diff mbox series

[net,v5,08/10] ip6mr: Lock RCU before ip6mr_get_table() call in ip6_mroute_getsockopt()

Message ID 20241014151247.1902637-9-stefan.wiehler@nokia.com (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series Lock RCU before calling ip6mr_get_table() | expand

Checks

Context Check Description
netdev/series_format success Posting correctly formatted
netdev/tree_selection success Clearly marked for net
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 5 this patch: 5
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers success CCed 5 of 6 maintainers
netdev/build_clang success Errors and warnings before: 3 this patch: 3
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 5 this patch: 5
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 9 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-10-15--06-00 (tests: 777)

Commit Message

Stefan Wiehler Oct. 14, 2024, 3:05 p.m. UTC 
When IPV6_MROUTE_MULTIPLE_TABLES is enabled, calls to ip6mr_get_table()
must be done under RCU or RTNL lock.

Fixes: d1db275dd3f6 ("ipv6: ip6mr: support multiple tables")
Signed-off-by: Stefan Wiehler <stefan.wiehler@nokia.com>
---
 net/ipv6/ip6mr.c | 2 ++
 1 file changed, 2 insertions(+)

Comments

Jakub Kicinski Oct. 16, 2024, 12:10 a.m. UTC | #1 
On Mon, 14 Oct 2024 17:05:54 +0200 Stefan Wiehler wrote:
> +	rcu_read_lock();
>  	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
> +	rcu_read_unlock();
>  	if (!mrt)
>  		return -ENOENT;

presumably you're trying to protect mrt with RCU?
so using mrt after unlocking is not right, you gotta hold the lock
longer
Stefan Wiehler Oct. 16, 2024, 1:28 p.m. UTC | #2 
>> +     rcu_read_lock();
>>       mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
>> +     rcu_read_unlock();
>>       if (!mrt)
>>               return -ENOENT;
> 
> presumably you're trying to protect mrt with RCU?
> so using mrt after unlocking is not right, you gotta hold the lock
> longer

Thanks, you're right of course, I'll be fixing this everywhere and send a v6
shortly; also with more extensive reasoning for this series in the cover
letter.

Kind regards,

Stefan
diff mbox series

Patch

diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index b54353bee2f8..af921e9731ec 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -1845,7 +1845,9 @@  int ip6_mroute_getsockopt(struct sock *sk, int optname, sockptr_t optval,
 	    inet_sk(sk)->inet_num != IPPROTO_ICMPV6)
 		return -EOPNOTSUPP;
 
+	rcu_read_lock();
 	mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT);
+	rcu_read_unlock();
 	if (!mrt)
 		return -ENOENT;