From patchwork Tue Oct 16 15:35:10 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taehee Yoo X-Patchwork-Id: 984816 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="YYoidMiK"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42ZKBd6Dgdz9s8F for ; Wed, 17 Oct 2018 02:35:21 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727082AbeJPX0T (ORCPT ); Tue, 16 Oct 2018 19:26:19 -0400 Received: from mail-pg1-f196.google.com ([209.85.215.196]:44976 "EHLO mail-pg1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727006AbeJPX0T (ORCPT ); Tue, 16 Oct 2018 19:26:19 -0400 Received: by mail-pg1-f196.google.com with SMTP id g2-v6so11018112pgu.11 for ; Tue, 16 Oct 2018 08:35:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=31FaKYUwSUk8RighKPOQi6vtHQEqmoGxwRV/g+2i4LM=; b=YYoidMiKOV82Dtypw0F4iYtd0W2Gs7UhlFvs+KzMbTUmYCUPKhuNQBFD5WfCwFkwR5 roeZzrMLCgHpwbXslPAVsv3Pcsrs7mN4VBq/smp4/PHgDbhPJN53Ojag1K0b6/P/HwjT mA6GEH+xscmjYOUs3yq+eauhjXcVumTC8P9K5YaeSVC27Vxfb/OUZMELpTYxPLUmQZub QKrlcPbeBqr75OeXaisGWE55ywcgKPfcnNysKeSnRvoKBWtyQ9bQ8U+l4sQPC5Hp0sfG Iyh0Ts/Ax3utU2Di7XROfcjscyxwRWZjCkbmZ//3kqWr1zithoku4Z88du8gtLxSw4q+ Fydw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=31FaKYUwSUk8RighKPOQi6vtHQEqmoGxwRV/g+2i4LM=; b=J5ZohK4IFfQ7pvd8moo4PVTm/XwpEkRdjRlxBIJ9Sk/bdtvax76yAZNu144l3hhxxu EDzFTAji42X2o4TKxvR2DlhEq7RRm6W+D2DZfHkcRAJXtW8SFxN8yF97RKucI09VY0O/ 3XBZC6LtkPc1Z/JXDG6FVPxYlQB5MDv+YxL0KAqICy4V8iITmiS8QyrVVvKU9Rm+lOuS +o4dsA7Rre+7bXmuQE+QquNybW3Fjq6Ty/Xp+8Zwt0DbTvxe17ANoTp7XxuxR6hxLIlw mMG/hxuZIODvnNMF5i00Z47OWa3t9rNbY+SxHnjFJJ5cT7bb25xLTpuVGR5C4W4tqms+ ewbg== X-Gm-Message-State: ABuFfoheTTxNv9/3qIbQ2oB491WAnmtD2uFGVW9koP61UHnS3M1yLc3w jn0tsgN62eVwSgl5HWiqtcY= X-Google-Smtp-Source: ACcGV61YtjART/9sfUeWunM8fPWvADVQ+nhTog9VAmd2uEUpIy1P4xvoIp+d/siM1czqxuNKDNPgBQ== X-Received: by 2002:a63:b409:: with SMTP id s9-v6mr20522336pgf.437.1539704118657; Tue, 16 Oct 2018 08:35:18 -0700 (PDT) Received: from ap-To-be-filled-by-O-E-M.8.8.8.8 ([125.130.197.10]) by smtp.gmail.com with ESMTPSA id g87-v6sm8358919pfj.34.2018.10.16.08.35.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Oct 2018 08:35:17 -0700 (PDT) From: Taehee Yoo To: davem@davemloft.net, netdev@vger.kernel.org Cc: daniel@iogearbox.net, ast@kernel.org, ap420073@gmail.com Subject: [PATCH net] net: bpfilter: use get_pid_task instead of pid_task Date: Wed, 17 Oct 2018 00:35:10 +0900 Message-Id: <20181016153510.16962-1-ap420073@gmail.com> X-Mailer: git-send-email 2.17.1 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org pid_task() dereferences rcu protected tasks array. But there is no rcu_read_lock() in shutdown_umh() routine so that rcu_read_lock() is needed. get_pid_task() is wrapper function of pid_task. it holds rcu_read_lock() then calls pid_task(). if task isn't NULL, it increases reference count of task. test commands: %modprobe bpfilter %modprobe -rv bpfilter splat looks like: [15102.030932] ============================= [15102.030957] WARNING: suspicious RCU usage [15102.030985] 4.19.0-rc7+ #21 Not tainted [15102.031010] ----------------------------- [15102.031038] kernel/pid.c:330 suspicious rcu_dereference_check() usage! [15102.031063] other info that might help us debug this: [15102.031332] rcu_scheduler_active = 2, debug_locks = 1 [15102.031363] 1 lock held by modprobe/1570: [15102.031389] #0: 00000000580ef2b0 (bpfilter_lock){+.+.}, at: stop_umh+0x13/0x52 [bpfilter] [15102.031552] stack backtrace: [15102.031583] CPU: 1 PID: 1570 Comm: modprobe Not tainted 4.19.0-rc7+ #21 [15102.031607] Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 07/08/2015 [15102.031628] Call Trace: [15102.031676] dump_stack+0xc9/0x16b [15102.031723] ? show_regs_print_info+0x5/0x5 [15102.031801] ? lockdep_rcu_suspicious+0x117/0x160 [15102.031855] pid_task+0x134/0x160 [15102.031900] ? find_vpid+0xf0/0xf0 [15102.032017] shutdown_umh.constprop.1+0x1e/0x53 [bpfilter] [15102.032055] stop_umh+0x46/0x52 [bpfilter] [15102.032092] __x64_sys_delete_module+0x47e/0x570 [ ... ] Fixes: d2ba09c17a06 ("net: add skeleton of bpfilter kernel module") Signed-off-by: Taehee Yoo Acked-by: Alexei Starovoitov --- net/bpfilter/bpfilter_kern.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/bpfilter/bpfilter_kern.c b/net/bpfilter/bpfilter_kern.c index b64e1649993b..94e88f510c5b 100644 --- a/net/bpfilter/bpfilter_kern.c +++ b/net/bpfilter/bpfilter_kern.c @@ -23,9 +23,11 @@ static void shutdown_umh(struct umh_info *info) if (!info->pid) return; - tsk = pid_task(find_vpid(info->pid), PIDTYPE_PID); - if (tsk) + tsk = get_pid_task(find_vpid(info->pid), PIDTYPE_PID); + if (tsk) { force_sig(SIGKILL, tsk); + put_task_struct(tsk); + } fput(info->pipe_to_umh); fput(info->pipe_from_umh); info->pid = 0;