Commit 955b785e authored by Taehee Yoo's avatar Taehee Yoo Committed by David S. Miller
Browse files

bonding: fix suspicious RCU usage in bond_ipsec_offload_ok() 



To dereference bond->curr_active_slave, it uses rcu_dereference().
But it and the caller doesn't acquire RCU so a warning occurs.
So add rcu_read_lock().

Splat looks like:
WARNING: suspicious RCU usage
5.13.0-rc6+ #1179 Not tainted
drivers/net/bonding/bond_main.c:571 suspicious
rcu_dereference_check() usage!

other info that might help us debug this:

rcu_scheduler_active = 2, debug_locks = 1
1 lock held by ping/974:
 #0: ffff888109e7db70 (sk_lock-AF_INET){+.+.}-{0:0},
at: raw_sendmsg+0x1303/0x2cb0

stack backtrace:
CPU: 2 PID: 974 Comm: ping Not tainted 5.13.0-rc6+ #1179
Call Trace:
 dump_stack+0xa4/0xe5
 bond_ipsec_offload_ok+0x1f4/0x260 [bonding]
 xfrm_output+0x179/0x890
 xfrm4_output+0xfa/0x410
 ? __xfrm4_output+0x4b0/0x4b0
 ? __ip_make_skb+0xecc/0x2030
 ? xfrm4_udp_encap_rcv+0x800/0x800
 ? ip_local_out+0x21/0x3a0
 ip_send_skb+0x37/0xa0
 raw_sendmsg+0x1bfd/0x2cb0

Fixes: 18cb261a ("bonding: support hardware encryption offload to slaves")
Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 9a560550

drivers/net/bonding/bond_main.c

+16 −6
Original line number Diff line number Diff line
@@ -573,24 +573,34 @@ static bool bond_ipsec_offload_ok(struct sk_buff *skb, struct xfrm_state *xs) 
	struct net_device *real_dev;

	struct slave *curr_active;

	struct bonding *bond;

	int err;



	bond = netdev_priv(bond_dev);

	rcu_read_lock();

	curr_active = rcu_dereference(bond->curr_active_slave);

	real_dev = curr_active->dev;



	if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP)

		return true;

	if (BOND_MODE(bond) != BOND_MODE_ACTIVEBACKUP) {

		err = true;

		goto out;

	}



	if (!xs->xso.real_dev)

		return false;

	if (!xs->xso.real_dev) {

		err = false;

		goto out;

	}



	if (!real_dev->xfrmdev_ops ||

	    !real_dev->xfrmdev_ops->xdo_dev_offload_ok ||

	    netif_is_bond_master(real_dev)) {

		return false;

		err = false;

		goto out;

	}



	return real_dev->xfrmdev_ops->xdo_dev_offload_ok(skb, xs);

	err = real_dev->xfrmdev_ops->xdo_dev_offload_ok(skb, xs);

out:

	rcu_read_unlock();

	return err;

}



static const struct xfrmdev_ops bond_xfrmdev_ops = {