| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250627112526.3615031-5-edumazet@google.com>
Date: Fri, 27 Jun 2025 11:25:20 +0000
From: Eric Dumazet <edumazet@...gle.com>
To: "David S . Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>
Cc: Simon Horman <horms@...nel.org>, Kuniyuki Iwashima <kuniyu@...gle.com>,
David Ahern <dsahern@...nel.org>, netdev@...r.kernel.org, eric.dumazet@...il.com,
Eric Dumazet <edumazet@...gle.com>
Subject: [PATCH net-next 04/10] net: dst: annotate data-races around dst->input
dst_dev_put() can overwrite dst->input while other
cpus might read this field (for instance from dst_input())
Add READ_ONCE()/WRITE_ONCE() annotations to suppress
potential issues.
We will likely need full RCU protection later.
Fixes: 4a6ce2b6f2ec ("net: introduce a new function dst_dev_put()")
Signed-off-by: Eric Dumazet <edumazet@...gle.com>
---
include/net/dst.h | 2 +-
include/net/lwtunnel.h | 4 ++--
net/core/dst.c | 2 +-
net/ipv4/route.c | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/include/net/dst.h b/include/net/dst.h
index bef2f41c7220437b3cb177ea8c85b81b3f89e8f8..c0f8b6d8e70746fe09a68037f14d6e5bf1d1c57e 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -468,7 +468,7 @@ INDIRECT_CALLABLE_DECLARE(int ip_local_deliver(struct sk_buff *));
/* Input packet from network to transport. */
static inline int dst_input(struct sk_buff *skb)
{
- return INDIRECT_CALL_INET(skb_dst(skb)->input,
+ return INDIRECT_CALL_INET(READ_ONCE(skb_dst(skb)->input),
ip6_input, ip_local_deliver, skb);
}
diff --git a/include/net/lwtunnel.h b/include/net/lwtunnel.h
index c306ebe379a0b37ecc5ce54c864824c91aaea273..eaac07d505959e263e479e0fe288424371945f5d 100644
--- a/include/net/lwtunnel.h
+++ b/include/net/lwtunnel.h
@@ -142,8 +142,8 @@ static inline void lwtunnel_set_redirect(struct dst_entry *dst)
dst->output = lwtunnel_output;
}
if (lwtunnel_input_redirect(dst->lwtstate)) {
- dst->lwtstate->orig_input = dst->input;
- dst->input = lwtunnel_input;
+ dst->lwtstate->orig_input = READ_ONCE(dst->input);
+ WRITE_ONCE(dst->input, lwtunnel_input);
}
}
#else
diff --git a/net/core/dst.c b/net/core/dst.c
index 8f2a3138d60c7e94f24ab8bc9063d470a825eeb5..13c629dc7123da1eaeb07e4546ae6c3f38265af1 100644
--- a/net/core/dst.c
+++ b/net/core/dst.c
@@ -148,7 +148,7 @@ void dst_dev_put(struct dst_entry *dst)
WRITE_ONCE(dst->obsolete, DST_OBSOLETE_DEAD);
if (dst->ops->ifdown)
dst->ops->ifdown(dst, dev);
- dst->input = dst_discard;
+ WRITE_ONCE(dst->input, dst_discard);
dst->output = dst_discard_out;
dst->dev = blackhole_netdev;
netdev_ref_replace(dev, blackhole_netdev, &dst->dev_tracker,
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index d7a534a5f1ff8bdaa81a14096f70ef3a83a1ab05..75a1f9eabd6b6350b1ebc9d7dc8166b3d9364a03 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1687,7 +1687,7 @@ struct rtable *rt_dst_clone(struct net_device *dev, struct rtable *rt)
else if (rt->rt_gw_family == AF_INET6)
new_rt->rt_gw6 = rt->rt_gw6;
- new_rt->dst.input = rt->dst.input;
+ new_rt->dst.input = READ_ONCE(rt->dst.input);
new_rt->dst.output = rt->dst.output;
new_rt->dst.error = rt->dst.error;
new_rt->dst.lastuse = jiffies;
--
2.50.0.727.gbf7dc18ff4-goog
Powered by blists - more mailing lists