lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANn89i+9rX722bpuQV+nNYU1O8fSXhQ_XndzCbD1whN_b_E84w@mail.gmail.com>
Date: Thu, 26 Jun 2025 07:30:59 -0700
From: Eric Dumazet <edumazet@...gle.com>
To: Kuniyuki Iwashima <kuni1840@...il.com>
Cc: "David S. Miller" <davem@...emloft.net>, David Ahern <dsahern@...nel.org>, 
	Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Simon Horman <horms@...nel.org>, 
	Kuniyuki Iwashima <kuniyu@...gle.com>, netdev@...r.kernel.org
Subject: Re: [PATCH v2 net-next 03/15] ipv6: mcast: Check inet6_dev->dead
 under idev->mc_lock in __ipv6_dev_mc_inc().

On Tue, Jun 24, 2025 at 1:26 PM Kuniyuki Iwashima <kuni1840@...il.com> wrote:
>
> From: Kuniyuki Iwashima <kuniyu@...gle.com>
>
> Since commit 63ed8de4be81 ("mld: add mc_lock for protecting
> per-interface mld data"), every multicast resource is protected
> by inet6_dev->mc_lock.
>
> RTNL is unnecessary in terms of protection but still needed for
> synchronisation between addrconf_ifdown() and __ipv6_dev_mc_inc().
>
> Once we removed RTNL, there would be a race below, where we could
> add a multicast address to a dead inet6_dev.
>
>   CPU1                            CPU2
>   ====                            ====
>   addrconf_ifdown()               __ipv6_dev_mc_inc()
>                                     if (idev->dead) <-- false
>     dead = true                       return -ENODEV;
>     ipv6_mc_destroy_dev() / ipv6_mc_down()
>       mutex_lock(&idev->mc_lock)
>       ...
>       mutex_unlock(&idev->mc_lock)
>                                     mutex_lock(&idev->mc_lock)
>                                     ...
>                                     mutex_unlock(&idev->mc_lock)
>
> The race window can be easily closed by checking inet6_dev->dead
> under inet6_dev->mc_lock in __ipv6_dev_mc_inc() as addrconf_ifdown()
> will acquire it after marking inet6_dev dead.
>
> Let's check inet6_dev->dead under mc_lock in __ipv6_dev_mc_inc().
>
> Note that now __ipv6_dev_mc_inc() no longer depends on RTNL and
> we can remove ASSERT_RTNL() there and the RTNL comment above
> addrconf_join_solict().
>
> Signed-off-by: Kuniyuki Iwashima <kuniyu@...gle.com>

Reviewed-by: Eric Dumazet <edumazet@...gle.com>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ