[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <e8fe542c-80ba-4ca2-a1fa-ec6d29194e81@kernel.org>
Date: Mon, 18 Dec 2023 20:22:12 -0700
From: David Ahern <dsahern@...nel.org>
To: Kui-Feng Lee <sinquersw@...il.com>, netdev@...r.kernel.org
Cc: edumazet@...gle.com, Kui-Feng Lee <thinker.li@...il.com>
Subject: Re: [PATCH net] net/ipv6: Revert remove expired routes with a
separated list of routes
On 12/18/23 7:45 PM, Kui-Feng Lee wrote:
>
>
> On 12/18/23 18:38, David Ahern wrote:
>> On 12/18/23 6:14 PM, Kui-Feng Lee wrote:
>>>
>>>
>>> On 12/17/23 10:55, David Ahern wrote:
>>>> Revert the remainder of 5a08d0065a915 which added a warn on if a fib
>>>> entry is still on the gc_link list, and then revertĀ all of the commit
>>>> in the Fixes tag. The commit has some race conditions given how expires
>>>> is managed on a fib6_info in relation to timer start, adding the entry
>>>> to the gc list and setting the timer value leading to UAF. Revert
>>>> the commit and try again in a later release.
>>>
>>> May I know what your concerns are about the patch I provided?
>>> Even I try it again later, I still need to know what I miss and should
>>> address.
>>
>> This is a judgement call based on 6.7-rc number and upcoming holidays
>> with people offline. A bug fix is needed for a performance optimization;
>> the smart response here is to revert the patch and try again after the
>> holidays.
> Got it! Thanks!
In January, send a new set (RFC if it is still the merge window) with
the following:
1. audit all of the uses of RTF_EXPIRES. Some of the places need to be
cleaned up first. For example, rt6_add_dflt_router sets RTF_EXPIRES flag
but does not set fc_expires. I believe that function can be updated to
take the expires value and removes the need to set it later in
ndisc_router_discovery. See if the management of expires value can be
consolidated under the table lock.
2. Use gc_list instead of gc_link to be consistent with other gc lists
(and the fact that it is a list)
3. Add selftests using veth and namespaces to test RAs. It can depend on
and check for the existence of the ra or radvd command; the key is to
attempt a stress test on the router discovery path. Similarly for addrconf.
That is in addition to your new selftests in the last set you sent.
Powered by blists - more mailing lists