lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LFD.2.20.1705100937330.1938@ja.home.ssi.bg> Date: Wed, 10 May 2017 10:38:49 +0300 (EEST) From: Julian Anastasov <ja@....bg> To: Cong Wang <xiyou.wangcong@...il.com> cc: Eric Dumazet <eric.dumazet@...il.com>, David Miller <davem@...emloft.net>, Linux Kernel Network Developers <netdev@...r.kernel.org>, Andrey Konovalov <andreyknvl@...gle.com>, Eric Dumazet <edumazet@...gle.com> Subject: Re: [Patch net] ipv4: restore rt->fi for reference counting Hello, On Tue, 9 May 2017, Cong Wang wrote: > > Also setting nexthop_nh->nh_dev to NULL looks quite dangerous > > > > We have plenty of sites doing : > > > > if (fi->fib_dev) > > x = fi->fib_dev->field > > > > fib_route_seq_show() is one example. > > > > All of them take RCU read lock, so, as I explained in the code comment, > they all should be fine because of synchronize_net() on unregister path. > Do you see anything otherwise? During NETDEV_UNREGISTER packets for dev should not be flying but packets for other devs can walk the nexthops for multipath routes. It is the rcu_barrier before NETDEV_UNREGISTER_FINAL that allows nh_dev to be set to NULL during this grace period but there are many places to fix that assume nh_dev!=NULL. But why we leak routes? Is there some place that holds routes without listening for NETDEV_UNREGISTER? On fib_flush the infos are unlinked from trees, so after a grace period packets should not see/hold such infos. If we hold routes somewhere for long time, problem can happen also for routes with single nexthop. Regards -- Julian Anastasov <ja@....bg>
Powered by blists - more mailing lists