From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=pWjj=SQ=vger.kernel.org=netdev-owner@kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.3 required=3.0 tests=DATE_IN_PAST_03_06,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM,
	HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SIGNED_OFF_BY,
	SPF_PASS,URIBL_BLOCKED,USER_AGENT_MUTT autolearn=ham autolearn_force=no
	version=3.4.0
Received: from mail.kernel.org (mail.kernel.org [198.145.29.99])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 2E6D4C10F11
	for <netdev@archiver.kernel.org>; Sun, 14 Apr 2019 01:11:28 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id E1AAA2084D
	for <netdev@archiver.kernel.org>; Sun, 14 Apr 2019 01:11:27 +0000 (UTC)
Authentication-Results: mail.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VfA28Mws"
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727160AbfDNBL0 (ORCPT <rfc822;netdev@archiver.kernel.org>);
        Sat, 13 Apr 2019 21:11:26 -0400
Received: from mail-qk1-f195.google.com ([209.85.222.195]:33826 "EHLO
        mail-qk1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727080AbfDNBL0 (ORCPT
        <rfc822;netdev@vger.kernel.org>); Sat, 13 Apr 2019 21:11:26 -0400
Received: by mail-qk1-f195.google.com with SMTP id n68so7924600qka.1
        for <netdev@vger.kernel.org>; Sat, 13 Apr 2019 18:11:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=date:from:to:cc:subject:message-id:references:mime-version
         :content-disposition:in-reply-to:user-agent;
        bh=GXQcB5EBpv+/70ztYEbeCIq9oVefelxqwIUZY6quqhY=;
        b=VfA28Mwsw1NCgD7Sum4uYyqe9OWVp0xW/q+LxgSg/9Fh8orL/lAEHwmmaOatl8s6vw
         Tso9pw9KTGRHK8C9jgEZQmeJNAa2pcfrZY5bQgl+FLd21sQorF/FpZw2pz0ovPgu8n5x
         Hsp516IWbyV9gvnsMIvS2zWahwmNGmXjoVNiDwnvDhtmZ+CyayatEEjLqEM5CiGuGnEO
         3apLXLgh2b/jFmQxm60GtLDZvanu5PI2iKrMzWxRypNWAAq2RzlSqJs1gMgm0+DlICJH
         DDok9jWONb5E+T+OCjBj7L5Igc8H0ygbHKI7l53uVhIt50MRzDB6nhiI4Ws/1TIsAmOT
         4R8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:date:from:to:cc:subject:message-id:references
         :mime-version:content-disposition:in-reply-to:user-agent;
        bh=GXQcB5EBpv+/70ztYEbeCIq9oVefelxqwIUZY6quqhY=;
        b=dQwkUWLP2VR2UeFeN+bRQwKN9n54w2EwRl5L/wuEAqRF3+Ky81cP1ZWzUKkHn2O/4H
         ZeaK0KUAQ+T1VF6LjfYFb0AuFe5l7XymfzBNmCfQAfrY3ybWg1sgZXgB6C8F/ZtEoQTY
         T6U4sI2KqBZ7eplvfLzKMXxRD43ufVGF+ZyS2RJ3qU2icHVa06IGuEzPFJxHepHkHalS
         DvjprZPjMz8LvydEFC2Kk/Jw34lZahFDxhKuLW2VP1wNebyPUZckErY2XAXrAtQOGmie
         r6h/juJh2z3/drzzdveGLx0T6HJDlKZnr7IKIphf2+1cOATJS6dlEUno6clqulXZkV18
         zJcA==
X-Gm-Message-State: APjAAAWbw8lBcl1I4Moqs9VpM6lmG8wk5uU1d7rQVOb0ZxR/HIT6aFtw
        clkfzLvdA7ry389ypIoqdQ==
X-Google-Smtp-Source: APXvYqwfm81JOU+CY7pw0QJsijhEvToAKIjhXXXeDdCUsZY0zMsJFYJiH/pmpzYXX8pfTB9EZyug3w==
X-Received: by 2002:a37:a208:: with SMTP id l8mr52319270qke.210.1555204285451;
        Sat, 13 Apr 2019 18:11:25 -0700 (PDT)
Received: from ubuntu (99-149-127-125.lightspeed.rlghnc.sbcglobal.net. [99.149.127.125])
        by smtp.gmail.com with ESMTPSA id x15sm22877273qkh.13.2019.04.13.18.11.24
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Sat, 13 Apr 2019 18:11:24 -0700 (PDT)
Date:   Sat, 13 Apr 2019 17:56:01 -0400
From:   Stephen Suryaputra <ssuryaextr@gmail.com>
To:     Eric Dumazet <edumazet@google.com>
Cc:     "David S . Miller" <davem@davemloft.net>,
        netdev <netdev@vger.kernel.org>,
        Eric Dumazet <eric.dumazet@gmail.com>,
        syzbot <syzkaller@googlegroups.com>, s-nazarov@yandex.ru
Subject: Re: [PATCH net] ipv4: ensure rcu_read_lock() in ipv4_link_failure()
Message-ID: <20190413215601.GA9719@ubuntu>
References: <20190414003221.1802-1-edumazet@google.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20190414003221.1802-1-edumazet@google.com>
User-Agent: Mutt/1.9.4 (2018-02-28)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Thank you. The one in cipso_v4_error needs the same fix (?) Add Nazarov
Sergey.

On Sat, Apr 13, 2019 at 05:32:21PM -0700, Eric Dumazet wrote:
> fib_compute_spec_dst() needs to be called under rcu protection.
> 
> syzbot reported :
> 
> WARNING: suspicious RCU usage
> 5.1.0-rc4+ #165 Not tainted
> include/linux/inetdevice.h:220 suspicious rcu_dereference_check() usage!
> 
> other info that might help us debug this:
> 
> rcu_scheduler_active = 2, debug_locks = 1
> 1 lock held by swapper/0/0:
>  #0: 0000000051b67925 ((&n->timer)){+.-.}, at: lockdep_copy_map include/linux/lockdep.h:170 [inline]
>  #0: 0000000051b67925 ((&n->timer)){+.-.}, at: call_timer_fn+0xda/0x720 kernel/time/timer.c:1315
> 
> stack backtrace:
> CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.1.0-rc4+ #165
> Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
> Call Trace:
>  <IRQ>
>  __dump_stack lib/dump_stack.c:77 [inline]
>  dump_stack+0x172/0x1f0 lib/dump_stack.c:113
>  lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5162
>  __in_dev_get_rcu include/linux/inetdevice.h:220 [inline]
>  fib_compute_spec_dst+0xbbd/0x1030 net/ipv4/fib_frontend.c:294
>  spec_dst_fill net/ipv4/ip_options.c:245 [inline]
>  __ip_options_compile+0x15a7/0x1a10 net/ipv4/ip_options.c:343
>  ipv4_link_failure+0x172/0x400 net/ipv4/route.c:1195
>  dst_link_failure include/net/dst.h:427 [inline]
>  arp_error_report+0xd1/0x1c0 net/ipv4/arp.c:297
>  neigh_invalidate+0x24b/0x570 net/core/neighbour.c:995
>  neigh_timer_handler+0xc35/0xf30 net/core/neighbour.c:1081
>  call_timer_fn+0x190/0x720 kernel/time/timer.c:1325
>  expire_timers kernel/time/timer.c:1362 [inline]
>  __run_timers kernel/time/timer.c:1681 [inline]
>  __run_timers kernel/time/timer.c:1649 [inline]
>  run_timer_softirq+0x652/0x1700 kernel/time/timer.c:1694
>  __do_softirq+0x266/0x95a kernel/softirq.c:293
>  invoke_softirq kernel/softirq.c:374 [inline]
>  irq_exit+0x180/0x1d0 kernel/softirq.c:414
>  exiting_irq arch/x86/include/asm/apic.h:536 [inline]
>  smp_apic_timer_interrupt+0x14a/0x570 arch/x86/kernel/apic/apic.c:1062
>  apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807
> 
> Fixes: ed0de45a1008 ("ipv4: recompile ip options in ipv4_link_failure")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Reported-by: syzbot <syzkaller@googlegroups.com>
> Cc: Stephen Suryaputra <ssuryaextr@gmail.com>
> ---
>  net/ipv4/route.c | 10 ++++++++--
>  1 file changed, 8 insertions(+), 2 deletions(-)
> 
> diff --git a/net/ipv4/route.c b/net/ipv4/route.c
> index 0206789bc2b73b70f3a543385052efbe4cd6c3b6..88ce038dd495dec1d34867eb40091c61141e9acb 100644
> --- a/net/ipv4/route.c
> +++ b/net/ipv4/route.c
> @@ -1185,14 +1185,20 @@ static struct dst_entry *ipv4_dst_check(struct dst_entry *dst, u32 cookie)
>  
>  static void ipv4_link_failure(struct sk_buff *skb)
>  {
> -	struct rtable *rt;
>  	struct ip_options opt;
> +	struct rtable *rt;
> +	int res;
>  
>  	/* Recompile ip options since IPCB may not be valid anymore.
>  	 */
>  	memset(&opt, 0, sizeof(opt));
>  	opt.optlen = ip_hdr(skb)->ihl*4 - sizeof(struct iphdr);
> -	if (__ip_options_compile(dev_net(skb->dev), &opt, skb, NULL))
> +
> +	rcu_read_lock();
> +	res = __ip_options_compile(dev_net(skb->dev), &opt, skb, NULL);
> +	rcu_read_unlock();
> +
> +	if (res)
>  		return;
>  
>  	__icmp_send(skb, ICMP_DEST_UNREACH, ICMP_HOST_UNREACH, 0, &opt);
> -- 
> 2.21.0.392.gf8f6787159e-goog
>