linux

q3k/linux

History

Eric Dumazet 20e6074eb8 arp: fix rcu lockdep splat in arp_process() Dave Jones reported a lockdep splat triggered by an arp_process() call from parp_redo(). Commit `faa9dcf793` (arp: RCU changes) is the origin of the bug, since it assumed arp_process() was called under rcu_read_lock(), which is not true in this particular path. Instead of adding rcu_read_lock() in parp_redo(), I chose to add it in neigh_proxy_process() to take care of IPv6 side too. =================================================== [ INFO: suspicious rcu_dereference_check() usage. ] --------------------------------------------------- include/linux/inetdevice.h:209 invoked rcu_dereference_check() without protection! other info that might help us debug this: rcu_scheduler_active = 1, debug_locks = 0 4 locks held by setfiles/2123: #0: (&sb->s_type->i_mutex_key#13){+.+.+.}, at: [<ffffffff8114cbc4>] walk_component+0x1ef/0x3e8 #1: (&isec->lock){+.+.+.}, at: [<ffffffff81204bca>] inode_doinit_with_dentry+0x3f/0x41f #2: (&tbl->proxy_timer){+.-...}, at: [<ffffffff8106a803>] run_timer_softirq+0x157/0x372 #3: (class){+.-...}, at: [<ffffffff8141f256>] neigh_proxy_process +0x36/0x103 stack backtrace: Pid: 2123, comm: setfiles Tainted: G W 3.1.0-0.rc2.git7.2.fc16.x86_64 #1 Call Trace: <IRQ> [<ffffffff8108ca23>] lockdep_rcu_dereference+0xa7/0xaf [<ffffffff8146a0b7>] __in_dev_get_rcu+0x55/0x5d [<ffffffff8146a751>] arp_process+0x25/0x4d7 [<ffffffff8146ac11>] parp_redo+0xe/0x10 [<ffffffff8141f2ba>] neigh_proxy_process+0x9a/0x103 [<ffffffff8106a8c4>] run_timer_softirq+0x218/0x372 [<ffffffff8106a803>] ? run_timer_softirq+0x157/0x372 [<ffffffff8141f220>] ? neigh_stat_seq_open+0x41/0x41 [<ffffffff8108f2f0>] ? mark_held_locks+0x6d/0x95 [<ffffffff81062bb6>] __do_softirq+0x112/0x25a [<ffffffff8150d27c>] call_softirq+0x1c/0x30 [<ffffffff81010bf5>] do_softirq+0x4b/0xa2 [<ffffffff81062f65>] irq_exit+0x5d/0xcf [<ffffffff8150dc11>] smp_apic_timer_interrupt+0x7c/0x8a [<ffffffff8150baf3>] apic_timer_interrupt+0x73/0x80 <EOI> [<ffffffff8108f439>] ? trace_hardirqs_on_caller+0x121/0x158 [<ffffffff814fc285>] ? __slab_free+0x30/0x24c [<ffffffff814fc283>] ? __slab_free+0x2e/0x24c [<ffffffff81204e74>] ? inode_doinit_with_dentry+0x2e9/0x41f [<ffffffff81204e74>] ? inode_doinit_with_dentry+0x2e9/0x41f [<ffffffff81204e74>] ? inode_doinit_with_dentry+0x2e9/0x41f [<ffffffff81130cb0>] kfree+0x108/0x131 [<ffffffff81204e74>] inode_doinit_with_dentry+0x2e9/0x41f [<ffffffff81204fc6>] selinux_d_instantiate+0x1c/0x1e [<ffffffff81200f4f>] security_d_instantiate+0x21/0x23 [<ffffffff81154625>] d_instantiate+0x5c/0x61 [<ffffffff811563ca>] d_splice_alias+0xbc/0xd2 [<ffffffff811b17ff>] ext4_lookup+0xba/0xeb [<ffffffff8114bf1e>] d_alloc_and_lookup+0x45/0x6b [<ffffffff8114cbea>] walk_component+0x215/0x3e8 [<ffffffff8114cdf8>] lookup_last+0x3b/0x3d [<ffffffff8114daf3>] path_lookupat+0x82/0x2af [<ffffffff8110fc53>] ? might_fault+0xa5/0xac [<ffffffff8110fc0a>] ? might_fault+0x5c/0xac [<ffffffff8114c564>] ? getname_flags+0x31/0x1ca [<ffffffff8114dd48>] do_path_lookup+0x28/0x97 [<ffffffff8114df2c>] user_path_at+0x59/0x96 [<ffffffff811467ad>] ? cp_new_stat+0xf7/0x10d [<ffffffff811469a6>] vfs_fstatat+0x44/0x6e [<ffffffff811469ee>] vfs_lstat+0x1e/0x20 [<ffffffff81146b3d>] sys_newlstat+0x1a/0x33 [<ffffffff8108f439>] ? trace_hardirqs_on_caller+0x121/0x158 [<ffffffff812535fe>] ? trace_hardirqs_on_thunk+0x3a/0x3f [<ffffffff8150af82>] system_call_fastpath+0x16/0x1b Reported-by: Dave Jones <davej@redhat.com> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2011-08-24 17:55:00 -07:00
..
9p	net/9p: Fix the msize calculation.	2011-07-23 09:32:52 -05:00
802	snap: remove one synchronize_net()	2011-05-23 16:29:24 -04:00
8021q	vlan: reset headers on accel emulation path	2011-08-18 21:29:27 -07:00
appletalk	appletalk: Reduce switch/case indent	2011-07-01 16:11:15 -07:00
atm	atm: br2684: Fix oops due to skb->dev being NULL	2011-08-20 14:13:05 -07:00
ax25	ax25: Fix set-but-unused variable.	2011-04-17 00:48:31 -07:00
batman-adv	netdevice: Kill 'feature' test macros.	2011-07-12 12:28:58 -07:00
bluetooth	net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared	2011-07-27 22:39:30 -07:00
bridge	bridge: fix a possible use after free	2011-08-24 17:49:24 -07:00
caif	Remove redundant linux/version.h includes from net/	2011-06-21 16:03:17 -07:00
can	net/can: use printk_ratelimited() instead of printk_ratelimit()	2011-06-17 00:03:03 -04:00
ceph	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client	2011-07-26 13:38:50 -07:00
core	arp: fix rcu lockdep splat in arp_process()	2011-08-24 17:55:00 -07:00
dcb	dcbnl: unlock on an error path in dcbnl_cee_fill()	2011-07-08 09:01:14 -07:00
dccp	net: Compute protocol sequence numbers and fragment IDs using MD5.	2011-08-06 18:33:19 -07:00
decnet	atomic: use <linux/atomic.h>	2011-07-26 16:49:47 -07:00
dns_resolver	KEYS: Improve /proc/keys	2011-03-17 11:59:32 +11:00
dsa	DSA: Enable cascading in multi-chip 6131 configuration	2011-06-29 05:53:49 -07:00
econet	af_econet: Use current logging styles and neatening	2011-07-03 20:05:16 -07:00
ethernet	net: add IFF_SKB_TX_SHARED flag to priv_flags	2011-07-27 22:39:30 -07:00
ieee802154	ieee802154: free skb buffer if dev isn't running	2011-06-30 16:18:09 +04:00
ipv4	mcast: Fix source address selection for multicast listener report	2011-08-24 17:46:15 -07:00
ipv6	mcast: Fix source address selection for multicast listener report	2011-08-24 17:46:15 -07:00
ipx	ipx: fix ipx_release()	2011-03-21 18:16:39 -07:00
irda	Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6	2011-06-20 22:29:08 -07:00
iucv	atomic: use <linux/atomic.h>	2011-07-26 16:49:47 -07:00
key	net: Remove casts of void *	2011-06-16 23:19:27 -04:00
l2tp	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2011-07-28 05:58:19 -07:00
lapb	lapb: Reduce switch/case indent	2011-07-01 16:11:16 -07:00
llc	llc: Fix length check in llc_fixup_skb().	2011-04-11 18:59:05 -07:00
mac80211	net: Audit drivers to identify those needing IFF_TX_SKB_SHARING cleared	2011-07-27 22:39:30 -07:00
netfilter	netfilter: avoid double free in nf_reinject	2011-08-07 22:11:15 -07:00
netlabel	net/netlabel/netlabel_kapi.c: add missing cleanup code	2011-08-11 05:52:57 -07:00
netlink	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem	2011-06-24 15:25:51 -04:00
netrom	netrom: Reduce switch/case indent	2011-07-01 16:11:16 -07:00
nfc	NFC: add the NFC socket raw protocol	2011-07-05 15:26:58 -04:00
packet	af-packet: fix - avoid reading stale data	2011-07-14 08:36:33 -07:00
phonet	rtnetlink: Compute and store minimum ifinfo dump size	2011-06-09 20:38:07 -07:00
rds	notifiers: cpu: move cpu notifiers into cpu.h	2011-07-25 20:57:14 -07:00
rfkill	net: rfkill: add generic gpio rfkill driver	2011-05-19 13:53:54 -04:00
rose	rose: Delete commented out references to ancient firewalling code.	2011-07-07 02:41:59 -07:00
rxrpc	rxrpc: Fix set but unused variable 'usage' in rxrpc_get_transport()	2011-05-19 18:51:50 -04:00
sched	net_sched: fix port mirror/redirect stats reporting	2011-08-17 20:10:20 -07:00
sctp	Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6	2011-07-21 13:38:42 -07:00
sunrpc	net: fix new sunrpc kernel-doc warning	2011-07-28 18:20:21 -07:00
tipc	atomic: use <linux/atomic.h>	2011-07-26 16:49:47 -07:00
unix	new helpers: kern_path_create/user_path_create	2011-07-20 01:44:05 -04:00
wanrouter	Fix common misspellings	2011-03-31 11:26:23 -03:00
wimax
wireless	cfg80211: off by one in nl80211_trigger_scan()	2011-08-01 13:46:46 -04:00
x25	x25: Reduce switch/case indent	2011-07-01 16:11:16 -07:00
xfrm	xfrm: Fix key lengths for rfc3686(ctr(aes))	2011-07-28 18:10:48 -07:00
compat.c	net: Add sendmmsg socket system call	2011-05-05 11:10:14 -07:00
Kconfig	NFC: add nfc subsystem core	2011-07-05 15:26:57 -04:00
Makefile	NFC: add nfc subsystem core	2011-07-05 15:26:57 -04:00
nonet.c
socket.c	net: Fix security_socket_sendmsg() bypass problem.	2011-08-05 03:31:03 -07:00
sysctl_net.c