* net/xfrm: use of uninit spinlock in xfrm_policy_flush
@ 2017-02-08 10:24 Dmitry Vyukov
2017-02-08 10:52 ` [PATCH ipsec] xfrm: policy: init locks early Florian Westphal
0 siblings, 1 reply; 3+ messages in thread
From: Dmitry Vyukov @ 2017-02-08 10:24 UTC (permalink / raw)
To: Steffen Klassert, Herbert Xu, David Miller, netdev, LKML, Eric Dumazet
Cc: syzkaller
Hello,
I am getting the following reports while running syzkaller fuzzer on
linux-next e3e6c5f3544c5d05c6b3b309a34f4f2c3537e993:
INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
CPU: 0 PID: 13059 Comm: syz-executor1 Not tainted 4.10.0-rc7-next-20170207 #1
Hardware name: Google Google Compute Engine/Google Compute Engine,
BIOS Google 01/01/2011
Call Trace:
__dump_stack lib/dump_stack.c:15 [inline]
dump_stack+0x2ee/0x3ef lib/dump_stack.c:51
register_lock_class+0x1a5b/0x1bf0 kernel/locking/lockdep.c:738
__lock_acquire+0x215/0x3430 kernel/locking/lockdep.c:3233
lock_acquire+0x2a1/0x630 kernel/locking/lockdep.c:3753
__raw_spin_lock_bh include/linux/spinlock_api_smp.h:135 [inline]
_raw_spin_lock_bh+0x3a/0x50 kernel/locking/spinlock.c:175
spin_lock_bh include/linux/spinlock.h:304 [inline]
xfrm_policy_flush+0x32/0x470 net/xfrm/xfrm_policy.c:963
xfrm_policy_fini+0xbf/0x560 net/xfrm/xfrm_policy.c:3041
xfrm_net_init+0x79f/0x9e0 net/xfrm/xfrm_policy.c:3091
ops_init+0x10a/0x530 net/core/net_namespace.c:115
setup_net+0x2ed/0x690 net/core/net_namespace.c:291
copy_net_ns+0x26c/0x530 net/core/net_namespace.c:396
create_new_namespaces+0x409/0x860 kernel/nsproxy.c:106
unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:205
SYSC_unshare kernel/fork.c:2281 [inline]
SyS_unshare+0x64e/0xfc0 kernel/fork.c:2231
entry_SYSCALL_64_fastpath+0x1f/0xc2
Not sure if the memory under net->xfrm.xfrm_policy_lock is zeroed,
because otherwise it can easily lead to a lockup. The locks should
probably be initialized first in xfrm_net_init.
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH ipsec] xfrm: policy: init locks early
2017-02-08 10:24 net/xfrm: use of uninit spinlock in xfrm_policy_flush Dmitry Vyukov
@ 2017-02-08 10:52 ` Florian Westphal
2017-02-10 7:35 ` Steffen Klassert
0 siblings, 1 reply; 3+ messages in thread
From: Florian Westphal @ 2017-02-08 10:52 UTC (permalink / raw)
To: netdev; +Cc: dvyukov, steffen.klassert, linux-kernel, Florian Westphal
Dmitry reports following splat:
INFO: trying to register non-static key.
the code is fine but needs lockdep annotation.
turning off the locking correctness validator.
CPU: 0 PID: 13059 Comm: syz-executor1 Not tainted 4.10.0-rc7-next-20170207 #1
[..]
spin_lock_bh include/linux/spinlock.h:304 [inline]
xfrm_policy_flush+0x32/0x470 net/xfrm/xfrm_policy.c:963
xfrm_policy_fini+0xbf/0x560 net/xfrm/xfrm_policy.c:3041
xfrm_net_init+0x79f/0x9e0 net/xfrm/xfrm_policy.c:3091
ops_init+0x10a/0x530 net/core/net_namespace.c:115
setup_net+0x2ed/0x690 net/core/net_namespace.c:291
copy_net_ns+0x26c/0x530 net/core/net_namespace.c:396
create_new_namespaces+0x409/0x860 kernel/nsproxy.c:106
unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:205
SYSC_unshare kernel/fork.c:2281 [inline]
Problem is that when we get error during xfrm_net_init we will call
xfrm_policy_fini which will acquire xfrm_policy_lock before it was
initialized. Just move it around so locks get set up first.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Fixes: 283bc9f35bbbcb0e9 ("xfrm: Namespacify xfrm state/policy locks")
Signed-off-by: Florian Westphal <fw@strlen.de>
---
net/xfrm/xfrm_policy.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 177e208e8ff5..3c8f5b70abf8 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3062,6 +3062,11 @@ static int __net_init xfrm_net_init(struct net *net)
{
int rv;
+ /* Initialize the per-net locks here */
+ spin_lock_init(&net->xfrm.xfrm_state_lock);
+ spin_lock_init(&net->xfrm.xfrm_policy_lock);
+ mutex_init(&net->xfrm.xfrm_cfg_mutex);
+
rv = xfrm_statistics_init(net);
if (rv < 0)
goto out_statistics;
@@ -3078,11 +3083,6 @@ static int __net_init xfrm_net_init(struct net *net)
if (rv < 0)
goto out;
- /* Initialize the per-net locks here */
- spin_lock_init(&net->xfrm.xfrm_state_lock);
- spin_lock_init(&net->xfrm.xfrm_policy_lock);
- mutex_init(&net->xfrm.xfrm_cfg_mutex);
-
return 0;
out:
--
2.10.2
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH ipsec] xfrm: policy: init locks early
2017-02-08 10:52 ` [PATCH ipsec] xfrm: policy: init locks early Florian Westphal
@ 2017-02-10 7:35 ` Steffen Klassert
0 siblings, 0 replies; 3+ messages in thread
From: Steffen Klassert @ 2017-02-10 7:35 UTC (permalink / raw)
To: Florian Westphal; +Cc: netdev, dvyukov, linux-kernel
On Wed, Feb 08, 2017 at 11:52:29AM +0100, Florian Westphal wrote:
> Dmitry reports following splat:
> INFO: trying to register non-static key.
> the code is fine but needs lockdep annotation.
> turning off the locking correctness validator.
> CPU: 0 PID: 13059 Comm: syz-executor1 Not tainted 4.10.0-rc7-next-20170207 #1
> [..]
> spin_lock_bh include/linux/spinlock.h:304 [inline]
> xfrm_policy_flush+0x32/0x470 net/xfrm/xfrm_policy.c:963
> xfrm_policy_fini+0xbf/0x560 net/xfrm/xfrm_policy.c:3041
> xfrm_net_init+0x79f/0x9e0 net/xfrm/xfrm_policy.c:3091
> ops_init+0x10a/0x530 net/core/net_namespace.c:115
> setup_net+0x2ed/0x690 net/core/net_namespace.c:291
> copy_net_ns+0x26c/0x530 net/core/net_namespace.c:396
> create_new_namespaces+0x409/0x860 kernel/nsproxy.c:106
> unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:205
> SYSC_unshare kernel/fork.c:2281 [inline]
>
> Problem is that when we get error during xfrm_net_init we will call
> xfrm_policy_fini which will acquire xfrm_policy_lock before it was
> initialized. Just move it around so locks get set up first.
>
> Reported-by: Dmitry Vyukov <dvyukov@google.com>
> Fixes: 283bc9f35bbbcb0e9 ("xfrm: Namespacify xfrm state/policy locks")
> Signed-off-by: Florian Westphal <fw@strlen.de>
Applied, thanks everyone!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-02-10 7:36 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-02-08 10:24 net/xfrm: use of uninit spinlock in xfrm_policy_flush Dmitry Vyukov
2017-02-08 10:52 ` [PATCH ipsec] xfrm: policy: init locks early Florian Westphal
2017-02-10 7:35 ` Steffen Klassert
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.