• Ondrej Kozina's avatar
    dm crypt: replace RCU read-side section with rwsem · f5b0cba8
    Ondrej Kozina authored
    The lockdep splat below hints at a bug in RCU usage in dm-crypt that
    was introduced with commit c538f6ec ("dm crypt: add ability to use
    keys from the kernel key retention service").  The kernel keyring
    function user_key_payload() is in fact a wrapper for
    rcu_dereference_protected() which must not be called with only
    rcu_read_lock() section mark.
    
    Unfortunately the kernel keyring subsystem doesn't currently provide
    an interface that allows the use of an RCU read-side section.  So for
    now we must drop RCU in favour of rwsem until a proper function is
    made available in the kernel keyring subsystem.
    
    ===============================
    [ INFO: suspicious RCU usage. ]
    4.10.0-rc5 #2 Not tainted
    -------------------------------
    ./include/keys/user-type.h:53 suspicious rcu_dereference_protected() usage!
    other info that might help us debug this:
    rcu_scheduler_active = 2, debug_locks = 1
    2 locks held by cryptsetup/6464:
     #0:  (&md->type_lock){+.+.+.}, at: [<ffffffffa02472a2>] dm_lock_md_type+0x12/0x20 [dm_mod]
     #1:  (rcu_read_lock){......}, at: [<ffffffffa02822f8>] crypt_set_key+0x1d8/0x4b0 [dm_crypt]
    stack backtrace:
    CPU: 1 PID: 6464 Comm: cryptsetup Not tainted 4.10.0-rc5 #2
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.9.1-1.fc24 04/01/2014
    Call Trace:
     dump_stack+0x67/0x92
     lockdep_rcu_suspicious+0xc5/0x100
     crypt_set_key+0x351/0x4b0 [dm_crypt]
     ? crypt_set_key+0x1d8/0x4b0 [dm_crypt]
     crypt_ctr+0x341/0xa53 [dm_crypt]
     dm_table_add_target+0x147/0x330 [dm_mod]
     table_load+0x111/0x350 [dm_mod]
     ? retrieve_status+0x1c0/0x1c0 [dm_mod]
     ctl_ioctl+0x1f5/0x510 [dm_mod]
     dm_ctl_ioctl+0xe/0x20 [dm_mod]
     do_vfs_ioctl+0x8e/0x690
     ? ____fput+0x9/0x10
     ? task_work_run+0x7e/0xa0
     ? trace_hardirqs_on_caller+0x122/0x1b0
     SyS_ioctl+0x3c/0x70
     entry_SYSCALL_64_fastpath+0x18/0xad
    RIP: 0033:0x7f392c9a4ec7
    RSP: 002b:00007ffef6383378 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
    RAX: ffffffffffffffda RBX: 00007ffef63830a0 RCX: 00007f392c9a4ec7
    RDX: 000000000124fcc0 RSI: 00000000c138fd09 RDI: 0000000000000005
    RBP: 00007ffef6383090 R08: 00000000ffffffff R09: 00000000012482b0
    R10: 2a28205d34383336 R11: 0000000000000246 R12: 00007f392d803a08
    R13: 00007ffef63831e0 R14: 0000000000000000 R15: 00007f392d803a0b
    
    Fixes: c538f6ec ("dm crypt: add ability to use keys from the kernel key retention service")
    Reported-by: default avatarMilan Broz <mbroz@redhat.com>
    Signed-off-by: default avatarOndrej Kozina <okozina@redhat.com>
    Reviewed-by: default avatarMikulas Patocka <mpatocka@redhat.com>
    Signed-off-by: default avatarMike Snitzer <snitzer@redhat.com>
    f5b0cba8
dm-crypt.c 54 KB