* [PATCH net 0/2] ipv6: route: enforce RCU protection for fib6_info->from
@ 2019-02-20 17:10 Paolo Abeni
2019-02-20 17:10 ` [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt() Paolo Abeni
2019-02-20 17:10 ` [PATCH net 2/2] ipv6: route: enforce RCU protection in ip6_route_check_nh_onlink() Paolo Abeni
0 siblings, 2 replies; 5+ messages in thread
From: Paolo Abeni @ 2019-02-20 17:10 UTC (permalink / raw)
To: netdev; +Cc: David Ahern, David S. Miller
This series addresses a couple of RCU left-over dating back to rt6_info->from
conversion to RCU
Paolo Abeni (2):
ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt()
ipv6: route: enforce RCU protection in ip6_route_check_nh_onlink()
net/ipv6/route.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
--
2.20.1
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt()
2019-02-20 17:10 [PATCH net 0/2] ipv6: route: enforce RCU protection for fib6_info->from Paolo Abeni
@ 2019-02-20 17:10 ` Paolo Abeni
2019-02-20 17:22 ` Paolo Abeni
2019-02-20 17:10 ` [PATCH net 2/2] ipv6: route: enforce RCU protection in ip6_route_check_nh_onlink() Paolo Abeni
1 sibling, 1 reply; 5+ messages in thread
From: Paolo Abeni @ 2019-02-20 17:10 UTC (permalink / raw)
To: netdev; +Cc: David Ahern, David S. Miller
We must access rt6_info->from under RCU read lock: move the
dereference under such lock, with proper annotation, and use
rcu_access_pointer() to check for null value outside the lock.
Fixes: a68886a69180 ("net/ipv6: Make from in rt6_info rcu protected")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
net/ipv6/route.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index bd09abd1fb22..cbaa8745d9ff 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1610,15 +1610,15 @@ static int rt6_remove_exception_rt(struct rt6_info *rt)
static void rt6_update_exception_stamp_rt(struct rt6_info *rt)
{
struct rt6_exception_bucket *bucket;
- struct fib6_info *from = rt->from;
struct in6_addr *src_key = NULL;
struct rt6_exception *rt6_ex;
+ struct fib6_info *from;
- if (!from ||
- !(rt->rt6i_flags & RTF_CACHE))
+ if (!rcu_access_pointer(rt->from) || !(rt->rt6i_flags & RTF_CACHE))
return;
rcu_read_lock();
+ from = rcu_dereference(rt->from);
bucket = rcu_dereference(from->rt6i_exception_bucket);
#ifdef CONFIG_IPV6_SUBTREES
--
2.20.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH net 2/2] ipv6: route: enforce RCU protection in ip6_route_check_nh_onlink()
2019-02-20 17:10 [PATCH net 0/2] ipv6: route: enforce RCU protection for fib6_info->from Paolo Abeni
2019-02-20 17:10 ` [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt() Paolo Abeni
@ 2019-02-20 17:10 ` Paolo Abeni
1 sibling, 0 replies; 5+ messages in thread
From: Paolo Abeni @ 2019-02-20 17:10 UTC (permalink / raw)
To: netdev; +Cc: David Ahern, David S. Miller
We need a RCU critical section around rt6_info->from deference, and
proper annotation.
Fixes: 4ed591c8ab44 ("net/ipv6: Allow onlink routes to have a device mismatch if it is the default route")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
net/ipv6/route.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index cbaa8745d9ff..3b526a070299 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2753,20 +2753,24 @@ static int ip6_route_check_nh_onlink(struct net *net,
u32 tbid = l3mdev_fib_table(dev) ? : RT_TABLE_MAIN;
const struct in6_addr *gw_addr = &cfg->fc_gateway;
u32 flags = RTF_LOCAL | RTF_ANYCAST | RTF_REJECT;
+ struct fib6_info *from;
struct rt6_info *grt;
int err;
err = 0;
grt = ip6_nh_lookup_table(net, cfg, gw_addr, tbid, 0);
if (grt) {
+ rcu_read_lock();
+ from = rcu_dereference(grt->from);
if (!grt->dst.error &&
/* ignore match if it is the default route */
- grt->from && !ipv6_addr_any(&grt->from->fib6_dst.addr) &&
+ from && !ipv6_addr_any(&from->fib6_dst.addr) &&
(grt->rt6i_flags & flags || dev != grt->dst.dev)) {
NL_SET_ERR_MSG(extack,
"Nexthop has invalid gateway or device mismatch");
err = -EINVAL;
}
+ rcu_read_unlock();
ip6_rt_put(grt);
}
--
2.20.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt()
2019-02-20 17:10 ` [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt() Paolo Abeni
@ 2019-02-20 17:22 ` Paolo Abeni
2019-02-20 19:28 ` David Miller
0 siblings, 1 reply; 5+ messages in thread
From: Paolo Abeni @ 2019-02-20 17:22 UTC (permalink / raw)
To: netdev; +Cc: David Ahern, David S. Miller
On Wed, 2019-02-20 at 18:10 +0100, Paolo Abeni wrote:
> We must access rt6_info->from under RCU read lock: move the
> dereference under such lock, with proper annotation, and use
> rcu_access_pointer() to check for null value outside the lock.
>
> Fixes: a68886a69180 ("net/ipv6: Make from in rt6_info rcu protected")
> Signed-off-by: Paolo Abeni <pabeni@redhat.com>
> ---
> net/ipv6/route.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index bd09abd1fb22..cbaa8745d9ff 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -1610,15 +1610,15 @@ static int rt6_remove_exception_rt(struct rt6_info *rt)
> static void rt6_update_exception_stamp_rt(struct rt6_info *rt)
> {
> struct rt6_exception_bucket *bucket;
> - struct fib6_info *from = rt->from;
> struct in6_addr *src_key = NULL;
> struct rt6_exception *rt6_ex;
> + struct fib6_info *from;
>
> - if (!from ||
> - !(rt->rt6i_flags & RTF_CACHE))
> + if (!rcu_access_pointer(rt->from) || !(rt->rt6i_flags & RTF_CACHE))
> return;
>
> rcu_read_lock();
> + from = rcu_dereference(rt->from);
-ELOWONCOFFEE: even this one is racy, as rt->from can go away due to
underlying device removal between the two fetch operation.
I'll send a v2.
Again, I'm sorry for the noise,
Paolo
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt()
2019-02-20 17:22 ` Paolo Abeni
@ 2019-02-20 19:28 ` David Miller
0 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2019-02-20 19:28 UTC (permalink / raw)
To: pabeni; +Cc: netdev, dsahern
From: Paolo Abeni <pabeni@redhat.com>
Date: Wed, 20 Feb 2019 18:22:55 +0100
> -ELOWONCOFFEE:
Mind if I make you some? :)
> I'll send a v2.
>
> Again, I'm sorry for the noise,
You are keeping me busy today.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-02-20 19:28 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-20 17:10 [PATCH net 0/2] ipv6: route: enforce RCU protection for fib6_info->from Paolo Abeni
2019-02-20 17:10 ` [PATCH net 1/2] ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt() Paolo Abeni
2019-02-20 17:22 ` Paolo Abeni
2019-02-20 19:28 ` David Miller
2019-02-20 17:10 ` [PATCH net 2/2] ipv6: route: enforce RCU protection in ip6_route_check_nh_onlink() Paolo Abeni
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.