| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 20 Feb 2019 08:40:34 -0800
From: "Paul E. McKenney" <paulmck@...ux.ibm.com>
To: "Joel Fernandes (Google)" <joel@...lfernandes.org>
Cc: linux-kernel@...r.kernel.org, rcu@...r.kernel.org
Subject: Re: [RFC 1/5] net: rtnetlink: Fix incorrect RCU API usage
On Tue, Feb 19, 2019 at 11:08:23PM -0500, Joel Fernandes (Google) wrote:
> From: Joel Fernandes <joel@...lfernandes.org>
>
> rtnl_register_internal() and rtnl_unregister_all tries to directly
> dereference an RCU protected pointed outside RCU read side section.
> While this is Ok to do since a lock is held, let us use the correct
> API to avoid programmer bugs in the future.
>
> This also fixes sparse warnings arising from not using RCU API.
>
> net/core/rtnetlink.c:332:13: warning: incorrect type in assignment
> (different address spaces) net/core/rtnetlink.c:332:13: expected
> struct rtnl_link **tab net/core/rtnetlink.c:332:13: got struct
> rtnl_link *[noderef] <asn:4>*<noident>
>
> Signed-off-by: Joel Fernandes <joel@...lfernandes.org>
First, thank you for doing this!
I was going to complain that these were update-side accesses, but it
looks like rtnl_dereference() already handles both readers and updaters.
So looks good to me, but the maintainers of course have the final word.
Thanx, Paul
> ---
> net/core/rtnetlink.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> index 5ea1bed08ede..98be4b4818a9 100644
> --- a/net/core/rtnetlink.c
> +++ b/net/core/rtnetlink.c
> @@ -188,7 +188,7 @@ static int rtnl_register_internal(struct module *owner,
> msgindex = rtm_msgindex(msgtype);
>
> rtnl_lock();
> - tab = rtnl_msg_handlers[protocol];
> + tab = rtnl_dereference(rtnl_msg_handlers[protocol]);
> if (tab == NULL) {
> tab = kcalloc(RTM_NR_MSGTYPES, sizeof(void *), GFP_KERNEL);
> if (!tab)
> @@ -329,7 +329,7 @@ void rtnl_unregister_all(int protocol)
> BUG_ON(protocol < 0 || protocol > RTNL_FAMILY_MAX);
>
> rtnl_lock();
> - tab = rtnl_msg_handlers[protocol];
> + tab = rtnl_dereference(rtnl_msg_handlers[protocol]);
> if (!tab) {
> rtnl_unlock();
> return;
> --
> 2.21.0.rc0.258.g878e2cd30e-goog
>
Powered by blists - more mailing lists