OpenE2K/linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
20e6074eb8
linux/net/core
History
Eric Dumazet 20e6074eb8 arp: fix rcu lockdep splat in arp_process() 
Dave Jones reported a lockdep splat triggered by an arp_process() call
from parp_redo().

Commit faa9dcf793 (arp: RCU changes) is the origin of the bug, since
it assumed arp_process() was called under rcu_read_lock(), which is not
true in this particular path.

Instead of adding rcu_read_lock() in parp_redo(), I chose to add it in
neigh_proxy_process() to take care of IPv6 side too.

 ===================================================
 [ INFO: suspicious rcu_dereference_check() usage. ]
 ---------------------------------------------------
 include/linux/inetdevice.h:209 invoked rcu_dereference_check() without
protection!

 other info that might help us debug this:

 rcu_scheduler_active = 1, debug_locks = 0
 4 locks held by setfiles/2123:
  #0:  (&sb->s_type->i_mutex_key#13){+.+.+.}, at: [<ffffffff8114cbc4>]
walk_component+0x1ef/0x3e8
  #1:  (&isec->lock){+.+.+.}, at: [<ffffffff81204bca>]
inode_doinit_with_dentry+0x3f/0x41f
  #2:  (&tbl->proxy_timer){+.-...}, at: [<ffffffff8106a803>]
run_timer_softirq+0x157/0x372
  #3:  (class){+.-...}, at: [<ffffffff8141f256>] neigh_proxy_process
+0x36/0x103

 stack backtrace:
 Pid: 2123, comm: setfiles Tainted: G        W
3.1.0-0.rc2.git7.2.fc16.x86_64 #1
 Call Trace:
  <IRQ>  [<ffffffff8108ca23>] lockdep_rcu_dereference+0xa7/0xaf
  [<ffffffff8146a0b7>] __in_dev_get_rcu+0x55/0x5d
  [<ffffffff8146a751>] arp_process+0x25/0x4d7
  [<ffffffff8146ac11>] parp_redo+0xe/0x10
  [<ffffffff8141f2ba>] neigh_proxy_process+0x9a/0x103
  [<ffffffff8106a8c4>] run_timer_softirq+0x218/0x372
  [<ffffffff8106a803>] ? run_timer_softirq+0x157/0x372
  [<ffffffff8141f220>] ? neigh_stat_seq_open+0x41/0x41
  [<ffffffff8108f2f0>] ? mark_held_locks+0x6d/0x95
  [<ffffffff81062bb6>] __do_softirq+0x112/0x25a
  [<ffffffff8150d27c>] call_softirq+0x1c/0x30
  [<ffffffff81010bf5>] do_softirq+0x4b/0xa2
  [<ffffffff81062f65>] irq_exit+0x5d/0xcf
  [<ffffffff8150dc11>] smp_apic_timer_interrupt+0x7c/0x8a
  [<ffffffff8150baf3>] apic_timer_interrupt+0x73/0x80
  <EOI>  [<ffffffff8108f439>] ? trace_hardirqs_on_caller+0x121/0x158
  [<ffffffff814fc285>] ? __slab_free+0x30/0x24c
  [<ffffffff814fc283>] ? __slab_free+0x2e/0x24c
  [<ffffffff81204e74>] ? inode_doinit_with_dentry+0x2e9/0x41f
  [<ffffffff81204e74>] ? inode_doinit_with_dentry+0x2e9/0x41f
  [<ffffffff81204e74>] ? inode_doinit_with_dentry+0x2e9/0x41f
  [<ffffffff81130cb0>] kfree+0x108/0x131
  [<ffffffff81204e74>] inode_doinit_with_dentry+0x2e9/0x41f
  [<ffffffff81204fc6>] selinux_d_instantiate+0x1c/0x1e
  [<ffffffff81200f4f>] security_d_instantiate+0x21/0x23
  [<ffffffff81154625>] d_instantiate+0x5c/0x61
  [<ffffffff811563ca>] d_splice_alias+0xbc/0xd2
  [<ffffffff811b17ff>] ext4_lookup+0xba/0xeb
  [<ffffffff8114bf1e>] d_alloc_and_lookup+0x45/0x6b
  [<ffffffff8114cbea>] walk_component+0x215/0x3e8
  [<ffffffff8114cdf8>] lookup_last+0x3b/0x3d
  [<ffffffff8114daf3>] path_lookupat+0x82/0x2af
  [<ffffffff8110fc53>] ? might_fault+0xa5/0xac
  [<ffffffff8110fc0a>] ? might_fault+0x5c/0xac
  [<ffffffff8114c564>] ? getname_flags+0x31/0x1ca
  [<ffffffff8114dd48>] do_path_lookup+0x28/0x97
  [<ffffffff8114df2c>] user_path_at+0x59/0x96
  [<ffffffff811467ad>] ? cp_new_stat+0xf7/0x10d
  [<ffffffff811469a6>] vfs_fstatat+0x44/0x6e
  [<ffffffff811469ee>] vfs_lstat+0x1e/0x20
  [<ffffffff81146b3d>] sys_newlstat+0x1a/0x33
  [<ffffffff8108f439>] ? trace_hardirqs_on_caller+0x121/0x158
  [<ffffffff812535fe>] ? trace_hardirqs_on_thunk+0x3a/0x3f
  [<ffffffff8150af82>] system_call_fastpath+0x16/0x1b

Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-08-24 17:55:00 -07:00
..
datagram.c Fix a typo in datagram.c and sctp/socket.c. 2010-12-06 13:10:11 -08:00
dev_addr_lists.c net,rcu: convert call_rcu(ha_rcu_free) to kfree_rcu() 2011-05-07 22:50:52 -07:00
dev.c net: Convert struct net_device uc_promisc to bool 2011-07-25 16:17:35 -07:00
drop_monitor.c net,rcu: convert call_rcu(free_dm_hw_stat) to kfree_rcu() 2011-05-07 22:50:59 -07:00
dst.c net: Abstract dst->neighbour accesses behind helpers. 2011-07-17 23:11:35 -07:00
ethtool.c ethtool: Allow zero-length register dumps again 2011-07-21 15:25:30 -07:00
fib_rules.c rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
filter.c bug.h: Move ratelimit warn interfaces to ratelimit.h 2011-05-26 15:00:31 -04:00
flow.c atomic: use <linux/atomic.h> 2011-07-26 16:49:47 -07:00
gen_estimator.c net,rcu: convert call_rcu(__gen_kill_estimator) to kfree_rcu() 2011-05-07 22:50:57 -07:00
gen_stats.c net/core: EXPORT_SYMBOL cleanups 2010-07-12 12:57:55 -07:00
iovec.c net: Limit socket I/O iovec total length to INT_MAX. 2010-10-28 11:47:52 -07:00
kmap_skb.h
link_watch.c net: allow netif_carrier to be called safely from IRQ 2011-07-22 17:01:14 -07:00
Makefile net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
neighbour.c arp: fix rcu lockdep splat in arp_process() 2011-08-24 17:55:00 -07:00
net_namespace.c rtnl: provide link dump consistency info 2011-07-01 15:39:53 -07:00
net-sysfs.c net: remove /sys/class/net/*/features 2011-07-14 14:45:15 -07:00
net-sysfs.h xps: Add CONFIG_XPS 2010-11-28 18:24:14 -08:00
net-traces.c core: add tracepoints for queueing skb to rcvbuf 2011-06-21 16:06:10 -07:00
netevent.c net/core: EXPORT_SYMBOL cleanups 2010-07-12 12:57:55 -07:00
netpoll.c netpoll: Remove wrapper function netpoll_poll 2011-07-03 20:02:07 -07:00
pktgen.c net: add IFF_SKB_TX_SHARED flag to priv_flags 2011-07-27 22:39:30 -07:00
request_sock.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
rtnetlink.c rtnl: provide link dump consistency info 2011-07-01 15:39:53 -07:00
scm.c scm: Capture the full credentials of the scm sender 2011-08-11 05:52:57 -07:00
secure_seq.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
skbuff.c net: add kerneldoc to skb_copy_bits() 2011-08-01 18:03:06 -07:00
sock.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem 2011-07-08 11:03:36 -04:00
stream.c net: Fix the condition passed to sk_wait_event() 2010-10-03 20:41:32 -07:00
sysctl_net_core.c net: Kill ratelimit.h dependency in linux/net.h 2011-05-27 13:41:33 -04:00
timestamping.c net: export the receive time stamping hook for non-NAPI drivers 2011-06-20 13:56:53 -07:00
user_dma.c
utils.c net: Kill ratelimit.h dependency in linux/net.h 2011-05-27 13:41:33 -04:00