Re: [tipc-discussion] [PATCH] tipc: fix suspicious RCU usage

Tue, 07 Jun 2016 05:32:57 -0700 

> -----Original Message-----
> From: Ying Xue [mailto:ying....@windriver.com]
> Sent: Tuesday, 07 June, 2016 12:12
> To: ma...@donjonn.com; erik.hu...@ericsson.com
> Cc: Jon Maloy; Ying Xue; tipc-discussion@lists.sourceforge.net
> Subject: [PATCH] tipc: fix suspicious RCU usage
> 
> When run tipcTS&tipcTC test suite, the following complaint appears:
> 
> [   56.926168] ===============================
> [   56.926169] [ INFO: suspicious RCU usage. ]
> [   56.926171] 4.7.0-rc1+ #160 Not tainted
> [   56.926173] -------------------------------
> [   56.926174] net/tipc/bearer.c:408 suspicious rcu_dereference_protected()
> usage!
> [   56.926175]
> [   56.926175] other info that might help us debug this:
> [   56.926175]
> [   56.926177]
> [   56.926177] rcu_scheduler_active = 1, debug_locks = 1
> [   56.926179] 3 locks held by swapper/4/0:
> [   56.926180]  #0:  (((&req->timer))){+.-...}, at: [<ffffffff810e79b5>]
> call_timer_fn+0x5/0x340
> [   56.926203]  #1:  (&(&req->lock)->rlock){+.-...}, at: [<ffffffffa000c29b>]
> disc_timeout+0x1b/0xd0 [tipc]
> [   56.926212]  #2:  (rcu_read_lock){......}, at: [<ffffffffa00055e0>]
> tipc_bearer_xmit_skb+0xb0/0x2e0 [tipc]
> [   56.926218]
> [   56.926218] stack backtrace:
> [   56.926221] CPU: 4 PID: 0 Comm: swapper/4 Not tainted 4.7.0-rc1+ #160
> [   56.926222] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2007
> [   56.926224]  0000000000000000 ffff880016803d28 ffffffff813c4423
> ffff8800154252c0
> [   56.926227]  0000000000000001 ffff880016803d58 ffffffff810b7512
> ffff8800124d8120
> [   56.926230]  ffff880013f8a160 ffff8800132b5ccc ffff8800124d8120
> ffff880016803d88
> [   56.926234] Call Trace:
> [   56.926235]  <IRQ>  [<ffffffff813c4423>] dump_stack+0x67/0x94
> [   56.926250]  [<ffffffff810b7512>] lockdep_rcu_suspicious+0xe2/0x120
> [   56.926256]  [<ffffffffa00051f1>] tipc_l2_send_msg+0x131/0x1c0 [tipc]
> [   56.926261]  [<ffffffffa000567c>] tipc_bearer_xmit_skb+0x14c/0x2e0 [tipc]
> [   56.926266]  [<ffffffffa00055e0>] ? tipc_bearer_xmit_skb+0xb0/0x2e0 [tipc]
> [   56.926273]  [<ffffffffa000c280>] ? tipc_disc_init_msg+0x1f0/0x1f0 [tipc]
> [   56.926278]  [<ffffffffa000c280>] ? tipc_disc_init_msg+0x1f0/0x1f0 [tipc]
> [   56.926283]  [<ffffffffa000c2d6>] disc_timeout+0x56/0xd0 [tipc]
> [   56.926288]  [<ffffffff810e7a68>] call_timer_fn+0xb8/0x340
> [   56.926291]  [<ffffffff810e79b5>] ? call_timer_fn+0x5/0x340
> [   56.926296]  [<ffffffffa000c280>] ? tipc_disc_init_msg+0x1f0/0x1f0 [tipc]
> [   56.926300]  [<ffffffff810e8f4a>] run_timer_softirq+0x23a/0x390
> [   56.926306]  [<ffffffff810f89ff>] ? clockevents_program_event+0x7f/0x130
> [   56.926316]  [<ffffffff819727c3>] __do_softirq+0xc3/0x4a2
> [   56.926323]  [<ffffffff8106ba5a>] irq_exit+0x8a/0xb0
> [   56.926327]  [<ffffffff81972456>] smp_apic_timer_interrupt+0x46/0x60
> [   56.926331]  [<ffffffff81970a49>] apic_timer_interrupt+0x89/0x90
> [   56.926333]  <EOI>  [<ffffffff81027fda>] ? default_idle+0x2a/0x1a0
> [   56.926340]  [<ffffffff81027fd8>] ? default_idle+0x28/0x1a0
> [   56.926342]  [<ffffffff810289cf>] arch_cpu_idle+0xf/0x20
> [   56.926345]  [<ffffffff810adf0f>] default_idle_call+0x2f/0x50
> [   56.926347]  [<ffffffff810ae145>] cpu_startup_entry+0x215/0x3e0
> [   56.926353]  [<ffffffff81040ad9>] start_secondary+0xf9/0x100
> 
> The warning appears as rcu_dereference_rtnl() 

s/rcu_dereference_rtnl/rtnl_dereference()

Acked-by: me

> is wrongly used in
> tipc_l2_send_msg() under RCU read lock protection. Instead the proper
> usage should be that rcu_dereference_rtnl() is called here.
> 
> Fixes: 5b7066c3dd24 ("tipc: stricter filtering of packets in bearer layer")
> Signed-off-by: Ying Xue <ying....@windriver.com>
> ---
>  net/tipc/bearer.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/tipc/bearer.c b/net/tipc/bearer.c
> index 6f11c62..bf8f05c 100644
> --- a/net/tipc/bearer.c
> +++ b/net/tipc/bearer.c
> @@ -405,7 +405,7 @@ int tipc_l2_send_msg(struct net *net, struct sk_buff *skb,
>               return 0;
> 
>       /* Send RESET message even if bearer is detached from device */
> -     tipc_ptr = rtnl_dereference(dev->tipc_ptr);
> +     tipc_ptr = rcu_dereference_rtnl(dev->tipc_ptr);
>       if (unlikely(!tipc_ptr && !msg_is_reset(buf_msg(skb))))
>               goto drop;
> 
> --
> 1.7.9.5


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e
_______________________________________________
tipc-discussion mailing list
tipc-discussion@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tipc-discussion

Reply via email to