Message ID | 20221121182615.90843-1-nbd@nbd.name |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1758874wrr; Mon, 21 Nov 2022 10:32:08 -0800 (PST) X-Google-Smtp-Source: AA0mqf6bkx7J6Jyz7CjifDsNpVM55ffC87cOAXPbOldCZBA/XGdg8A0z7l0IfD+8UZZpFLQIdxmM X-Received: by 2002:a17:906:4804:b0:7a8:3ecb:bd62 with SMTP id w4-20020a170906480400b007a83ecbbd62mr16821887ejq.721.1669055528660; Mon, 21 Nov 2022 10:32:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669055528; cv=none; d=google.com; s=arc-20160816; b=hAdApTsz9BNKwFXz9OdA5SAKmbNao2M8DG2auB41WESUz7kYh2T2OlDwl6u+U0gcVU dgXBS2wOVIvJq9TfKvlumEkIRIT8t/drILJFCrneo1jYm/aBFM6XG/VN8njApa0XpBNf u0RFACiI935Tpxkk2WqJ09yu8vETaxbs3l6qyCkfgND+ld1/rtAGIKdT+pF/k/5g5vIF Fy+aAxIkMprPJtCAREo1DYSl8RuGoyHGbI1DyBgbQOtz+CNmBb4QPJEzRXZVnaz4JMVy SbQy8SCZSmwpsXPfeIhm0EvHUhFDr872yctcQWONCfpxup8eGTl3jUx2FF7iHSH5VtH2 GU7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=Fz7dU5AsHIREf9gJ+3uHjaOYyC69u8wavjx25CmztKk=; b=JM55fVwOJDqRl1e92Vup2o0haqiw1A6gtmITlA52VH2JxExPBIitB3jaTuEodFWuO/ RDetwjycvaY5aA4o/ZT+90p+p+fz5VFCn08oXsJUID6IbprBxu2KOJXtOv6MOOJa6BEa XEj00AENqcLgK8Ah+x/QzAlfLuWLluK8f1YnYj4dBF1aI0bXuKOL2aOcgJqiezVgVvnz 5sV8XTUPQvudy+7BUo9/XFr/ySSnboUZpEqJJ/2+hTHx1v1UFtorMet9pDPxsPvBXBHX qF1IZhMHeFAUYtmBncAEifsVg8qlf2SwCRboZXKnNHat8HbqUQVQ0poEFfLAVgvsL6Xp nKyQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@nbd.name header.s=20160729 header.b=bmtsOS4r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nbd.name Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sg42-20020a170907a42a00b007ade82b9e73si10809485ejc.757.2022.11.21.10.31.43; Mon, 21 Nov 2022 10:32:08 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@nbd.name header.s=20160729 header.b=bmtsOS4r; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nbd.name Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229695AbiKUS05 (ORCPT <rfc822;cjcooper78@gmail.com> + 99 others); Mon, 21 Nov 2022 13:26:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39094 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229913AbiKUS0k (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Mon, 21 Nov 2022 13:26:40 -0500 Received: from nbd.name (nbd.name [46.4.11.11]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 722E7D02D6; Mon, 21 Nov 2022 10:26:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbd.name; s=20160729; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject: Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:Content-Description: Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID: In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Fz7dU5AsHIREf9gJ+3uHjaOYyC69u8wavjx25CmztKk=; b=bmtsOS4rDCd1b4M/f2CJG3mydH MrOT08YZbpgJcOoOZ2dXOODZKLejl3USMNmxKOHXYdBPjqb92gjbWzBZZnN+DOKX0PDZlO9fxjStf T5ZqmNr+vPvcR0V+7EtKn88L4iIublbw8fXn8P3rDt1hHhqcCnaDJPlwvIPSOjDsu16w=; Received: from p200300daa7225c007502151ad3a4cf6f.dip0.t-ipconnect.de ([2003:da:a722:5c00:7502:151a:d3a4:cf6f] helo=Maecks.lan) by ds12 with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (Exim 4.94.2) (envelope-from <nbd@nbd.name>) id 1oxBUm-003YoF-LG; Mon, 21 Nov 2022 19:26:16 +0100 From: Felix Fietkau <nbd@nbd.name> To: netfilter-devel@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>, Jozsef Kadlecsik <kadlec@netfilter.org>, Florian Westphal <fw@strlen.de>, "David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com> Cc: coreteam@netfilter.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] netfilter: nf_flow_table: add missing locking Date: Mon, 21 Nov 2022 19:26:15 +0100 Message-Id: <20221121182615.90843-1-nbd@nbd.name> X-Mailer: git-send-email 2.38.1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1750131570210527150?= X-GMAIL-MSGID: =?utf-8?q?1750131570210527150?= |
Series |
netfilter: nf_flow_table: add missing locking
|
|
Commit Message
Felix Fietkau
Nov. 21, 2022, 6:26 p.m. UTC
nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow
block cb list while they are being traversed elsewhere, causing a crash.
Add a write lock around the calls to protect readers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
net/netfilter/nf_flow_table_offload.c | 4 ++++
1 file changed, 4 insertions(+)
Comments
On 21.11.22 19:26, Felix Fietkau wrote: > nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow > block cb list while they are being traversed elsewhere, causing a crash. > Add a write lock around the calls to protect readers > > Signed-off-by: Felix Fietkau <nbd@nbd.name> Sorry, I forgot to add this: Reported-by: Chad Monroe <chad.monroe@smartrg.com> - Felix
On Mon, Nov 21, 2022 at 11:45 AM Felix Fietkau <nbd@nbd.name> wrote: > > On 21.11.22 19:26, Felix Fietkau wrote: > > nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow > > block cb list while they are being traversed elsewhere, causing a crash. > > Add a write lock around the calls to protect readers > > > > Signed-off-by: Felix Fietkau <nbd@nbd.name> > Sorry, I forgot to add this: > > Reported-by: Chad Monroe <chad.monroe@smartrg.com> > > - Felix Hi Felix Could you also add a Fixes: tag ? Thanks.
On 21.11.22 20:47, Eric Dumazet wrote: > On Mon, Nov 21, 2022 at 11:45 AM Felix Fietkau <nbd@nbd.name> wrote: >> >> On 21.11.22 19:26, Felix Fietkau wrote: >> > nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow >> > block cb list while they are being traversed elsewhere, causing a crash. >> > Add a write lock around the calls to protect readers >> > >> > Signed-off-by: Felix Fietkau <nbd@nbd.name> >> Sorry, I forgot to add this: >> >> Reported-by: Chad Monroe <chad.monroe@smartrg.com> >> >> - Felix > > Hi Felix > > Could you also add a Fixes: tag ? I don't know which commit to use for that tag. - Felix
On Mon, 21 Nov 2022 21:08:12 +0100 Felix Fietkau wrote: > > Could you also add a Fixes: tag ? > > I don't know which commit to use for that tag. The oldest upstream commit where the problem you're solving can trigger?
On 21.11.22 21:35, Jakub Kicinski wrote: > On Mon, 21 Nov 2022 21:08:12 +0100 Felix Fietkau wrote: >> > Could you also add a Fixes: tag ? >> >> I don't know which commit to use for that tag. > > The oldest upstream commit where the problem you're solving > can trigger? I know, but I'm having a hard time figuring that out. The initial version of that file came without locking. Later on some locking was added for supporting an extra API for registering to flow table events, but it didn't cover the cases that I'm fixing. My guess is that the locking should have been present from the start, so: Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support") - Felix
On Mon, Nov 21, 2022 at 07:26:15PM +0100, Felix Fietkau wrote: > nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow > block cb list while they are being traversed elsewhere, causing a crash. > Add a write lock around the calls to protect readers Applied, thanks
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index b04645ced89b..00b522890d77 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -1098,6 +1098,7 @@ static int nf_flow_table_block_setup(struct nf_flowtable *flowtable, struct flow_block_cb *block_cb, *next; int err = 0; + down_write(&flowtable->flow_block_lock); switch (cmd) { case FLOW_BLOCK_BIND: list_splice(&bo->cb_list, &flowtable->flow_block.cb_list); @@ -1112,6 +1113,7 @@ static int nf_flow_table_block_setup(struct nf_flowtable *flowtable, WARN_ON_ONCE(1); err = -EOPNOTSUPP; } + up_write(&flowtable->flow_block_lock); return err; } @@ -1168,7 +1170,9 @@ static int nf_flow_table_offload_cmd(struct flow_block_offload *bo, nf_flow_table_block_offload_init(bo, dev_net(dev), cmd, flowtable, extack); + down_write(&flowtable->flow_block_lock); err = dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_FT, bo); + up_write(&flowtable->flow_block_lock); if (err < 0) return err;