superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/net
History
Eric Dumazet 38a1f50a5e phonet: do not call synchronize_rcu() from phonet_route_del() 
Calling synchronize_rcu() while holding rcu_read_lock() is not
permitted [1]

Move the synchronize_rcu() + dev_put() to route_doit().

Alternative would be to not use rcu_read_lock() in route_doit().

[1]
WARNING: suspicious RCU usage
6.12.0-rc5-syzkaller-01056-gf07a6e6ceb05 #0 Not tainted
-----------------------------
kernel/rcu/tree.c:4092 Illegal synchronize_rcu() in RCU read-side critical section!

other info that might help us debug this:

rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor427/5840:
  #0: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline]
  #0: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:849 [inline]
  #0: ffffffff8e937da0 (rcu_read_lock){....}-{1:2}, at: route_doit+0x3d6/0x640 net/phonet/pn_netlink.c:264

stack backtrace:
CPU: 1 UID: 0 PID: 5840 Comm: syz-executor427 Not tainted 6.12.0-rc5-syzkaller-01056-gf07a6e6ceb05 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
  __dump_stack lib/dump_stack.c:94 [inline]
  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
  lockdep_rcu_suspicious+0x226/0x340 kernel/locking/lockdep.c:6821
  synchronize_rcu+0xea/0x360 kernel/rcu/tree.c:4089
  phonet_route_del+0xc6/0x140 net/phonet/pn_dev.c:409
  route_doit+0x514/0x640 net/phonet/pn_netlink.c:275
  rtnetlink_rcv_msg+0x791/0xcf0 net/core/rtnetlink.c:6790
  netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2551
  netlink_unicast_kernel net/netlink/af_netlink.c:1331 [inline]
  netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1357
  netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1901
  sock_sendmsg_nosec net/socket.c:729 [inline]
  __sock_sendmsg+0x221/0x270 net/socket.c:744
  sock_write_iter+0x2d7/0x3f0 net/socket.c:1165
  new_sync_write fs/read_write.c:590 [inline]
  vfs_write+0xaeb/0xd30 fs/read_write.c:683
  ksys_write+0x183/0x2b0 fs/read_write.c:736
  do_syscall_x64 arch/x86/entry/common.c:52 [inline]
  do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Fixes: 17a1ac0018 ("phonet: Don't hold RTNL for route_doit().")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Cc: Remi Denis-Courmont <courmisch@gmail.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Link: https://patch.msgid.link/20241106131818.1240710-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2024-11-07 20:34:16 -08:00
..
6lowpan ipv6: eliminate ndisc_ops_is_useropt() 2024-08-12 17:23:57 -07:00
9p 9p: fix slab cache name creation for real 2024-10-21 15:41:29 -07:00
802 move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
8021q netpoll: remove ndo_netpoll_setup() second argument 2024-10-23 13:31:32 +02:00
appletalk appletalk: Remove deadcode 2024-10-04 12:42:32 +01:00
atm
ax25
batman-adv This cleanup patchset includes the following patches: 2024-10-15 15:28:17 +02:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-10-31 18:10:07 -07:00
bpf bpf, test_run: Fix LIVE_FRAME frame update after a page has been recycled 2024-10-31 16:15:21 +01:00
bridge ipv4: Prepare ip_route_output() to future .flowi4_tos conversion. 2024-11-07 20:33:19 -08:00
caif caif: Remove unused cfsrvl_getphyid 2024-10-08 15:33:49 -07:00
can can: gw: Use rtnl_register_many(). 2024-10-15 18:52:26 -07:00
ceph libceph: use min() to simplify code in ceph_dns_resolve_name() 2024-08-27 09:30:16 +02:00
core bpf-next-for-netdev 2024-11-03 14:44:51 -08:00
dcb dcb: Use rtnl_register_many(). 2024-10-15 18:52:26 -07:00
dccp move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
devlink devlink: remove unused devlink_resource_register() 2024-10-29 16:52:57 -07:00
dns_resolver
dsa net: dsa: use ethtool string helpers 2024-11-03 10:36:34 -08:00
ethernet
ethtool net: ethtool: Avoid thousands of -Wflex-array-member-not-at-end warnings 2024-11-03 11:06:58 -08:00
handshake net/handshake: use sockfd_put() helper 2024-08-27 16:09:25 -07:00
hsr net: hsr: convert to use new timer APIs 2024-10-14 13:17:04 +01:00
ieee802154 net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() 2024-10-15 18:43:08 -07:00
ife
ipv4 netfilter pull request 24-11-07 2024-11-07 12:46:04 +01:00
ipv6 netfilter pull request 24-11-07 2024-11-07 12:46:04 +01:00
iucv s390/iucv: Fix vargs handling in iucv_alloc_device() 2024-08-22 13:09:20 -07:00
kcm kcm: replace call_rcu by kfree_rcu for simple kmem_cache_free callback 2024-10-15 10:50:21 -07:00
key
l2tp genetlink: hold RCU in genlmsg_mcast() 2024-10-15 17:52:58 -07:00
l3mdev
lapb
llc llc: Constify struct llc_sap_state_trans 2024-07-15 08:51:19 -07:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-10-31 18:10:07 -07:00
mac802154 Including fixes from ieee802154, bluetooth and netfilter. 2024-10-03 09:44:00 -07:00
mctp rtnetlink: Return int from rtnl_af_register(). 2024-10-22 11:02:05 +02:00
mpls rtnetlink: Return int from rtnl_af_register(). 2024-10-22 11:02:05 +02:00
mptcp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-11-07 13:44:16 -08:00
ncsi net/ncsi: Disable the ncsi work before freeing the associated structure 2024-10-03 10:14:14 +02:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-11-07 13:44:16 -08:00
netlabel
netlink netlink: Remove the dead code in netlink_proto_init() 2024-10-31 19:36:25 -07:00
netrom net/netrom: prefer strscpy over strcpy 2024-08-29 12:33:07 -07:00
nfc net: nfc: Propagate ISO14443 type A target ATS to userspace via netlink 2024-11-07 10:21:58 +01:00
nsh
openvswitch openvswitch: Pass on secpath details for internal port rx. 2024-11-05 17:38:25 -08:00
packet af_packet: avoid erroring out after sock_init_data() in packet_create() 2024-10-15 18:43:07 -07:00
phonet phonet: do not call synchronize_rcu() from phonet_route_del() 2024-11-07 20:34:16 -08:00
psample net: psample: fix flag being set in wrong skb 2024-07-11 18:11:31 -07:00
qrtr net: qrtr: Update packets cloning when broadcasting 2024-09-24 10:48:16 +02:00
rds net/rds: remove unused struct 'rds_ib_dereg_odp_mr' 2024-10-03 16:42:52 -07:00
rfkill [tree-wide] finally take no_llseek out 2024-09-27 08:18:43 -07:00
rose
rxrpc rxrpc: Fix missing locking causing hanging calls 2024-11-07 11:30:34 -08:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-10-31 18:10:07 -07:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-11-07 13:44:16 -08:00
shaper net-shapers: implement cap validation in the core 2024-10-10 08:30:23 -07:00
smc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-11-07 13:44:16 -08:00
strparser
sunrpc sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() 2024-11-04 10:24:18 -05:00
switchdev
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-09-15 09:13:19 -07:00
tls move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
unix af_unix: Don't return OOB skb in manage_oob(). 2024-09-09 17:14:27 -07:00
vmw_vsock vsock: do not leave dangling sk pointer in vsock_create() 2024-10-28 18:08:52 -07:00
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-10-31 18:10:07 -07:00
x25
xdp xsk: Use xsk_buff_pool directly for cq functions 2024-10-14 17:23:49 +02:00
xfrm ipsec-2024-10-22 2024-10-24 11:11:33 +02:00
Kconfig netlink: spec: add shaper YAML spec 2024-10-10 08:30:21 -07:00
Kconfig.debug rtnetlink: Add per-netns RTNL. 2024-10-08 15:16:59 +02:00
Makefile netlink: spec: add shaper YAML spec 2024-10-10 08:30:21 -07:00
compat.c
devres.c
socket.c socket: Print pf->create() when it does not clear sock->sk on failure. 2024-10-29 16:31:23 -07:00
sysctl_net.c