genetlink: hold RCU in genlmsg_mcast()
[ Upstream commit 56440d7ec28d60f8da3bfa09062b3368ff9b16db ] While running net selftests with CONFIG_PROVE_RCU_LIST=y I saw one lockdep splat [1]. genlmsg_mcast() uses for_each_net_rcu(), and must therefore hold RCU. Instead of letting all callers guard genlmsg_multicast_allns() with a rcu_read_lock()/rcu_read_unlock() pair, do it in genlmsg_mcast(). This also means the @flags parameter is useless, we need to always use GFP_ATOMIC. [1] [10882.424136] ============================= [10882.424166] WARNING: suspicious RCU usage [10882.424309] 6.12.0-rc2-virtme #1156 Not tainted [10882.424400] ----------------------------- [10882.424423] net/netlink/genetlink.c:1940 RCU-list traversed in non-reader section!! [10882.424469] other info that might help us debug this: [10882.424500] rcu_scheduler_active = 2, debug_locks = 1 [10882.424744] 2 locks held by ip/15677: [10882.424791] #0: ffffffffb6b491b0 (cb_lock){++++}-{3:3}, at: genl_rcv (net/netlink/genetlink.c:1219) [10882.426334] #1: ffffffffb6b49248 (genl_mutex){+.+.}-{3:3}, at: genl_rcv_msg (net/netlink/genetlink.c:61 net/netlink/genetlink.c:57 net/netlink/genetlink.c:1209) [10882.426465] stack backtrace: [10882.426805] CPU: 14 UID: 0 PID: 15677 Comm: ip Not tainted 6.12.0-rc2-virtme #1156 [10882.426919] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [10882.427046] Call Trace: [10882.427131] <TASK> [10882.427244] dump_stack_lvl (lib/dump_stack.c:123) [10882.427335] lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822) [10882.427387] genlmsg_multicast_allns (net/netlink/genetlink.c:1940 (discriminator 7) net/netlink/genetlink.c:1977 (discriminator 7)) [10882.427436] l2tp_tunnel_notify.constprop.0 (net/l2tp/l2tp_netlink.c:119) l2tp_netlink [10882.427683] l2tp_nl_cmd_tunnel_create (net/l2tp/l2tp_netlink.c:253) l2tp_netlink [10882.427748] genl_family_rcv_msg_doit (net/netlink/genetlink.c:1115) [10882.427834] genl_rcv_msg (net/netlink/genetlink.c:1195 net/netlink/genetlink.c:1210) [10882.427877] ? __pfx_l2tp_nl_cmd_tunnel_create (net/l2tp/l2tp_netlink.c:186) l2tp_netlink [10882.427927] ? __pfx_genl_rcv_msg (net/netlink/genetlink.c:1201) [10882.427959] netlink_rcv_skb (net/netlink/af_netlink.c:2551) [10882.428069] genl_rcv (net/netlink/genetlink.c:1220) [10882.428095] netlink_unicast (net/netlink/af_netlink.c:1332 net/netlink/af_netlink.c:1357) [10882.428140] netlink_sendmsg (net/netlink/af_netlink.c:1901) [10882.428210] ____sys_sendmsg (net/socket.c:729 (discriminator 1) net/socket.c:744 (discriminator 1) net/socket.c:2607 (discriminator 1)) Fixes: 33f72e6f0c67 ("l2tp : multicast notification to the registered listeners") Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: James Chapman <jchapman@katalix.com> Cc: Tom Parkin <tparkin@katalix.com> Cc: Johannes Berg <johannes.berg@intel.com> Link: https://patch.msgid.link/20241011171217.3166614-1-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Eric Dumazet
Ksawlii
parent
654dc34065
commit
8ffd74f354
5 changed files with 20 additions and 25 deletions
|
|
@ -1988,7 +1988,7 @@ static int tcmu_netlink_event_send(struct tcmu_dev *udev,
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = genlmsg_multicast_allns(&tcmu_genl_family, skb, 0,
|
ret = genlmsg_multicast_allns(&tcmu_genl_family, skb, 0,
|
||||||
TCMU_MCGRP_CONFIG, GFP_KERNEL);
|
TCMU_MCGRP_CONFIG);
|
||||||
|
|
||||||
/* Wait during an add as the listener may not be up yet */
|
/* Wait during an add as the listener may not be up yet */
|
||||||
if (ret == 0 ||
|
if (ret == 0 ||
|
||||||
|
|
|
||||||
|
|
@ -340,13 +340,12 @@ static inline int genlmsg_multicast(const struct genl_family *family,
|
||||||
* @skb: netlink message as socket buffer
|
* @skb: netlink message as socket buffer
|
||||||
* @portid: own netlink portid to avoid sending to yourself
|
* @portid: own netlink portid to avoid sending to yourself
|
||||||
* @group: offset of multicast group in groups array
|
* @group: offset of multicast group in groups array
|
||||||
* @flags: allocation flags
|
|
||||||
*
|
*
|
||||||
* This function must hold the RTNL or rcu_read_lock().
|
* This function must hold the RTNL or rcu_read_lock().
|
||||||
*/
|
*/
|
||||||
int genlmsg_multicast_allns(const struct genl_family *family,
|
int genlmsg_multicast_allns(const struct genl_family *family,
|
||||||
struct sk_buff *skb, u32 portid,
|
struct sk_buff *skb, u32 portid,
|
||||||
unsigned int group, gfp_t flags);
|
unsigned int group);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* genlmsg_unicast - unicast a netlink message
|
* genlmsg_unicast - unicast a netlink message
|
||||||
|
|
|
||||||
|
|
@ -115,7 +115,7 @@ static int l2tp_tunnel_notify(struct genl_family *family,
|
||||||
NLM_F_ACK, tunnel, cmd);
|
NLM_F_ACK, tunnel, cmd);
|
||||||
|
|
||||||
if (ret >= 0) {
|
if (ret >= 0) {
|
||||||
ret = genlmsg_multicast_allns(family, msg, 0, 0, GFP_ATOMIC);
|
ret = genlmsg_multicast_allns(family, msg, 0, 0);
|
||||||
/* We don't care if no one is listening */
|
/* We don't care if no one is listening */
|
||||||
if (ret == -ESRCH)
|
if (ret == -ESRCH)
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
@ -143,7 +143,7 @@ static int l2tp_session_notify(struct genl_family *family,
|
||||||
NLM_F_ACK, session, cmd);
|
NLM_F_ACK, session, cmd);
|
||||||
|
|
||||||
if (ret >= 0) {
|
if (ret >= 0) {
|
||||||
ret = genlmsg_multicast_allns(family, msg, 0, 0, GFP_ATOMIC);
|
ret = genlmsg_multicast_allns(family, msg, 0, 0);
|
||||||
/* We don't care if no one is listening */
|
/* We don't care if no one is listening */
|
||||||
if (ret == -ESRCH)
|
if (ret == -ESRCH)
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
|
||||||
|
|
@ -1097,15 +1097,11 @@ static int genl_ctrl_event(int event, const struct genl_family *family,
|
||||||
if (IS_ERR(msg))
|
if (IS_ERR(msg))
|
||||||
return PTR_ERR(msg);
|
return PTR_ERR(msg);
|
||||||
|
|
||||||
if (!family->netnsok) {
|
if (!family->netnsok)
|
||||||
genlmsg_multicast_netns(&genl_ctrl, &init_net, msg, 0,
|
genlmsg_multicast_netns(&genl_ctrl, &init_net, msg, 0,
|
||||||
0, GFP_KERNEL);
|
0, GFP_KERNEL);
|
||||||
} else {
|
else
|
||||||
rcu_read_lock();
|
genlmsg_multicast_allns(&genl_ctrl, msg, 0, 0);
|
||||||
genlmsg_multicast_allns(&genl_ctrl, msg, 0,
|
|
||||||
0, GFP_ATOMIC);
|
|
||||||
rcu_read_unlock();
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
@ -1449,23 +1445,23 @@ problem:
|
||||||
|
|
||||||
core_initcall(genl_init);
|
core_initcall(genl_init);
|
||||||
|
|
||||||
static int genlmsg_mcast(struct sk_buff *skb, u32 portid, unsigned long group,
|
static int genlmsg_mcast(struct sk_buff *skb, u32 portid, unsigned long group)
|
||||||
gfp_t flags)
|
|
||||||
{
|
{
|
||||||
struct sk_buff *tmp;
|
struct sk_buff *tmp;
|
||||||
struct net *net, *prev = NULL;
|
struct net *net, *prev = NULL;
|
||||||
bool delivered = false;
|
bool delivered = false;
|
||||||
int err;
|
int err;
|
||||||
|
|
||||||
|
rcu_read_lock();
|
||||||
for_each_net_rcu(net) {
|
for_each_net_rcu(net) {
|
||||||
if (prev) {
|
if (prev) {
|
||||||
tmp = skb_clone(skb, flags);
|
tmp = skb_clone(skb, GFP_ATOMIC);
|
||||||
if (!tmp) {
|
if (!tmp) {
|
||||||
err = -ENOMEM;
|
err = -ENOMEM;
|
||||||
goto error;
|
goto error;
|
||||||
}
|
}
|
||||||
err = nlmsg_multicast(prev->genl_sock, tmp,
|
err = nlmsg_multicast(prev->genl_sock, tmp,
|
||||||
portid, group, flags);
|
portid, group, GFP_ATOMIC);
|
||||||
if (!err)
|
if (!err)
|
||||||
delivered = true;
|
delivered = true;
|
||||||
else if (err != -ESRCH)
|
else if (err != -ESRCH)
|
||||||
|
|
@ -1474,26 +1470,30 @@ static int genlmsg_mcast(struct sk_buff *skb, u32 portid, unsigned long group,
|
||||||
|
|
||||||
prev = net;
|
prev = net;
|
||||||
}
|
}
|
||||||
|
err = nlmsg_multicast(prev->genl_sock, skb, portid, group, GFP_ATOMIC);
|
||||||
|
|
||||||
|
rcu_read_unlock();
|
||||||
|
|
||||||
err = nlmsg_multicast(prev->genl_sock, skb, portid, group, flags);
|
|
||||||
if (!err)
|
if (!err)
|
||||||
delivered = true;
|
delivered = true;
|
||||||
else if (err != -ESRCH)
|
else if (err != -ESRCH)
|
||||||
return err;
|
return err;
|
||||||
return delivered ? 0 : -ESRCH;
|
return delivered ? 0 : -ESRCH;
|
||||||
error:
|
error:
|
||||||
|
rcu_read_unlock();
|
||||||
|
|
||||||
kfree_skb(skb);
|
kfree_skb(skb);
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
int genlmsg_multicast_allns(const struct genl_family *family,
|
int genlmsg_multicast_allns(const struct genl_family *family,
|
||||||
struct sk_buff *skb, u32 portid,
|
struct sk_buff *skb, u32 portid,
|
||||||
unsigned int group, gfp_t flags)
|
unsigned int group)
|
||||||
{
|
{
|
||||||
if (WARN_ON_ONCE(group >= family->n_mcgrps))
|
if (WARN_ON_ONCE(group >= family->n_mcgrps))
|
||||||
return -EINVAL;
|
return -EINVAL;
|
||||||
group = family->mcgrp_offset + group;
|
group = family->mcgrp_offset + group;
|
||||||
return genlmsg_mcast(skb, portid, group, flags);
|
return genlmsg_mcast(skb, portid, group);
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(genlmsg_multicast_allns);
|
EXPORT_SYMBOL(genlmsg_multicast_allns);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -16063,10 +16063,8 @@ void nl80211_common_reg_change_event(enum nl80211_commands cmd_id,
|
||||||
|
|
||||||
genlmsg_end(msg, hdr);
|
genlmsg_end(msg, hdr);
|
||||||
|
|
||||||
rcu_read_lock();
|
|
||||||
genlmsg_multicast_allns(&nl80211_fam, msg, 0,
|
genlmsg_multicast_allns(&nl80211_fam, msg, 0,
|
||||||
NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
|
NL80211_MCGRP_REGULATORY);
|
||||||
rcu_read_unlock();
|
|
||||||
|
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
|
@ -16580,10 +16578,8 @@ void nl80211_send_beacon_hint_event(struct wiphy *wiphy,
|
||||||
|
|
||||||
genlmsg_end(msg, hdr);
|
genlmsg_end(msg, hdr);
|
||||||
|
|
||||||
rcu_read_lock();
|
|
||||||
genlmsg_multicast_allns(&nl80211_fam, msg, 0,
|
genlmsg_multicast_allns(&nl80211_fam, msg, 0,
|
||||||
NL80211_MCGRP_REGULATORY, GFP_ATOMIC);
|
NL80211_MCGRP_REGULATORY);
|
||||||
rcu_read_unlock();
|
|
||||||
|
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue