| Message ID | 1517079523.3715.73.camel@gmail.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | [net] net_sched: gen_estimator: fix lockdep splat | expand |
On Sat, Jan 27, 2018 at 10:58 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote: > From: Eric Dumazet <edumazet@google.com> > > syzbot reported a lockdep splat in gen_new_estimator() / > est_fetch_counters() when attempting to lock est->stats_lock. > > Since est_fetch_counters() is called from BH context from timer > interrupt, we need to block BH as well when calling it from process > context. > > Most qdiscs use per cpu counters and are immune to the problem, > but net/sched/act_api.c and net/netfilter/xt_RATEEST.c are using > a spinlock to protect their data. They both call gen_new_estimator() > while object is created and not yet alive, so this bug could > not trigger a deadlock, only a lockdep splat. > > Fixes: 1c0d32fde5bd ("net_sched: gen_estimator: complete rewrite of rate estimators") > Signed-off-by: Eric Dumazet <edumazet@google.com> > Reported-by: syzbot <syzkaller@googlegroups.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Nit: perhaps it is better to move the spin_lock out of est_fetch_counters() and let callers decide to use spin_lock or spin_lock_bh.
From: Eric Dumazet <eric.dumazet@gmail.com> Date: Sat, 27 Jan 2018 10:58:43 -0800 > From: Eric Dumazet <edumazet@google.com> > > syzbot reported a lockdep splat in gen_new_estimator() / > est_fetch_counters() when attempting to lock est->stats_lock. > > Since est_fetch_counters() is called from BH context from timer > interrupt, we need to block BH as well when calling it from process > context. > > Most qdiscs use per cpu counters and are immune to the problem, > but net/sched/act_api.c and net/netfilter/xt_RATEEST.c are using > a spinlock to protect their data. They both call gen_new_estimator() > while object is created and not yet alive, so this bug could > not trigger a deadlock, only a lockdep splat. > > Fixes: 1c0d32fde5bd ("net_sched: gen_estimator: complete rewrite of rate estimators") > Signed-off-by: Eric Dumazet <edumazet@google.com> > Reported-by: syzbot <syzkaller@googlegroups.com> Applied, thanks.
diff --git a/net/core/gen_estimator.c b/net/core/gen_estimator.c index 9834cfa21b21168a7654290dc2a999e41937b534..0a3f88f08727f1f1217560407ff539c8a8c17496 100644 --- a/net/core/gen_estimator.c +++ b/net/core/gen_estimator.c @@ -159,7 +159,11 @@ int gen_new_estimator(struct gnet_stats_basic_packed *bstats, est->intvl_log = intvl_log; est->cpu_bstats = cpu_bstats; + if (stats_lock) + local_bh_disable(); est_fetch_counters(est, &b); + if (stats_lock) + local_bh_enable(); est->last_bytes = b.bytes; est->last_packets = b.packets; old = rcu_dereference_protected(*rate_est, 1);