Re: [PATCH 1/3] rcu: Return early if callback is not specified
On 6/12/2025 5:03 PM, Boqun Feng wrote: [..] > >> The kernel robot reports it and it is already a strong indication that >> the subsystem is not hardened against invalid inputs: >> >> "BUG: unable to handle kernel NULL pointer dereference in rcu_core (3)" >> >> so this in the rcu_core() which is part of RCU. >> >> But, anyway Joel should decide. I shared my opinion :) >> > > Of course, my point is that the urgency is not high enough so we have to > put it in rcu/fixes, but it's a fix, and if Joel had the time to do > it, feel free. Joel's decision. > Yeah I feel Vlad's fix for a crash is important so I'll send this up to Linus for 6.16 after some testing this week. For the other 2 patches, since that is triggered by a trace point, I'll just let Neeraj take them for 6.17. thanks, - Joel
Re: [PATCH 1/3] rcu: Return early if callback is not specified
On Thu, Jun 12, 2025 at 07:46:12PM +0200, Uladzislau Rezki wrote: > On Thu, Jun 12, 2025 at 10:30:38AM -0700, Boqun Feng wrote: > > > > > > On Tue, Jun 10, 2025, at 12:33 PM, Joel Fernandes wrote: > > > On 6/10/2025 1:34 PM, Uladzislau Rezki (Sony) wrote: > > >> Currently the call_rcu() API does not check whether a callback > > >> pointer is NULL. If NULL is passed, rcu_core() will try to invoke > > >> it, resulting in NULL pointer dereference and a kernel crash. > > >> > > >> To prevent this and improve debuggability, this patch adds a check > > >> for NULL and emits a kernel stack trace to help identify a faulty > > >> caller. > > >> > > >> Signed-off-by: Uladzislau Rezki (Sony) > > > > > > Reviewed-by: Joel Fernandes > > > > > > > Reviewed-by: Boqun Feng > > > Thank you for review, Boqun! > > > > I will add this first one (only this one since we're discussing the > > > others) to a > > > new rcu/fixes-for-6.16 branch, but let me know if any objections. > > > > > > > Not sure it´s urgent enough given the current evidence. > > > Let me clarify it a bit. My point is that, we get a kernel crash in a > subsystem we are responsible for, i.e. no matter if there are faulty > users of it(third party applications), the point is users can crash it. > Fair enough. > The kernel robot reports it and it is already a strong indication that > the subsystem is not hardened against invalid inputs: > > "BUG: unable to handle kernel NULL pointer dereference in rcu_core (3)" > > so this in the rcu_core() which is part of RCU. > > But, anyway Joel should decide. I shared my opinion :) > Of course, my point is that the urgency is not high enough so we have to put it in rcu/fixes, but it's a fix, and if Joel had the time to do it, feel free. Joel's decision. Regards, Boqun > -- > Uladzislau Rezki
Re: [PATCH 1/3] rcu: Return early if callback is not specified
On Thu, Jun 12, 2025 at 10:30:38AM -0700, Boqun Feng wrote: > > > On Tue, Jun 10, 2025, at 12:33 PM, Joel Fernandes wrote: > > On 6/10/2025 1:34 PM, Uladzislau Rezki (Sony) wrote: > >> Currently the call_rcu() API does not check whether a callback > >> pointer is NULL. If NULL is passed, rcu_core() will try to invoke > >> it, resulting in NULL pointer dereference and a kernel crash. > >> > >> To prevent this and improve debuggability, this patch adds a check > >> for NULL and emits a kernel stack trace to help identify a faulty > >> caller. > >> > >> Signed-off-by: Uladzislau Rezki (Sony) > > > > Reviewed-by: Joel Fernandes > > > > Reviewed-by: Boqun Feng > Thank you for review, Boqun! > > I will add this first one (only this one since we're discussing the others) > > to a > > new rcu/fixes-for-6.16 branch, but let me know if any objections. > > > > Not sure it’s urgent enough given the current evidence. > Let me clarify it a bit. My point is that, we get a kernel crash in a subsystem we are responsible for, i.e. no matter if there are faulty users of it(third party applications), the point is users can crash it. The kernel robot reports it and it is already a strong indication that the subsystem is not hardened against invalid inputs: "BUG: unable to handle kernel NULL pointer dereference in rcu_core (3)" so this in the rcu_core() which is part of RCU. But, anyway Joel should decide. I shared my opinion :) -- Uladzislau Rezki
Re: [PATCH 1/3] rcu: Return early if callback is not specified
On Thu, Jun 12, 2025, at 10:30 AM, Boqun Feng wrote:
> On Tue, Jun 10, 2025, at 12:33 PM, Joel Fernandes wrote:
>> On 6/10/2025 1:34 PM, Uladzislau Rezki (Sony) wrote:
>>> Currently the call_rcu() API does not check whether a callback
>>> pointer is NULL. If NULL is passed, rcu_core() will try to invoke
>>> it, resulting in NULL pointer dereference and a kernel crash.
>>>
>>> To prevent this and improve debuggability, this patch adds a check
>>> for NULL and emits a kernel stack trace to help identify a faulty
>>> caller.
>>>
>>> Signed-off-by: Uladzislau Rezki (Sony)
>>
>> Reviewed-by: Joel Fernandes
>>
>
> Reviewed-by: Boqun Feng
>
(Accidentally sent from another email account, FWIW,
this is Boqun Feng and I approve this message, sorry
couldn’t resist :))
Regards,
Boqun
>> I will add this first one (only this one since we're discussing the others)
>> to a
>> new rcu/fixes-for-6.16 branch, but let me know if any objections.
>>
>
> Not sure it’s urgent enough given the current evidence.
>
> Regards,
> Boqun
>
>> Will push that branch out during -rc2 or -rc3 after sufficient testing.
>>
>> thanks,
>>
>> - Joel
>>
>>> ---
>>> kernel/rcu/tree.c | 4
>>> 1 file changed, 4 insertions(+)
>>>
>>> diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
>>> index e8a4b720d7d2..14d4499c6fc3 100644
>>> --- a/kernel/rcu/tree.c
>>> +++ b/kernel/rcu/tree.c
>>> @@ -3072,6 +3072,10 @@ __call_rcu_common(struct rcu_head *head,
>>> rcu_callback_t func, bool lazy_in)
>>> /* Misaligned rcu_head! */
>>> WARN_ON_ONCE((unsigned long)head & (sizeof(void *) - 1));
>>>
>>> + /* Avoid NULL dereference if callback is NULL. */
>>> + if (WARN_ON_ONCE(!func))
>>> + return;
>>> +
>>> if (debug_rcu_head_queue(head)) {
>>> /*
>>> * Probable double call_rcu(), so leak the callback.
Re: [PATCH 1/3] rcu: Return early if callback is not specified
On Tue, Jun 10, 2025, at 12:33 PM, Joel Fernandes wrote:
> On 6/10/2025 1:34 PM, Uladzislau Rezki (Sony) wrote:
>> Currently the call_rcu() API does not check whether a callback
>> pointer is NULL. If NULL is passed, rcu_core() will try to invoke
>> it, resulting in NULL pointer dereference and a kernel crash.
>>
>> To prevent this and improve debuggability, this patch adds a check
>> for NULL and emits a kernel stack trace to help identify a faulty
>> caller.
>>
>> Signed-off-by: Uladzislau Rezki (Sony)
>
> Reviewed-by: Joel Fernandes
>
Reviewed-by: Boqun Feng
> I will add this first one (only this one since we're discussing the others)
> to a
> new rcu/fixes-for-6.16 branch, but let me know if any objections.
>
Not sure it’s urgent enough given the current evidence.
Regards,
Boqun
> Will push that branch out during -rc2 or -rc3 after sufficient testing.
>
> thanks,
>
> - Joel
>
>> ---
>> kernel/rcu/tree.c | 4
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
>> index e8a4b720d7d2..14d4499c6fc3 100644
>> --- a/kernel/rcu/tree.c
>> +++ b/kernel/rcu/tree.c
>> @@ -3072,6 +3072,10 @@ __call_rcu_common(struct rcu_head *head,
>> rcu_callback_t func, bool lazy_in)
>> /* Misaligned rcu_head! */
>> WARN_ON_ONCE((unsigned long)head & (sizeof(void *) - 1));
>>
>> +/* Avoid NULL dereference if callback is NULL. */
>> +if (WARN_ON_ONCE(!func))
>> +return;
>> +
>> if (debug_rcu_head_queue(head)) {
>> /*
>> * Probable double call_rcu(), so leak the callback.
Re: [PATCH 1/3] rcu: Return early if callback is not specified
On Tue, Jun 10, 2025 at 03:33:32PM -0400, Joel Fernandes wrote: > > > On 6/10/2025 1:34 PM, Uladzislau Rezki (Sony) wrote: > > Currently the call_rcu() API does not check whether a callback > > pointer is NULL. If NULL is passed, rcu_core() will try to invoke > > it, resulting in NULL pointer dereference and a kernel crash. > > > > To prevent this and improve debuggability, this patch adds a check > > for NULL and emits a kernel stack trace to help identify a faulty > > caller. > > > > Signed-off-by: Uladzislau Rezki (Sony) > > Reviewed-by: Joel Fernandes > > I will add this first one (only this one since we're discussing the others) > to a > new rcu/fixes-for-6.16 branch, but let me know if any objections. > > Will push that branch out during -rc2 or -rc3 after sufficient testing. > Yep, that sounds good to me about rc-2/3 releases. -- Uladzislau Rezki
Re: [PATCH 1/3] rcu: Return early if callback is not specified
On 6/10/2025 1:34 PM, Uladzislau Rezki (Sony) wrote:
> Currently the call_rcu() API does not check whether a callback
> pointer is NULL. If NULL is passed, rcu_core() will try to invoke
> it, resulting in NULL pointer dereference and a kernel crash.
>
> To prevent this and improve debuggability, this patch adds a check
> for NULL and emits a kernel stack trace to help identify a faulty
> caller.
>
> Signed-off-by: Uladzislau Rezki (Sony)
Reviewed-by: Joel Fernandes
I will add this first one (only this one since we're discussing the others) to a
new rcu/fixes-for-6.16 branch, but let me know if any objections.
Will push that branch out during -rc2 or -rc3 after sufficient testing.
thanks,
- Joel
> ---
> kernel/rcu/tree.c | 4
> 1 file changed, 4 insertions(+)
>
> diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
> index e8a4b720d7d2..14d4499c6fc3 100644
> --- a/kernel/rcu/tree.c
> +++ b/kernel/rcu/tree.c
> @@ -3072,6 +3072,10 @@ __call_rcu_common(struct rcu_head *head,
> rcu_callback_t func, bool lazy_in)
> /* Misaligned rcu_head! */
> WARN_ON_ONCE((unsigned long)head & (sizeof(void *) - 1));
>
> + /* Avoid NULL dereference if callback is NULL. */
> + if (WARN_ON_ONCE(!func))
> + return;
> +
> if (debug_rcu_head_queue(head)) {
> /*
>* Probable double call_rcu(), so leak the callback.
[PATCH 1/3] rcu: Return early if callback is not specified
Currently the call_rcu() API does not check whether a callback
pointer is NULL. If NULL is passed, rcu_core() will try to invoke
it, resulting in NULL pointer dereference and a kernel crash.
To prevent this and improve debuggability, this patch adds a check
for NULL and emits a kernel stack trace to help identify a faulty
caller.
Signed-off-by: Uladzislau Rezki (Sony)
---
kernel/rcu/tree.c | 4
1 file changed, 4 insertions(+)
diff --git a/kernel/rcu/tree.c b/kernel/rcu/tree.c
index e8a4b720d7d2..14d4499c6fc3 100644
--- a/kernel/rcu/tree.c
+++ b/kernel/rcu/tree.c
@@ -3072,6 +3072,10 @@ __call_rcu_common(struct rcu_head *head, rcu_callback_t
func, bool lazy_in)
/* Misaligned rcu_head! */
WARN_ON_ONCE((unsigned long)head & (sizeof(void *) - 1));
+ /* Avoid NULL dereference if callback is NULL. */
+ if (WARN_ON_ONCE(!func))
+ return;
+
if (debug_rcu_head_queue(head)) {
/*
* Probable double call_rcu(), so leak the callback.
--
2.39.5
