Re: [syzbot] [net?] WARNING: ODEBUG bug in advance_sched

From: Hillf Danton
Date: Fri Dec 22 2023 - 06:08:27 EST

Next message: fuqiang wang: "Re: [PATCH v2 2/2] kexec: Fix potential out of bounds in crash_exclude_mem_range()"
Previous message: Ritesh Kumar: "[v1 1/2] dt-bindings: display: panel: Add Truly NT36672E LCD DSI panel"
In reply to: syzbot: "Re: [syzbot] [net?] WARNING: ODEBUG bug in advance_sched"
Next in thread: syzbot: "Re: [syzbot] [net?] WARNING: ODEBUG bug in advance_sched"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 21 Dec 2023 05:47:25 -0800
> HEAD commit: 1a44b0073b92 Merge tag 'ovl-fixes-6.7-rc7' of git://git.ke..
> git tree: upstream
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=1465cbd6e80000

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master

--- x/net/sched/sch_taprio.c
+++ y/net/sched/sch_taprio.c
@@ -1941,6 +1941,9 @@ static int taprio_change(struct Qdisc *s

/* Protects against enqueue()/dequeue() */
spin_lock_bh(qdisc_lock(sch));
+ spin_lock_irqsave(&q->current_entry_lock, flags);
+ oper = rtnl_dereference(q->oper_sched);
+ admin = rtnl_dereference(q->admin_sched);

if (tb[TCA_TAPRIO_ATTR_TXTIME_DELAY]) {
if (!TXTIME_ASSIST_IS_ENABLED(q->flags)) {
@@ -1981,17 +1984,12 @@ static int taprio_change(struct Qdisc *s
} else {
setup_first_end_time(q, new_admin, start);

- /* Protects against advance_sched() */
- spin_lock_irqsave(&q->current_entry_lock, flags);
-
taprio_start_sched(sch, start, new_admin);

rcu_assign_pointer(q->admin_sched, new_admin);
if (admin)
call_rcu(&admin->rcu, taprio_free_sched_cb);

- spin_unlock_irqrestore(&q->current_entry_lock, flags);
-
if (FULL_OFFLOAD_IS_ENABLED(q->flags))
taprio_offload_config_changed(q);
}
@@ -2004,6 +2002,7 @@ static int taprio_change(struct Qdisc *s
"Size table not specified, frame length estimations may be inaccurate");

unlock:
+ spin_unlock_irqrestore(&q->current_entry_lock, flags);
spin_unlock_bh(qdisc_lock(sch));

free_sched:
@@ -2393,7 +2392,9 @@ static int taprio_dump(struct Qdisc *sch
struct sched_gate_list *oper, *admin;
struct tc_mqprio_qopt opt = { 0 };
struct nlattr *nest, *sched_nest;
+ unsigned long flags;

+ spin_lock_irqsave(&q->current_entry_lock, flags);
oper = rtnl_dereference(q->oper_sched);
admin = rtnl_dereference(q->admin_sched);

@@ -2436,6 +2437,7 @@ static int taprio_dump(struct Qdisc *sch
nla_nest_end(skb, sched_nest);

done:
+ spin_unlock_irqrestore(&q->current_entry_lock, flags);
return nla_nest_end(skb, nest);

admin_error:
@@ -2445,6 +2447,7 @@ options_error:
nla_nest_cancel(skb, nest);

start_error:
+ spin_unlock_irqrestore(&q->current_entry_lock, flags);
return -ENOSPC;
}

--

Next message: fuqiang wang: "Re: [PATCH v2 2/2] kexec: Fix potential out of bounds in crash_exclude_mem_range()"
Previous message: Ritesh Kumar: "[v1 1/2] dt-bindings: display: panel: Add Truly NT36672E LCD DSI panel"
In reply to: syzbot: "Re: [syzbot] [net?] WARNING: ODEBUG bug in advance_sched"
Next in thread: syzbot: "Re: [syzbot] [net?] WARNING: ODEBUG bug in advance_sched"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]