releases/4.9.219/ipv4-fix-a-rcu-list-lock-in-fib_triestat_seq_show.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From foo@baz Fri 03 Apr 2020 11:04:16 AM CEST
 From: Qian Cai <cai@lca.pw>
 Date: Wed, 25 Mar 2020 18:01:00 -0400
 Subject: ipv4: fix a RCU-list lock in fib_triestat_seq_show

 From: Qian Cai <cai@lca.pw>

 [ Upstream commit fbe4e0c1b298b4665ee6915266c9d6c5b934ef4a ]

 fib_triestat_seq_show() calls hlist_for_each_entry_rcu(tb, head,
 tb_hlist) without rcu_read_lock() will trigger a warning,

  net/ipv4/fib_trie.c:2579 RCU-list traversed in non-reader section!!

  other info that might help us debug this:

  rcu_scheduler_active = 2, debug_locks = 1
  1 lock held by proc01/115277:
   #0: c0000014507acf00 (&p->lock){+.+.}-{3:3}, at: seq_read+0x58/0x670

  Call Trace:
   dump_stack+0xf4/0x164 (unreliable)
   lockdep_rcu_suspicious+0x140/0x164
   fib_triestat_seq_show+0x750/0x880
   seq_read+0x1a0/0x670
   proc_reg_read+0x10c/0x1b0
   __vfs_read+0x3c/0x70
   vfs_read+0xac/0x170
   ksys_read+0x7c/0x140
   system_call+0x5c/0x68

 Fix it by adding a pair of rcu_read_lock/unlock() and use
 cond_resched_rcu() to avoid the situation where walking of a large
 number of items  may prevent scheduling for a long time.

 Signed-off-by: Qian Cai <cai@lca.pw>
 Reviewed-by: Eric Dumazet <edumazet@google.com>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  net/ipv4/fib_trie.c |    3 +++
  1 file changed, 3 insertions(+)

 --- a/net/ipv4/fib_trie.c
 +++ b/net/ipv4/fib_trie.c
 @@ -2256,6 +2256,7 @@ static int fib_triestat_seq_show(struct
  		   " %Zd bytes, size of tnode: %Zd bytes.\n",
  		   LEAF_SIZE, TNODE_SIZE(0));

 +	rcu_read_lock();
  	for (h = 0; h < FIB_TABLE_HASHSZ; h++) {
  		struct hlist_head *head = &net->ipv4.fib_table_hash[h];
  		struct fib_table *tb;
 @@ -2275,7 +2276,9 @@ static int fib_triestat_seq_show(struct
  			trie_show_usage(seq, t->stats);
  #endif
  		}
 +		cond_resched_rcu();
  	}
 +	rcu_read_unlock();

  	return 0;
  }
	From foo@baz Fri 03 Apr 2020 11:04:16 AM CEST
	From: Qian Cai <cai@lca.pw>
	Date: Wed, 25 Mar 2020 18:01:00 -0400
	Subject: ipv4: fix a RCU-list lock in fib_triestat_seq_show

	From: Qian Cai <cai@lca.pw>

	[ Upstream commit fbe4e0c1b298b4665ee6915266c9d6c5b934ef4a ]

	fib_triestat_seq_show() calls hlist_for_each_entry_rcu(tb, head,
	tb_hlist) without rcu_read_lock() will trigger a warning,

	net/ipv4/fib_trie.c:2579 RCU-list traversed in non-reader section!!

	other info that might help us debug this:

	rcu_scheduler_active = 2, debug_locks = 1
	1 lock held by proc01/115277:
	#0: c0000014507acf00 (&p->lock){+.+.}-{3:3}, at: seq_read+0x58/0x670

	Call Trace:
	dump_stack+0xf4/0x164 (unreliable)
	lockdep_rcu_suspicious+0x140/0x164
	fib_triestat_seq_show+0x750/0x880
	seq_read+0x1a0/0x670
	proc_reg_read+0x10c/0x1b0
	__vfs_read+0x3c/0x70
	vfs_read+0xac/0x170
	ksys_read+0x7c/0x140
	system_call+0x5c/0x68

	Fix it by adding a pair of rcu_read_lock/unlock() and use
	cond_resched_rcu() to avoid the situation where walking of a large
	number of items may prevent scheduling for a long time.

	Signed-off-by: Qian Cai <cai@lca.pw>
	Reviewed-by: Eric Dumazet <edumazet@google.com>
	Signed-off-by: David S. Miller <davem@davemloft.net>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	net/ipv4/fib_trie.c \| 3 +++
	1 file changed, 3 insertions(+)

	--- a/net/ipv4/fib_trie.c
	+++ b/net/ipv4/fib_trie.c
	@@ -2256,6 +2256,7 @@ static int fib_triestat_seq_show(struct
	" %Zd bytes, size of tnode: %Zd bytes.\n",
	LEAF_SIZE, TNODE_SIZE(0));

	+ rcu_read_lock();
	for (h = 0; h < FIB_TABLE_HASHSZ; h++) {
	struct hlist_head *head = &net->ipv4.fib_table_hash[h];
	struct fib_table *tb;
	@@ -2275,7 +2276,9 @@ static int fib_triestat_seq_show(struct
	trie_show_usage(seq, t->stats);
	#endif
	}
	+ cond_resched_rcu();
	}
	+ rcu_read_unlock();

	return 0;
	}