lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sat,  2 Dec 2017 21:44:04 +0100
From:   Florian Westphal <fw@...len.de>
To:     <netdev@...r.kernel.org>
Subject: [PATCH next-next 0/4] rtnetlink: rework handler (un)registering

Peter Zijlstra reported (referring to commit 019a316992ee0d983,
"rtnetlink: add reference counting to prevent module unload while dump is in progress"):

 1) it not in fact a refcount, so using refcount_t is silly
 2) there is a distinct lack of memory barriers, so we can easily
    observe the decrement while the msg_handler is still in progress.
 3) waiting with a schedule()/yield() loop is complete crap and subject
    life-locks, imagine doing that rtnl_unregister_all() from a RT task.

In ancient times rtnetlink exposed a statically-sized table with
preset doit/dumpit handlers to be called for a protocol/type pair.

Later the rtnl_register interface was added and the table was allocated
on demand.  Eventually these were also used by modules.

Problem is that nothing prevents module unload while a netlink dump
is in progress.  netlink dumps can be span multiple recv calls and
netlink core saves the to-be-repeated dumper address for later invocation.

To prevent rmmod the netlink core expects callers to pass in the owning
module so a reference can be taken.

So far rtnetlink wasn't doing this, add new interface to pass THIS_MODULE.
Moreover, when converting parts of the rtnetlink handling to rcu this code
gained way too many READ_ONCE spots, remove them and the extra refcounting.

Take a module reference when running dumpit and doit callbacks
and never alter content of rtnl_link structures after they have been
published via rcu_assign_pointer.

Based partially on earlier patch from Peter.

 include/net/rtnetlink.h |    4 
 net/bridge/br_mdb.c     |    6 -
 net/can/gw.c            |   14 +-
 net/core/rtnetlink.c    |  270 ++++++++++++++++++++++++++++++------------------
 net/decnet/dn_dev.c     |    9 +
 net/decnet/dn_fib.c     |    6 -
 net/decnet/dn_route.c   |    8 -
 net/ipv6/addrconf.c     |   44 +++++--
 net/ipv6/addrlabel.c    |   13 +-
 net/ipv6/ip6_fib.c      |    4 
 net/ipv6/route.c        |   20 ++-
 net/mpls/af_mpls.c      |   15 +-
 net/phonet/pn_netlink.c |   21 ++-
 net/qrtr/qrtr.c         |    8 +
 14 files changed, 282 insertions(+), 160 deletions(-)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ