github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-04 20:46:48 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
cae03e5bdd
linux/net/ipv4
History
Eric Dumazet f130a0cc1b inet: fix lwtunnel_valid_encap_type() lock imbalance 
After blamed commit rtm_to_fib_config() now calls
lwtunnel_valid_encap_type{_attr}() without RTNL held,
triggering an unlock balance in __rtnl_unlock,
as reported by syzbot [1]

IPv6 and rtm_to_nh_config() are not yet converted.

Add a temporary @rtnl_is_held parameter to lwtunnel_valid_encap_type()
and lwtunnel_valid_encap_type_attr().

While we are at it replace the two rcu_dereference()
in lwtunnel_valid_encap_type() with more appropriate
rcu_access_pointer().

[1]
syz-executor245/5836 is trying to release lock (rtnl_mutex) at:
 [<ffffffff89d0e38c>] __rtnl_unlock+0x6c/0xf0 net/core/rtnetlink.c:142
but there are no more locks to release!

other info that might help us debug this:
no locks held by syz-executor245/5836.

stack backtrace:
CPU: 0 UID: 0 PID: 5836 Comm: syz-executor245 Not tainted 6.14.0-rc4-syzkaller-00873-g3424291dd242 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
  __dump_stack lib/dump_stack.c:94 [inline]
  dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
  print_unlock_imbalance_bug+0x25b/0x2d0 kernel/locking/lockdep.c:5289
  __lock_release kernel/locking/lockdep.c:5518 [inline]
  lock_release+0x47e/0xa30 kernel/locking/lockdep.c:5872
  __mutex_unlock_slowpath+0xec/0x800 kernel/locking/mutex.c:891
  __rtnl_unlock+0x6c/0xf0 net/core/rtnetlink.c:142
  lwtunnel_valid_encap_type+0x38a/0x5f0 net/core/lwtunnel.c:169
  lwtunnel_valid_encap_type_attr+0x113/0x270 net/core/lwtunnel.c:209
  rtm_to_fib_config+0x949/0x14e0 net/ipv4/fib_frontend.c:808
  inet_rtm_newroute+0xf6/0x2a0 net/ipv4/fib_frontend.c:917
  rtnetlink_rcv_msg+0x791/0xcf0 net/core/rtnetlink.c:6919
  netlink_rcv_skb+0x206/0x480 net/netlink/af_netlink.c:2534
  netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
  netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1339
  netlink_sendmsg+0x8de/0xcb0 net/netlink/af_netlink.c:1883
  sock_sendmsg_nosec net/socket.c:709 [inline]

Fixes: 1dd2af7963 ("ipv4: fib: Convert RTM_NEWROUTE and RTM_DELROUTE to per-netns RTNL.")
Reported-by: syzbot+3f18ef0f7df107a3f6a0@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/67c6f87a.050a0220.38b91b.0147.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://patch.msgid.link/20250304125918.2763514-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-03-05 19:16:56 -08:00
..
netfilter netfilter: nf_dup4: Convert nf_dup_ipv4_route() to dscp_t. 2024-11-15 11:00:29 +01:00
af_inet.c net: dismiss sk_forward_alloc_get() 2025-02-19 19:05:28 -08:00
ah4.c
arp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-02-20 10:37:30 -08:00
bpf_tcp_ca.c bpf: Check unsupported ops from the bpf_struct_ops's cfi_stubs 2024-07-29 12:54:13 -07:00
cipso_ipv4.c move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
datagram.c ipv4: Use inet_sk_init_flowi4() in ip4_datagram_release_cb(). 2024-12-20 13:50:09 -08:00
devinet.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-02-13 12:43:30 -08:00
esp4_offload.c xfrm: Add an inbound percpu state cache. 2024-10-29 11:56:18 +01:00
esp4.c ipsec-2025-01-27 2025-01-27 15:15:12 -08:00
fib_frontend.c inet: fix lwtunnel_valid_encap_type() lock imbalance 2025-03-05 19:16:56 -08:00
fib_lookup.h
fib_notifier.c net: do not acquire rtnl in fib_seq_sum() 2024-10-11 15:35:05 -07:00
fib_rules.c ipv4: fib_rules: Add DSCP mask matching 2025-02-21 16:08:47 -08:00
fib_semantics.c ipv4: fib: Namespacify fib_info hash tables. 2025-03-03 15:04:10 -08:00
fib_trie.c ipv4: fib: Move fib_valid_key_len() to rtm_to_fib_config(). 2025-03-03 15:04:11 -08:00
fou_bpf.c ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
fou_core.c fou: fix initialization of grc 2024-09-09 17:21:47 -07:00
fou_nl.c tools: ynl-gen: use big-endian netlink attribute types 2024-10-22 15:33:24 +02:00
fou_nl.h
gre_demux.c ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
gre_offload.c
icmp.c inet: ping: avoid skb_clone() dance in ping_rcv() 2025-02-28 14:41:33 -08:00
igmp_internal.h netlink: support dumping IPv4 multicast addresses 2025-02-11 11:26:53 +01:00
igmp.c netlink: support dumping IPv4 multicast addresses 2025-02-11 11:26:53 +01:00
inet_connection_sock.c tcp: add RCU management to inet_bind_bucket 2025-03-04 17:46:26 -08:00
inet_diag.c net: dismiss sk_forward_alloc_get() 2025-02-19 19:05:28 -08:00
inet_fragment.c net: Rename mono_delivery_time to tstamp_type for scalabilty 2024-05-23 14:14:23 -07:00
inet_hashtables.c tcp: use RCU lookup in __inet_hash_connect() 2025-03-04 17:46:27 -08:00
inet_timewait_sock.c tcp: add RCU management to inet_bind_bucket 2025-03-04 17:46:26 -08:00
inetpeer.c inetpeer: use EXPORT_IPV6_MOD[_GPL]() 2025-02-14 13:09:39 -08:00
ip_forward.c
ip_fragment.c inetpeer: do not get a refcount in inet_getpeer() 2024-12-17 19:37:48 -08:00
ip_gre.c net: ip_tunnel: Use link netns in newlink() of rtnl_link_ops 2025-02-21 15:28:02 -08:00
ip_input.c ipv4: remove useless arg 2025-01-02 17:17:40 -08:00
ip_options.c net: ip: make ip_route_input() return drop reasons 2024-11-12 11:24:51 +01:00
ip_output.c ipv4: Use inet_sk_init_flowi4() in __ip_queue_xmit(). 2024-12-20 13:50:09 -08:00
ip_sockglue.c Networking changes for 6.14. 2025-01-22 08:28:57 -08:00
ip_tunnel_core.c ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
ip_tunnel.c net: rename netns_local to netns_immutable 2025-03-04 12:44:48 +01:00
ip_vti.c net: ip_tunnel: Use link netns in newlink() of rtnl_link_ops 2025-02-21 15:28:02 -08:00
ipcomp.c
ipconfig.c
ipip.c net: ip_tunnel: Use link netns in newlink() of rtnl_link_ops 2025-02-21 15:28:02 -08:00
ipmr_base.c ipmr: do not call mr_mfc_uses_dev() for unres entries 2025-01-23 07:08:13 -08:00
ipmr.c net: rename netns_local to netns_immutable 2025-03-04 12:44:48 +01:00
Kconfig net/tcp: Expand goo.gl link 2024-07-30 18:35:12 -07:00
Makefile
metrics.c net: remove NULL-pointer net parameter in ip_metrics_convert 2024-06-05 10:06:00 +01:00
netfilter.c netfilter: ipv4: Convert ip_route_me_harder() to dscp_t. 2024-11-15 11:00:29 +01:00
netlink.c
nexthop.c inet: fix lwtunnel_valid_encap_type() lock imbalance 2025-03-05 19:16:56 -08:00
ping.c inet: ping: avoid skb_clone() dance in ping_rcv() 2025-02-28 14:41:33 -08:00
proc.c tcp: be less liberal in TSEcr received while in SYN_RECV state 2025-02-26 18:11:17 -08:00
protocol.c
raw_diag.c
raw.c ipv4: remove get_rttos 2025-02-18 18:27:19 -08:00
route.c ipv4: use RCU protection in __ip_rt_update_pmtu() 2025-02-06 16:14:14 -08:00
syncookies.c tcp: be less liberal in TSEcr received while in SYN_RECV state 2025-02-26 18:11:17 -08:00
sysctl_net_ipv4.c tcp: add tcp_rto_max_ms sysctl 2025-02-11 13:08:00 +01:00
tcp_ao.c net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals 2024-11-03 12:10:11 -08:00
tcp_bbr.c tcp: Add new args for cong_control in tcp_congestion_ops 2024-05-02 16:26:56 -07:00
tcp_bic.c
tcp_bpf.c bpf: Fix wrong copied_seq calculation 2025-01-29 13:32:23 -08:00
tcp_cdg.c
tcp_cong.c tcp: only release congestion control if it has been initialized 2024-10-31 18:22:48 -07:00
tcp_cubic.c tcp_cubic: fix incorrect HyStart round start detection 2025-01-20 12:26:41 +00:00
tcp_dctcp.c tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). 2024-05-21 13:34:50 +02:00
tcp_dctcp.h
tcp_diag.c
tcp_fastopen.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-02-20 10:37:30 -08:00
tcp_highspeed.c
tcp_htcp.c tcp: Use clamp() in htcp_alpha_update() 2024-08-06 12:16:25 -07:00
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: add a drop_reason pointer to tcp_check_req() 2025-03-03 15:44:19 -08:00
tcp_ipv4.c tcp: remove READ_ONCE(req->ts_recent) 2025-03-03 15:44:19 -08:00
tcp_lp.c
tcp_metrics.c tcp: convert to dev_net_rcu() 2025-03-03 15:44:19 -08:00
tcp_minisocks.c tcp: remove READ_ONCE(req->ts_recent) 2025-03-03 15:44:19 -08:00
tcp_nv.c
tcp_offload.c net: gro: convert four dev_net() calls 2025-03-03 15:44:19 -08:00
tcp_output.c tcp: remove READ_ONCE(req->ts_recent) 2025-03-03 15:44:19 -08:00
tcp_plb.c
tcp_rate.c
tcp_recovery.c
tcp_scalable.c
tcp_sigpool.c net/tcp_sigpool: Use nested-BH locking for sigpool_scratch. 2024-06-24 16:41:22 -07:00
tcp_timer.c tcp: use EXPORT_IPV6_MOD[_GPL]() 2025-02-14 13:09:39 -08:00
tcp_ulp.c
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tcp.c tcp: tcp_set_window_clamp() cleanup 2025-03-03 15:44:19 -08:00
tunnel4.c
udp_bpf.c
udp_diag.c
udp_impl.h
udp_offload.c net: gro: convert four dev_net() calls 2025-03-03 15:44:19 -08:00
udp_tunnel_core.c ipv4: udp_tunnel: Unmask upper DSCP bits in udp_tunnel_dst_lookup() 2024-09-09 14:14:53 +01:00
udp_tunnel_nic.c
udp_tunnel_stub.c
udp.c ipv4: remove get_rttos 2025-02-18 18:27:19 -08:00
udplite.c
xfrm4_input.c ipv4: Convert ip_route_input_noref() to dscp_t. 2024-10-03 16:21:21 -07:00
xfrm4_output.c
xfrm4_policy.c xfrm: Convert struct xfrm_dst_lookup_params -> tos to dscp_t. 2024-11-06 12:42:51 +01:00
xfrm4_protocol.c ipv4: Convert ip_route_input_noref() to dscp_t. 2024-10-03 16:21:21 -07:00
xfrm4_state.c
xfrm4_tunnel.c