linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v2] net/bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6
@ 2015-07-07 14:55 Julien Grall
  2015-07-07 18:34 ` Stephen Hemminger
  0 siblings, 1 reply; 3+ messages in thread
From: Julien Grall @ 2015-07-07 14:55 UTC (permalink / raw)
  To: xen-devel, pablo, kaber, kadlec, stephen, davem, netfilter-devel,
	coreteam, bridge, netdev
  Cc: linux-kernel, Julien Grall, Bernhard Thaler, fw, ian.campbell,
	wei.liu2, Bob Liu

The commit efb6de9b4ba0092b2c55f6a52d16294a8a698edd "netfilter: bridge:
forward IPv6 fragmented packets" introduced a new function
br_validate_ipv6 which take a reference on the inet6 device. Although,
the reference is not released at the end.

This will result to the impossibility to destroy any netdevice using
ipv6 and bridge.

It's possible to directly retrieve the inet6 device without taking a
reference as all netfilter hooks are protected by rcu_read_lock via
nf_hook_slow.

Spotted while trying to destroy a Xen guest on the upstream Linux:
"unregister_netdevice: waiting for vif1.0 to become free. Usage count = 1"

Signed-off-by: Julien Grall <julien.grall@citrix.com>
Cc: Bernhard Thaler <bernhard.thaler@wvnet.at>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: fw@strlen.de
Cc: ian.campbell@citrix.com
Cc: wei.liu2@citrix.com
Cc: Bob Liu <bob.liu@oracle.com>

---
    Note that it's impossible to create new guest after this message.
    I'm not sure if it's normal.

    Changes in v2:
        - Don't take a reference to inet6.
        - This was "net/bridge: Add missing in6_dev_put in
        br_validate_ipv6" [0]

    [0] https://lkml.org/lkml/2015/7/3/443
---
 net/bridge/br_netfilter_ipv6.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/bridge/br_netfilter_ipv6.c b/net/bridge/br_netfilter_ipv6.c
index 6d12d26..13b7d1e 100644
--- a/net/bridge/br_netfilter_ipv6.c
+++ b/net/bridge/br_netfilter_ipv6.c
@@ -104,7 +104,7 @@ int br_validate_ipv6(struct sk_buff *skb)
 {
 	const struct ipv6hdr *hdr;
 	struct net_device *dev = skb->dev;
-	struct inet6_dev *idev = in6_dev_get(skb->dev);
+	struct inet6_dev *idev = __in6_dev_get(skb->dev);
 	u32 pkt_len;
 	u8 ip6h_len = sizeof(struct ipv6hdr);
 
-- 
2.1.4


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] net/bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6
  2015-07-07 14:55 [PATCH v2] net/bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 Julien Grall
@ 2015-07-07 18:34 ` Stephen Hemminger
  2015-07-08  9:04   ` Pablo Neira Ayuso
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Hemminger @ 2015-07-07 18:34 UTC (permalink / raw)
  To: Julien Grall
  Cc: xen-devel, pablo, kaber, kadlec, davem, netfilter-devel,
	coreteam, bridge, netdev, linux-kernel, Bernhard Thaler, fw,
	ian.campbell, wei.liu2, Bob Liu

On Tue, 7 Jul 2015 15:55:21 +0100
Julien Grall <julien.grall@citrix.com> wrote:

> The commit efb6de9b4ba0092b2c55f6a52d16294a8a698edd "netfilter: bridge:
> forward IPv6 fragmented packets" introduced a new function
> br_validate_ipv6 which take a reference on the inet6 device. Although,
> the reference is not released at the end.
> 
> This will result to the impossibility to destroy any netdevice using
> ipv6 and bridge.
> 
> It's possible to directly retrieve the inet6 device without taking a
> reference as all netfilter hooks are protected by rcu_read_lock via
> nf_hook_slow.
> 
> Spotted while trying to destroy a Xen guest on the upstream Linux:
> "unregister_netdevice: waiting for vif1.0 to become free. Usage count = 1"
> 
> Signed-off-by: Julien Grall <julien.grall@citrix.com>
> Cc: Bernhard Thaler <bernhard.thaler@wvnet.at>
> Cc: Pablo Neira Ayuso <pablo@netfilter.org>
> Cc: fw@strlen.de
> Cc: ian.campbell@citrix.com
> Cc: wei.liu2@citrix.com
> Cc: Bob Liu <bob.liu@oracle.com>
> 
> ---
>     Note that it's impossible to create new guest after this message.
>     I'm not sure if it's normal.
> 
>     Changes in v2:
>         - Don't take a reference to inet6.
>         - This was "net/bridge: Add missing in6_dev_put in
>         br_validate_ipv6" [0]
> 
>     [0] https://lkml.org/lkml/2015/7/3/443
> ---
>  net/bridge/br_netfilter_ipv6.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

I like this simple solution

Acked-by: Stephen Hemminger <stephen@networkplumber.org>


^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] net/bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6
  2015-07-07 18:34 ` Stephen Hemminger
@ 2015-07-08  9:04   ` Pablo Neira Ayuso
  0 siblings, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2015-07-08  9:04 UTC (permalink / raw)
  To: Stephen Hemminger
  Cc: Julien Grall, xen-devel, kaber, kadlec, davem, netfilter-devel,
	coreteam, bridge, netdev, linux-kernel, Bernhard Thaler, fw,
	ian.campbell, wei.liu2, Bob Liu

On Tue, Jul 07, 2015 at 11:34:34AM -0700, Stephen Hemminger wrote:
> On Tue, 7 Jul 2015 15:55:21 +0100
> Julien Grall <julien.grall@citrix.com> wrote:
> 
> > The commit efb6de9b4ba0092b2c55f6a52d16294a8a698edd "netfilter: bridge:
> > forward IPv6 fragmented packets" introduced a new function
> > br_validate_ipv6 which take a reference on the inet6 device. Although,
> > the reference is not released at the end.
> > 
> > This will result to the impossibility to destroy any netdevice using
> > ipv6 and bridge.
> > 
> > It's possible to directly retrieve the inet6 device without taking a
> > reference as all netfilter hooks are protected by rcu_read_lock via
> > nf_hook_slow.
> > 
> > Spotted while trying to destroy a Xen guest on the upstream Linux:
> > "unregister_netdevice: waiting for vif1.0 to become free. Usage count = 1"
> > 
> > Signed-off-by: Julien Grall <julien.grall@citrix.com>
> > Cc: Bernhard Thaler <bernhard.thaler@wvnet.at>
> > Cc: Pablo Neira Ayuso <pablo@netfilter.org>
> > Cc: fw@strlen.de
> > Cc: ian.campbell@citrix.com
> > Cc: wei.liu2@citrix.com
> > Cc: Bob Liu <bob.liu@oracle.com>
> > 
> > ---
> >     Note that it's impossible to create new guest after this message.
> >     I'm not sure if it's normal.
> > 
> >     Changes in v2:
> >         - Don't take a reference to inet6.
> >         - This was "net/bridge: Add missing in6_dev_put in
> >         br_validate_ipv6" [0]
> > 
> >     [0] https://lkml.org/lkml/2015/7/3/443
> > ---
> >  net/bridge/br_netfilter_ipv6.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> I like this simple solution
> 
> Acked-by: Stephen Hemminger <stephen@networkplumber.org>

Applied, thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2015-07-08  8:58 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-07-07 14:55 [PATCH v2] net/bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 Julien Grall
2015-07-07 18:34 ` Stephen Hemminger
2015-07-08  9:04   ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).