[PATCH net 0/2] ipv6: route: enforce RCU protection for fib6

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH net 0/2] ipv6: route: enforce RCU protection for fib6_info->from
@ 2019-02-20 17:10 Paolo Abeni
  2019-02-20 17:10 ` [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt() Paolo Abeni
  2019-02-20 17:10 ` [PATCH net 2/2] ipv6: route: enforce RCU protection in ip6_route_check_nh_onlink() Paolo Abeni
  0 siblings, 2 replies; 5+ messages in thread
From: Paolo Abeni @ 2019-02-20 17:10 UTC (permalink / raw)
  To: netdev; +Cc: David Ahern, David S. Miller

This series addresses a couple of RCU left-over dating back to rt6_info->from
conversion to RCU

Paolo Abeni (2):
  ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt()
  ipv6: route: enforce RCU protection in ip6_route_check_nh_onlink()

 net/ipv6/route.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

-- 
2.20.1


^ permalink raw reply	[flat|nested] 5+ messages in thread

* [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt()
  2019-02-20 17:10 [PATCH net 0/2] ipv6: route: enforce RCU protection for fib6_info->from Paolo Abeni
@ 2019-02-20 17:10 ` Paolo Abeni
  2019-02-20 17:22   ` Paolo Abeni
  2019-02-20 17:10 ` [PATCH net 2/2] ipv6: route: enforce RCU protection in ip6_route_check_nh_onlink() Paolo Abeni
  1 sibling, 1 reply; 5+ messages in thread
From: Paolo Abeni @ 2019-02-20 17:10 UTC (permalink / raw)
  To: netdev; +Cc: David Ahern, David S. Miller

We must access rt6_info->from under RCU read lock: move the
dereference under such lock, with proper annotation, and use
rcu_access_pointer() to check for null value outside the lock.

Fixes: a68886a69180 ("net/ipv6: Make from in rt6_info rcu protected")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
 net/ipv6/route.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index bd09abd1fb22..cbaa8745d9ff 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1610,15 +1610,15 @@ static int rt6_remove_exception_rt(struct rt6_info *rt)
 static void rt6_update_exception_stamp_rt(struct rt6_info *rt)
 {
 	struct rt6_exception_bucket *bucket;
-	struct fib6_info *from = rt->from;
 	struct in6_addr *src_key = NULL;
 	struct rt6_exception *rt6_ex;
+	struct fib6_info *from;
 
-	if (!from ||
-	    !(rt->rt6i_flags & RTF_CACHE))
+	if (!rcu_access_pointer(rt->from) || !(rt->rt6i_flags & RTF_CACHE))
 		return;
 
 	rcu_read_lock();
+	from = rcu_dereference(rt->from);
 	bucket = rcu_dereference(from->rt6i_exception_bucket);
 
 #ifdef CONFIG_IPV6_SUBTREES
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH net 2/2] ipv6: route: enforce RCU protection in ip6_route_check_nh_onlink()
  2019-02-20 17:10 [PATCH net 0/2] ipv6: route: enforce RCU protection for fib6_info->from Paolo Abeni
  2019-02-20 17:10 ` [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt() Paolo Abeni
@ 2019-02-20 17:10 ` Paolo Abeni
  1 sibling, 0 replies; 5+ messages in thread
From: Paolo Abeni @ 2019-02-20 17:10 UTC (permalink / raw)
  To: netdev; +Cc: David Ahern, David S. Miller

We need a RCU critical section around rt6_info->from deference, and
proper annotation.

Fixes: 4ed591c8ab44 ("net/ipv6: Allow onlink routes to have a device mismatch if it is the default route")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
 net/ipv6/route.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index cbaa8745d9ff..3b526a070299 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2753,20 +2753,24 @@ static int ip6_route_check_nh_onlink(struct net *net,
 	u32 tbid = l3mdev_fib_table(dev) ? : RT_TABLE_MAIN;
 	const struct in6_addr *gw_addr = &cfg->fc_gateway;
 	u32 flags = RTF_LOCAL | RTF_ANYCAST | RTF_REJECT;
+	struct fib6_info *from;
 	struct rt6_info *grt;
 	int err;
 
 	err = 0;
 	grt = ip6_nh_lookup_table(net, cfg, gw_addr, tbid, 0);
 	if (grt) {
+		rcu_read_lock();
+		from = rcu_dereference(grt->from);
 		if (!grt->dst.error &&
 		    /* ignore match if it is the default route */
-		    grt->from && !ipv6_addr_any(&grt->from->fib6_dst.addr) &&
+		    from && !ipv6_addr_any(&from->fib6_dst.addr) &&
 		    (grt->rt6i_flags & flags || dev != grt->dst.dev)) {
 			NL_SET_ERR_MSG(extack,
 				       "Nexthop has invalid gateway or device mismatch");
 			err = -EINVAL;
 		}
+		rcu_read_unlock();
 
 		ip6_rt_put(grt);
 	}
-- 
2.20.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt()
  2019-02-20 17:10 ` [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt() Paolo Abeni
@ 2019-02-20 17:22   ` Paolo Abeni
  2019-02-20 19:28     ` David Miller
  0 siblings, 1 reply; 5+ messages in thread
From: Paolo Abeni @ 2019-02-20 17:22 UTC (permalink / raw)
  To: netdev; +Cc: David Ahern, David S. Miller

On Wed, 2019-02-20 at 18:10 +0100, Paolo Abeni wrote:
> We must access rt6_info->from under RCU read lock: move the
> dereference under such lock, with proper annotation, and use
> rcu_access_pointer() to check for null value outside the lock.
> 
> Fixes: a68886a69180 ("net/ipv6: Make from in rt6_info rcu protected")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> ---
>  net/ipv6/route.c | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index bd09abd1fb22..cbaa8745d9ff 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -1610,15 +1610,15 @@ static int rt6_remove_exception_rt(struct rt6_info *rt)
>  static void rt6_update_exception_stamp_rt(struct rt6_info *rt)
>  {
>  	struct rt6_exception_bucket *bucket;
> -	struct fib6_info *from = rt->from;
>  	struct in6_addr *src_key = NULL;
>  	struct rt6_exception *rt6_ex;
> +	struct fib6_info *from;
>  
> -	if (!from ||
> -	    !(rt->rt6i_flags & RTF_CACHE))
> +	if (!rcu_access_pointer(rt->from) || !(rt->rt6i_flags & RTF_CACHE))
>  		return;
>  
>  	rcu_read_lock();
> +	from = rcu_dereference(rt->from);

-ELOWONCOFFEE: even this one is racy, as rt->from can go away due to
underlying device removal between the two fetch operation.

I'll send a v2.

Again, I'm sorry for the noise,

Paolo


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt()
  2019-02-20 17:22   ` Paolo Abeni
@ 2019-02-20 19:28     ` David Miller
  0 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2019-02-20 19:28 UTC (permalink / raw)
  To: pabeni; +Cc: netdev, dsahern

From: Paolo Abeni <pabeni@redhat.com>
Date: Wed, 20 Feb 2019 18:22:55 +0100

> -ELOWONCOFFEE:

Mind if I make you some? :)

> I'll send a v2.
> 
> Again, I'm sorry for the noise,

You are keeping me busy today.

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2019-02-20 19:28 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-20 17:10 [PATCH net 0/2] ipv6: route: enforce RCU protection for fib6_info->from Paolo Abeni
2019-02-20 17:10 ` [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt() Paolo Abeni
2019-02-20 17:22   ` Paolo Abeni
2019-02-20 19:28     ` David Miller
2019-02-20 17:10 ` [PATCH net 2/2] ipv6: route: enforce RCU protection in ip6_route_check_nh_onlink() Paolo Abeni

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.