When IPV6_MROUTE_MULTIPLE_TABLES is enabled, calls to ip6mr_get_table()
must be done under RCU lock, except:
- call in ip6mr_rule_action is safe because fib_rules_lookup() holds RCU
lock
- call in ip6mr_rtm_dumproute() is safe because rtnl_register_internal()
holds the RTNL lock
Detected by Lockdep-RCU in the following two scenarios:
[ 10.247131] WARNING: suspicious RCU usage
[ 10.247133] 6.1.103-49518b10de-nokia_sm_x86 #1 Not tainted
[ 10.247135] -----------------------------
[ 10.247137] /net/ipv6/ip6mr.c:131 RCU-list traversed in non-reader section!!
[ 10.247140]
other info that might help us debug this:
[ 10.247142]
rcu_scheduler_active = 2, debug_locks = 1
[ 10.247144] 1 lock held by swapper/0/1:
[ 10.247147] #0: ffffffff82b374d0 (pernet_ops_rwsem){+.+.}-{3:3}, at: register_pernet_subsys+0x15/0x40
[ 10.247164]
stack backtrace:
[ 10.247166] CPU: 0 PID: 1 Comm: swapper/0 Not tainted 6.1.103-49518b10de-nokia_sm_x86 #1
[ 10.247170] Hardware name: Nokia Asil/Default string, BIOS 0ACNA114 07/18/2024
[ 10.247175] Call Trace:
[ 10.247178] <TASK>
[ 10.247181] dump_stack_lvl+0xb7/0xe9
[ 10.247189] lockdep_rcu_suspicious.cold+0x2d/0x64
[ 10.247198] ip6mr_get_table+0x8a/0x90
[ 10.247203] ip6mr_net_init+0x7c/0x200
[ 10.247209] ops_init+0x37/0x1f0
[ 10.247215] register_pernet_operations+0x129/0x230
[ 10.247221] ? af_unix_init+0xca/0xca
[ 10.247227] register_pernet_subsys+0x24/0x40
[ 10.247231] ip6_mr_init+0x42/0xf2
[ 10.247235] inet6_init+0x133/0x3b9
[ 10.247238] do_one_initcall+0x74/0x290
[ 10.247247] kernel_init_freeable+0x251/0x294
[ 10.247253] ? rest_init+0x174/0x174
[ 10.247257] kernel_init+0x16/0x12c
[ 10.247260] ret_from_fork+0x1f/0x30
[ 10.247271] </TASK>
[ 48.834645] WARNING: suspicious RCU usage
[ 48.834647] 6.1.103-584209f6d5-nokia_sm_x86 #1 Tainted: G S O
[ 48.834649] -----------------------------
[ 48.834651] /net/ipv6/ip6mr.c:132 RCU-list traversed in non-reader section!!
[ 48.834654]
other info that might help us debug this:
[ 48.834656]
rcu_scheduler_active = 2, debug_locks = 1
[ 48.834658] no locks held by radvd/5777.
[ 48.834660]
stack backtrace:
[ 48.834663] CPU: 0 PID: 5777 Comm: radvd Tainted: G S O 6.1.103-584209f6d5-nokia_sm_x86 #1
[ 48.834666] Hardware name: Nokia Asil/Default string, BIOS 0ACNA113 06/07/2024
[ 48.834673] Call Trace:
[ 48.834674] <TASK>
[ 48.834677] dump_stack_lvl+0xb7/0xe9
[ 48.834687] lockdep_rcu_suspicious.cold+0x2d/0x64
[ 48.834697] ip6mr_get_table+0x9f/0xb0
[ 48.834704] ip6mr_ioctl+0x50/0x360
[ 48.834713] ? sk_ioctl+0x5f/0x1c0
[ 48.834719] sk_ioctl+0x5f/0x1c0
[ 48.834723] ? find_held_lock+0x2b/0x80
[ 48.834731] sock_do_ioctl+0x7b/0x140
[ 48.834737] ? proc_nr_files+0x30/0x30
[ 48.834744] sock_ioctl+0x1f5/0x360
[ 48.834754] __x64_sys_ioctl+0x8d/0xd0
[ 48.834760] do_syscall_64+0x3c/0x90
[ 48.834765] entry_SYSCALL_64_after_hwframe+0x6e/0xd8
...
[ 48.834802] </TASK>
v6:
- hold RCU/RTNL lock for the complete duration multicast routing
tables are in use
- fix duplicate newline
v5: https://patchwork.kernel.org/project/netdevbpf/cover/20241014151247.1902637-1-stefan.wiehler@nokia.com/
- add missing RCU locks in ip6mr_new_table(), ip6mr_mfc_seq_start(),
ip6_mroute_setsockopt(), ip6_mroute_getsockopt() and
ip6mr_rtm_getroute()
- fix double RCU unlock in ip6mr_compat_ioctl()
- always jump to out label in ip6mr_ioctl()
v4: https://patchwork.kernel.org/project/netdevbpf/cover/20241011074811.2308043-3-stefan.wiehler@nokia.com/
- mention in commit message that ip6mr_vif_seq_stop() would be called
in case ip6mr_vif_seq_start() returns an error
- fix unitialised use of mrt variable
- revert commit b6dd5acde3f1 ("ipv6: Fix suspicious RCU usage warning
in ip6mr")
v3: https://patchwork.kernel.org/project/netdevbpf/patch/20241010090741.1980100-2-stefan.wiehler@nokia.com/
- split into separate patches
v2: https://patchwork.kernel.org/project/netdevbpf/patch/20241001100119.230711-2-stefan.wiehler@nokia.com/
- rebase on top of net tree
- add Fixes tag
- refactor out paths
v1: https://patchwork.kernel.org/project/netdevbpf/patch/20240605195355.363936-1-oss@malat.biz/
Stefan Wiehler (10):
ip6mr: Lock RCU before ip6mr_get_table() call in ip6mr_vif_seq_start()
ip6mr: Lock RCU before ip6mr_get_table() call in ip6mr_ioctl()
ip6mr: Lock RCU before ip6mr_get_table() call in ip6mr_compat_ioctl()
ip6mr: Lock RCU before ip6mr_get_table() call in ip6mr_get_route()
ip6mr: Lock RTNL before ip6mr_new_table() call in ip6mr_rules_init()
ip6mr: Lock RCU before ip6mr_get_table() call in ip6mr_mfc_seq_start()
ip6mr: Lock RCU before ip6mr_get_table() call in
ip6_mroute_setsockopt()
ip6mr: Lock RCU before ip6mr_get_table() call in
ip6_mroute_getsockopt()
ip6mr: Lock RCU before ip6mr_get_table() call in ip6mr_rtm_getroute()
Revert "ipv6: Fix suspicious RCU usage warning in ip6mr"
net/ipv6/ip6mr.c | 309 +++++++++++++++++++++++++++++------------------
1 file changed, 190 insertions(+), 119 deletions(-)
--
2.42.0