• Taehee Yoo's avatar
    bonding: fix using uninitialized mode_lock · ad9bd8da
    Taehee Yoo authored
    When a bonding interface is being created, it setups its mode and options.
    At that moment, it uses mode_lock so mode_lock should be initialized
    before that moment.
    
    rtnl_newlink()
    	rtnl_create_link()
    		alloc_netdev_mqs()
    			->setup() //bond_setup()
    	->newlink //bond_newlink
    		bond_changelink()
    		register_netdevice()
    			->ndo_init() //bond_init()
    
    After commit 089bca2c ("bonding: use dynamic lockdep key instead of
    subclass"), mode_lock is initialized in bond_init().
    So in the bond_changelink(), un-initialized mode_lock can be used.
    mode_lock should be initialized in bond_setup().
    This patch partially reverts commit 089bca2c ("bonding: use dynamic
    lockdep key instead of subclass")
    
    Test command:
        ip link add bond0 type bond mode 802.3ad lacp_rate 0
    
    Splat looks like:
    [   60.615127] INFO: trying to register non-static key.
    [   60.615900] the code is fine but needs lockdep annotation.
    [   60.616697] turning off the locking correctness validator.
    [   60.617490] CPU: 1 PID: 957 Comm: ip Not tainted 5.4.0-rc3+ #109
    [   60.618350] Hardware name: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
    [   60.619481] Call Trace:
    [   60.619918]  dump_stack+0x7c/0xbb
    [   60.620453]  register_lock_class+0x1215/0x14d0
    [   60.621131]  ? alloc_netdev_mqs+0x7b3/0xcc0
    [   60.621771]  ? is_bpf_text_address+0x86/0xf0
    [   60.622416]  ? is_dynamic_key+0x230/0x230
    [   60.623032]  ? unwind_get_return_address+0x5f/0xa0
    [   60.623757]  ? create_prof_cpu_mask+0x20/0x20
    [   60.624408]  ? arch_stack_walk+0x83/0xb0
    [   60.625023]  __lock_acquire+0xd8/0x3de0
    [   60.625616]  ? stack_trace_save+0x82/0xb0
    [   60.626225]  ? stack_trace_consume_entry+0x160/0x160
    [   60.626957]  ? deactivate_slab.isra.80+0x2c5/0x800
    [   60.627668]  ? register_lock_class+0x14d0/0x14d0
    [   60.628380]  ? alloc_netdev_mqs+0x7b3/0xcc0
    [   60.629020]  ? save_stack+0x69/0x80
    [   60.629574]  ? save_stack+0x19/0x80
    [   60.630121]  ? __kasan_kmalloc.constprop.4+0xa0/0xd0
    [   60.630859]  ? __kmalloc_node+0x16f/0x480
    [   60.631472]  ? alloc_netdev_mqs+0x7b3/0xcc0
    [   60.632121]  ? rtnl_create_link+0x2ed/0xad0
    [   60.634388]  ? __rtnl_newlink+0xad4/0x11b0
    [   60.635024]  lock_acquire+0x164/0x3b0
    [   60.635608]  ? bond_3ad_update_lacp_rate+0x91/0x200 [bonding]
    [   60.636463]  _raw_spin_lock_bh+0x38/0x70
    [   60.637084]  ? bond_3ad_update_lacp_rate+0x91/0x200 [bonding]
    [   60.637930]  bond_3ad_update_lacp_rate+0x91/0x200 [bonding]
    [   60.638753]  ? bond_3ad_lacpdu_recv+0xb30/0xb30 [bonding]
    [   60.639552]  ? bond_opt_get_val+0x180/0x180 [bonding]
    [   60.640307]  ? ___slab_alloc+0x5aa/0x610
    [   60.640925]  bond_option_lacp_rate_set+0x71/0x140 [bonding]
    [   60.641751]  __bond_opt_set+0x1ff/0xbb0 [bonding]
    [   60.643217]  ? kasan_unpoison_shadow+0x30/0x40
    [   60.643924]  bond_changelink+0x9a4/0x1700 [bonding]
    [   60.644653]  ? memset+0x1f/0x40
    [   60.742941]  ? bond_slave_changelink+0x1a0/0x1a0 [bonding]
    [   60.752694]  ? alloc_netdev_mqs+0x8ea/0xcc0
    [   60.753330]  ? rtnl_create_link+0x2ed/0xad0
    [   60.753964]  bond_newlink+0x1e/0x60 [bonding]
    [   60.754612]  __rtnl_newlink+0xb9f/0x11b0
    [ ... ]
    
    Reported-by: syzbot+8da67f407bcba2c72e6e@syzkaller.appspotmail.com
    Reported-by: syzbot+0d083911ab18b710da71@syzkaller.appspotmail.com
    Fixes: 089bca2c ("bonding: use dynamic lockdep key instead of subclass")
    Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    ad9bd8da
bond_main.c 137 KB