| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <94934308-c086-fae9-6a7b-608f507afefe@huawei.com>
Date: Sat, 16 Mar 2019 14:27:47 +0800
From: Zhiqiang Liu <liuzhiqiang26@...wei.com>
To: Stefano Brivio <sbrivio@...hat.com>
CC: Eric Dumazet <eric.dumazet@...il.com>,
David Miller <davem@...emloft.net>, <petrm@...lanox.com>,
<idosch@...lanox.com>, <sd@...asysnail.net>,
<mousuanming@...wei.com>, <netdev@...r.kernel.org>,
<mingfangsen@...wei.com>, <zhoukang7@...wei.com>,
<wangxiaogang3@...wei.com>
Subject: Re: [PATCH v2] vxlan: remove the redundant gro_cells_destroy()
calling.
> On Sat, 16 Mar 2019 13:24:39 +0800
> Zhiqiang Liu <liuzhiqiang26@...wei.com> wrote:
>
>> I have updated the commit message as suggested by Eric. Even though I have read
>> Documentation/networking/netdev-FAQ.rst as you mentioned. I am now still a little
>> confused about the subject-prefix of v3 (net or net-next).
>
> It's "net": this is a (likely critical) fix.
>
>> And David Miller saied the net-next tree is CLOSED.
>
> Right, but this is not for net-next anymore, given what Eric found.
>
>> Could you help me check whether the following v3 patch is ok?
>>
>>
>> Subject: [PATCH net v3] vxlan: remove the redundant gro_cells_destroy() calling.
>
> This one. And it's not just redundant, so maybe something like:
>
> "[PATCH net v3] vxlan: Don't call gro_cells_destroy() before
> device is unregistered"
>
>> OR
>> Subject: [PATCH net-next v3] vxlan: remove the redundant gro_cells_destroy() calling.
>>
>> Commit ad6c9986bcb62 ("vxlan: Fix GRO cells race condition between
>> receive and link delete") fixed a race condition for the typical case a vxlan
>> device is dismantled from the current netns. But if a netns is dismantled,
>> vxlan_destroy_tunnels() is called to schedule a unregister_netdevice_queue()
>> of all the vxlan tunnels that are related to this netns.
>>
>> In vxlan_destroy_tunnels(), gro_cells_destroy() is called and finished before
>> unregister_netdevice_queue(). This means that the gro_cells_destroy() call is
>> done too soon, for the same reasons explained in above commit.
>>
>> So we need to fully respect the RCU rules, and thus must remove the
>> gro_cells_destroy() call or risk use after-free.
>>
>> Fixes: 58ce31cca1ff ("vxlan: GRO support at tunnel layer")
>> Signed-off-by: Suanming.Mou <mousuanming@...wei.com>
>> Suggested-by: Eric Dumazet <eric.dumazet@...il.com>
>> Reviewed-by: Stefano Brivio <sbrivio@...hat.com>
>> Reviewed-by: Zhiqiang Liu <liuzhiqiang26@...wei.com>
>> ---
>> V1->V2:
>
> This will actually be v3.
>
>> - update the commit message suggeted by Eric Dumazet
>> - update Fixes: tag
>>
>> drivers/net/vxlan.c | 4 +---
>> 1 file changed, 1 insertion(+), 3 deletions(-)
>>
>> diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
>> index 077f1b9f2761..d76dfed8d9bb 100644
>> --- a/drivers/net/vxlan.c
>> +++ b/drivers/net/vxlan.c
>> @@ -4335,10 +4335,8 @@ static void vxlan_destroy_tunnels(struct net *net, struct list_head *head)
>> /* If vxlan->dev is in the same netns, it has already been added
>> * to the list by the previous loop.
>> */
>> - if (!net_eq(dev_net(vxlan->dev), net)) {
>> - gro_cells_destroy(&vxlan->gro_cells);
>> + if (!net_eq(dev_net(vxlan->dev), net))
>> unregister_netdevice_queue(vxlan->dev, head);
>> - }
>> }
>>
>> for (h = 0; h < PORT_HASH_SIZE; ++h)
>
> Looks good to me, you can keep my Reviewed-by: tag for v3. Thanks!
>
Thank you for your patience to reply. And thanks for Eric and David Miller again.
I will make the v3 as your suggestion.
Powered by blists - more mailing lists