BugLink: https://bugs.launchpad.net/bugs/1852338
[ Upstream commit
ad9bd8daf2f9938572b0604e1280fefa8f338581 ]
When a bonding interface is being created, it setups its mode and options.
At that moment, it uses mode_lock so mode_lock should be initialized
before that moment.
rtnl_newlink()
rtnl_create_link()
alloc_netdev_mqs()
->setup() //bond_setup()
->newlink //bond_newlink
bond_changelink()
register_netdevice()
->ndo_init() //bond_init()
After commit
089bca2caed0 ("bonding: use dynamic lockdep key instead of
subclass"), mode_lock is initialized in bond_init().
So in the bond_changelink(), un-initialized mode_lock can be used.
mode_lock should be initialized in bond_setup().
This patch partially reverts commit
089bca2caed0 ("bonding: use dynamic
lockdep key instead of subclass")
Test command:
ip link add bond0 type bond mode 802.3ad lacp_rate 0
Splat looks like:
[ 60.615127] INFO: trying to register non-static key.
[ 60.615900] the code is fine but needs lockdep annotation.
[ 60.616697] turning off the locking correctness validator.
[ 60.617490] CPU: 1 PID: 957 Comm: ip Not tainted 5.4.0-rc3+ #109
[ 60.618350] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
[ 60.619481] Call Trace:
[ 60.619918] dump_stack+0x7c/0xbb
[ 60.620453] register_lock_class+0x1215/0x14d0
[ 60.621131] ? alloc_netdev_mqs+0x7b3/0xcc0
[ 60.621771] ? is_bpf_text_address+0x86/0xf0
[ 60.622416] ? is_dynamic_key+0x230/0x230
[ 60.623032] ? unwind_get_return_address+0x5f/0xa0
[ 60.623757] ? create_prof_cpu_mask+0x20/0x20
[ 60.624408] ? arch_stack_walk+0x83/0xb0
[ 60.625023] __lock_acquire+0xd8/0x3de0
[ 60.625616] ? stack_trace_save+0x82/0xb0
[ 60.626225] ? stack_trace_consume_entry+0x160/0x160
[ 60.626957] ? deactivate_slab.isra.80+0x2c5/0x800
[ 60.627668] ? register_lock_class+0x14d0/0x14d0
[ 60.628380] ? alloc_netdev_mqs+0x7b3/0xcc0
[ 60.629020] ? save_stack+0x69/0x80
[ 60.629574] ? save_stack+0x19/0x80
[ 60.630121] ? __kasan_kmalloc.constprop.4+0xa0/0xd0
[ 60.630859] ? __kmalloc_node+0x16f/0x480
[ 60.631472] ? alloc_netdev_mqs+0x7b3/0xcc0
[ 60.632121] ? rtnl_create_link+0x2ed/0xad0
[ 60.634388] ? __rtnl_newlink+0xad4/0x11b0
[ 60.635024] lock_acquire+0x164/0x3b0
[ 60.635608] ? bond_3ad_update_lacp_rate+0x91/0x200 [bonding]
[ 60.636463] _raw_spin_lock_bh+0x38/0x70
[ 60.637084] ? bond_3ad_update_lacp_rate+0x91/0x200 [bonding]
[ 60.637930] bond_3ad_update_lacp_rate+0x91/0x200 [bonding]
[ 60.638753] ? bond_3ad_lacpdu_recv+0xb30/0xb30 [bonding]
[ 60.639552] ? bond_opt_get_val+0x180/0x180 [bonding]
[ 60.640307] ? ___slab_alloc+0x5aa/0x610
[ 60.640925] bond_option_lacp_rate_set+0x71/0x140 [bonding]
[ 60.641751] __bond_opt_set+0x1ff/0xbb0 [bonding]
[ 60.643217] ? kasan_unpoison_shadow+0x30/0x40
[ 60.643924] bond_changelink+0x9a4/0x1700 [bonding]
[ 60.644653] ? memset+0x1f/0x40
[ 60.742941] ? bond_slave_changelink+0x1a0/0x1a0 [bonding]
[ 60.752694] ? alloc_netdev_mqs+0x8ea/0xcc0
[ 60.753330] ? rtnl_create_link+0x2ed/0xad0
[ 60.753964] bond_newlink+0x1e/0x60 [bonding]
[ 60.754612] __rtnl_newlink+0xb9f/0x11b0
[ ... ]
Reported-by: syzbot+8da67f407bcba2c72e6e@syzkaller.appspotmail.com
Reported-by: syzbot+0d083911ab18b710da71@syzkaller.appspotmail.com
Fixes: 089bca2caed0 ("bonding: use dynamic lockdep key instead of subclass")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Connor Kuehl <connor.kuehl@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
projects / mirror_ubuntu-eoan-kernel.git / commitdiff