Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp6381065rwi; Mon, 24 Oct 2022 00:01:02 -0700 (PDT) X-Google-Smtp-Source: AMsMyM7YrKXT2yJfU+UVt8Y4L0ZU5jQytu6ivnuPZOP0MYzqLZb6SM4a70wHaVRRBH47v0/wyYXM X-Received: by 2002:a05:6402:90e:b0:443:ec4b:2b03 with SMTP id g14-20020a056402090e00b00443ec4b2b03mr29050504edz.71.1666594861993; Mon, 24 Oct 2022 00:01:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1666594861; cv=none; d=google.com; s=arc-20160816; b=enZb5LsGrg1vcozxzOMwhuYVInXDP8mfqFYwI5NPRkdEpA+7qxZ/KT1QypGllNJRoM JOIM3hX6aIT3yWezkOklA+RlQX2jB2aa5qxUi+2qKAkdXl3Pr9prPM3i/pe7dJ3N4nE9 B6LUQRqtH6o0lEYBVFcgCWevMVm3UHHao4cozFbl8PXxWGJsHoFd/kGDMN3eTjrxrjCJ QGoT8sZMD1xrcF3okL9+sGBekkD3NDkDt8Vppi4CQtEvQz+lwBNpUBQRHaAieIqct6+A v6uMR1qXcl57lhgfdLECSbq/78QHW4fsT9KHNVcUlc2+Ez2jQETLsJJLFGdG34uVsISq Xpow== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=YL8/YQZkg0smeVQbpzhQExhm+ki4d4kEGLs07CFx0sI=; b=jJo8MUai+U9tO+WcmSq+g3iLfWYvF4mPq6/KGzYGJnP39xrLKNDoNB3CBj8LI5en9V yZ4rARRkwOS5fjYJ8zyWiOh1QIz9Ub/gbzBd08zjE6qmQ/14DjgFf/PgfYjTnY6ZyMVL CjZ2VYjUAGgxFi/f3MhOdVG5s/yE883gzzdKQTS50ItUhc8AH5FsJ8VnAyKplX//LF0i xPw6StoxlxS8Dj2J62vH6Iz9gv/T9kqZyNy6e33DhUl2uv4Q77shR7UNImcQaNV/TLFO SGvjoKnbJjnVq/2k7gErWFcpW02nsRMaXl27b7bdA56YSwsryAHaeK+wNljIPNa82WYD +AbQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=I5XXb7u0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id cq3-20020a056402220300b00461c3758704si2105068edb.36.2022.10.24.00.00.35; Mon, 24 Oct 2022 00:01:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=I5XXb7u0; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230283AbiJXGbQ (ORCPT + 99 others); Mon, 24 Oct 2022 02:31:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57580 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230304AbiJXGbO (ORCPT ); Mon, 24 Oct 2022 02:31:14 -0400 Received: from mail-yb1-xb2a.google.com (mail-yb1-xb2a.google.com [IPv6:2607:f8b0:4864:20::b2a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A714E5B7AC for ; Sun, 23 Oct 2022 23:31:12 -0700 (PDT) Received: by mail-yb1-xb2a.google.com with SMTP id o70so9981958yba.7 for ; Sun, 23 Oct 2022 23:31:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=YL8/YQZkg0smeVQbpzhQExhm+ki4d4kEGLs07CFx0sI=; b=I5XXb7u0o/1XWbdXDaLunCz6/t8XCW7NrO7Xa1kgiJcfoCGrkXJo2P6izC18NuwZdJ bEXGj648zTqdR6Ynkz2FvNlUHgmpsJpSY/fTerTvA9//WM0GYGiIZwxs2TbbuAoRQDYV SAWa8FfAvgCoiFmeYEnVfSRDPy6tNVlWGzsKj0Y/E0xFD/7BEm3Al01YiXODJg1+De+0 TZzXYJ/RnsRwtTunP/6AFS5UW4NvC8R1mkjqphPteKyxzfBIDPK9CwgU+Z8l3EOcNG/I BJGa9BeKD9AduUZs8OVW9AXzEJ99XuPSTSoTg27DjUaMlICTkzzVQGDG0FitZB+PGCMP lepg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=YL8/YQZkg0smeVQbpzhQExhm+ki4d4kEGLs07CFx0sI=; b=Kz/GHui1Ib+Yumg181KkSQ9WKaiDJ4VgDR5/CaOYMIDxBbZ/Mdd4YVExunwzJ9TDBp o6P7juH1i2mWB6mjJ+/9Nc8OtBQz4n/FzyuJKtdisHM6u6Z4gG0cnwjgL3SPEBqk92jL 7EfrTrC4mMEgj6LZQu26uNzuoNjGc8UiaS3C/bWGlax8BwJ/jpuXRJGsTT/Q+Gvis3fb c9SBuW1hSmvpxT1dJzMzTVTeSk/PWkSAzXhISyqGXmnmAD5MHB/LHhekCv7tbaNsuJnG ZV8jh2jhG1DJN8eWlFNuu3OJhYJ6OgnAmXx4d31r1IM6KU74lKiNjWAwuRj023O48qn5 wVAw== X-Gm-Message-State: ACrzQf1WQPxl3sJlCi/sY0Axi5WpdAzrvTlFqEMJ646P7NA+DNn5pZ89 BqapubZHjD5AtqV6JBRfX6zoIfqX/+112Lf9XKYewg== X-Received: by 2002:a25:d914:0:b0:6cb:13e2:a8cb with SMTP id q20-20020a25d914000000b006cb13e2a8cbmr2899839ybg.231.1666593071630; Sun, 23 Oct 2022 23:31:11 -0700 (PDT) MIME-Version: 1.0 References: <000000000000fd9a4005ebbeac67@google.com> In-Reply-To: From: Eric Dumazet Date: Sun, 23 Oct 2022 23:31:00 -0700 Message-ID: Subject: Re: [v2 PATCH] af_key: Fix send_acquire race with pfkey_register To: Herbert Xu Cc: syzbot , davem@davemloft.net, kuba@kernel.org, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, pabeni@redhat.com, steffen.klassert@secunet.com, syzkaller-bugs@googlegroups.com Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Oct 23, 2022 at 11:06 PM Herbert Xu wrote: > > On Sun, Oct 23, 2022 at 10:21:05PM -0700, Eric Dumazet wrote: > > > > Are you sure we can sleep in mutex_lock() ? > > > > Use of GFP_ATOMIC would suggest otherwise :/ > > Good point. Acquires are triggered from the network stack so > it may be in BH context. > > ---8<--- > With name space support, it is possible for a pfkey_register to > occur in the middle of a send_acquire, thus changing the number > of supported algorithms. > > This can be fixed by taking a lock to make it single-threaded > again. As this lock can be taken from both thread and softirq > contexts, we need to take the necessary precausions with disabling > BH and make it a spin lock. > > Reported-by: syzbot+1e9af9185d8850e2c2fa@syzkaller.appspotmail.com > Fixes: 283bc9f35bbb ("xfrm: Namespacify xfrm state/policy locks") > Signed-off-by: Herbert Xu > > diff --git a/net/key/af_key.c b/net/key/af_key.c > index c85df5b958d2..4e0d21e2045e 100644 > --- a/net/key/af_key.c > +++ b/net/key/af_key.c > @@ -23,6 +23,7 @@ > #include > #include > #include > +#include > #include > #include > #include > @@ -39,6 +40,7 @@ struct netns_pfkey { > atomic_t socks_nr; > }; > static DEFINE_MUTEX(pfkey_mutex); > +static DEFINE_SPINLOCK(pfkey_alg_lock); > > #define DUMMY_MARK 0 > static const struct xfrm_mark dummy_mark = {0, 0}; > @@ -1697,11 +1699,11 @@ static int pfkey_register(struct sock *sk, struct sk_buff *skb, const struct sad > pfk->registered |= (1<sadb_msg_satype); > } > > - mutex_lock(&pfkey_mutex); > + spin_lock_bh(&pfkey_alg_lock); > xfrm_probe_algs(); > > supp_skb = compose_sadb_supported(hdr, GFP_KERNEL | __GFP_ZERO); s/GFP_KERNEL/GFP_ATOMIC/ > - mutex_unlock(&pfkey_mutex); > + spin_unlock_bh(&pfkey_alg_lock); > > if (!supp_skb) { > if (hdr->sadb_msg_satype != SADB_SATYPE_UNSPEC) > @@ -3160,6 +3162,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct > (sockaddr_size * 2) + > sizeof(struct sadb_x_policy); > > + spin_lock_bh(&pfkey_alg_lock); > if (x->id.proto == IPPROTO_AH) > size += count_ah_combs(t); > else if (x->id.proto == IPPROTO_ESP) > @@ -3171,8 +3174,10 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct > } > > skb = alloc_skb(size + 16, GFP_ATOMIC); > - if (skb == NULL) > + if (skb == NULL) { > + spin_unlock_bh(&pfkey_alg_lock); > return -ENOMEM; > + } > > hdr = skb_put(skb, sizeof(struct sadb_msg)); > hdr->sadb_msg_version = PF_KEY_V2; > @@ -3228,6 +3233,7 @@ static int pfkey_send_acquire(struct xfrm_state *x, struct xfrm_tmpl *t, struct > dump_ah_combs(skb, t); > else if (x->id.proto == IPPROTO_ESP) > dump_esp_combs(skb, t); > + spin_unlock_bh(&pfkey_alg_lock); > > /* security context */ > if (xfrm_ctx) { > -- > Email: Herbert Xu > Home Page: http://gondor.apana.org.au/~herbert/ > PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt