From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Vasily Averin <vvs@virtuozzo.com>,
Florian Westphal <fw@strlen.de>,
Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 5.4 55/71] netfilter: ctnetlink: suspicious RCU usage in ctnetlink_dump_helpinfo
Date: Thu, 22 Jul 2021 18:31:30 +0200 [thread overview]
Message-ID: <20210722155619.735223316@linuxfoundation.org> (raw)
In-Reply-To: <20210722155617.865866034@linuxfoundation.org>
From: Vasily Averin <vvs@virtuozzo.com>
commit c23a9fd209bc6f8c1fa6ee303fdf037d784a1627 upstream.
Two patches listed below removed ctnetlink_dump_helpinfo call from under
rcu_read_lock. Now its rcu_dereference generates following warning:
=============================
WARNING: suspicious RCU usage
5.13.0+ #5 Not tainted
-----------------------------
net/netfilter/nf_conntrack_netlink.c:221 suspicious rcu_dereference_check() usage!
other info that might help us debug this:
rcu_scheduler_active = 2, debug_locks = 1
stack backtrace:
CPU: 1 PID: 2251 Comm: conntrack Not tainted 5.13.0+ #5
Call Trace:
dump_stack+0x7f/0xa1
ctnetlink_dump_helpinfo+0x134/0x150 [nf_conntrack_netlink]
ctnetlink_fill_info+0x2c2/0x390 [nf_conntrack_netlink]
ctnetlink_dump_table+0x13f/0x370 [nf_conntrack_netlink]
netlink_dump+0x10c/0x370
__netlink_dump_start+0x1a7/0x260
ctnetlink_get_conntrack+0x1e5/0x250 [nf_conntrack_netlink]
nfnetlink_rcv_msg+0x613/0x993 [nfnetlink]
netlink_rcv_skb+0x50/0x100
nfnetlink_rcv+0x55/0x120 [nfnetlink]
netlink_unicast+0x181/0x260
netlink_sendmsg+0x23f/0x460
sock_sendmsg+0x5b/0x60
__sys_sendto+0xf1/0x160
__x64_sys_sendto+0x24/0x30
do_syscall_64+0x36/0x70
entry_SYSCALL_64_after_hwframe+0x44/0xae
Fixes: 49ca022bccc5 ("netfilter: ctnetlink: don't dump ct extensions of unconfirmed conntracks")
Fixes: 0b35f6031a00 ("netfilter: Remove duplicated rcu_read_lock.")
Signed-off-by: Vasily Averin <vvs@virtuozzo.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/netfilter/nf_conntrack_netlink.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -211,6 +211,7 @@ static int ctnetlink_dump_helpinfo(struc
if (!help)
return 0;
+ rcu_read_lock();
helper = rcu_dereference(help->helper);
if (!helper)
goto out;
@@ -226,9 +227,11 @@ static int ctnetlink_dump_helpinfo(struc
nla_nest_end(skb, nest_helper);
out:
+ rcu_read_unlock();
return 0;
nla_put_failure:
+ rcu_read_unlock();
return -1;
}
next prev parent reply other threads:[~2021-07-22 16:34 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-22 16:30 [PATCH 5.4 00/71] 5.4.135-rc1 review Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 01/71] ARM: dts: gemini: rename mdio to the right name Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 02/71] ARM: dts: gemini: add device_type on pci Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 03/71] ARM: dts: rockchip: fix pinctrl sleep nodename for rk3036-kylin and rk3288 Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 04/71] arm64: dts: rockchip: fix pinctrl sleep nodename for rk3399.dtsi Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 05/71] ARM: dts: rockchip: Fix the timer clocks order Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 06/71] ARM: dts: rockchip: Fix IOMMU nodes properties on rk322x Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 07/71] ARM: dts: rockchip: Fix power-controller node names for rk3066a Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 08/71] ARM: dts: rockchip: Fix power-controller node names for rk3188 Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 09/71] ARM: dts: rockchip: Fix power-controller node names for rk3288 Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 10/71] arm64: dts: rockchip: Fix power-controller node names for px30 Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 11/71] arm64: dts: rockchip: Fix power-controller node names for rk3328 Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 12/71] reset: ti-syscon: fix to_ti_syscon_reset_data macro Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 13/71] ARM: brcmstb: dts: fix NAND nodes names Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 14/71] ARM: Cygnus: " Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 15/71] ARM: NSP: " Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 16/71] ARM: dts: BCM63xx: Fix " Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 17/71] ARM: dts: Hurricane 2: " Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 18/71] ARM: dts: imx6: phyFLEX: Fix UART hardware flow control Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 19/71] ARM: imx: pm-imx5: Fix references to imx5_cpu_suspend_info Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 20/71] rtc: mxc_v2: add missing MODULE_DEVICE_TABLE Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 21/71] kbuild: sink stdout from cmd for silent build Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 22/71] ARM: dts: am57xx-cl-som-am57x: fix ti,no-reset-on-init flag for gpios Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 23/71] ARM: dts: am437x-gp-evm: " Greg Kroah-Hartman
2021-07-22 16:30 ` [PATCH 5.4 24/71] ARM: dts: stm32: fix gpio-keys node on STM32 MCU boards Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 25/71] ARM: dts: stm32: fix RCC node name on stm32f429 MCU Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 26/71] ARM: dts: stm32: fix timer nodes on STM32 MCU to prevent warnings Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 27/71] arm64: dts: juno: Update SCPI nodes as per the YAML schema Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 28/71] ARM: dts: rockchip: fix supply properties in io-domains nodes Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 29/71] ARM: dts: stm32: fix i2c node name on stm32f746 to prevent warnings Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 30/71] ARM: dts: stm32: move stmmac axi config in ethernet node on stm32mp15 Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 31/71] soc/tegra: fuse: Fix Tegra234-only builds Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 32/71] firmware: tegra: bpmp: " Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 33/71] arm64: dts: ls208xa: remove bus-num from dspi node Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 34/71] arm64: dts: imx8mq: assign PCIe clocks Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 35/71] thermal/core: Correct function name thermal_zone_device_unregister() Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 36/71] kbuild: mkcompile_h: consider timestamp if KBUILD_BUILD_TIMESTAMP is set Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 37/71] rtc: max77686: Do not enforce (incorrect) interrupt trigger type Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 38/71] scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 39/71] scsi: libsas: Add LUN number check in .slave_alloc callback Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 40/71] scsi: libfc: Fix array index out of bound exception Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 41/71] scsi: qedf: Add check to synchronize abort and flush Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 42/71] sched/fair: Fix CFS bandwidth hrtimer expiry type Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 43/71] s390: introduce proper type handling call_on_stack() macro Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 44/71] cifs: prevent NULL deref in cifs_compose_mount_options() Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 45/71] arm64: dts: armada-3720-turris-mox: add firmware node Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 46/71] firmware: turris-mox-rwtm: add marvell,armada-3700-rwtm-firmware compatible string Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 47/71] arm64: dts: marvell: armada-37xx: move firmware node to generic dtsi file Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 48/71] f2fs: Show casefolding support only when supported Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 49/71] usb: cdns3: Enable TDL_CHK only for OUT ep Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 50/71] mm: slab: fix kmem_cache_create failed when sysfs node not destroyed Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 51/71] dm writecache: return the exact table values that were set Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 52/71] net: dsa: mv88e6xxx: enable .port_set_policy() on Topaz Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 53/71] net: dsa: mv88e6xxx: enable .rmu_disable() " Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 54/71] net: ipv6: fix return value of ip6_skb_dst_mtu Greg Kroah-Hartman
2021-07-22 16:31 ` Greg Kroah-Hartman [this message]
2021-07-22 16:31 ` [PATCH 5.4 56/71] net/sched: act_ct: fix err check for nf_conntrack_confirm Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 57/71] net: bridge: sync fdb to new unicast-filtering ports Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 58/71] net: bcmgenet: Ensure all TX/RX queues DMAs are disabled Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 59/71] net: ip_tunnel: fix mtu calculation for ETHER tunnel devices Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 60/71] net: moxa: fix UAF in moxart_mac_probe Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 61/71] net: qcom/emac: fix UAF in emac_remove Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 62/71] net: ti: fix UAF in tlan_remove_one Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 63/71] net: send SYNACK packet with accepted fwmark Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 64/71] net: validate lwtstate->data before returning from skb_tunnel_info() Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 65/71] net: fddi: fix UAF in fza_probe Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 66/71] dma-buf/sync_file: Dont leak fences on merge failure Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 67/71] tcp: annotate data races around tp->mtu_info Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 68/71] ipv6: tcp: drop silly ICMPv6 packet too big messages Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 69/71] bpftool: Properly close va_list ap by va_end() on error Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 70/71] perf test bpf: Free obj_buf Greg Kroah-Hartman
2021-07-22 16:31 ` [PATCH 5.4 71/71] udp: annotate data races around unix_sk(sk)->gso_size Greg Kroah-Hartman
2021-07-23 6:36 ` [PATCH 5.4 00/71] 5.4.135-rc1 review Samuel Zou
2021-07-23 11:28 ` Sudip Mukherjee
2021-07-23 12:54 ` Naresh Kamboju
2021-07-23 15:58 ` Shuah Khan
2021-07-23 16:16 ` Florian Fainelli
2021-07-23 21:07 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210722155619.735223316@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=fw@strlen.de \
--cc=linux-kernel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=stable@vger.kernel.org \
--cc=vvs@virtuozzo.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).