On Sun, Mar 28, 2021 at 08:56:17AM +0200, Greg Kroah-Hartman wrote:
> On Sat, Mar 27, 2021 at 03:51:10PM +0000, Matthew Wilcox wrote:
> > On Sat, Mar 27, 2021 at 03:31:18PM +0100, Greg Kroah-Hartman wrote:
> > > On Sat, Mar 27, 2021 at 10:25:20PM +0800, Du Cheng wrote:
> > > > On Sat, Mar 27, 2021 at 03:12:14PM +0100, Greg Kroah-Hartman wrote:
> > > > > Adding the xarray maintainer...
> > > > >
> > > > > On Sat, Mar 27, 2021 at 10:07:02PM +0800, Du Cheng wrote:
> > > > > > add idr_preload() and idr_preload_end() around
> > > > > > idr_alloc_u32(GFP_ATOMIC)
> > > > > > due to internal use of per_cpu variables, which requires preemption
> > > > > > disabling/enabling.
> > > > > >
> > > > > > reported as "BUG: "using smp_processor_id() in preemptible" by
> > > > > > syzkaller
> > > > > >
> > > > > > Reported-by: syzbot+3eec59e770685e3dc...@syzkaller.appspotmail.com
> > > > > > Signed-off-by: Du Cheng <duche...@gmail.com>
> > > > > > ---
> > > > > > changelog
> > > > > > v1: change to GFP_KERNEL for idr_alloc_u32() but might sleep
> > > > > > v2: revert to GFP_ATOMIC but add preemption disable/enable
> > > > > > protection
> > > > > >
> > > > > > net/qrtr/qrtr.c | 6 ++++++
> > > > > > 1 file changed, 6 insertions(+)
> > > > > >
> > > > > > diff --git a/net/qrtr/qrtr.c b/net/qrtr/qrtr.c
> > > > > > index edb6ac17ceca..6361f169490e 100644
> > > > > > --- a/net/qrtr/qrtr.c
> > > > > > +++ b/net/qrtr/qrtr.c
> > > > > > @@ -722,17 +722,23 @@ static int qrtr_port_assign(struct qrtr_sock
> > > > > > *ipc, int *port)
> > > > > > mutex_lock(&qrtr_port_lock);
> > > > > > if (!*port) {
> > > > > > min_port = QRTR_MIN_EPH_SOCKET;
> > > > > > + idr_preload(GFP_ATOMIC);
> > > > > > rc = idr_alloc_u32(&qrtr_ports, ipc, &min_port,
> > > > > > QRTR_MAX_EPH_SOCKET, GFP_ATOMIC);
> > > > > > + idr_preload_end();
> > > > >
> > > > > This seems "odd" to me. We are asking idr_alloc_u32() to abide by
> > > > > GFP_ATOMIC, so why do we need to "preload" it with the same type of
> > > > > allocation?
> > > > >
> > > > > Is there something in the idr/radix/xarray code that can't really
> > > > > handle
> > > > > GFP_ATOMIC during a "normal" idr allocation that is causing this
> > > > > warning
> > > > > to be hit? Why is this change the "correct" one?
> > > > >
> > > > > thanks,
> > > > >
> > > > > greg k-h
> > > >
> > > >
> > > > >From the comment above idr_preload() in lib/radix-tree.c:1460
> > > > /**
> > > > * idr_preload - preload for idr_alloc()
> > > > * @gfp_mask: allocation mask to use for preloading
> > > > *
> > > > * Preallocate memory to use for the next call to idr_alloc(). This
> > > > function
> > > > * returns with preemption disabled. It will be enabled by
> > > > idr_preload_end().
> > > > */
> > > >
> > > > idr_alloc is a very simple wrapper around idr_alloc_u32().
> > > >
> > > > On top of radix_tree_node_alloc() which is called by idr_alloc_u32(),
> > > > there is
> > > > this comment at line 244 in the same radix-tree.c
> > > > /*
> > > > * This assumes that the caller has performed appropriate
> > > > preallocation, and
> > > > * that the caller has pinned this thread of control to the current CPU.
> > > > */
> > > >
> > > > Therefore the preload/preload_end are necessary, or at least should have
> > > > preemption disabled
> > >
> > > Ah, so it's disabling preemption that is the key here. Still odd, why
> > > is GFP_ATOMIC not sufficient in a normal idr_alloc() call to keep things
> > > from doing stuff like this? Feels like a lot of "internal knowledge" is
> > > needed here to use this api properly...
> > >
> > > Matthew, is the above change really correct?
> >
> > No.
> >
> > https://lore.kernel.org/netdev/20200605112922.gb19...@bombadil.infradead.org/
> > https://lore.kernel.org/netdev/20200605120037.17427-1-wi...@infradead.org/
> > https://lore.kernel.org/netdev/20200914192655.gw6...@casper.infradead.org/
> >
>
> Ok, it looks like this code is just abandonded, should we remove it
> entirely as no one wants to maintain it?
Fine by me. I don't use it. Better to get rid of abandonware than keep
a potential source of security holes.
