d086a1c65a
The access of tcf_tunnel_info() produces the following splat, so fix it by dereferencing the tcf_tunnel_key_params pointer with marker that internal tcfa_liock is held. ============================= WARNING: suspicious RCU usage 5.9.0+ #1 Not tainted ----------------------------- include/net/tc_act/tc_tunnel_key.h:59 suspicious rcu_dereference_protected() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by tc/34839: #0: ffff88828572c2a0 (&p->tcfa_lock){+...}-{2:2}, at: tc_setup_flow_action+0xb3/0x48b5 stack backtrace: CPU: 1 PID: 34839 Comm: tc Not tainted 5.9.0+ #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org 04/01/2014 Call Trace: dump_stack+0x9a/0xd0 tc_setup_flow_action+0x14cb/0x48b5 fl_hw_replace_filter+0x347/0x690 [cls_flower] fl_change+0x2bad/0x4875 [cls_flower] tc_new_tfilter+0xf6f/0x1ba0 rtnetlink_rcv_msg+0x5f2/0x870 netlink_rcv_skb+0x124/0x350 netlink_unicast+0x433/0x700 netlink_sendmsg+0x6f1/0xbd0 sock_sendmsg+0xb0/0xe0 ____sys_sendmsg+0x4fa/0x6d0 ___sys_sendmsg+0x12e/0x1b0 __sys_sendmsg+0xa4/0x120 do_syscall_64+0x2d/0x40 entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f1f8cd4fe57 Code: 0c 00 f7 d8 64 89 02 48 c7 c0 ff ff ff ff eb b7 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 2e 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 51 c3 48 83 ec 28 89 54 24 1c 48 89 74 24 10 RSP: 002b:00007ffdc1e193b8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1f8cd4fe57 RDX: 0000000000000000 RSI: 00007ffdc1e19420 RDI: 0000000000000003 RBP: 000000005f85aafa R08: 0000000000000001 R09: 00007ffdc1e1936c R10: 000000000040522d R11: 0000000000000246 R12: 0000000000000001 R13: 0000000000000000 R14: 00007ffdc1e1d6f0 R15: 0000000000482420 Fixes: 3ebaf6da0716 ("net: sched: Do not assume RTNL is held in tunnel key action helpers") Fixes: 7a47281439ba ("net: sched: lock action when translating it to flow_action infra") Signed-off-by: Leon Romanovsky <leonro@nvidia.com> Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
87 lines
2.1 KiB
C
87 lines
2.1 KiB
C
/* SPDX-License-Identifier: GPL-2.0-or-later */
|
|
/*
|
|
* Copyright (c) 2016, Amir Vadai <amir@vadai.me>
|
|
* Copyright (c) 2016, Mellanox Technologies. All rights reserved.
|
|
*/
|
|
|
|
#ifndef __NET_TC_TUNNEL_KEY_H
|
|
#define __NET_TC_TUNNEL_KEY_H
|
|
|
|
#include <net/act_api.h>
|
|
#include <linux/tc_act/tc_tunnel_key.h>
|
|
#include <net/dst_metadata.h>
|
|
|
|
struct tcf_tunnel_key_params {
|
|
struct rcu_head rcu;
|
|
int tcft_action;
|
|
struct metadata_dst *tcft_enc_metadata;
|
|
};
|
|
|
|
struct tcf_tunnel_key {
|
|
struct tc_action common;
|
|
struct tcf_tunnel_key_params __rcu *params;
|
|
};
|
|
|
|
#define to_tunnel_key(a) ((struct tcf_tunnel_key *)a)
|
|
|
|
static inline bool is_tcf_tunnel_set(const struct tc_action *a)
|
|
{
|
|
#ifdef CONFIG_NET_CLS_ACT
|
|
struct tcf_tunnel_key *t = to_tunnel_key(a);
|
|
struct tcf_tunnel_key_params *params;
|
|
|
|
params = rcu_dereference_protected(t->params,
|
|
lockdep_is_held(&a->tcfa_lock));
|
|
if (a->ops && a->ops->id == TCA_ID_TUNNEL_KEY)
|
|
return params->tcft_action == TCA_TUNNEL_KEY_ACT_SET;
|
|
#endif
|
|
return false;
|
|
}
|
|
|
|
static inline bool is_tcf_tunnel_release(const struct tc_action *a)
|
|
{
|
|
#ifdef CONFIG_NET_CLS_ACT
|
|
struct tcf_tunnel_key *t = to_tunnel_key(a);
|
|
struct tcf_tunnel_key_params *params;
|
|
|
|
params = rcu_dereference_protected(t->params,
|
|
lockdep_is_held(&a->tcfa_lock));
|
|
if (a->ops && a->ops->id == TCA_ID_TUNNEL_KEY)
|
|
return params->tcft_action == TCA_TUNNEL_KEY_ACT_RELEASE;
|
|
#endif
|
|
return false;
|
|
}
|
|
|
|
static inline struct ip_tunnel_info *tcf_tunnel_info(const struct tc_action *a)
|
|
{
|
|
#ifdef CONFIG_NET_CLS_ACT
|
|
struct tcf_tunnel_key *t = to_tunnel_key(a);
|
|
struct tcf_tunnel_key_params *params;
|
|
|
|
params = rcu_dereference_protected(t->params,
|
|
lockdep_is_held(&a->tcfa_lock));
|
|
|
|
return ¶ms->tcft_enc_metadata->u.tun_info;
|
|
#else
|
|
return NULL;
|
|
#endif
|
|
}
|
|
|
|
static inline struct ip_tunnel_info *
|
|
tcf_tunnel_info_copy(const struct tc_action *a)
|
|
{
|
|
#ifdef CONFIG_NET_CLS_ACT
|
|
struct ip_tunnel_info *tun = tcf_tunnel_info(a);
|
|
|
|
if (tun) {
|
|
size_t tun_size = sizeof(*tun) + tun->options_len;
|
|
struct ip_tunnel_info *tun_copy = kmemdup(tun, tun_size,
|
|
GFP_ATOMIC);
|
|
|
|
return tun_copy;
|
|
}
|
|
#endif
|
|
return NULL;
|
|
}
|
|
#endif /* __NET_TC_TUNNEL_KEY_H */
|