 4 Nov 2019 14:20:08 -0800 (PST) X-Google-Smtp-Source: APXvYqwULFvPHPopM3KKG+MPfv3pHgW4q1THZZTEEAJSPXIf2jyTKftXkUOpAKkgmR2vaKY5t+2N X-Received: by 2002:a50:cd53:: with SMTP id d19mr31931102edj.197.1572906008186; Mon, 04 Nov 2019 14:20:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572906008; cv=none; d=google.com; s=arc-20160816; b=D9tmxPNEKhKUlR3ixIKKzQY5bO6fCQaI3u07yVJZTK0bZ0E7xPq7Vk4NFrjjXOkdGM b/1RNioutF1NjSVBjisOYGXK2V8BYPbmUT86Fm/GZqn98F9Rq6dQpNPpVCZwNL06Mt70 Vg87Lol3Teut3KXX1f6CVT/35YMLI64jIJ/+dRax64tFC/py7/Ydv3fo7gO5xZfFmXUt JbsmVNhZyG3BY58F+UFZHpBk6xErhpLzhle7j9H7ogMfTsNmhOE7n6/7owOEiIGpxOm/ 4l6/8rIhzJaeXvFRQTK6rxPtNf8gI+4OQYdfvHZexwVMzWyy+2T/msYQxVWL72BpPgNY Ee3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=nOcGrme3e7YA0YnsRC9zlXMNBjdddFnaaS94r6sea/8=; b=R73FRQlPazzIzXcbfaPoEUfpZW8BELZuOA37FHpOPiesZOVG5WwONRTHL10DAfcVkU aZQbLMP1XBFHbVgbqLi7TAR8EOfquoLZEUfzqGDusPoJLoi3vJGA0BlsL5KW9qnxV6A7 EvEmaQU8/vPqxArLs/X3fL4/VK7VjHIBp+5BSKOtx4koMjrj9EeH5HQP3ck7Nnyfy9CN 9bEhpROHTHV8k6pyZKbedyVjy+5rlEw2nVUBUVktimDo05/Rd/aGzUAx7vZF17RuFxEb QgrDQZTC6usrR7fapaKTW933/3vCH4sZQS+oKiaV6BSl3Kz5TFmAuEwXV1VzeVOQDsAm 1U6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=R9VB28x1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id bq21si12054575ejb.432.2019.11.04.14.19.44; Mon, 04 Nov 2019 14:20:08 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=R9VB28x1; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389492AbfKDWDX (ORCPT + 99 others); Mon, 4 Nov 2019 17:03:23 -0500 Received: from mail.kernel.org ([198.145.29.99]:33626 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2387970AbfKDWDT (ORCPT ); Mon, 4 Nov 2019 17:03:19 -0500 Received: from localhost (6.204-14-84.ripe.coltfrance.com [84.14.204.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 978162084D; Mon, 4 Nov 2019 22:03:16 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1572904997; bh=UUWyLzojf/Zc9gwtlPTyBsk6pLDJ7tKQg7iqzvGhiO0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=R9VB28x1qeah9FjNE19rZUOKIISuka37uhX5HNnZCSDwkpRiVMC92FAp2Q5XdPh/2 ORsWfiWzpcmO9+PNCSRXt5vnc2p9rW0rXF9x3fc23f7S9wlmiweAamYQSek/i5xHdF 09R/8j0FTDEpbCmmy3bjSceh6/L9/rkPbknq7aLI= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Eric Dumazet , syzbot , "David S. Miller" Subject: [PATCH 4.19 144/149] sch_netem: fix rcu splat in netem_enqueue() Date: Mon, 4 Nov 2019 22:45:37 +0100 Message-Id: <20191104212146.800662268@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191104212126.090054740@linuxfoundation.org> References: <20191104212126.090054740@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Eric Dumazet commit 159d2c7d8106177bd9a986fd005a311fe0d11285 upstream. qdisc_root() use from netem_enqueue() triggers a lockdep warning. __dev_queue_xmit() uses rcu_read_lock_bh() which is not equivalent to rcu_read_lock() + local_bh_disable_bh as far as lockdep is concerned. WARNING: suspicious RCU usage 5.3.0-rc7+ #0 Not tainted ----------------------------- include/net/sch_generic.h:492 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by syz-executor427/8855: #0: 00000000b5525c01 (rcu_read_lock_bh){....}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline] #0: 00000000b5525c01 (rcu_read_lock_bh){....}, at: ip_finish_output2+0x2dc/0x2570 net/ipv4/ip_output.c:214 #1: 00000000b5525c01 (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x20a/0x3650 net/core/dev.c:3804 #2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline] #2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: __dev_xmit_skb net/core/dev.c:3502 [inline] #2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: __dev_queue_xmit+0x14b8/0x3650 net/core/dev.c:3838 stack backtrace: CPU: 0 PID: 8855 Comm: syz-executor427 Not tainted 5.3.0-rc7+ #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x172/0x1f0 lib/dump_stack.c:113 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5357 qdisc_root include/net/sch_generic.h:492 [inline] netem_enqueue+0x1cfb/0x2d80 net/sched/sch_netem.c:479 __dev_xmit_skb net/core/dev.c:3527 [inline] __dev_queue_xmit+0x15d2/0x3650 net/core/dev.c:3838 dev_queue_xmit+0x18/0x20 net/core/dev.c:3902 neigh_hh_output include/net/neighbour.h:500 [inline] neigh_output include/net/neighbour.h:509 [inline] ip_finish_output2+0x1726/0x2570 net/ipv4/ip_output.c:228 __ip_finish_output net/ipv4/ip_output.c:308 [inline] __ip_finish_output+0x5fc/0xb90 net/ipv4/ip_output.c:290 ip_finish_output+0x38/0x1f0 net/ipv4/ip_output.c:318 NF_HOOK_COND include/linux/netfilter.h:294 [inline] ip_mc_output+0x292/0xf40 net/ipv4/ip_output.c:417 dst_output include/net/dst.h:436 [inline] ip_local_out+0xbb/0x190 net/ipv4/ip_output.c:125 ip_send_skb+0x42/0xf0 net/ipv4/ip_output.c:1555 udp_send_skb.isra.0+0x6b2/0x1160 net/ipv4/udp.c:887 udp_sendmsg+0x1e96/0x2820 net/ipv4/udp.c:1174 inet_sendmsg+0x9e/0xe0 net/ipv4/af_inet.c:807 sock_sendmsg_nosec net/socket.c:637 [inline] sock_sendmsg+0xd7/0x130 net/socket.c:657 ___sys_sendmsg+0x3e2/0x920 net/socket.c:2311 __sys_sendmmsg+0x1bf/0x4d0 net/socket.c:2413 __do_sys_sendmmsg net/socket.c:2442 [inline] __se_sys_sendmmsg net/socket.c:2439 [inline] __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2439 do_syscall_64+0xfd/0x6a0 arch/x86/entry/common.c:296 entry_SYSCALL_64_after_hwframe+0x49/0xbe Signed-off-by: Eric Dumazet Reported-by: syzbot Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- include/net/sch_generic.h | 5 +++++ net/sched/sch_netem.c | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) --- a/include/net/sch_generic.h +++ b/include/net/sch_generic.h @@ -421,6 +421,11 @@ static inline struct Qdisc *qdisc_root(c return q; } +static inline struct Qdisc *qdisc_root_bh(const struct Qdisc *qdisc) +{ + return rcu_dereference_bh(qdisc->dev_queue->qdisc); +} + static inline struct Qdisc *qdisc_root_sleeping(const struct Qdisc *qdisc) { return qdisc->dev_queue->qdisc_sleeping; --- a/net/sched/sch_netem.c +++ b/net/sched/sch_netem.c @@ -474,7 +474,7 @@ static int netem_enqueue(struct sk_buff * skb will be queued. */ if (count > 1 && (skb2 = skb_clone(skb, GFP_ATOMIC)) != NULL) { - struct Qdisc *rootq = qdisc_root(sch); + struct Qdisc *rootq = qdisc_root_bh(sch); u32 dupsave = q->duplicate; /* prevent duplicating a dup... */ q->duplicate = 0;