[v1,net,00/16] sysctl: Fix data-races around ipv4_table.

Message ID	20220706052130.16368-1-kuniyu@amazon.com (mailing list archive)
Headers	show Return-Path: <netdev-owner@kernel.org> From: Kuniyuki Iwashima <kuniyu@amazon.com> To: "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>, Luis Chamberlain <mcgrof@kernel.org>, Kees Cook <keescook@chromium.org>, Iurii Zaikin <yzaikin@google.com> CC: Kuniyuki Iwashima <kuniyu@amazon.com>, Kuniyuki Iwashima <kuni1840@gmail.com>, <netdev@vger.kernel.org>, <linux-kernel@vger.kernel.org> Subject: [PATCH v1 net 00/16] sysctl: Fix data-races around ipv4_table. Date: Tue, 5 Jul 2022 22:21:14 -0700 Message-ID: <20220706052130.16368-1-kuniyu@amazon.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Precedence: bulk
Series	sysctl: Fix data-races around ipv4_table. \| expand [v1,net,00/16] sysctl: Fix data-races around ipv4_table. [v1,net,01/16] sysctl: Clean up proc_handler definitions. [v1,net,02/16] sysctl: Add proc_dobool_lockless(). [v1,net,03/16] sysctl: Add proc_dointvec_lockless(). [v1,net,04/16] sysctl: Add proc_douintvec_lockless(). [v1,net,05/16] sysctl: Add proc_dointvec_minmax_lockless(). [v1,net,06/16] sysctl: Add proc_douintvec_minmax_lockless(). [v1,net,07/16] sysctl: Add proc_doulongvec_minmax_lockless(). [v1,net,08/16] sysctl: Add proc_dointvec_jiffies_lockless(). [v1,net,09/16] tcp: Fix a data-race around sysctl_tcp_max_orphans. [v1,net,10/16] inetpeer: Fix data-races around sysctl. [v1,net,11/16] net: Fix a data-race around sysctl_mem. [v1,net,12/16] tcp: Mark sysctl_tcp_low_latency obsolete. [v1,net,13/16] cipso: Fix a data-race around cipso_v4_cache_bucketsize. [v1,net,14/16] cipso: Fix data-races around boolean sysctl. [v1,net,15/16] icmp: Fix data-races around sysctl. [v1,net,16/16] ipv4: Fix a data-race around sysctl_fib_sync_mem.

Message ID

20220706052130.16368-1-kuniyu@amazon.com (mailing list archive)

Headers

From: Kuniyuki Iwashima <kuniyu@amazon.com>
To: "David S. Miller" <davem@davemloft.net>,
        Eric Dumazet <edumazet@google.com>,
        Jakub Kicinski <kuba@kernel.org>,
        Paolo Abeni <pabeni@redhat.com>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        Iurii Zaikin <yzaikin@google.com>
CC: Kuniyuki Iwashima <kuniyu@amazon.com>,
        Kuniyuki Iwashima <kuni1840@gmail.com>,
        <netdev@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: [PATCH v1 net 00/16] sysctl: Fix data-races around ipv4_table.
Date: Tue, 5 Jul 2022 22:21:14 -0700
Message-ID: <20220706052130.16368-1-kuniyu@amazon.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
Precedence: bulk

Series

sysctl: Fix data-races around ipv4_table. | expand

Message

Kuniyuki Iwashima July 6, 2022, 5:21 a.m. UTC

A sysctl variable is accessed concurrently, and there is always a chance
of data-race.  So, all readers and writers need some basic protection to
avoid load/store-tearing.

This series changes some proc handlers to use READ_ONCE()/WRITE_ONCE()
internally and tries to fix a data-race on the sysctl side.  However, we
still need a fix for readers/writers in other subsystems.

Not to miss the fix, we convert such handlers to a wrapper function of one
with the "_lockless" suffix.  When we add a fix on other subsystems, we set
the lockless handler as .proc_handler to mark the sysctl knob safe.

After this series, if a proc handler does not have the lockless suffix, it
means we need fixes in other subsystems.  Finally, when there is no user of
proc handlers without the lockless suffix, we can remove them and get free
from sysctl data-races.

This series starts fixing from ipv4_table.


Kuniyuki Iwashima (16):
  sysctl: Clean up proc_handler definitions.
  sysctl: Add proc_dobool_lockless().
  sysctl: Add proc_dointvec_lockless().
  sysctl: Add proc_douintvec_lockless().
  sysctl: Add proc_dointvec_minmax_lockless().
  sysctl: Add proc_douintvec_minmax_lockless().
  sysctl: Add proc_doulongvec_minmax_lockless().
  sysctl: Add proc_dointvec_jiffies_lockless().
  tcp: Fix a data-race around sysctl_tcp_max_orphans.
  inetpeer: Fix data-races around sysctl.
  net: Fix a data-race around sysctl_mem.
  tcp: Mark sysctl_tcp_low_latency obsolete.
  cipso: Fix a data-race around cipso_v4_cache_bucketsize.
  cipso: Fix data-races around boolean sysctl.
  icmp: Fix data-races around sysctl.
  ipv4: Fix a data-race around sysctl_fib_sync_mem.

 Documentation/networking/ip-sysctl.rst |   2 +-
 include/linux/sysctl.h                 |  51 ++---
 include/net/sock.h                     |   2 +-
 include/trace/events/sock.h            |   6 +-
 kernel/sysctl.c                        | 258 ++++++++++++++-----------
 net/decnet/sysctl_net_decnet.c         |   2 +-
 net/ipv4/cipso_ipv4.c                  |  19 +-
 net/ipv4/fib_trie.c                    |   2 +-
 net/ipv4/icmp.c                        |   5 +-
 net/ipv4/inetpeer.c                    |  13 +-
 net/ipv4/sysctl_net_ipv4.c             |  29 +--
 net/ipv4/tcp.c                         |   3 +-
 net/sctp/sysctl.c                      |   2 +-
 13 files changed, 214 insertions(+), 180 deletions(-)