mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-21 01:51:18 +00:00
Code Issues Releases Wiki Activity
linux-stable/net
History
Eric Dumazet 7eb322360b net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() 
qdisc_tree_reduce_backlog() is called with the qdisc lock held,
not RTNL.

We must use qdisc_lookup_rcu() instead of qdisc_lookup()

syzbot reported:

WARNING: suspicious RCU usage
6.1.74-syzkaller #0 Not tainted
-----------------------------
net/sched/sch_api.c:305 suspicious rcu_dereference_protected() usage!

other info that might help us debug this:

rcu_scheduler_active = 2, debug_locks = 1
3 locks held by udevd/1142:
  #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline]
  #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]
  #0: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: net_tx_action+0x64a/0x970 net/core/dev.c:5282
  #1: ffff888171861108 (&sch->q.lock){+.-.}-{2:2}, at: spin_lock include/linux/spinlock.h:350 [inline]
  #1: ffff888171861108 (&sch->q.lock){+.-.}-{2:2}, at: net_tx_action+0x754/0x970 net/core/dev.c:5297
  #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:306 [inline]
  #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:747 [inline]
  #2: ffffffff87c729a0 (rcu_read_lock){....}-{1:2}, at: qdisc_tree_reduce_backlog+0x84/0x580 net/sched/sch_api.c:792

stack backtrace:
CPU: 1 PID: 1142 Comm: udevd Not tainted 6.1.74-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
Call Trace:
 <TASK>
  [<ffffffff85b85f14>] __dump_stack lib/dump_stack.c:88 [inline]
  [<ffffffff85b85f14>] dump_stack_lvl+0x1b1/0x28f lib/dump_stack.c:106
  [<ffffffff85b86007>] dump_stack+0x15/0x1e lib/dump_stack.c:113
  [<ffffffff81802299>] lockdep_rcu_suspicious+0x1b9/0x260 kernel/locking/lockdep.c:6592
  [<ffffffff84f0054c>] qdisc_lookup+0xac/0x6f0 net/sched/sch_api.c:305
  [<ffffffff84f037c3>] qdisc_tree_reduce_backlog+0x243/0x580 net/sched/sch_api.c:811
  [<ffffffff84f5b78c>] pfifo_tail_enqueue+0x32c/0x4b0 net/sched/sch_fifo.c:51
  [<ffffffff84fbcf63>] qdisc_enqueue include/net/sch_generic.h:833 [inline]
  [<ffffffff84fbcf63>] netem_dequeue+0xeb3/0x15d0 net/sched/sch_netem.c:723
  [<ffffffff84eecab9>] dequeue_skb net/sched/sch_generic.c:292 [inline]
  [<ffffffff84eecab9>] qdisc_restart net/sched/sch_generic.c:397 [inline]
  [<ffffffff84eecab9>] __qdisc_run+0x249/0x1e60 net/sched/sch_generic.c:415
  [<ffffffff84d7aa96>] qdisc_run+0xd6/0x260 include/net/pkt_sched.h:125
  [<ffffffff84d85d29>] net_tx_action+0x7c9/0x970 net/core/dev.c:5313
  [<ffffffff85e002bd>] __do_softirq+0x2bd/0x9bd kernel/softirq.c:616
  [<ffffffff81568bca>] invoke_softirq kernel/softirq.c:447 [inline]
  [<ffffffff81568bca>] __irq_exit_rcu+0xca/0x230 kernel/softirq.c:700
  [<ffffffff81568ae9>] irq_exit_rcu+0x9/0x20 kernel/softirq.c:712
  [<ffffffff85b89f52>] sysvec_apic_timer_interrupt+0x42/0x90 arch/x86/kernel/apic/apic.c:1107
  [<ffffffff85c00ccb>] asm_sysvec_apic_timer_interrupt+0x1b/0x20 arch/x86/include/asm/idtentry.h:656

Fixes: d636fc5dd6 ("net: sched: add rcu annotations around qdisc->qdisc_sleeping")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Link: https://lore.kernel.org/r/20240402134133.2352776-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-04-03 19:29:42 -07:00
..
6lowpan net: fill in MODULE_DESCRIPTION()s for 6LoWPAN 2024-02-09 14:12:01 -08:00
9p net: 9p: avoid freeing uninit memory in p9pdu_vreadf 2023-12-13 05:44:30 +09:00
802
8021q rtnetlink: prepare nla_put_iflink() to run under RCU 2024-02-26 11:46:12 +00:00
appletalk net: remove SOCK_DEBUG leftovers 2023-12-26 20:31:01 +00:00
atm net: fill in MODULE_DESCRIPTION()s for mpoa 2024-02-09 14:12:01 -08:00
ax25 ax25: fix use-after-free bugs caused by ax25_ds_del_timer 2024-04-02 17:59:44 -07:00
batman-adv This cleanup patchset includes the following patches: 2024-02-02 12:44:16 +00:00
bluetooth Bluetooth: Fix TOCTOU in HCI debugfs implementation 2024-03-29 09:48:37 -04:00
bpf for-netdev 2024-03-11 18:06:04 -07:00
bridge - Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min 2024-03-14 18:03:09 -07:00
caif net: fill in MODULE_DESCRIPTION()s for CAIF 2024-01-05 08:06:35 -08:00
can linux-can-next-for-6.9-20240220 2024-02-20 15:32:45 +01:00
ceph libceph: init the cursor when preparing sparse read in msgr2 2024-03-06 12:43:01 +01:00
core net: do not consume a cacheline for system_page_pool 2024-03-29 12:27:05 -07:00
dcb
dccp Kbuild updates for v6.9 2024-03-21 14:41:00 -07:00
devlink devlink: fix port new reply cmd type 2024-03-19 19:37:57 -07:00
dns_resolver Networking changes for 6.8. 2024-01-11 10:07:29 -08:00
dsa net: dsa: Leverage core stats allocator 2024-03-07 20:37:13 -08:00
ethernet
ethtool ethtool: remove ethtool_eee_use_linkmodes 2024-03-06 20:40:20 -08:00
handshake net/handshake: Fix handshake_req_destroy_test1 2024-02-08 18:32:29 -08:00
hsr net: hsr: Use full string description when opening HSR network device 2024-03-29 10:42:21 +00:00
ieee802154 Merge tag 'ieee802154-for-net-next-2024-03-07' of git://git.kernel.org/pub/scm/linux/kernel/git/wpan/wpan-next 2024-03-08 20:35:33 -08:00
ife net: sched: ife: fix potential use-after-free 2023-12-15 10:50:18 +00:00
ipv4 tcp: Fix bind() regression for v6-only wildcard and v4(-mapped-v6) non-wildcard addresses. 2024-03-29 14:48:38 -07:00
ipv6 ipv6: Fix infinite recursion in fib6_dump_done(). 2024-04-02 19:10:57 -07:00
iucv more s390 updates for 6.9 merge window 2024-03-19 11:38:27 -07:00
kcm net: kcm: fix incorrect parameter validation in the kcm_getsockopt) function 2024-03-11 09:53:22 +00:00
key net: fill in MODULE_DESCRIPTION()s for af_key 2024-02-09 14:12:01 -08:00
l2tp l2tp: fix incorrect parameter validation in the pppol2tp_getsockopt() function 2024-03-11 09:53:22 +00:00
l3mdev
lapb
llc llc: call sock_orphan() at release time 2024-01-30 13:49:09 +01:00
mac80211 wifi: mac80211: correctly set active links upon TTLM 2024-03-25 15:23:07 +01:00
mac802154 mac802154: fix llsec key resources release in mac802154_llsec_key_del 2024-03-06 21:01:26 +01:00
mctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-29 14:24:56 -08:00
mpls - Kuan-Wei Chiu has developed the well-named series "lib min_heap: Min 2024-03-14 18:03:09 -07:00
mptcp mptcp: don't account accept() of non-MPC client as fallback to TCP 2024-04-01 21:25:00 -07:00
ncsi
netfilter netfilter: nf_tables: skip netdev hook unregistration if table is dormant 2024-03-28 03:54:01 +01:00
netlabel netlabel: remove impossible return value in netlbl_bitmap_walk 2024-02-28 19:37:34 -08:00
netlink net/netlink: Add getsockopt support for NETLINK_LISTEN_ALL_NSID 2024-03-11 15:48:34 -07:00
netrom netrom: Fix data-races around sysctl_net_busy_read 2024-03-07 10:36:58 +01:00
nfc nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet 2024-03-22 09:41:39 +00:00
nsh
openvswitch net: openvswitch: limit the number of recursions from action sets 2024-02-09 12:54:38 -08:00
packet Revert "net: Re-use and set mono_delivery_time bit for userspace tstamp packets" 2024-03-18 12:29:53 +00:00
phonet phonet/pep: fix racy skb_queue_empty() use 2024-02-22 09:05:50 +01:00
psample genetlink: Use internal flags for multicast groups 2023-12-29 08:43:59 +00:00
qrtr net: qrtr: ns: Return 0 if server port is not present 2024-01-01 18:41:29 +00:00
rds net/rds: fix possible cp null dereference 2024-03-29 12:04:09 -07:00
rfkill Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-12-21 22:17:23 +01:00
rose net/rose: fix races in rose_kill_by_device() 2023-12-15 11:59:53 +00:00
rxrpc rxrpc: Fix error check on ->alloc_txbuf() 2024-03-14 13:09:53 +01:00
sched net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() 2024-04-03 19:29:42 -07:00
sctp net: introduce include/net/rps.h 2024-03-07 21:12:43 -08:00
smc net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() 2024-03-05 15:49:35 +01:00
strparser
sunrpc NFS client updates for Linux 6.9 2024-03-16 11:44:00 -07:00
switchdev net: bridge: switchdev: Skip MDB replays of deferred events on offload 2024-02-16 09:36:37 +00:00
tipc tipc: Cleanup tipc_nl_bearer_add() error paths 2024-02-15 13:18:19 +01:00
tls tls: get psock ref after taking rxlock to avoid leak 2024-03-26 20:48:24 -07:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-22 15:29:26 -08:00
vmw_vsock vsock/virtio: fix packet delivery to tap device 2024-04-02 18:00:24 -07:00
wireless wifi: cfg80211: fix rdev_dump_mpp() arguments order 2024-03-25 15:23:06 +01:00
x25 net/x25: fix incorrect parameter validation in the x25_getsockopt() function 2024-03-11 09:53:22 +00:00
xdp bpf-next-for-netdev 2024-03-02 20:50:59 -08:00
xfrm xfrm: Allow UDP encapsulation only in offload modes 2024-03-18 11:56:11 +01:00
compat.c file: stop exposing receive_fd_user() 2023-12-12 14:24:14 +01:00
devres.c
Kconfig net: bql: allow the config to be disabled 2024-02-18 10:19:21 +00:00
Kconfig.debug
Makefile af_unix: Remove CONFIG_UNIX_SCM. 2024-01-31 16:41:16 -08:00
socket.c net: remove {revc,send}msg_copy_msghdr() from exports 2024-03-14 16:48:53 -07:00
sysctl_net.c