• Eric Dumazet's avatar
    sch_netem: fix rcu splat in netem_enqueue() · a6c91087
    Eric Dumazet authored
    commit 159d2c7d8106177bd9a986fd005a311fe0d11285 upstream.
    
    qdisc_root() use from netem_enqueue() triggers a lockdep warning.
    
    __dev_queue_xmit() uses rcu_read_lock_bh() which is
    not equivalent to rcu_read_lock() + local_bh_disable_bh as far
    as lockdep is concerned.
    
    WARNING: suspicious RCU usage
    5.3.0-rc7+ #0 Not tainted
    -----------------------------
    include/net/sch_generic.h:492 suspicious rcu_dereference_check() usage!
    
    other info that might help us debug this:
    
    rcu_scheduler_active = 2, debug_locks = 1
    3 locks held by syz-executor427/8855:
     #0: 00000000b5525c01 (rcu_read_lock_bh){....}, at: lwtunnel_xmit_redirect include/net/lwtunnel.h:92 [inline]
     #0: 00000000b5525c01 (rcu_read_lock_bh){....}, at: ip_finish_output2+0x2dc/0x2570 net/ipv4/ip_output.c:214
     #1: 00000000b5525c01 (rcu_read_lock_bh){....}, at: __dev_queue_xmit+0x20a/0x3650 net/core/dev.c:3804
     #2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: spin_lock include/linux/spinlock.h:338 [inline]
     #2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: __dev_xmit_skb net/core/dev.c:3502 [inline]
     #2: 00000000364bae92 (&(&sch->q.lock)->rlock){+.-.}, at: __dev_queue_xmit+0x14b8/0x3650 net/core/dev.c:3838
    
    stack backtrace:
    CPU: 0 PID: 8855 Comm: syz-executor427 Not tainted 5.3.0-rc7+ #0
    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
    Call Trace:
     __dump_stack lib/dump_stack.c:77 [inline]
     dump_stack+0x172/0x1f0 lib/dump_stack.c:113
     lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5357
     qdisc_root include/net/sch_generic.h:492 [inline]
     netem_enqueue+0x1cfb/0x2d80 net/sched/sch_netem.c:479
     __dev_xmit_skb net/core/dev.c:3527 [inline]
     __dev_queue_xmit+0x15d2/0x3650 net/core/dev.c:3838
     dev_queue_xmit+0x18/0x20 net/core/dev.c:3902
     neigh_hh_output include/net/neighbour.h:500 [inline]
     neigh_output include/net/neighbour.h:509 [inline]
     ip_finish_output2+0x1726/0x2570 net/ipv4/ip_output.c:228
     __ip_finish_output net/ipv4/ip_output.c:308 [inline]
     __ip_finish_output+0x5fc/0xb90 net/ipv4/ip_output.c:290
     ip_finish_output+0x38/0x1f0 net/ipv4/ip_output.c:318
     NF_HOOK_COND include/linux/netfilter.h:294 [inline]
     ip_mc_output+0x292/0xf40 net/ipv4/ip_output.c:417
     dst_output include/net/dst.h:436 [inline]
     ip_local_out+0xbb/0x190 net/ipv4/ip_output.c:125
     ip_send_skb+0x42/0xf0 net/ipv4/ip_output.c:1555
     udp_send_skb.isra.0+0x6b2/0x1160 net/ipv4/udp.c:887
     udp_sendmsg+0x1e96/0x2820 net/ipv4/udp.c:1174
     inet_sendmsg+0x9e/0xe0 net/ipv4/af_inet.c:807
     sock_sendmsg_nosec net/socket.c:637 [inline]
     sock_sendmsg+0xd7/0x130 net/socket.c:657
     ___sys_sendmsg+0x3e2/0x920 net/socket.c:2311
     __sys_sendmmsg+0x1bf/0x4d0 net/socket.c:2413
     __do_sys_sendmmsg net/socket.c:2442 [inline]
     __se_sys_sendmmsg net/socket.c:2439 [inline]
     __x64_sys_sendmmsg+0x9d/0x100 net/socket.c:2439
     do_syscall_64+0xfd/0x6a0 arch/x86/entry/common.c:296
     entry_SYSCALL_64_after_hwframe+0x49/0xbe
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    a6c91087
Name
Last commit
Last update
..
6lowpan Loading commit data...
802 Loading commit data...
8021q Loading commit data...
9p Loading commit data...
appletalk Loading commit data...
atm Loading commit data...
ax25 Loading commit data...
batman-adv Loading commit data...
bluetooth Loading commit data...
bpf Loading commit data...
bpfilter Loading commit data...
bridge Loading commit data...
caif Loading commit data...
can Loading commit data...
ceph Loading commit data...
core Loading commit data...
dcb Loading commit data...
dccp Loading commit data...
decnet Loading commit data...
dns_resolver Loading commit data...
dsa Loading commit data...
ethernet Loading commit data...
hsr Loading commit data...
ieee802154 Loading commit data...
ife Loading commit data...
ipv4 Loading commit data...
ipv6 Loading commit data...
iucv Loading commit data...
kcm Loading commit data...
key Loading commit data...
l2tp Loading commit data...
l3mdev Loading commit data...
lapb Loading commit data...
llc Loading commit data...
mac80211 Loading commit data...
mac802154 Loading commit data...
mpls Loading commit data...
ncsi Loading commit data...
netfilter Loading commit data...
netlabel Loading commit data...
netlink Loading commit data...
netrom Loading commit data...
nfc Loading commit data...
nsh Loading commit data...
openvswitch Loading commit data...
packet Loading commit data...
phonet Loading commit data...
psample Loading commit data...
qrtr Loading commit data...
rds Loading commit data...
rfkill Loading commit data...
rose Loading commit data...
rxrpc Loading commit data...
sched Loading commit data...
sctp Loading commit data...
smc Loading commit data...
strparser Loading commit data...
sunrpc Loading commit data...
switchdev Loading commit data...
tipc Loading commit data...
tls Loading commit data...
unix Loading commit data...
vmw_vsock Loading commit data...
wimax Loading commit data...
wireless Loading commit data...
x25 Loading commit data...
xdp Loading commit data...
xfrm Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
compat.c Loading commit data...
socket.c Loading commit data...
sysctl_net.c Loading commit data...