• Eric Dumazet's avatar
    net: sched: add rcu annotations around qdisc->qdisc_sleeping · d636fc5d
    Eric Dumazet authored
    syzbot reported a race around qdisc->qdisc_sleeping [1]
    
    It is time we add proper annotations to reads and writes to/from
    qdisc->qdisc_sleeping.
    
    [1]
    BUG: KCSAN: data-race in dev_graft_qdisc / qdisc_lookup_rcu
    
    read to 0xffff8881286fc618 of 8 bytes by task 6928 on cpu 1:
    qdisc_lookup_rcu+0x192/0x2c0 net/sched/sch_api.c:331
    __tcf_qdisc_find+0x74/0x3c0 net/sched/cls_api.c:1174
    tc_get_tfilter+0x18f/0x990 net/sched/cls_api.c:2547
    rtnetlink_rcv_msg+0x7af/0x8c0 net/core/rtnetlink.c:6386
    netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2546
    rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6413
    netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
    netlink_unicast+0x56f/0x640 net/netlink/af_netlink.c:1365
    netlink_sendmsg+0x665/0x770 net/netlink/af_netlink.c:1913
    sock_sendmsg_nosec net/socket.c:724 [inline]
    sock_sendmsg net/socket.c:747 [inline]
    ____sys_sendmsg+0x375/0x4c0 net/socket.c:2503
    ___sys_sendmsg net/socket.c:2557 [inline]
    __sys_sendmsg+0x1e3/0x270 net/socket.c:2586
    __do_sys_sendmsg net/socket.c:2595 [inline]
    __se_sys_sendmsg net/socket.c:2593 [inline]
    __x64_sys_sendmsg+0x46/0x50 net/socket.c:2593
    do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
    entry_SYSCALL_64_after_hwframe+0x63/0xcd
    
    write to 0xffff8881286fc618 of 8 bytes by task 6912 on cpu 0:
    dev_graft_qdisc+0x4f/0x80 net/sched/sch_generic.c:1115
    qdisc_graft+0x7d0/0xb60 net/sched/sch_api.c:1103
    tc_modify_qdisc+0x712/0xf10 net/sched/sch_api.c:1693
    rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6395
    netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2546
    rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6413
    netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
    netlink_unicast+0x56f/0x640 net/netlink/af_netlink.c:1365
    netlink_sendmsg+0x665/0x770 net/netlink/af_netlink.c:1913
    sock_sendmsg_nosec net/socket.c:724 [inline]
    sock_sendmsg net/socket.c:747 [inline]
    ____sys_sendmsg+0x375/0x4c0 net/socket.c:2503
    ___sys_sendmsg net/socket.c:2557 [inline]
    __sys_sendmsg+0x1e3/0x270 net/socket.c:2586
    __do_sys_sendmsg net/socket.c:2595 [inline]
    __se_sys_sendmsg net/socket.c:2593 [inline]
    __x64_sys_sendmsg+0x46/0x50 net/socket.c:2593
    do_syscall_x64 arch/x86/entry/common.c:50 [inline]
    do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80
    entry_SYSCALL_64_after_hwframe+0x63/0xcd
    
    Reported by Kernel Concurrency Sanitizer on:
    CPU: 0 PID: 6912 Comm: syz-executor.5 Not tainted 6.4.0-rc3-syzkaller-00190-g0d85b27b #0
    Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/16/2023
    
    Fixes: 3a7d0d07 ("net: sched: extend Qdisc with rcu")
    Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Cc: Vlad Buslov <vladbu@nvidia.com>
    Acked-by: Jamal Hadi Salim<jhs@mojatatu.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    d636fc5d
sch_api.c 56 KB