release/5.2.41/ipv4-fix-a-RCU-list-lock-in-inet_dump_fib.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-5.2 - Git at Google

 From b65bc7e797c326ae6b409f3a49b057ae704c9452 Mon Sep 17 00:00:00 2001
 From: Qian Cai <cai@lca.pw>
 Date: Thu, 19 Mar 2020 22:54:21 -0400
 Subject: [PATCH] ipv4: fix a RCU-list lock in inet_dump_fib()

 commit dddeb30bfc43926620f954266fd12c65a7206f07 upstream.

 There is a place,

 inet_dump_fib()
   fib_table_dump
     fn_trie_dump_leaf()
       hlist_for_each_entry_rcu()

 without rcu_read_lock() will trigger a warning,

  WARNING: suspicious RCU usage
  -----------------------------
  net/ipv4/fib_trie.c:2216 RCU-list traversed in non-reader section!!

  other info that might help us debug this:

  rcu_scheduler_active = 2, debug_locks = 1
  1 lock held by ip/1923:
   #0: ffffffff8ce76e40 (rtnl_mutex){+.+.}, at: netlink_dump+0xd6/0x840

  Call Trace:
   dump_stack+0xa1/0xea
   lockdep_rcu_suspicious+0x103/0x10d
   fn_trie_dump_leaf+0x581/0x590
   fib_table_dump+0x15f/0x220
   inet_dump_fib+0x4ad/0x5d0
   netlink_dump+0x350/0x840
   __netlink_dump_start+0x315/0x3e0
   rtnetlink_rcv_msg+0x4d1/0x720
   netlink_rcv_skb+0xf0/0x220
   rtnetlink_rcv+0x15/0x20
   netlink_unicast+0x306/0x460
   netlink_sendmsg+0x44b/0x770
   __sys_sendto+0x259/0x270
   __x64_sys_sendto+0x80/0xa0
   do_syscall_64+0x69/0xf4
   entry_SYSCALL_64_after_hwframe+0x49/0xb3

 Fixes: 18a8021a7be3 ("net/ipv4: Plumb support for filtering route dumps")
 Signed-off-by: Qian Cai <cai@lca.pw>
 Reviewed-by: David Ahern <dsahern@gmail.com>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

 diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
 index 48137d37695e..0aef5667da96 100644
 --- a/net/ipv4/fib_frontend.c
 +++ b/net/ipv4/fib_frontend.c
 @@ -964,7 +964,9 @@ static int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb)
  			return -ENOENT;
  		}

 +		rcu_read_lock();
  		err = fib_table_dump(tb, skb, cb, &filter);
 +		rcu_read_unlock();
  		return skb->len ? : err;
  	}

 --
 2.7.4
	From b65bc7e797c326ae6b409f3a49b057ae704c9452 Mon Sep 17 00:00:00 2001
	From: Qian Cai <cai@lca.pw>
	Date: Thu, 19 Mar 2020 22:54:21 -0400
	Subject: [PATCH] ipv4: fix a RCU-list lock in inet_dump_fib()

	commit dddeb30bfc43926620f954266fd12c65a7206f07 upstream.

	There is a place,

	inet_dump_fib()
	fib_table_dump
	fn_trie_dump_leaf()
	hlist_for_each_entry_rcu()

	without rcu_read_lock() will trigger a warning,

	WARNING: suspicious RCU usage
	-----------------------------
	net/ipv4/fib_trie.c:2216 RCU-list traversed in non-reader section!!

	other info that might help us debug this:

	rcu_scheduler_active = 2, debug_locks = 1
	1 lock held by ip/1923:
	#0: ffffffff8ce76e40 (rtnl_mutex){+.+.}, at: netlink_dump+0xd6/0x840

	Call Trace:
	dump_stack+0xa1/0xea
	lockdep_rcu_suspicious+0x103/0x10d
	fn_trie_dump_leaf+0x581/0x590
	fib_table_dump+0x15f/0x220
	inet_dump_fib+0x4ad/0x5d0
	netlink_dump+0x350/0x840
	__netlink_dump_start+0x315/0x3e0
	rtnetlink_rcv_msg+0x4d1/0x720
	netlink_rcv_skb+0xf0/0x220
	rtnetlink_rcv+0x15/0x20
	netlink_unicast+0x306/0x460
	netlink_sendmsg+0x44b/0x770
	__sys_sendto+0x259/0x270
	__x64_sys_sendto+0x80/0xa0
	do_syscall_64+0x69/0xf4
	entry_SYSCALL_64_after_hwframe+0x49/0xb3

	Fixes: 18a8021a7be3 ("net/ipv4: Plumb support for filtering route dumps")
	Signed-off-by: Qian Cai <cai@lca.pw>
	Reviewed-by: David Ahern <dsahern@gmail.com>
	Signed-off-by: David S. Miller <davem@davemloft.net>
	Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

	diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
	index 48137d37695e..0aef5667da96 100644
	--- a/net/ipv4/fib_frontend.c
	+++ b/net/ipv4/fib_frontend.c
	@@ -964,7 +964,9 @@ static int inet_dump_fib(struct sk_buff skb, struct netlink_callback cb)
	return -ENOENT;
	}

	+ rcu_read_lock();
	err = fib_table_dump(tb, skb, cb, &filter);
	+ rcu_read_unlock();
	return skb->len ? : err;
	}

	--
	2.7.4