lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <CANn89iLZKMW4ncpk2TAsGKo=t+fm=Jss9466zF5YQ0NN+M_K9A@mail.gmail.com>
Date: Mon, 8 Jan 2024 11:18:15 +0100
From: Eric Dumazet <edumazet@...gle.com>
To: Xiaochen Zou <xzou017@....edu>
Cc: davem@...emloft.net, dsahern@...nel.org, kuba@...nel.org, 
	pabeni@...hat.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: gre: complete lockless access to dev->needed_headroom

On Fri, Jan 5, 2024 at 12:26 AM Xiaochen Zou <xzou017@....edu> wrote:
>
> According to 4b397c06cb9 (net: tunnels: annotate lockless
> accesses to dev->needed_headroom), we need to use lockless
> access to protect dev->needed_headroom from data racing.
> This patch complete the changes in ip(6)_gre.
>
> More changes in other modules might be needed for completeness.
>
> Signed-off-by: Xiaochen Zou <xzou017@....edu>
> ---
>  net/ipv4/ip_gre.c  | 12 ++++++------
>  net/ipv6/ip6_gre.c | 12 ++++++------
>  2 files changed, 12 insertions(+), 12 deletions(-)
>
> diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
> index 5169c3c72cff..8c979c421d79 100644
> --- a/net/ipv4/ip_gre.c
> +++ b/net/ipv4/ip_gre.c
> @@ -491,7 +491,7 @@ static void gre_fb_xmit(struct sk_buff *skb, struct net_device *dev,
>         key = &tun_info->key;
>         tunnel_hlen = gre_calc_hlen(key->tun_flags);
>
> -       if (skb_cow_head(skb, dev->needed_headroom))
> +       if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom)))
>                 goto err_free_skb;
>
>         /* Push Tunnel header. */
> @@ -541,7 +541,7 @@ static void erspan_fb_xmit(struct sk_buff *skb, struct net_device *dev)
>         version = md->version;
>         tunnel_hlen = 8 + erspan_hdr_len(version);
>
> -       if (skb_cow_head(skb, dev->needed_headroom))
> +       if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom)))
>                 goto err_free_skb;
>
>         if (gre_handle_offloads(skb, false))
> @@ -653,7 +653,7 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
>                     skb_checksum_start(skb) < skb->data)
>                         goto free_skb;
>         } else {
> -               if (skb_cow_head(skb, dev->needed_headroom))
> +               if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom)))
>                         goto free_skb;
>
>                 tnl_params = &tunnel->parms.iph;
> @@ -689,7 +689,7 @@ static netdev_tx_t erspan_xmit(struct sk_buff *skb,
>         if (gre_handle_offloads(skb, false))
>                 goto free_skb;
>
> -       if (skb_cow_head(skb, dev->needed_headroom))
> +       if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom)))
>                 goto free_skb;
>
>         if (skb->len > dev->mtu + dev->hard_header_len) {
> @@ -742,7 +742,7 @@ static netdev_tx_t gre_tap_xmit(struct sk_buff *skb,
>         if (gre_handle_offloads(skb, !!(tunnel->parms.o_flags & TUNNEL_CSUM)))
>                 goto free_skb;
>
> -       if (skb_cow_head(skb, dev->needed_headroom))
> +       if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom)))
>                 goto free_skb;
>
>         __gre_xmit(skb, dev, &tunnel->parms.iph, htons(ETH_P_TEB));
> @@ -768,7 +768,7 @@ static void ipgre_link_update(struct net_device *dev, bool set_mtu)
>         if (dev->header_ops)
>                 dev->hard_header_len += len;
>         else
> -               dev->needed_headroom += len;
> +               WRITE_ONCE(dev->needed_headroom, dev->needed_headroom + len);

Can the updates here happen while packets are in flight ?

ip6_tnl_xmit() updates definitely could happen while packets are in
flight, this is why we needed

if (max_headroom > READ_ONCE(dev->needed_headroom))
     WRITE_ONCE(dev->needed_headroom, max_headroom);

Do you have a KCSAN stack trace or something ?

Normally, dev->needed_headroom is only set at setup time,

Commit 8eb30be0352d ("ipv6: Create ip6_tnl_xmit") violated this rule.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ