On Wed, Oct 17, 2018 at 12:35:10AM +0900, Taehee Yoo wrote:
> pid_task() dereferences rcu protected tasks array.
> But there is no rcu_read_lock() in shutdown_umh() routine so that
> rcu_read_lock() is needed.
> get_pid_task() is wrapper function of pid_task. it holds rcu_read_lock()
> then calls pid_task(). if task isn't NULL, it increases reference count
> of task.
>
> test commands:
> %modprobe bpfilter
> %modprobe -rv bpfilter
>
> splat looks like:
> [15102.030932] =============================
> [15102.030957] WARNING: suspicious RCU usage
> [15102.030985] 4.19.0-rc7+ #21 Not tainted
> [15102.031010] -----------------------------
> [15102.031038] kernel/pid.c:330 suspicious rcu_dereference_check() usage!
> [15102.031063]
> other info that might help us debug this:
>
> [15102.031332]
> rcu_scheduler_active = 2, debug_locks = 1
> [15102.031363] 1 lock held by modprobe/1570:
> [15102.031389] #0: 00000000580ef2b0 (bpfilter_lock){+.+.}, at:
> stop_umh+0x13/0x52 [bpfilter]
> [15102.031552]
> stack backtrace:
> [15102.031583] CPU: 1 PID: 1570 Comm: modprobe Not tainted 4.19.0-rc7+ #21
> [15102.031607] Hardware name: To be filled by O.E.M. To be filled by
> O.E.M./Aptio CRB, BIOS 5.6.5 07/08/2015
> [15102.031628] Call Trace:
> [15102.031676] dump_stack+0xc9/0x16b
> [15102.031723] ? show_regs_print_info+0x5/0x5
> [15102.031801] ? lockdep_rcu_suspicious+0x117/0x160
> [15102.031855] pid_task+0x134/0x160
> [15102.031900] ? find_vpid+0xf0/0xf0
> [15102.032017] shutdown_umh.constprop.1+0x1e/0x53 [bpfilter]
> [15102.032055] stop_umh+0x46/0x52 [bpfilter]
> [15102.032092] __x64_sys_delete_module+0x47e/0x570
> [ ... ]
>
> Fixes: d2ba09c17a06 ("net: add skeleton of bpfilter kernel module")
> Signed-off-by: Taehee Yoo <ap420...@gmail.com>
thanks a lot for the fix
Acked-by: Alexei Starovoitov <a...@kernel.org>
