From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: Jia-Ju Bai <baijiaju1990@163.com>
Cc: davem@davemloft.net, herbert@gondor.apana.org.au,
nhorman@tuxdriver.com, vyasevich@gmail.com, luto@kernel.org,
kvalo@codeaurora.org, linux-crypto@vger.kernel.org,
netdev@vger.kernel.org, linux-sctp@vger.kernel.org,
linux-wireless@vger.kernel.org
Subject: Re: [PATCH V2] Fix a sleep-in-atomic bug in shash_setkey_unaligned
Date: Tue, 3 Oct 2017 19:33:08 -0300 [thread overview]
Message-ID: <20171003223308.GD19750@localhost.localdomain> (raw)
In-Reply-To: <1506997522-26684-1-git-send-email-baijiaju1990@163.com>
On Tue, Oct 03, 2017 at 10:25:22AM +0800, Jia-Ju Bai wrote:
> The SCTP program may sleep under a spinlock, and the function call path is:
> sctp_generate_t3_rtx_event (acquire the spinlock)
> sctp_do_sm
> sctp_side_effects
> sctp_cmd_interpreter
> sctp_make_init_ack
> sctp_pack_cookie
> crypto_shash_setkey
> shash_setkey_unaligned
> kmalloc(GFP_KERNEL)
Are you sure this can happen?
The host is not supposed to store any information when replying to an
INIT packet (which generated the INIT_ACK listed above). That said,
it's weird to see the timer function triggering so.
Checking now, that code is dead actually:
$ git grep -A 2 SCTP_CMD_GEN_INIT_ACK
sm_sideeffect.c: case SCTP_CMD_GEN_INIT_ACK:
sm_sideeffect.c- /* Generate an INIT ACK chunk.
*/
sm_sideeffect.c- new_obj =
sctp_make_init_ack(asoc, chunk, GFP_ATOMIC,
Nobody is triggering a call to sctp_cmd_interpreter with
SCTP_CMD_GEN_INIT_ACK command, which would generate the callstack
above.
Marcelo
WARNING: multiple messages have this Message-ID (diff)
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: Jia-Ju Bai <baijiaju1990@163.com>
Cc: davem@davemloft.net, herbert@gondor.apana.org.au,
nhorman@tuxdriver.com, vyasevich@gmail.com, luto@kernel.org,
kvalo@codeaurora.org, linux-crypto@vger.kernel.org,
netdev@vger.kernel.org, linux-sctp@vger.kernel.org,
linux-wireless@vger.kernel.org
Subject: Re: [PATCH V2] Fix a sleep-in-atomic bug in shash_setkey_unaligned
Date: Tue, 03 Oct 2017 22:33:08 +0000 [thread overview]
Message-ID: <20171003223308.GD19750@localhost.localdomain> (raw)
In-Reply-To: <1506997522-26684-1-git-send-email-baijiaju1990@163.com>
On Tue, Oct 03, 2017 at 10:25:22AM +0800, Jia-Ju Bai wrote:
> The SCTP program may sleep under a spinlock, and the function call path is:
> sctp_generate_t3_rtx_event (acquire the spinlock)
> sctp_do_sm
> sctp_side_effects
> sctp_cmd_interpreter
> sctp_make_init_ack
> sctp_pack_cookie
> crypto_shash_setkey
> shash_setkey_unaligned
> kmalloc(GFP_KERNEL)
Are you sure this can happen?
The host is not supposed to store any information when replying to an
INIT packet (which generated the INIT_ACK listed above). That said,
it's weird to see the timer function triggering so.
Checking now, that code is dead actually:
$ git grep -A 2 SCTP_CMD_GEN_INIT_ACK
sm_sideeffect.c: case SCTP_CMD_GEN_INIT_ACK:
sm_sideeffect.c- /* Generate an INIT ACK chunk.
*/
sm_sideeffect.c- new_obj sctp_make_init_ack(asoc, chunk, GFP_ATOMIC,
Nobody is triggering a call to sctp_cmd_interpreter with
SCTP_CMD_GEN_INIT_ACK command, which would generate the callstack
above.
Marcelo
next prev parent reply other threads:[~2017-10-03 22:33 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-03 2:25 [PATCH V2] Fix a sleep-in-atomic bug in shash_setkey_unaligned Jia-Ju Bai
2017-10-03 2:25 ` Jia-Ju Bai
2017-10-03 2:25 ` Jia-Ju Bai
2017-10-03 4:18 ` Andy Lutomirski
2017-10-03 4:18 ` Andy Lutomirski
2017-10-03 5:26 ` Herbert Xu
2017-10-03 5:26 ` Herbert Xu
2017-10-03 5:26 ` Herbert Xu
2017-10-03 16:46 ` Andy Lutomirski
2017-10-03 16:46 ` Andy Lutomirski
2017-10-03 22:45 ` Marcelo Ricardo Leitner
2017-10-03 22:45 ` Marcelo Ricardo Leitner
2017-10-05 3:40 ` Herbert Xu
2017-10-05 3:40 ` Herbert Xu
2017-10-05 4:37 ` David Miller
2017-10-05 4:37 ` David Miller
2017-10-05 4:37 ` David Miller
2017-10-05 10:16 ` Herbert Xu
2017-10-05 10:16 ` Herbert Xu
2017-10-05 13:16 ` Herbert Xu
2017-10-05 13:16 ` Herbert Xu
2017-10-05 13:16 ` Herbert Xu
2017-10-05 19:07 ` Marcelo Ricardo Leitner
2017-10-05 19:07 ` Marcelo Ricardo Leitner
2017-10-03 22:33 ` Marcelo Ricardo Leitner [this message]
2017-10-03 22:33 ` Marcelo Ricardo Leitner
2017-10-03 22:46 ` Marcelo Ricardo Leitner
2017-10-03 22:46 ` Marcelo Ricardo Leitner
2017-10-03 22:46 ` Marcelo Ricardo Leitner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171003223308.GD19750@localhost.localdomain \
--to=marcelo.leitner@gmail.com \
--cc=baijiaju1990@163.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=kvalo@codeaurora.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-sctp@vger.kernel.org \
--cc=linux-wireless@vger.kernel.org \
--cc=luto@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
--cc=vyasevich@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.