Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp665771rwl;
        Fri, 31 Mar 2023 00:06:44 -0700 (PDT)
X-Google-Smtp-Source: AKy350bxgN+SIskBu7wd9ietnjr1oXXMtXKwx8WcpwySsIvftmxfteoRq3Op1Lkbu2vPNZ6g4Qmz
X-Received: by 2002:a05:6a20:7da7:b0:d9:f4e9:546d with SMTP id v39-20020a056a207da700b000d9f4e9546dmr5854559pzj.6.1680246404346;
        Fri, 31 Mar 2023 00:06:44 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1680246404; cv=none;
        d=google.com; s=arc-20160816;
        b=PNze24l9IakN4Wx8Y+rA2ieb+89UyAVzZa91+GRWJfmwVyBTKuQFrMUQlkG6U9oyv8
         ingtq4DX6jBz8lnbVzfWNyzBrA6B/R7GVg/KGnccBibZTFm35b1abMyG/yJWi9SeTS39
         aoNVLw39nTkppkQN41peRVU6X5ec6F4R5cP32AIXSoIfpEoRJR9sTDdpuZXmJBKI3Qos
         Uxe6wZcgpP8xxeXCaws12syhVDzwqLZfgUNijFzqMp4bwOboa7qM696zSnpqXcWIS9hg
         xSRirV1QnfEcoJoQqvKTYtcjNK9B0m5o9FU3KlPfZIptkIsAvHmR/HoUDPX6FxOvEvfh
         lZ4g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:cc:to:subject
         :message-id:date:from:in-reply-to:references:mime-version
         :dkim-signature;
        bh=3rNqd0R6uZ87QEvrC+b3tYk7NmTqwJbiMttF/TqyvLo=;
        b=aRXAkc5omVuNUF6Q0v55i1Pn8JUjmHr5dSumzhuJdBc85LMJE91Q0N5Gu4MHdt/Bdv
         NNwWf2YwhcCcDOdKc0KIZ/jSXbu7FSrz/m7Sj/e3gNrhojTUIOM106rgSpTL1j0k0gs4
         yzFOGxw4+A0hXeBjt54ETlKOusUnq5uYaKUjreH/HjqB1y9aoNldUObeWC2Td4kSgHb6
         bi/Lh7Kwn2ig8GnJJdOkMD1Y06dGnHOdg1XwOIykIzeeaRtPalPss3MFeIphsQT7m9Xu
         RNlqg3JYCZKeUERNzgyg+G3J+mh1S0aZdWUrr5G8vJ4Uy80azolqqTH/0pXZgeFI7Q7A
         ee1Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=SV73hhUY;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id j184-20020a638bc1000000b00513579041bfsi1589844pge.636.2023.03.31.00.06.33;
        Fri, 31 Mar 2023 00:06:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@google.com header.s=20210112 header.b=SV73hhUY;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S230365AbjCaHFk (ORCPT <rfc822;anenbupt@gmail.com> + 99 others);
        Fri, 31 Mar 2023 03:05:40 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53548 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S230179AbjCaHFh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 31 Mar 2023 03:05:37 -0400
Received: from mail-io1-xd2a.google.com (mail-io1-xd2a.google.com [IPv6:2607:f8b0:4864:20::d2a])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0520B1B37E
        for <linux-kernel@vger.kernel.org>; Fri, 31 Mar 2023 00:05:06 -0700 (PDT)
Received: by mail-io1-xd2a.google.com with SMTP id q6so9373385iot.2
        for <linux-kernel@vger.kernel.org>; Fri, 31 Mar 2023 00:05:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20210112; t=1680246299;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=3rNqd0R6uZ87QEvrC+b3tYk7NmTqwJbiMttF/TqyvLo=;
        b=SV73hhUYeNECirBjzFQHECDp8iA2UY+lvxT9oH766LjB5QO6fkZ/SC3sqpjXV8qKXG
         vriqrCo1PUyDcl57uvEbsCgyDr2ia/vCiXFuOiX59d+eFoFQtpJj2RUqnnAPRKhjnYtI
         iJOIWnubdHdrlz2M13wIg8IUJ5Z4rD2Szu8thmho7wVuP64X3HGXV8qUh321Kz7NvRmh
         HYy0p++MG2Xudoivog+M+au5Hri8FY1icZS0hKCra+XtZ2ibFBLnhaI6W7dEJMP/F/xe
         90RD5JiFYvnEn0uSBANz+YkuAFewx0oc5RgXSo81fha3uO3PgttLPNatvTwq19XfT14a
         rkyg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112; t=1680246299;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=3rNqd0R6uZ87QEvrC+b3tYk7NmTqwJbiMttF/TqyvLo=;
        b=nVFai77Vy7Tfv1277oA45RK7EVxVgWkebdoqug38wuSckaDvJ8t5Z3iZ3MIsw7Tugb
         nfEqQom2WKN76hTF6aH9T91cbetEfVJmb/G1MXmmh9SrfOEAOCqGwV57GjIRCjcAvecj
         cEFQt28j5f2hYoimbkz0nffHpmJiGkN/5UOBHmAMtPZbOEtPMNUysWxbuO+W+4fvLDY0
         5v4OpZ5IixCtT/N5UMcWzqbszQ2a6sLIZVW0XzZt0atS3yJ6lplSjh0dzsGYHTOPSdxW
         y08yy7MHpp8qM47Pt1pzSugtI+Hy+/6gr7ungbEVV9WrA2pZW0mQf1eBshRsMsMJ4byA
         axYg==
X-Gm-Message-State: AAQBX9co6qsH7i00MZuX0c433kHuaicxgRySRrcH0xpjRLAp3LGu8yGa
        6xcoY9SvxB18towVk1C/ZqL9EwxWWsTf6bn8CvXTxA==
X-Received: by 2002:a02:a182:0:b0:406:c43f:6320 with SMTP id
 n2-20020a02a182000000b00406c43f6320mr3896110jah.0.1680246299092; Fri, 31 Mar
 2023 00:04:59 -0700 (PDT)
MIME-Version: 1.0
References: <ZCA2mGV_cmq7lIfV@dragonet> <20230330215507.56509-1-kuniyu@amazon.com>
In-Reply-To: <20230330215507.56509-1-kuniyu@amazon.com>
From:   Eric Dumazet <edumazet@google.com>
Date:   Fri, 31 Mar 2023 09:04:47 +0200
Message-ID: <CANn89iK5D75-SNg28ALi4Zr9JEHnreBpfu_pq0_zLe4jDLT5rw@mail.gmail.com>
Subject: Re: general protection fault in raw_seq_start
To:     Kuniyuki Iwashima <kuniyu@amazon.com>
Cc:     threeearcat@gmail.com, davem@davemloft.net, dsahern@kernel.org,
        kuba@kernel.org, linux-kernel@vger.kernel.org,
        netdev@vger.kernel.org, pabeni@redhat.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: No, score=-15.7 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,ENV_AND_HDR_SPF_MATCH,
        RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL,
        USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Mar 30, 2023 at 11:55=E2=80=AFPM Kuniyuki Iwashima <kuniyu@amazon.c=
om> wrote:

> Thanks for reporting the issue.
>
> It seems we need to use RCU variant in raw_get_first().
> I'll post a patch.
>
> ---
> diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
> index 3cf68695b40d..fe0d1ad20b35 100644
> --- a/net/ipv4/raw.c
> +++ b/net/ipv4/raw.c
> @@ -957,7 +957,7 @@ static struct sock *raw_get_first(struct seq_file *se=
q, int bucket)
>         for (state->bucket =3D bucket; state->bucket < RAW_HTABLE_SIZE;
>                         ++state->bucket) {
>                 hlist =3D &h->ht[state->bucket];
> -               sk_nulls_for_each(sk, hnode, hlist) {
> +               sk_nulls_for_each_rcu(sk, hnode, hlist) {
>                         if (sock_net(sk) =3D=3D seq_file_net(seq))
>                                 return sk;
>

No, we do not want this.
You missed that sk_nulls_for_each_rcu() needs a specific protocol
(see Documentation/RCU/rculist_nulls.rst for details)

RCU is needed in the data path, not for this control path.

My patch went too far in the RCU conversion. I did not think about
syzbot harassing /proc files :)

We need raw_seq_start and friends to go back to use the lock.