From: Sven Eckelmann <sven@narfation.org> To: "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com> Cc: b.a.t.m.a.n@lists.open-mesh.org, netdev@vger.kernel.org, stable@vger.kernel.org, syzbot+f8812454d9b3ac00d282@syzkaller.appspotmail.com, Sven Eckelmann <sven@narfation.org> Subject: [PATCH net] batman-adv: Hold rtnl lock during MTU update via netlink Date: Mon, 21 Aug 2023 21:48:48 +0200 [thread overview] Message-ID: <20230821-batadv-missing-mtu-rtnl-lock-v1-1-1c5a7bfe861e@narfation.org> (raw) The automatic recalculation of the maximum allowed MTU is usually triggered by code sections which are already rtnl lock protected by callers outside of batman-adv. But when the fragmentation setting is changed via batman-adv's own batadv genl family, then the rtnl lock is not yet taken. But dev_set_mtu requires that the caller holds the rtnl lock because it uses netdevice notifiers. And this code will then fail the check for this lock: RTNL: assertion failed at net/core/dev.c (1953) Cc: stable@vger.kernel.org Reported-by: syzbot+f8812454d9b3ac00d282@syzkaller.appspotmail.com Fixes: c6a953cce8d0 ("batman-adv: Trigger events for auto adjusted MTU") Signed-off-by: Sven Eckelmann <sven@narfation.org> --- This problem was just identified by syzbot [1]. I hope it is ok to directly send this patch to netdev instead of creating a single-patch PR from the batadv/net branch. If you still prefer a PR then we can also prepare it. [1] https://lore.kernel.org/r/0000000000009bbb4b0603717cde@google.com --- net/batman-adv/netlink.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/batman-adv/netlink.c b/net/batman-adv/netlink.c index ad5714f737be..6efbc9275aec 100644 --- a/net/batman-adv/netlink.c +++ b/net/batman-adv/netlink.c @@ -495,7 +495,10 @@ static int batadv_netlink_set_mesh(struct sk_buff *skb, struct genl_info *info) attr = info->attrs[BATADV_ATTR_FRAGMENTATION_ENABLED]; atomic_set(&bat_priv->fragmentation, !!nla_get_u8(attr)); + + rtnl_lock(); batadv_update_min_mtu(bat_priv->soft_iface); + rtnl_unlock(); } if (info->attrs[BATADV_ATTR_GW_BANDWIDTH_DOWN]) { --- base-commit: 421d467dc2d483175bad4fb76a31b9e5a3d744cf change-id: 20230821-batadv-missing-mtu-rtnl-lock-bc4cee67731d Best regards, -- Sven Eckelmann <sven@narfation.org>
WARNING: multiple messages have this Message-ID (diff)
From: Sven Eckelmann <sven@narfation.org> To: "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com> Cc: b.a.t.m.a.n@lists.open-mesh.org, netdev@vger.kernel.org, stable@vger.kernel.org, syzbot+f8812454d9b3ac00d282@syzkaller.appspotmail.com Subject: [PATCH net] batman-adv: Hold rtnl lock during MTU update via netlink Date: Mon, 21 Aug 2023 21:48:48 +0200 [thread overview] Message-ID: <20230821-batadv-missing-mtu-rtnl-lock-v1-1-1c5a7bfe861e@narfation.org> (raw) The automatic recalculation of the maximum allowed MTU is usually triggered by code sections which are already rtnl lock protected by callers outside of batman-adv. But when the fragmentation setting is changed via batman-adv's own batadv genl family, then the rtnl lock is not yet taken. But dev_set_mtu requires that the caller holds the rtnl lock because it uses netdevice notifiers. And this code will then fail the check for this lock: RTNL: assertion failed at net/core/dev.c (1953) Cc: stable@vger.kernel.org Reported-by: syzbot+f8812454d9b3ac00d282@syzkaller.appspotmail.com Fixes: c6a953cce8d0 ("batman-adv: Trigger events for auto adjusted MTU") Signed-off-by: Sven Eckelmann <sven@narfation.org> --- This problem was just identified by syzbot [1]. I hope it is ok to directly send this patch to netdev instead of creating a single-patch PR from the batadv/net branch. If you still prefer a PR then we can also prepare it. [1] https://lore.kernel.org/r/0000000000009bbb4b0603717cde@google.com --- net/batman-adv/netlink.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/batman-adv/netlink.c b/net/batman-adv/netlink.c index ad5714f737be..6efbc9275aec 100644 --- a/net/batman-adv/netlink.c +++ b/net/batman-adv/netlink.c @@ -495,7 +495,10 @@ static int batadv_netlink_set_mesh(struct sk_buff *skb, struct genl_info *info) attr = info->attrs[BATADV_ATTR_FRAGMENTATION_ENABLED]; atomic_set(&bat_priv->fragmentation, !!nla_get_u8(attr)); + + rtnl_lock(); batadv_update_min_mtu(bat_priv->soft_iface); + rtnl_unlock(); } if (info->attrs[BATADV_ATTR_GW_BANDWIDTH_DOWN]) { --- base-commit: 421d467dc2d483175bad4fb76a31b9e5a3d744cf change-id: 20230821-batadv-missing-mtu-rtnl-lock-bc4cee67731d Best regards, -- Sven Eckelmann <sven@narfation.org>
next reply other threads:[~2023-08-21 19:49 UTC|newest] Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-08-21 19:48 Sven Eckelmann [this message] 2023-08-21 19:48 ` [PATCH net] batman-adv: Hold rtnl lock during MTU update via netlink Sven Eckelmann 2023-08-22 7:55 ` Simon Horman 2023-08-23 0:30 ` patchwork-bot+netdevbpf
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20230821-batadv-missing-mtu-rtnl-lock-v1-1-1c5a7bfe861e@narfation.org \ --to=sven@narfation.org \ --cc=b.a.t.m.a.n@lists.open-mesh.org \ --cc=davem@davemloft.net \ --cc=edumazet@google.com \ --cc=kuba@kernel.org \ --cc=netdev@vger.kernel.org \ --cc=pabeni@redhat.com \ --cc=stable@vger.kernel.org \ --cc=syzbot+f8812454d9b3ac00d282@syzkaller.appspotmail.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.