• Taehee Yoo's avatar
    netfilter: ipt_CLUSTERIP: fix sleep-in-atomic bug in clusterip_config_entry_put() · 2a61d8b8
    Taehee Yoo authored
    A proc_remove() can sleep. so that it can't be inside of spin_lock.
    Hence proc_remove() is moved to outside of spin_lock. and it also
    adds mutex to sync create and remove of proc entry(config->pde).
    
    test commands:
    SHELL#1
       %while :; do iptables -A INPUT -p udp -i enp2s0 -d 192.168.1.100 \
    	   --dport 9000  -j CLUSTERIP --new --hashmode sourceip \
    	   --clustermac 01:00:5e:00:00:21 --total-nodes 3 --local-node 3; \
    	   iptables -F; done
    
    SHELL#2
       %while :; do echo +1 > /proc/net/ipt_CLUSTERIP/192.168.1.100; \
    	   echo -1 > /proc/net/ipt_CLUSTERIP/192.168.1.100; done
    
    [ 2949.569864] BUG: sleeping function called from invalid context at kernel/sched/completion.c:99
    [ 2949.579944] in_atomic(): 1, irqs_disabled(): 0, pid: 5472, name: iptables
    [ 2949.587920] 1 lock held by iptables/5472:
    [ 2949.592711]  #0: 000000008f0ebcf2 (&(&cn->lock)->rlock){+...}, at: refcount_dec_and_lock+0x24/0x50
    [ 2949.603307] CPU: 1 PID: 5472 Comm: iptables Tainted: G        W         4.19.0-rc5+ #16
    [ 2949.604212] Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 07/08/2015
    [ 2949.604212] Call Trace:
    [ 2949.604212]  dump_stack+0xc9/0x16b
    [ 2949.604212]  ? show_regs_print_info+0x5/0x5
    [ 2949.604212]  ___might_sleep+0x2eb/0x420
    [ 2949.604212]  ? set_rq_offline.part.87+0x140/0x140
    [ 2949.604212]  ? _rcu_barrier_trace+0x400/0x400
    [ 2949.604212]  wait_for_completion+0x94/0x710
    [ 2949.604212]  ? wait_for_completion_interruptible+0x780/0x780
    [ 2949.604212]  ? __kernel_text_address+0xe/0x30
    [ 2949.604212]  ? __lockdep_init_map+0x10e/0x5c0
    [ 2949.604212]  ? __lockdep_init_map+0x10e/0x5c0
    [ 2949.604212]  ? __init_waitqueue_head+0x86/0x130
    [ 2949.604212]  ? init_wait_entry+0x1a0/0x1a0
    [ 2949.604212]  proc_entry_rundown+0x208/0x270
    [ 2949.604212]  ? proc_reg_get_unmapped_area+0x370/0x370
    [ 2949.604212]  ? __lock_acquire+0x4500/0x4500
    [ 2949.604212]  ? complete+0x18/0x70
    [ 2949.604212]  remove_proc_subtree+0x143/0x2a0
    [ 2949.708655]  ? remove_proc_entry+0x390/0x390
    [ 2949.708655]  clusterip_tg_destroy+0x27a/0x630 [ipt_CLUSTERIP]
    [ ... ]
    
    Fixes: b3e456fc ("netfilter: ipt_CLUSTERIP: fix a race condition of proc file creation")
    Signed-off-by: 's avatarTaehee Yoo <ap420073@gmail.com>
    Signed-off-by: 's avatarPablo Neira Ayuso <pablo@netfilter.org>
    2a61d8b8
ipt_CLUSTERIP.c 22 KB