* [PATCH] netfilter: nf_flow_table: add missing locking
@ 2022-11-21 18:26 Felix Fietkau
2022-11-21 19:45 ` Felix Fietkau
2022-11-22 21:15 ` Pablo Neira Ayuso
0 siblings, 2 replies; 7+ messages in thread
From: Felix Fietkau @ 2022-11-21 18:26 UTC (permalink / raw)
To: netfilter-devel, Pablo Neira Ayuso, Jozsef Kadlecsik,
Florian Westphal, David S. Miller, Eric Dumazet, Jakub Kicinski,
Paolo Abeni
Cc: coreteam, netdev, linux-kernel
nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow
block cb list while they are being traversed elsewhere, causing a crash.
Add a write lock around the calls to protect readers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
net/netfilter/nf_flow_table_offload.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index b04645ced89b..00b522890d77 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -1098,6 +1098,7 @@ static int nf_flow_table_block_setup(struct nf_flowtable *flowtable,
struct flow_block_cb *block_cb, *next;
int err = 0;
+ down_write(&flowtable->flow_block_lock);
switch (cmd) {
case FLOW_BLOCK_BIND:
list_splice(&bo->cb_list, &flowtable->flow_block.cb_list);
@@ -1112,6 +1113,7 @@ static int nf_flow_table_block_setup(struct nf_flowtable *flowtable,
WARN_ON_ONCE(1);
err = -EOPNOTSUPP;
}
+ up_write(&flowtable->flow_block_lock);
return err;
}
@@ -1168,7 +1170,9 @@ static int nf_flow_table_offload_cmd(struct flow_block_offload *bo,
nf_flow_table_block_offload_init(bo, dev_net(dev), cmd, flowtable,
extack);
+ down_write(&flowtable->flow_block_lock);
err = dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_FT, bo);
+ up_write(&flowtable->flow_block_lock);
if (err < 0)
return err;
--
2.38.1
^ permalink raw reply related [flat|nested] 7+ messages in thread
* Re: [PATCH] netfilter: nf_flow_table: add missing locking
2022-11-21 18:26 [PATCH] netfilter: nf_flow_table: add missing locking Felix Fietkau
@ 2022-11-21 19:45 ` Felix Fietkau
2022-11-21 19:47 ` Eric Dumazet
2022-11-22 21:15 ` Pablo Neira Ayuso
1 sibling, 1 reply; 7+ messages in thread
From: Felix Fietkau @ 2022-11-21 19:45 UTC (permalink / raw)
To: netfilter-devel, Pablo Neira Ayuso, Jozsef Kadlecsik,
Florian Westphal, David S. Miller, Eric Dumazet, Jakub Kicinski,
Paolo Abeni
Cc: coreteam, netdev, linux-kernel
On 21.11.22 19:26, Felix Fietkau wrote:
> nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow
> block cb list while they are being traversed elsewhere, causing a crash.
> Add a write lock around the calls to protect readers
>
> Signed-off-by: Felix Fietkau <nbd@nbd.name>
Sorry, I forgot to add this:
Reported-by: Chad Monroe <chad.monroe@smartrg.com>
- Felix
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] netfilter: nf_flow_table: add missing locking
2022-11-21 19:45 ` Felix Fietkau
@ 2022-11-21 19:47 ` Eric Dumazet
2022-11-21 20:08 ` Felix Fietkau
0 siblings, 1 reply; 7+ messages in thread
From: Eric Dumazet @ 2022-11-21 19:47 UTC (permalink / raw)
To: Felix Fietkau
Cc: netfilter-devel, Pablo Neira Ayuso, Jozsef Kadlecsik,
Florian Westphal, David S. Miller, Jakub Kicinski, Paolo Abeni,
coreteam, netdev, linux-kernel
On Mon, Nov 21, 2022 at 11:45 AM Felix Fietkau <nbd@nbd.name> wrote:
>
> On 21.11.22 19:26, Felix Fietkau wrote:
> > nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow
> > block cb list while they are being traversed elsewhere, causing a crash.
> > Add a write lock around the calls to protect readers
> >
> > Signed-off-by: Felix Fietkau <nbd@nbd.name>
> Sorry, I forgot to add this:
>
> Reported-by: Chad Monroe <chad.monroe@smartrg.com>
>
> - Felix
Hi Felix
Could you also add a Fixes: tag ?
Thanks.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] netfilter: nf_flow_table: add missing locking
2022-11-21 19:47 ` Eric Dumazet
@ 2022-11-21 20:08 ` Felix Fietkau
2022-11-21 20:35 ` Jakub Kicinski
0 siblings, 1 reply; 7+ messages in thread
From: Felix Fietkau @ 2022-11-21 20:08 UTC (permalink / raw)
To: Eric Dumazet
Cc: netfilter-devel, Pablo Neira Ayuso, Jozsef Kadlecsik,
Florian Westphal, David S. Miller, Jakub Kicinski, Paolo Abeni,
coreteam, netdev, linux-kernel
On 21.11.22 20:47, Eric Dumazet wrote:
> On Mon, Nov 21, 2022 at 11:45 AM Felix Fietkau <nbd@nbd.name> wrote:
>>
>> On 21.11.22 19:26, Felix Fietkau wrote:
>> > nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow
>> > block cb list while they are being traversed elsewhere, causing a crash.
>> > Add a write lock around the calls to protect readers
>> >
>> > Signed-off-by: Felix Fietkau <nbd@nbd.name>
>> Sorry, I forgot to add this:
>>
>> Reported-by: Chad Monroe <chad.monroe@smartrg.com>
>>
>> - Felix
>
> Hi Felix
>
> Could you also add a Fixes: tag ?
I don't know which commit to use for that tag.
- Felix
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] netfilter: nf_flow_table: add missing locking
2022-11-21 20:08 ` Felix Fietkau
@ 2022-11-21 20:35 ` Jakub Kicinski
2022-11-21 22:30 ` Felix Fietkau
0 siblings, 1 reply; 7+ messages in thread
From: Jakub Kicinski @ 2022-11-21 20:35 UTC (permalink / raw)
To: Felix Fietkau
Cc: Eric Dumazet, netfilter-devel, Pablo Neira Ayuso,
Jozsef Kadlecsik, Florian Westphal, David S. Miller, Paolo Abeni,
coreteam, netdev, linux-kernel
On Mon, 21 Nov 2022 21:08:12 +0100 Felix Fietkau wrote:
> > Could you also add a Fixes: tag ?
>
> I don't know which commit to use for that tag.
The oldest upstream commit where the problem you're solving
can trigger?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] netfilter: nf_flow_table: add missing locking
2022-11-21 20:35 ` Jakub Kicinski
@ 2022-11-21 22:30 ` Felix Fietkau
0 siblings, 0 replies; 7+ messages in thread
From: Felix Fietkau @ 2022-11-21 22:30 UTC (permalink / raw)
To: Jakub Kicinski
Cc: Eric Dumazet, netfilter-devel, Pablo Neira Ayuso,
Jozsef Kadlecsik, Florian Westphal, David S. Miller, Paolo Abeni,
coreteam, netdev, linux-kernel
On 21.11.22 21:35, Jakub Kicinski wrote:
> On Mon, 21 Nov 2022 21:08:12 +0100 Felix Fietkau wrote:
>> > Could you also add a Fixes: tag ?
>>
>> I don't know which commit to use for that tag.
>
> The oldest upstream commit where the problem you're solving
> can trigger?
I know, but I'm having a hard time figuring that out. The initial
version of that file came without locking. Later on some locking was
added for supporting an extra API for registering to flow table events,
but it didn't cover the cases that I'm fixing.
My guess is that the locking should have been present from the start, so:
Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
- Felix
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] netfilter: nf_flow_table: add missing locking
2022-11-21 18:26 [PATCH] netfilter: nf_flow_table: add missing locking Felix Fietkau
2022-11-21 19:45 ` Felix Fietkau
@ 2022-11-22 21:15 ` Pablo Neira Ayuso
1 sibling, 0 replies; 7+ messages in thread
From: Pablo Neira Ayuso @ 2022-11-22 21:15 UTC (permalink / raw)
To: Felix Fietkau
Cc: netfilter-devel, Jozsef Kadlecsik, Florian Westphal,
David S. Miller, Eric Dumazet, Jakub Kicinski, Paolo Abeni,
coreteam, netdev, linux-kernel
On Mon, Nov 21, 2022 at 07:26:15PM +0100, Felix Fietkau wrote:
> nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow
> block cb list while they are being traversed elsewhere, causing a crash.
> Add a write lock around the calls to protect readers
Applied, thanks
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2022-11-22 21:15 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-21 18:26 [PATCH] netfilter: nf_flow_table: add missing locking Felix Fietkau
2022-11-21 19:45 ` Felix Fietkau
2022-11-21 19:47 ` Eric Dumazet
2022-11-21 20:08 ` Felix Fietkau
2022-11-21 20:35 ` Jakub Kicinski
2022-11-21 22:30 ` Felix Fietkau
2022-11-22 21:15 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).