[rh7] ms/xfrm: policy: init locks early

Submitted by Andrey Ryabinin on Sept. 13, 2018, 8:37 a.m.

Details

Message ID 20180913083759.18787-1-aryabinin@virtuozzo.com
State New
Series "ms/xfrm: policy: init locks early"
Headers show

Commit Message

Andrey Ryabinin Sept. 13, 2018, 8:37 a.m.
From: Florian Westphal <fw@strlen.de>

Dmitry reports following splat:
 INFO: trying to register non-static key.
 the code is fine but needs lockdep annotation.
 turning off the locking correctness validator.
 CPU: 0 PID: 13059 Comm: syz-executor1 Not tainted 4.10.0-rc7-next-20170207 #1
[..]
 spin_lock_bh include/linux/spinlock.h:304 [inline]
 xfrm_policy_flush+0x32/0x470 net/xfrm/xfrm_policy.c:963
 xfrm_policy_fini+0xbf/0x560 net/xfrm/xfrm_policy.c:3041
 xfrm_net_init+0x79f/0x9e0 net/xfrm/xfrm_policy.c:3091
 ops_init+0x10a/0x530 net/core/net_namespace.c:115
 setup_net+0x2ed/0x690 net/core/net_namespace.c:291
 copy_net_ns+0x26c/0x530 net/core/net_namespace.c:396
 create_new_namespaces+0x409/0x860 kernel/nsproxy.c:106
 unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:205
 SYSC_unshare kernel/fork.c:2281 [inline]

Problem is that when we get error during xfrm_net_init we will call
xfrm_policy_fini which will acquire xfrm_policy_lock before it was
initialized.  Just move it around so locks get set up first.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Fixes: 283bc9f35bbbcb0e9 ("xfrm: Namespacify xfrm state/policy locks")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

https://jira.sw.ru/browse/PSBM-88577
(cherry picked from commit c282222a45cb9503cbfbebfdb60491f06ae84b49)
Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>
---
 net/xfrm/xfrm_policy.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Patch hide | download patch | download mbox

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index ddd976942296..86abaf8a1ca0 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3034,6 +3034,11 @@  static int __net_init xfrm_net_init(struct net *net)
 {
 	int rv;
 
+	/* Initialize the per-net locks here */
+	spin_lock_init(&net->xfrm_state_lock);
+	rwlock_init(&net->xfrm_policy_lock);
+	mutex_init(&net->xfrm_cfg_mutex);
+
 	rv = xfrm_statistics_init(net);
 	if (rv < 0)
 		goto out_statistics;
@@ -3050,11 +3055,6 @@  static int __net_init xfrm_net_init(struct net *net)
 	if (rv < 0)
 		goto out;
 
-	/* Initialize the per-net locks here */
-	spin_lock_init(&net->xfrm_state_lock);
-	rwlock_init(&net->xfrm_policy_lock);
-	mutex_init(&net->xfrm_cfg_mutex);
-
 	return 0;
 
 out:

Comments

Kirill Tkhai Sept. 13, 2018, 8:38 a.m.
On 13.09.2018 11:37, Andrey Ryabinin wrote:
> From: Florian Westphal <fw@strlen.de>
> 
> Dmitry reports following splat:
>  INFO: trying to register non-static key.
>  the code is fine but needs lockdep annotation.
>  turning off the locking correctness validator.
>  CPU: 0 PID: 13059 Comm: syz-executor1 Not tainted 4.10.0-rc7-next-20170207 #1
> [..]
>  spin_lock_bh include/linux/spinlock.h:304 [inline]
>  xfrm_policy_flush+0x32/0x470 net/xfrm/xfrm_policy.c:963
>  xfrm_policy_fini+0xbf/0x560 net/xfrm/xfrm_policy.c:3041
>  xfrm_net_init+0x79f/0x9e0 net/xfrm/xfrm_policy.c:3091
>  ops_init+0x10a/0x530 net/core/net_namespace.c:115
>  setup_net+0x2ed/0x690 net/core/net_namespace.c:291
>  copy_net_ns+0x26c/0x530 net/core/net_namespace.c:396
>  create_new_namespaces+0x409/0x860 kernel/nsproxy.c:106
>  unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:205
>  SYSC_unshare kernel/fork.c:2281 [inline]
> 
> Problem is that when we get error during xfrm_net_init we will call
> xfrm_policy_fini which will acquire xfrm_policy_lock before it was
> initialized.  Just move it around so locks get set up first.
> 
> Reported-by: Dmitry Vyukov <dvyukov@google.com>
> Fixes: 283bc9f35bbbcb0e9 ("xfrm: Namespacify xfrm state/policy locks")
> Signed-off-by: Florian Westphal <fw@strlen.de>
> Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
> 
> https://jira.sw.ru/browse/PSBM-88577
> (cherry picked from commit c282222a45cb9503cbfbebfdb60491f06ae84b49)
> Signed-off-by: Andrey Ryabinin <aryabinin@virtuozzo.com>

Acked-by: Kirill Tkhai <ktkhai@virtuozzo.com>

> ---
>  net/xfrm/xfrm_policy.c | 10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> index ddd976942296..86abaf8a1ca0 100644
> --- a/net/xfrm/xfrm_policy.c
> +++ b/net/xfrm/xfrm_policy.c
> @@ -3034,6 +3034,11 @@ static int __net_init xfrm_net_init(struct net *net)
>  {
>  	int rv;
>  
> +	/* Initialize the per-net locks here */
> +	spin_lock_init(&net->xfrm_state_lock);
> +	rwlock_init(&net->xfrm_policy_lock);
> +	mutex_init(&net->xfrm_cfg_mutex);
> +
>  	rv = xfrm_statistics_init(net);
>  	if (rv < 0)
>  		goto out_statistics;
> @@ -3050,11 +3055,6 @@ static int __net_init xfrm_net_init(struct net *net)
>  	if (rv < 0)
>  		goto out;
>  
> -	/* Initialize the per-net locks here */
> -	spin_lock_init(&net->xfrm_state_lock);
> -	rwlock_init(&net->xfrm_policy_lock);
> -	mutex_init(&net->xfrm_cfg_mutex);
> -
>  	return 0;
>  
>  out:
>