* [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races
@ 2021-07-11 9:56 Nikolay Aleksandrov
2021-07-11 9:56 ` [PATCH net 1/2] net: bridge: multicast: fix PIM hello router port marking race Nikolay Aleksandrov
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Nikolay Aleksandrov @ 2021-07-11 9:56 UTC (permalink / raw)
To: netdev; +Cc: stable, roopa, bridge, Nikolay Aleksandrov
From: Nikolay Aleksandrov <nikolay@nvidia.com>
Hi,
While working on per-vlan multicast snooping I found two race conditions
when multicast snooping is enabled. They're identical and happen when
the router port list is modified without the multicast lock. One requires
a PIM hello message to be received on a port and the other an MRD
advertisement. To fix them we just need to take the multicast_lock when
adding the ports to the router port list (marking them as router ports).
Tested on an affected setup by generating the required packets while
modifying the port list in parallel.
Thanks,
Nik
Nikolay Aleksandrov (2):
net: bridge: multicast: fix PIM hello router port marking race
net: bridge: multicast: fix MRD advertisement router port marking race
net/bridge/br_multicast.c | 6 ++++++
1 file changed, 6 insertions(+)
--
2.31.1
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH net 1/2] net: bridge: multicast: fix PIM hello router port marking race
2021-07-11 9:56 [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races Nikolay Aleksandrov
@ 2021-07-11 9:56 ` Nikolay Aleksandrov
2021-07-11 9:56 ` [PATCH net 2/2] net: bridge: multicast: fix MRD advertisement " Nikolay Aleksandrov
2021-07-12 17:50 ` [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Nikolay Aleksandrov @ 2021-07-11 9:56 UTC (permalink / raw)
To: netdev; +Cc: stable, roopa, bridge, Nikolay Aleksandrov
From: Nikolay Aleksandrov <nikolay@nvidia.com>
When a PIM hello packet is received on a bridge port with multicast
snooping enabled, we mark it as a router port automatically, that
includes adding that port the router port list. The multicast lock
protects that list, but it is not acquired in the PIM message case
leading to a race condition, we need to take it to fix the race.
Cc: stable@vger.kernel.org
Fixes: 91b02d3d133b ("bridge: mcast: add router port on PIM hello message")
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com>
---
net/bridge/br_multicast.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 53c3a9d80d9c..3bbbc6d7b7c3 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -3264,7 +3264,9 @@ static void br_multicast_pim(struct net_bridge *br,
pim_hdr_type(pimhdr) != PIM_TYPE_HELLO)
return;
+ spin_lock(&br->multicast_lock);
br_ip4_multicast_mark_router(br, port);
+ spin_unlock(&br->multicast_lock);
}
static int br_ip4_multicast_mrd_rcv(struct net_bridge *br,
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH net 2/2] net: bridge: multicast: fix MRD advertisement router port marking race
2021-07-11 9:56 [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races Nikolay Aleksandrov
2021-07-11 9:56 ` [PATCH net 1/2] net: bridge: multicast: fix PIM hello router port marking race Nikolay Aleksandrov
@ 2021-07-11 9:56 ` Nikolay Aleksandrov
2021-07-12 17:50 ` [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: Nikolay Aleksandrov @ 2021-07-11 9:56 UTC (permalink / raw)
To: netdev; +Cc: stable, roopa, bridge, Nikolay Aleksandrov, linus.luessing
From: Nikolay Aleksandrov <nikolay@nvidia.com>
When an MRD advertisement is received on a bridge port with multicast
snooping enabled, we mark it as a router port automatically, that
includes adding that port to the router port list. The multicast lock
protects that list, but it is not acquired in the MRD advertisement case
leading to a race condition, we need to take it to fix the race.
Cc: stable@vger.kernel.org
Cc: linus.luessing@c0d3.blue
Fixes: 4b3087c7e37f ("bridge: Snoop Multicast Router Advertisements")
Signed-off-by: Nikolay Aleksandrov <nikolay@nvidia.com>
---
net/bridge/br_multicast.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 3bbbc6d7b7c3..d0434dc8c03b 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -3277,7 +3277,9 @@ static int br_ip4_multicast_mrd_rcv(struct net_bridge *br,
igmp_hdr(skb)->type != IGMP_MRDISC_ADV)
return -ENOMSG;
+ spin_lock(&br->multicast_lock);
br_ip4_multicast_mark_router(br, port);
+ spin_unlock(&br->multicast_lock);
return 0;
}
@@ -3345,7 +3347,9 @@ static void br_ip6_multicast_mrd_rcv(struct net_bridge *br,
if (icmp6_hdr(skb)->icmp6_type != ICMPV6_MRDISC_ADV)
return;
+ spin_lock(&br->multicast_lock);
br_ip6_multicast_mark_router(br, port);
+ spin_unlock(&br->multicast_lock);
}
static int br_multicast_ipv6_rcv(struct net_bridge *br,
--
2.31.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races
2021-07-11 9:56 [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races Nikolay Aleksandrov
2021-07-11 9:56 ` [PATCH net 1/2] net: bridge: multicast: fix PIM hello router port marking race Nikolay Aleksandrov
2021-07-11 9:56 ` [PATCH net 2/2] net: bridge: multicast: fix MRD advertisement " Nikolay Aleksandrov
@ 2021-07-12 17:50 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2021-07-12 17:50 UTC (permalink / raw)
To: Nikolay Aleksandrov; +Cc: netdev, stable, roopa, bridge, nikolay
Hello:
This series was applied to netdev/net.git (refs/heads/master):
On Sun, 11 Jul 2021 12:56:27 +0300 you wrote:
> From: Nikolay Aleksandrov <nikolay@nvidia.com>
>
> Hi,
> While working on per-vlan multicast snooping I found two race conditions
> when multicast snooping is enabled. They're identical and happen when
> the router port list is modified without the multicast lock. One requires
> a PIM hello message to be received on a port and the other an MRD
> advertisement. To fix them we just need to take the multicast_lock when
> adding the ports to the router port list (marking them as router ports).
> Tested on an affected setup by generating the required packets while
> modifying the port list in parallel.
>
> [...]
Here is the summary with links:
- [net,1/2] net: bridge: multicast: fix PIM hello router port marking race
https://git.kernel.org/netdev/net/c/04bef83a3358
- [net,2/2] net: bridge: multicast: fix MRD advertisement router port marking race
https://git.kernel.org/netdev/net/c/000b7287b675
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-07-12 17:50 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-11 9:56 [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races Nikolay Aleksandrov
2021-07-11 9:56 ` [PATCH net 1/2] net: bridge: multicast: fix PIM hello router port marking race Nikolay Aleksandrov
2021-07-11 9:56 ` [PATCH net 2/2] net: bridge: multicast: fix MRD advertisement " Nikolay Aleksandrov
2021-07-12 17:50 ` [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).