lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250206095221.24542-1-kuniyu@amazon.com>
Date: Thu, 6 Feb 2025 18:52:21 +0900
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: <edumazet@...gle.com>
CC: <davem@...emloft.net>, <horms@...nel.org>, <kuba@...nel.org>,
	<kuni1840@...il.com>, <kuniyu@...zon.com>, <netdev@...r.kernel.org>,
	<pabeni@...hat.com>
Subject: Re: [PATCH v1 net-next 6/6] fib: rules: Convert RTM_DELRULE to per-netns RTNL.

From: Eric Dumazet <edumazet@...gle.com>
Date: Thu, 6 Feb 2025 10:41:12 +0100
> On Thu, Feb 6, 2025 at 9:49 AM Kuniyuki Iwashima <kuniyu@...zon.com> wrote:
> >
> > fib_nl_delrule() is the doit() handler for RTM_DELRULE but also called
> > 1;95;0cfrom vrf_newlink() in case something fails in vrf_add_fib_rules().
> >
> > In the latter case, RTNL is already held and the 3rd arg extack is NULL.
> >
> > Let's hold per-netns RTNL in fib_nl_delrule() if extack is NULL.
> >
> > Now we can place ASSERT_RTNL_NET() in call_fib_rule_notifiers().
> >
> > While at it, fib_rule r is moved to the suitable scope.
> >
> > Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
> > ---
> >  net/core/fib_rules.c | 29 +++++++++++++++++++----------
> >  1 file changed, 19 insertions(+), 10 deletions(-)
> >
> > diff --git a/net/core/fib_rules.c b/net/core/fib_rules.c
> > index cc26c762fa9e..3430d026134d 100644
> > --- a/net/core/fib_rules.c
> > +++ b/net/core/fib_rules.c
> > @@ -371,7 +371,8 @@ static int call_fib_rule_notifiers(struct net *net,
> >                 .rule = rule,
> >         };
> >
> > -       ASSERT_RTNL();
> > +       ASSERT_RTNL_NET(net);
> 
> This warning will then fire in the vrf case, because vrf_fib_rule() is
> only holding the real RTNL,
> but not yet the net->rtnl_mutex ?

As it's RTM_NEWLINK, dev_net(net)'s per-netns RTNL is held here and
vrf_fib_rule() sets skb->sk = dev_net(dev)->rtnl, so I think it won't fire.


> 
> > +
> >         /* Paired with READ_ONCE() in fib_rules_seq() */
> >         WRITE_ONCE(ops->fib_rules_seq, ops->fib_rules_seq + 1);
> >         return call_fib_notifiers(net, event_type, &info.info);
> > @@ -909,13 +910,13 @@ EXPORT_SYMBOL_GPL(fib_nl_newrule);
> >  int fib_nl_delrule(struct sk_buff *skb, struct nlmsghdr *nlh,
> >                    struct netlink_ext_ack *extack)
> >  {
> > -       struct net *net = sock_net(skb->sk);
> > +       bool user_priority = false, hold_rtnl = !!extack;
> 
> I am not pleased with this heuristic hidden here.
> 
> At the very least a fat comment in drivers/net/vrf.c would be welcomed.

Will add a comment there in v2.

Thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ