diff mbox series

[net-next,v5,23/25] ovpn: notify userspace when a peer is deleted

Message ID 20240627130843.21042-24-antonio@openvpn.net (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series Introducing OpenVPN Data Channel Offload | expand

Checks

Context Check Description
netdev/series_format fail Series longer than 15 patches
netdev/tree_selection success Clearly marked for net-next, async
netdev/ynl success Generated files up to date; no warnings/errors; GEN HAS DIFF 2 files changed, 2612 insertions(+);
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 842 this patch: 842
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 1 maintainers not CCed: openvpn-devel@lists.sourceforge.net
netdev/build_clang success Errors and warnings before: 849 this patch: 849
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 846 this patch: 846
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 83 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-06-28--06-00 (tests: 666)

Commit Message

Antonio Quartulli June 27, 2024, 1:08 p.m. UTC 
Whenever a peer is deleted, send a notification to userspace so that it
can react accordingly.

This is most important when a peer is deleted due to ping timeout,
because it all happens in kernelspace and thus userspace has no direct
way to learn about it.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
---
 drivers/net/ovpn/netlink.c | 49 ++++++++++++++++++++++++++++++++++++++
 drivers/net/ovpn/netlink.h |  8 +++++++
 drivers/net/ovpn/peer.c    |  1 +
 drivers/net/ovpn/peer.h    |  1 +
 4 files changed, 59 insertions(+)

Comments

Sabrina Dubroca July 17, 2024, 10:54 a.m. UTC | #1 
2024-06-27, 15:08:41 +0200, Antonio Quartulli wrote:
> diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c
> index 2105bcc981fa..23418204fa8e 100644
> --- a/drivers/net/ovpn/peer.c
> +++ b/drivers/net/ovpn/peer.c
> @@ -273,6 +273,7 @@ void ovpn_peer_release_kref(struct kref *kref)
>  
>  	ovpn_peer_release(peer);
>  	netdev_put(peer->ovpn->dev, NULL);

I don't think you can access peer->ovpn once you release that
reference, if this peer was holding the last reference the netdev (and
the ovpn struct) could be gone while we're accessing it in
ovpn_nl_notify_del_peer.

> +	ovpn_nl_notify_del_peer(peer);
>  	kfree_rcu(peer, rcu);
>  }
>  
> diff --git a/drivers/net/ovpn/peer.h b/drivers/net/ovpn/peer.h
> index 8d24a8fdd03e..971603a70090 100644
> --- a/drivers/net/ovpn/peer.h
> +++ b/drivers/net/ovpn/peer.h
> @@ -129,6 +129,7 @@ static inline bool ovpn_peer_hold(struct ovpn_peer *peer)
>  
>  void ovpn_peer_release(struct ovpn_peer *peer);
>  void ovpn_peer_release_kref(struct kref *kref);
> +void ovpn_peer_release(struct ovpn_peer *peer);

nit: dupe of 2 lines before
Antonio Quartulli July 17, 2024, 11:16 a.m. UTC | #2 
Hi,

On 17/07/2024 12:54, Sabrina Dubroca wrote:
> 2024-06-27, 15:08:41 +0200, Antonio Quartulli wrote:
>> diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c
>> index 2105bcc981fa..23418204fa8e 100644
>> --- a/drivers/net/ovpn/peer.c
>> +++ b/drivers/net/ovpn/peer.c
>> @@ -273,6 +273,7 @@ void ovpn_peer_release_kref(struct kref *kref)
>>   
>>   	ovpn_peer_release(peer);
>>   	netdev_put(peer->ovpn->dev, NULL);
> 
> I don't think you can access peer->ovpn once you release that
> reference, if this peer was holding the last reference the netdev (and
> the ovpn struct) could be gone while we're accessing it in
> ovpn_nl_notify_del_peer.

I see what you mean.
I will move notify_del_peer up above, before the release

> 
>> +	ovpn_nl_notify_del_peer(peer);
>>   	kfree_rcu(peer, rcu);
>>   }
>>   
>> diff --git a/drivers/net/ovpn/peer.h b/drivers/net/ovpn/peer.h
>> index 8d24a8fdd03e..971603a70090 100644
>> --- a/drivers/net/ovpn/peer.h
>> +++ b/drivers/net/ovpn/peer.h
>> @@ -129,6 +129,7 @@ static inline bool ovpn_peer_hold(struct ovpn_peer *peer)
>>   
>>   void ovpn_peer_release(struct ovpn_peer *peer);
>>   void ovpn_peer_release_kref(struct kref *kref);
>> +void ovpn_peer_release(struct ovpn_peer *peer);
> 
> nit: dupe of 2 lines before

ops

Thanks!

>
diff mbox series

Patch

diff --git a/drivers/net/ovpn/netlink.c b/drivers/net/ovpn/netlink.c
index e43bbc9ad5d2..e920bb071750 100644
--- a/drivers/net/ovpn/netlink.c
+++ b/drivers/net/ovpn/netlink.c
@@ -846,6 +846,55 @@  int ovpn_nl_del_key_doit(struct sk_buff *skb, struct genl_info *info)
 	return 0;
 }
 
+int ovpn_nl_notify_del_peer(struct ovpn_peer *peer)
+{
+	struct sk_buff *msg;
+	struct nlattr *attr;
+	int ret = -EMSGSIZE;
+	void *hdr;
+
+	netdev_info(peer->ovpn->dev, "deleting peer with id %u, reason %d\n",
+		    peer->id, peer->delete_reason);
+
+	msg = nlmsg_new(100, GFP_ATOMIC);
+	if (!msg)
+		return -ENOMEM;
+
+	hdr = genlmsg_put(msg, 0, 0, &ovpn_nl_family, 0, OVPN_CMD_DEL_PEER);
+	if (!hdr) {
+		ret = -ENOBUFS;
+		goto err_free_msg;
+	}
+
+	if (nla_put_u32(msg, OVPN_A_IFINDEX, peer->ovpn->dev->ifindex))
+		goto err_cancel_msg;
+
+	attr = nla_nest_start(msg, OVPN_A_PEER);
+	if (!attr)
+		goto err_cancel_msg;
+
+	if (nla_put_u8(msg, OVPN_A_PEER_DEL_REASON, peer->delete_reason))
+		goto err_cancel_msg;
+
+	if (nla_put_u32(msg, OVPN_A_PEER_ID, peer->id))
+		goto err_cancel_msg;
+
+	nla_nest_end(msg, attr);
+
+	genlmsg_end(msg, hdr);
+
+	genlmsg_multicast_netns(&ovpn_nl_family, dev_net(peer->ovpn->dev), msg,
+				0, OVPN_NLGRP_PEERS, GFP_ATOMIC);
+
+	return 0;
+
+err_cancel_msg:
+	genlmsg_cancel(msg, hdr);
+err_free_msg:
+	nlmsg_free(msg);
+	return ret;
+}
+
 int ovpn_nl_notify_swap_keys(struct ovpn_peer *peer)
 {
 	struct sk_buff *msg;
diff --git a/drivers/net/ovpn/netlink.h b/drivers/net/ovpn/netlink.h
index c86cd102eeef..8ce58c4ee193 100644
--- a/drivers/net/ovpn/netlink.h
+++ b/drivers/net/ovpn/netlink.h
@@ -12,6 +12,14 @@ 
 int ovpn_nl_register(void);
 void ovpn_nl_unregister(void);
 
+/**
+ * ovpn_nl_notify_del_peer - notify userspace about peer being deleted
+ * @peer: the peer being deleted
+ *
+ * Return: 0 on success or a negative error code otherwise
+ */
+int ovpn_nl_notify_del_peer(struct ovpn_peer *peer);
+
 /**
  * ovpn_nl_notify_swap_keys - notify userspace peer's key must be renewed
  * @peer: the peer whose key needs to be renewed
diff --git a/drivers/net/ovpn/peer.c b/drivers/net/ovpn/peer.c
index 2105bcc981fa..23418204fa8e 100644
--- a/drivers/net/ovpn/peer.c
+++ b/drivers/net/ovpn/peer.c
@@ -273,6 +273,7 @@  void ovpn_peer_release_kref(struct kref *kref)
 
 	ovpn_peer_release(peer);
 	netdev_put(peer->ovpn->dev, NULL);
+	ovpn_nl_notify_del_peer(peer);
 	kfree_rcu(peer, rcu);
 }
 
diff --git a/drivers/net/ovpn/peer.h b/drivers/net/ovpn/peer.h
index 8d24a8fdd03e..971603a70090 100644
--- a/drivers/net/ovpn/peer.h
+++ b/drivers/net/ovpn/peer.h
@@ -129,6 +129,7 @@  static inline bool ovpn_peer_hold(struct ovpn_peer *peer)
 
 void ovpn_peer_release(struct ovpn_peer *peer);
 void ovpn_peer_release_kref(struct kref *kref);
+void ovpn_peer_release(struct ovpn_peer *peer);
 
 /**
  * ovpn_peer_put - decrease reference counter