From patchwork Tue Jan 31 12:47:40 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Kozina X-Patchwork-Id: 9547145 X-Patchwork-Delegate: snitzer@redhat.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E88BA604A0 for ; Tue, 31 Jan 2017 12:49:29 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id DA87F28375 for ; Tue, 31 Jan 2017 12:49:29 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CF17E2838E; Tue, 31 Jan 2017 12:49:29 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from mx4-phx2.redhat.com (mx4-phx2.redhat.com [209.132.183.25]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 59D222838D for ; Tue, 31 Jan 2017 12:49:29 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by mx4-phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v0VCm3lh030080; Tue, 31 Jan 2017 07:48:04 -0500 Received: from int-mx14.intmail.prod.int.phx2.redhat.com (int-mx14.intmail.prod.int.phx2.redhat.com [10.5.11.27]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v0VCm2tA023482 for ; Tue, 31 Jan 2017 07:48:02 -0500 Received: from dhcp131-147.brq.redhat.com (dhcp131-195.brq.redhat.com [10.34.131.195]) by int-mx14.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v0VCm0WD019255 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Tue, 31 Jan 2017 07:48:01 -0500 Received: from dhcp131-147.brq.redhat.com (localhost [127.0.0.1]) by dhcp131-147.brq.redhat.com (8.15.2/8.15.2) with ESMTP id v0VClwfC020399; Tue, 31 Jan 2017 13:47:58 +0100 Received: (from okozina@localhost) by dhcp131-147.brq.redhat.com (8.15.2/8.15.2/Submit) id v0VClwnS020398; Tue, 31 Jan 2017 13:47:58 +0100 From: Ondrej Kozina To: dm-devel@redhat.com Date: Tue, 31 Jan 2017 13:47:40 +0100 Message-Id: <1485866860-20356-1-git-send-email-okozina@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.27 X-loop: dm-devel@redhat.com Cc: Ondrej Kozina , mpatocka@redhat.com, snitzer@redhat.com, mbroz@redhat.com Subject: [dm-devel] [PATCH] dm-crypt: fix wrong use of RCU on key payload handling X-BeenThere: dm-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: device-mapper development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: dm-devel-bounces@redhat.com Errors-To: dm-devel-bounces@redhat.com X-Virus-Scanned: ClamAV using ClamSMTP This fixes following lockdep splat emerging on table load with a key in kernel keyring service. In fact it hints a bug in RCU usage in dm-crypt since kernel keyring fn user_key_payload() is in fact a wrapper for rcu_dereference_protected() which must not be used with only rcu_read_lock() mark. =============================== [ INFO: suspicious RCU usage. ] 4.10.0-rc5 #2 Not tainted ------------------------------- ./include/keys/user-type.h:53 suspicious usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 2 locks held by cryptsetup/5555: #0: (&md->type_lock){+.+.+.}, at: [] dm_lock_md_type+0x12/0x20 [dm_mod] #1: (rcu_read_lock){......}, at: [] crypt_set_key+0x1d8/0x4b0 [dm_crypt] stack backtrace: CPU: 1 PID: 5555 Comm: cryptsetup Not tainted 4.10.0-rc5 #2 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.1-1.fc24 04/01/2014 Call Trace: dump_stack+0x67/0x92 lockdep_rcu_suspicious+0xc5/0x100 crypt_set_key+0x351/0x4b0 [dm_crypt] ? crypt_set_key+0x1d8/0x4b0 [dm_crypt] crypt_ctr+0x341/0xa53 [dm_crypt] dm_table_add_target+0x147/0x330 [dm_mod] table_load+0x111/0x350 [dm_mod] ? retrieve_status+0x1c0/0x1c0 [dm_mod] ctl_ioctl+0x1f5/0x510 [dm_mod] dm_ctl_ioctl+0xe/0x20 [dm_mod] do_vfs_ioctl+0x8e/0x690 ? task_work_run+0x7e/0xa0 ? trace_hardirqs_on_caller+0x122/0x1b0 SyS_ioctl+0x3c/0x70 entry_SYSCALL_64_fastpath+0x18/0xad RIP: 0033:0x7f1be07ceec7 RSP: 002b:00007fff38c094d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 000000000d4dbae9 RCX: 00007f1be07ceec7 RDX: 0000000001768100 RSI: 00000000c138fd09 RDI: 0000000000000005 RBP: 0000000000000006 R08: 00000000ffffffff R09: 00000000017623f0 R10: 2a28205d34383336 R11: 0000000000000246 R12: 0000000000000001 R13: 00007fff38c0987c R14: 00007fff38c097ec R15: 0000000000000000 Reported-by: Milan Broz Fixes: c538f6ec9f56 (dm crypt: add ability to use keys from the kernel key retention service) Signed-off-by: Ondrej Kozina --- drivers/md/dm-crypt.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/drivers/md/dm-crypt.c b/drivers/md/dm-crypt.c index 7c6c572..37d5027 100644 --- a/drivers/md/dm-crypt.c +++ b/drivers/md/dm-crypt.c @@ -31,6 +31,7 @@ #include #include #include +#include #include #include @@ -1498,6 +1499,12 @@ static bool contains_whitespace(const char *str) return false; } +/* workaround for missing RCU read key payload wrapper */ +static const struct user_key_payload *_user_key_payload(const struct key *key) +{ + return (const struct user_key_payload *) rcu_dereference(key->payload.rcu_data0); +} + static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string) { char *new_key_string, *key_desc; @@ -1536,7 +1543,7 @@ static int crypt_set_keyring_key(struct crypt_config *cc, const char *key_string rcu_read_lock(); - ukp = user_key_payload(key); + ukp = _user_key_payload(key); if (!ukp) { rcu_read_unlock(); key_put(key);