android_kernel_oneplus_msm8998/net/ipv6
Paolo Abeni 482526ec0a netfilter: drop outermost socket lock in getsockopt()
commit 01ea306f2ac2baff98d472da719193e738759d93 upstream.

The Syzbot reported a possible deadlock in the netfilter area caused by
rtnl lock, xt lock and socket lock being acquired with a different order
on different code paths, leading to the following backtrace:
Reviewed-by: Xin Long <lucien.xin@gmail.com>

======================================================
WARNING: possible circular locking dependency detected
4.15.0+ #301 Not tainted
------------------------------------------------------
syzkaller233489/4179 is trying to acquire lock:
  (rtnl_mutex){+.+.}, at: [<0000000048e996fd>] rtnl_lock+0x17/0x20
net/core/rtnetlink.c:74

but task is already holding lock:
  (&xt[i].mutex){+.+.}, at: [<00000000328553a2>]
xt_find_table_lock+0x3e/0x3e0 net/netfilter/x_tables.c:1041

which lock already depends on the new lock.
===

Since commit 3f34cfae1230 ("netfilter: on sockopt() acquire sock lock
only in the required scope"), we already acquire the socket lock in
the innermost scope, where needed. In such commit I forgot to remove
the outer-most socket lock from the getsockopt() path, this commit
addresses the issues dropping it now.

v1 -> v2: fix bad subj, added relavant 'fixes' tag

Fixes: 22265a5c3c ("netfilter: xt_TEE: resolve oif using netdevice notifiers")
Fixes: 202f59afd441 ("netfilter: ipt_CLUSTERIP: do not hold dev")
Fixes: 3f34cfae1230 ("netfilter: on sockopt() acquire sock lock only in the required scope")
Reported-by: syzbot+ddde1c7b7ff7442d7f2d@syzkaller.appspotmail.com
Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Tested-by: Krzysztof Piotr Oledzki <ole@ans.pl>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-28 10:17:21 +01:00
..
netfilter netfilter: on sockopt() acquire sock lock only in the required scope 2018-02-25 11:03:37 +01:00
addrconf.c ipv6: fix sparse warning on rt6i_node 2017-09-27 11:00:10 +02:00
addrconf_core.c ipv6: change ipv6_stub_impl.ipv6_dst_lookup to take net argument 2015-07-31 15:21:30 -07:00
addrlabel.c ipv6/addrlabel: fix ip6addrlbl_get() 2015-12-22 15:57:54 -05:00
af_inet6.c net: reevalulate autoflowlabel setting after sysctl setting 2018-01-02 20:33:25 +01:00
ah6.c ah6: fix error return code 2015-08-25 13:37:31 -07:00
anycast.c ipv6: coding style: comparison for equality with NULL 2015-03-31 13:51:54 -04:00
datagram.c ipv6: Handle IPv4-mapped src to in6addr_any dst. 2017-06-17 06:39:35 +02:00
esp6.c esp6: Fix integrity verification when ESN are used 2016-12-10 19:07:26 +01:00
exthdrs.c ipv6: add complete rcu protection around np->opt 2015-12-02 23:37:16 -05:00
exthdrs_core.c ipv6: re-enable fragment header matching in ipv6_find_hdr 2016-04-20 15:41:59 +09:00
exthdrs_offload.c ipv6: fix exthdrs offload registration in out_rt path 2015-09-02 15:31:00 -07:00
fib6_rules.c ipv6: Do not leak throw route references 2017-07-05 14:37:14 +02:00
icmp.c ipv6: kill sk_dst_lock 2015-12-03 11:32:06 -05:00
ila.c dst: Pass net into dst->output 2015-10-08 04:27:03 -07:00
inet6_connection_sock.c ipv6: kill sk_dst_lock 2015-12-03 11:32:06 -05:00
inet6_hashtables.c net: SO_INCOMING_CPU setsockopt() support 2015-10-12 19:28:20 -07:00
ip6_checksum.c udp: Generic functions to set checksum 2014-06-04 22:46:38 -07:00
ip6_fib.c ipv6: fix typo in fib6_net_exit() 2017-09-27 11:00:12 +02:00
ip6_flowlabel.c ipv6: flowlabel: do not leave opt->tot_len with garbage 2017-11-18 11:11:06 +01:00
ip6_gre.c net: replace dst_cache ip6_tunnel implementation with the generic one 2018-02-25 11:03:34 +01:00
ip6_icmp.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
ip6_input.c netfilter: Pass net into okfn 2015-09-17 17:18:37 -07:00
ip6_offload.c ipv6: Fix leak in ipv6_gso_segment(). 2017-06-14 13:16:19 +02:00
ip6_offload.h
ip6_output.c ipv6: ip6_make_skb() needs to clear cork.base.dst 2018-01-31 12:06:13 +01:00
ip6_tunnel.c net: replace dst_cache ip6_tunnel implementation with the generic one 2018-02-25 11:03:34 +01:00
ip6_udp_tunnel.c vxlan: do not receive IPv4 packets on IPv6 socket 2015-08-29 13:07:54 -07:00
ip6_vti.c net: replace dst_cache ip6_tunnel implementation with the generic one 2018-02-25 11:03:34 +01:00
ip6mr.c ip6mr: fix stale iterator 2018-02-16 20:09:37 +01:00
ipcomp6.c ipv6: White-space cleansing : Structure layouts 2014-08-24 22:37:52 -07:00
ipv6_sockglue.c netfilter: drop outermost socket lock in getsockopt() 2018-02-28 10:17:21 +01:00
Kconfig net: replace dst_cache ip6_tunnel implementation with the generic one 2018-02-25 11:03:34 +01:00
Makefile net: Identifier Locator Addressing module 2015-08-17 21:33:06 -07:00
mcast.c ipv6: mcast: better catch silly mtu values 2018-01-02 20:33:24 +01:00
mcast_snoop.c net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code 2015-08-13 17:08:39 -07:00
mip6.c ipv6: use ktime_t for internal timestamps 2015-10-05 03:16:47 -07:00
ndisc.c ipv6: honor ifindex in case we receive ll addresses in router advertisements 2015-12-23 22:03:54 -05:00
netfilter.c ipv6: Pass struct net into ip6_route_me_harder 2015-09-29 20:21:32 +02:00
output_core.c ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() 2017-09-27 11:00:10 +02:00
ping.c net: ping: do not abuse udp_poll() 2017-06-14 13:16:19 +02:00
proc.c udp: Increment UDP_MIB_IGNOREDMULTI for arriving unmatched multicasts 2014-11-07 15:45:50 -05:00
protocol.c net: Export inet_offloads and inet6_offloads 2014-09-19 17:15:31 -04:00
raw.c net: ping: do not abuse udp_poll() 2017-06-14 13:16:19 +02:00
reassembly.c Revert "net: fix percpu memory leaks" 2017-09-27 11:00:11 +02:00
route.c ipv6: only call ip6_route_dev_notify() once for NETDEV_UNREGISTER 2017-11-30 08:37:18 +00:00
sit.c sit: update frag_off info 2017-12-16 10:33:56 +01:00
syncookies.c ipv4: ipv6: initialize treq->txhash in cookie_v[46]_check() 2017-08-11 09:08:51 -07:00
sysctl_net_ipv6.c ipv6: Implement different admin modes for automatic flow labels 2015-07-31 17:07:11 -07:00
tcp_ipv6.c tcp md5sig: Use skb's saddr when replying to an incoming segment 2018-01-02 20:33:25 +01:00
tcpv6_offload.c tcp: cleanup static functions 2015-02-28 16:56:51 -05:00
tunnel6.c ipv6: fix tunnel error handling 2015-11-03 10:52:13 -05:00
udp.c udpv6: Fix the checksum computation when HW checksum does not apply 2017-10-21 17:09:02 +02:00
udp_impl.h net: Remove iocb argument from sendmsg and recvmsg 2015-03-02 13:06:31 -05:00
udp_offload.c net: avoid skb_warn_bad_offload false positives on UFO 2017-08-12 19:29:08 -07:00
udplite.c net: Eliminate no_check from protosw 2014-05-23 16:28:53 -04:00
xfrm6_input.c netfilter: Pass struct net into the netfilter hooks 2015-09-17 17:18:37 -07:00
xfrm6_mode_beet.c xfrm: simplify xfrm_address_t use 2015-03-31 13:58:35 -04:00
xfrm6_mode_ro.c ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() 2017-06-14 13:16:19 +02:00
xfrm6_mode_transport.c ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() 2017-06-14 13:16:19 +02:00
xfrm6_mode_tunnel.c ipv6: update skb->csum when CE mark is propagated 2016-01-31 11:29:01 -08:00
xfrm6_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2015-10-24 06:54:12 -07:00
xfrm6_policy.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2015-12-22 16:26:31 -05:00
xfrm6_protocol.c xfrm6: Properly handle unsupported protocols 2014-05-06 07:08:38 +02:00
xfrm6_state.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
xfrm6_tunnel.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00