| Message ID | 20221121182615.90843-1-nbd@nbd.name |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:adf:f944:0:0:0:0:0 with SMTP id q4csp1758874wrr;
Mon, 21 Nov 2022 10:32:08 -0800 (PST)
X-Google-Smtp-Source:
AA0mqf6bkx7J6Jyz7CjifDsNpVM55ffC87cOAXPbOldCZBA/XGdg8A0z7l0IfD+8UZZpFLQIdxmM
X-Received: by 2002:a17:906:4804:b0:7a8:3ecb:bd62 with SMTP id
w4-20020a170906480400b007a83ecbbd62mr16821887ejq.721.1669055528660;
Mon, 21 Nov 2022 10:32:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1669055528; cv=none;
d=google.com; s=arc-20160816;
b=hAdApTsz9BNKwFXz9OdA5SAKmbNao2M8DG2auB41WESUz7kYh2T2OlDwl6u+U0gcVU
dgXBS2wOVIvJq9TfKvlumEkIRIT8t/drILJFCrneo1jYm/aBFM6XG/VN8njApa0XpBNf
u0RFACiI935Tpxkk2WqJ09yu8vETaxbs3l6qyCkfgND+ld1/rtAGIKdT+pF/k/5g5vIF
Fy+aAxIkMprPJtCAREo1DYSl8RuGoyHGbI1DyBgbQOtz+CNmBb4QPJEzRXZVnaz4JMVy
SbQy8SCZSmwpsXPfeIhm0EvHUhFDr872yctcQWONCfpxup8eGTl3jUx2FF7iHSH5VtH2
GU7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:message-id:date:subject:cc:to:from:dkim-signature;
bh=Fz7dU5AsHIREf9gJ+3uHjaOYyC69u8wavjx25CmztKk=;
b=JM55fVwOJDqRl1e92Vup2o0haqiw1A6gtmITlA52VH2JxExPBIitB3jaTuEodFWuO/
RDetwjycvaY5aA4o/ZT+90p+p+fz5VFCn08oXsJUID6IbprBxu2KOJXtOv6MOOJa6BEa
XEj00AENqcLgK8Ah+x/QzAlfLuWLluK8f1YnYj4dBF1aI0bXuKOL2aOcgJqiezVgVvnz
5sV8XTUPQvudy+7BUo9/XFr/ySSnboUZpEqJJ/2+hTHx1v1UFtorMet9pDPxsPvBXBHX
qF1IZhMHeFAUYtmBncAEifsVg8qlf2SwCRboZXKnNHat8HbqUQVQ0poEFfLAVgvsL6Xp
nKyQ==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=fail header.i=@nbd.name header.s=20160729 header.b=bmtsOS4r;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nbd.name
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
sg42-20020a170907a42a00b007ade82b9e73si10809485ejc.757.2022.11.21.10.31.43;
Mon, 21 Nov 2022 10:32:08 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=fail header.i=@nbd.name header.s=20160729 header.b=bmtsOS4r;
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=nbd.name
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S229695AbiKUS05 (ORCPT <rfc822;cjcooper78@gmail.com> + 99 others);
Mon, 21 Nov 2022 13:26:57 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39094 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S229913AbiKUS0k (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Mon, 21 Nov 2022 13:26:40 -0500
Received: from nbd.name (nbd.name [46.4.11.11])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 722E7D02D6;
Mon, 21 Nov 2022 10:26:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=nbd.name;
s=20160729;
h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:
Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=Fz7dU5AsHIREf9gJ+3uHjaOYyC69u8wavjx25CmztKk=;
b=bmtsOS4rDCd1b4M/f2CJG3mydH
MrOT08YZbpgJcOoOZ2dXOODZKLejl3USMNmxKOHXYdBPjqb92gjbWzBZZnN+DOKX0PDZlO9fxjStf
T5ZqmNr+vPvcR0V+7EtKn88L4iIublbw8fXn8P3rDt1hHhqcCnaDJPlwvIPSOjDsu16w=;
Received: from p200300daa7225c007502151ad3a4cf6f.dip0.t-ipconnect.de
([2003:da:a722:5c00:7502:151a:d3a4:cf6f] helo=Maecks.lan)
by ds12 with esmtpsa (TLS1.3) tls
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
(Exim 4.94.2)
(envelope-from <nbd@nbd.name>)
id 1oxBUm-003YoF-LG; Mon, 21 Nov 2022 19:26:16 +0100
From: Felix Fietkau <nbd@nbd.name>
To: netfilter-devel@vger.kernel.org,
Pablo Neira Ayuso <pablo@netfilter.org>,
Jozsef Kadlecsik <kadlec@netfilter.org>,
Florian Westphal <fw@strlen.de>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>
Cc: coreteam@netfilter.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [PATCH] netfilter: nf_flow_table: add missing locking
Date: Mon, 21 Nov 2022 19:26:15 +0100
Message-Id: <20221121182615.90843-1-nbd@nbd.name>
X-Mailer: git-send-email 2.38.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_NONE
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1750131570210527150?=
X-GMAIL-MSGID: =?utf-8?q?1750131570210527150?=
|
| Series |
netfilter: nf_flow_table: add missing locking
|
|
Commit Message
Felix Fietkau
Nov. 21, 2022, 6:26 p.m. UTC
nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow
block cb list while they are being traversed elsewhere, causing a crash.
Add a write lock around the calls to protect readers
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
net/netfilter/nf_flow_table_offload.c | 4 ++++
1 file changed, 4 insertions(+)
Comments
On 21.11.22 19:26, Felix Fietkau wrote: > nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow > block cb list while they are being traversed elsewhere, causing a crash. > Add a write lock around the calls to protect readers > > Signed-off-by: Felix Fietkau <nbd@nbd.name> Sorry, I forgot to add this: Reported-by: Chad Monroe <chad.monroe@smartrg.com> - Felix
On Mon, Nov 21, 2022 at 11:45 AM Felix Fietkau <nbd@nbd.name> wrote: > > On 21.11.22 19:26, Felix Fietkau wrote: > > nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow > > block cb list while they are being traversed elsewhere, causing a crash. > > Add a write lock around the calls to protect readers > > > > Signed-off-by: Felix Fietkau <nbd@nbd.name> > Sorry, I forgot to add this: > > Reported-by: Chad Monroe <chad.monroe@smartrg.com> > > - Felix Hi Felix Could you also add a Fixes: tag ? Thanks.
On 21.11.22 20:47, Eric Dumazet wrote: > On Mon, Nov 21, 2022 at 11:45 AM Felix Fietkau <nbd@nbd.name> wrote: >> >> On 21.11.22 19:26, Felix Fietkau wrote: >> > nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow >> > block cb list while they are being traversed elsewhere, causing a crash. >> > Add a write lock around the calls to protect readers >> > >> > Signed-off-by: Felix Fietkau <nbd@nbd.name> >> Sorry, I forgot to add this: >> >> Reported-by: Chad Monroe <chad.monroe@smartrg.com> >> >> - Felix > > Hi Felix > > Could you also add a Fixes: tag ? I don't know which commit to use for that tag. - Felix
On Mon, 21 Nov 2022 21:08:12 +0100 Felix Fietkau wrote: > > Could you also add a Fixes: tag ? > > I don't know which commit to use for that tag. The oldest upstream commit where the problem you're solving can trigger?
On 21.11.22 21:35, Jakub Kicinski wrote: > On Mon, 21 Nov 2022 21:08:12 +0100 Felix Fietkau wrote: >> > Could you also add a Fixes: tag ? >> >> I don't know which commit to use for that tag. > > The oldest upstream commit where the problem you're solving > can trigger? I know, but I'm having a hard time figuring that out. The initial version of that file came without locking. Later on some locking was added for supporting an extra API for registering to flow table events, but it didn't cover the cases that I'm fixing. My guess is that the locking should have been present from the start, so: Fixes: c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support") - Felix
On Mon, Nov 21, 2022 at 07:26:15PM +0100, Felix Fietkau wrote: > nf_flow_table_block_setup and the driver TC_SETUP_FT call can modify the flow > block cb list while they are being traversed elsewhere, causing a crash. > Add a write lock around the calls to protect readers Applied, thanks
diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c index b04645ced89b..00b522890d77 100644 --- a/net/netfilter/nf_flow_table_offload.c +++ b/net/netfilter/nf_flow_table_offload.c @@ -1098,6 +1098,7 @@ static int nf_flow_table_block_setup(struct nf_flowtable *flowtable, struct flow_block_cb *block_cb, *next; int err = 0; + down_write(&flowtable->flow_block_lock); switch (cmd) { case FLOW_BLOCK_BIND: list_splice(&bo->cb_list, &flowtable->flow_block.cb_list); @@ -1112,6 +1113,7 @@ static int nf_flow_table_block_setup(struct nf_flowtable *flowtable, WARN_ON_ONCE(1); err = -EOPNOTSUPP; } + up_write(&flowtable->flow_block_lock); return err; } @@ -1168,7 +1170,9 @@ static int nf_flow_table_offload_cmd(struct flow_block_offload *bo, nf_flow_table_block_offload_init(bo, dev_net(dev), cmd, flowtable, extack); + down_write(&flowtable->flow_block_lock); err = dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_FT, bo); + up_write(&flowtable->flow_block_lock); if (err < 0) return err;