lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <SJ0PR11MB58652BB4D2C5245CABAC236B8F712@SJ0PR11MB5865.namprd11.prod.outlook.com>
Date: Thu, 3 Oct 2024 12:03:38 +0000
From: "Romanowski, Rafal" <rafal.romanowski@...el.com>
To: Simon Horman <horms@...nel.org>, "Loktionov, Aleksandr"
	<aleksandr.loktionov@...el.com>
CC: "Nguyen, Anthony L" <anthony.l.nguyen@...el.com>, "Kubalewski, Arkadiusz"
	<arkadiusz.kubalewski@...el.com>, "intel-wired-lan@...ts.osuosl.org"
	<intel-wired-lan@...ts.osuosl.org>, "netdev@...r.kernel.org"
	<netdev@...r.kernel.org>
Subject: RE: [Intel-wired-lan] [PATCH iwl-net v1] i40e: Fix macvlan leak by
 synchronizing access to mac_filter_hash

> -----Original Message-----
> From: Intel-wired-lan <intel-wired-lan-bounces@...osl.org> On Behalf Of Simon
> Horman
> Sent: Tuesday, September 24, 2024 8:57 AM
> To: Loktionov, Aleksandr <aleksandr.loktionov@...el.com>
> Cc: Nguyen, Anthony L <anthony.l.nguyen@...el.com>; Kubalewski, Arkadiusz
> <arkadiusz.kubalewski@...el.com>; intel-wired-lan@...ts.osuosl.org;
> netdev@...r.kernel.org
> Subject: Re: [Intel-wired-lan] [PATCH iwl-net v1] i40e: Fix macvlan leak by
> synchronizing access to mac_filter_hash
> 
> On Mon, Sep 23, 2024 at 11:12:19AM +0200, Aleksandr Loktionov wrote:
> > This patch addresses a macvlan leak issue in the i40e driver caused by
> > concurrent access to vsi->mac_filter_hash. The leak occurs when
> > multiple threads attempt to modify the mac_filter_hash simultaneously,
> > leading to inconsistent state and potential memory leaks.
> >
> > To fix this, we now wrap the calls to i40e_del_mac_filter() and
> > zeroing
> > vf->default_lan_addr.addr with
> > vf->spin_lock/unlock_bh(&vsi->mac_filter_hash_lock),
> > ensuring atomic operations and preventing concurrent access.
> >
> > Additionally, we add lockdep_assert_held(&vsi->mac_filter_hash_lock)
> > in
> > i40e_add_mac_filter() to help catch similar issues in the future.
> >
> > Reproduction steps:
> > 1. Spawn VFs and configure port vlan on them.
> > 2. Trigger concurrent macvlan operations (e.g., adding and deleting
> > 	portvlan and/or mac filters).
> > 3. Observe the potential memory leak and inconsistent state in the
> > 	mac_filter_hash.
> >
> > This synchronization ensures the integrity of the mac_filter_hash and
> > prevents the described leak.
> >
> > Fixes: fed0d9f13266 ("i40e: Fix VF's MAC Address change on VM")
> > Reviewed-by: Arkadiusz Kubalewski <arkadiusz.kubalewski@...el.com>
> > Signed-off-by: Aleksandr Loktionov <aleksandr.loktionov@...el.com>
> 
> Thanks Aleksandr,
> 
> I see that:
> 
> 1) All calls to i40e_add_mac_filter() and all other calls
>    to i40e_del_mac_filter() are already protected by
>    vsi->mac_filter_hash_lock.
> 
> 2) i40e_del_mac_filter() already asserts that
>    vsi->mac_filter_hash_lock is held.
> 
> So this looks good to me.
> 
> Reviewed-by: Simon Horman <horms@...nel.org>
> 
> ...

Tested-by: Rafal Romanowski <rafal.romanowski@...el.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ