| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 8 Jan 2024 11:18:15 +0100
From: Eric Dumazet <edumazet@...gle.com>
To: Xiaochen Zou <xzou017@....edu>
Cc: davem@...emloft.net, dsahern@...nel.org, kuba@...nel.org,
pabeni@...hat.com, netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: gre: complete lockless access to dev->needed_headroom
On Fri, Jan 5, 2024 at 12:26 AM Xiaochen Zou <xzou017@....edu> wrote:
>
> According to 4b397c06cb9 (net: tunnels: annotate lockless
> accesses to dev->needed_headroom), we need to use lockless
> access to protect dev->needed_headroom from data racing.
> This patch complete the changes in ip(6)_gre.
>
> More changes in other modules might be needed for completeness.
>
> Signed-off-by: Xiaochen Zou <xzou017@....edu>
> ---
> net/ipv4/ip_gre.c | 12 ++++++------
> net/ipv6/ip6_gre.c | 12 ++++++------
> 2 files changed, 12 insertions(+), 12 deletions(-)
>
> diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
> index 5169c3c72cff..8c979c421d79 100644
> --- a/net/ipv4/ip_gre.c
> +++ b/net/ipv4/ip_gre.c
> @@ -491,7 +491,7 @@ static void gre_fb_xmit(struct sk_buff *skb, struct net_device *dev,
> key = &tun_info->key;
> tunnel_hlen = gre_calc_hlen(key->tun_flags);
>
> - if (skb_cow_head(skb, dev->needed_headroom))
> + if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom)))
> goto err_free_skb;
>
> /* Push Tunnel header. */
> @@ -541,7 +541,7 @@ static void erspan_fb_xmit(struct sk_buff *skb, struct net_device *dev)
> version = md->version;
> tunnel_hlen = 8 + erspan_hdr_len(version);
>
> - if (skb_cow_head(skb, dev->needed_headroom))
> + if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom)))
> goto err_free_skb;
>
> if (gre_handle_offloads(skb, false))
> @@ -653,7 +653,7 @@ static netdev_tx_t ipgre_xmit(struct sk_buff *skb,
> skb_checksum_start(skb) < skb->data)
> goto free_skb;
> } else {
> - if (skb_cow_head(skb, dev->needed_headroom))
> + if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom)))
> goto free_skb;
>
> tnl_params = &tunnel->parms.iph;
> @@ -689,7 +689,7 @@ static netdev_tx_t erspan_xmit(struct sk_buff *skb,
> if (gre_handle_offloads(skb, false))
> goto free_skb;
>
> - if (skb_cow_head(skb, dev->needed_headroom))
> + if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom)))
> goto free_skb;
>
> if (skb->len > dev->mtu + dev->hard_header_len) {
> @@ -742,7 +742,7 @@ static netdev_tx_t gre_tap_xmit(struct sk_buff *skb,
> if (gre_handle_offloads(skb, !!(tunnel->parms.o_flags & TUNNEL_CSUM)))
> goto free_skb;
>
> - if (skb_cow_head(skb, dev->needed_headroom))
> + if (skb_cow_head(skb, READ_ONCE(dev->needed_headroom)))
> goto free_skb;
>
> __gre_xmit(skb, dev, &tunnel->parms.iph, htons(ETH_P_TEB));
> @@ -768,7 +768,7 @@ static void ipgre_link_update(struct net_device *dev, bool set_mtu)
> if (dev->header_ops)
> dev->hard_header_len += len;
> else
> - dev->needed_headroom += len;
> + WRITE_ONCE(dev->needed_headroom, dev->needed_headroom + len);
Can the updates here happen while packets are in flight ?
ip6_tnl_xmit() updates definitely could happen while packets are in
flight, this is why we needed
if (max_headroom > READ_ONCE(dev->needed_headroom))
WRITE_ONCE(dev->needed_headroom, max_headroom);
Do you have a KCSAN stack trace or something ?
Normally, dev->needed_headroom is only set at setup time,
Commit 8eb30be0352d ("ipv6: Create ip6_tnl_xmit") violated this rule.
Powered by blists - more mailing lists