diff mbox series

[ipsec] xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown

Message ID 01a8af8654b87058ecd421e471d760a43784ab96.1652456873.git.lucien.xin@gmail.com (mailing list archive)
State Superseded
Delegated to: Netdev Maintainers
Headers show
Series [ipsec] xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown | expand

Checks

Context Check Description
netdev/fixes_present success Fixes tag not required for -next series
netdev/subject_prefix warning Target tree name not specified in the subject
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 12 this patch: 12
netdev/cc_maintainers warning 2 maintainers not CCed: herbert@gondor.apana.org.au pabeni@redhat.com
netdev/build_clang success Errors and warnings before: 9 this patch: 9
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 12 this patch: 12
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/tree_selection success Guessing tree name failed - patch did not apply

Commit Message

Xin Long May 13, 2022, 3:47 p.m. UTC 
The global blackhole_netdev has replaced pernet loopback_dev to become the
one given to the object that holds an netdev when ifdown in many places of
ipv4 and ipv6 since commit 8d7017fd621d ("blackhole_netdev: use
blackhole_netdev to invalidate dst entries").

Especially after commit faab39f63c1f ("net: allow out-of-order netdev
unregistration"), it's no longer safe to use loopback_dev that may be
freed before other netdev.

This patch is to set dst dev to blackhole_netdev instead of loopback_dev
in ifdown.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
---
 net/xfrm/xfrm_policy.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Eric Dumazet May 13, 2022, 4:22 p.m. UTC | #1 
On Fri, May 13, 2022 at 8:47 AM Xin Long <lucien.xin@gmail.com> wrote:
>
> The global blackhole_netdev has replaced pernet loopback_dev to become the
> one given to the object that holds an netdev when ifdown in many places of
> ipv4 and ipv6 since commit 8d7017fd621d ("blackhole_netdev: use
> blackhole_netdev to invalidate dst entries").
>
> Especially after commit faab39f63c1f ("net: allow out-of-order netdev
> unregistration"), it's no longer safe to use loopback_dev that may be
> freed before other netdev.

Maybe add it formally in Fixes: tag.

>
> This patch is to set dst dev to blackhole_netdev instead of loopback_dev
> in ifdown.
>
> Signed-off-by: Xin Long <lucien.xin@gmail.com>
> ---
>  net/xfrm/xfrm_policy.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> index 00bd0ecff5a1..f1876ea61fdc 100644
> --- a/net/xfrm/xfrm_policy.c
> +++ b/net/xfrm/xfrm_policy.c
> @@ -3744,7 +3744,7 @@ static int stale_bundle(struct dst_entry *dst)
>  void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev)
>  {
>         while ((dst = xfrm_dst_child(dst)) && dst->xfrm && dst->dev == dev) {
> -               dst->dev = dev_net(dev)->loopback_dev;
> +               dst->dev = blackhole_netdev;

I assume the XFRM layer is ready to deal with dst->dev set to blackhole ?

No initial setup needed ?

Thanks

>                 dev_hold(dst->dev);
>                 dev_put(dev);
>         }
> --
> 2.31.1
>
Xin Long May 13, 2022, 6:56 p.m. UTC | #2 
On Fri, May 13, 2022 at 12:22 PM Eric Dumazet <edumazet@google.com> wrote:
>
> On Fri, May 13, 2022 at 8:47 AM Xin Long <lucien.xin@gmail.com> wrote:
> >
> > The global blackhole_netdev has replaced pernet loopback_dev to become the
> > one given to the object that holds an netdev when ifdown in many places of
> > ipv4 and ipv6 since commit 8d7017fd621d ("blackhole_netdev: use
> > blackhole_netdev to invalidate dst entries").
> >
> > Especially after commit faab39f63c1f ("net: allow out-of-order netdev
> > unregistration"), it's no longer safe to use loopback_dev that may be
> > freed before other netdev.
>
> Maybe add it formally in Fixes: tag.
>
Sure. :)

Fixes: faab39f63c1f ("net: allow out-of-order netdev unregistration")

> >
> > This patch is to set dst dev to blackhole_netdev instead of loopback_dev
> > in ifdown.
> >
> > Signed-off-by: Xin Long <lucien.xin@gmail.com>
> > ---
> >  net/xfrm/xfrm_policy.c | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
> > index 00bd0ecff5a1..f1876ea61fdc 100644
> > --- a/net/xfrm/xfrm_policy.c
> > +++ b/net/xfrm/xfrm_policy.c
> > @@ -3744,7 +3744,7 @@ static int stale_bundle(struct dst_entry *dst)
> >  void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev)
> >  {
> >         while ((dst = xfrm_dst_child(dst)) && dst->xfrm && dst->dev == dev) {
> > -               dst->dev = dev_net(dev)->loopback_dev;
> > +               dst->dev = blackhole_netdev;
>
> I assume the XFRM layer is ready to deal with dst->dev set to blackhole ?
>
> No initial setup needed ?
I don't see why it's not ready, since it's been using loopback_dev.
In early time, commit 8d7017fd621d replaced loopback_dev quite straightforward
for ipv4/6.

BTW, there's still another one left in dn_dst_ifdown(), I will fix it
in another patch.

Thanks.

>
> Thanks
>
> >                 dev_hold(dst->dev);
> >                 dev_put(dev);
> >         }
> > --
> > 2.31.1
> >
diff mbox series

Patch

diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 00bd0ecff5a1..f1876ea61fdc 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -3744,7 +3744,7 @@  static int stale_bundle(struct dst_entry *dst)
 void xfrm_dst_ifdown(struct dst_entry *dst, struct net_device *dev)
 {
 	while ((dst = xfrm_dst_child(dst)) && dst->xfrm && dst->dev == dev) {
-		dst->dev = dev_net(dev)->loopback_dev;
+		dst->dev = blackhole_netdev;
 		dev_hold(dst->dev);
 		dev_put(dev);
 	}