lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <174265451228.356712.2871503046095180191.stgit@pro.pro>
Date: Sat, 22 Mar 2025 17:41:52 +0300
From: Kirill Tkhai <tkhai@...ru>
To: netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org
Cc: tkhai@...ru
Subject: [PATCH NET-PREV 32/51] ip6_sit: Use __register_netdevice() in .newlink and .changelink

The objective is to conform .newlink and .changelink and their
callers, which already assign nd_lock (and matches master nd_lock
if there is one).

Signed-off-by: Kirill Tkhai <tkhai@...ru>
---
 net/ipv6/sit.c |   45 ++++++++++++++++++++++++++++++++++++---------
 1 file changed, 36 insertions(+), 9 deletions(-)

diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 83b195f09561..1749defa4b70 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -212,7 +212,7 @@ static int ipip6_tunnel_create(struct net_device *dev)
 
 	dev->rtnl_link_ops = &sit_link_ops;
 
-	err = register_netdevice(dev);
+	err = __register_netdevice(dev);
 	if (err < 0)
 		goto out;
 
@@ -226,6 +226,7 @@ static int ipip6_tunnel_create(struct net_device *dev)
 }
 
 static struct ip_tunnel *ipip6_tunnel_locate(struct net *net,
+					     struct nd_lock *nd_lock,
 					     struct ip_tunnel_parm_kern *parms,
 					     int create)
 {
@@ -269,6 +270,7 @@ static struct ip_tunnel *ipip6_tunnel_locate(struct net *net,
 	nt = netdev_priv(dev);
 
 	nt->parms = *parms;
+	attach_nd_lock(dev, nd_lock);
 	if (ipip6_tunnel_create(dev) < 0)
 		goto failed_free;
 
@@ -278,6 +280,7 @@ static struct ip_tunnel *ipip6_tunnel_locate(struct net *net,
 	return nt;
 
 failed_free:
+	detach_nd_lock(dev);
 	free_netdev(dev);
 failed:
 	return NULL;
@@ -1200,11 +1203,14 @@ ipip6_tunnel_get6rd(struct net_device *dev, struct ip_tunnel_parm __user *data)
 	struct ip_tunnel *t = netdev_priv(dev);
 	struct ip_tunnel_parm_kern p;
 	struct ip_tunnel_6rd ip6rd;
+	struct nd_lock *nd_lock;
 
 	if (dev == dev_to_sit_net(dev)->fb_tunnel_dev) {
 		if (!ip_tunnel_parm_from_user(&p, data))
 			return -EFAULT;
-		t = ipip6_tunnel_locate(t->net, &p, 0);
+		lock_netdev(dev, &nd_lock);
+		t = ipip6_tunnel_locate(t->net, nd_lock, &p, 0);
+		unlock_netdev(nd_lock);
 	}
 	if (!t)
 		t = netdev_priv(dev);
@@ -1273,9 +1279,13 @@ static int
 ipip6_tunnel_get(struct net_device *dev, struct ip_tunnel_parm_kern *p)
 {
 	struct ip_tunnel *t = netdev_priv(dev);
+	struct nd_lock *nd_lock;
 
-	if (dev == dev_to_sit_net(dev)->fb_tunnel_dev)
-		t = ipip6_tunnel_locate(t->net, p, 0);
+	if (dev == dev_to_sit_net(dev)->fb_tunnel_dev) {
+		lock_netdev(dev, &nd_lock);
+		t = ipip6_tunnel_locate(t->net, nd_lock, p, 0);
+		unlock_netdev(nd_lock);
+	}
 	if (!t)
 		t = netdev_priv(dev);
 	memcpy(p, &t->parms, sizeof(*p));
@@ -1286,13 +1296,16 @@ static int
 ipip6_tunnel_add(struct net_device *dev, struct ip_tunnel_parm_kern *p)
 {
 	struct ip_tunnel *t = netdev_priv(dev);
+	struct nd_lock *nd_lock;
 	int err;
 
 	err = __ipip6_tunnel_ioctl_validate(t->net, p);
 	if (err)
 		return err;
 
-	t = ipip6_tunnel_locate(t->net, p, 1);
+	lock_netdev(dev, &nd_lock);
+	t = ipip6_tunnel_locate(t->net, nd_lock, p, 1);
+	unlock_netdev(nd_lock);
 	if (!t)
 		return -ENOBUFS;
 	return 0;
@@ -1302,13 +1315,16 @@ static int
 ipip6_tunnel_change(struct net_device *dev, struct ip_tunnel_parm_kern *p)
 {
 	struct ip_tunnel *t = netdev_priv(dev);
+	struct nd_lock *nd_lock;
 	int err;
 
 	err = __ipip6_tunnel_ioctl_validate(t->net, p);
 	if (err)
 		return err;
 
-	t = ipip6_tunnel_locate(t->net, p, 0);
+	lock_netdev(dev, &nd_lock);
+	t = ipip6_tunnel_locate(t->net, nd_lock, p, 0);
+	unlock_netdev(nd_lock);
 	if (dev == dev_to_sit_net(dev)->fb_tunnel_dev) {
 		if (!t)
 			return -ENOENT;
@@ -1333,12 +1349,15 @@ static int
 ipip6_tunnel_del(struct net_device *dev, struct ip_tunnel_parm_kern *p)
 {
 	struct ip_tunnel *t = netdev_priv(dev);
+	struct nd_lock *nd_lock;
 
 	if (!ns_capable(t->net->user_ns, CAP_NET_ADMIN))
 		return -EPERM;
 
 	if (dev == dev_to_sit_net(dev)->fb_tunnel_dev) {
-		t = ipip6_tunnel_locate(t->net, p, 0);
+		lock_netdev(dev, &nd_lock);
+		t = ipip6_tunnel_locate(t->net, nd_lock, p, 0);
+		unlock_netdev(nd_lock);
 		if (!t)
 			return -ENOENT;
 		if (t == netdev_priv(dev_to_sit_net(dev)->fb_tunnel_dev))
@@ -1349,6 +1368,12 @@ ipip6_tunnel_del(struct net_device *dev, struct ip_tunnel_parm_kern *p)
 	return 0;
 }
 
+/* This is called with rtnl locked and dev nd_lock unlocked.
+ * Note, that currently we take nd_lock in every of below
+ * function: ipip6_tunnel_get, ipip6_tunnel_add, etc instead
+ * of taking it once here, since there is call_netdevice_notifiers()
+ * in one of them, which is not prepared to use nd_lock yet.
+ */
 static int
 ipip6_tunnel_ctl(struct net_device *dev, struct ip_tunnel_parm_kern *p,
 		 int cmd)
@@ -1553,6 +1578,7 @@ static int ipip6_newlink(struct net *src_net, struct net_device *dev,
 			 struct nlattr *tb[], struct nlattr *data[],
 			 struct netlink_ext_ack *extack)
 {
+	struct nd_lock *nd_lock = rcu_dereference_protected(dev->nd_lock, true);
 	struct net *net = dev_net(dev);
 	struct ip_tunnel *nt;
 	struct ip_tunnel_encap ipencap;
@@ -1571,7 +1597,7 @@ static int ipip6_newlink(struct net *src_net, struct net_device *dev,
 
 	ipip6_netlink_parms(data, &nt->parms, &nt->fwmark);
 
-	if (ipip6_tunnel_locate(net, &nt->parms, 0))
+	if (ipip6_tunnel_locate(net, nd_lock, &nt->parms, 0))
 		return -EEXIST;
 
 	err = ipip6_tunnel_create(dev);
@@ -1601,6 +1627,7 @@ static int ipip6_changelink(struct net_device *dev, struct nlattr *tb[],
 			    struct nlattr *data[],
 			    struct netlink_ext_ack *extack)
 {
+	struct nd_lock *nd_lock = rcu_dereference_protected(dev->nd_lock, true);
 	struct ip_tunnel *t = netdev_priv(dev);
 	struct ip_tunnel_encap ipencap;
 	struct ip_tunnel_parm_kern p;
@@ -1627,7 +1654,7 @@ static int ipip6_changelink(struct net_device *dev, struct nlattr *tb[],
 	    (!(dev->flags & IFF_POINTOPOINT) && p.iph.daddr))
 		return -EINVAL;
 
-	t = ipip6_tunnel_locate(net, &p, 0);
+	t = ipip6_tunnel_locate(net, nd_lock, &p, 0);
 
 	if (t) {
 		if (t->dev != dev)


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ