[PATCH 3.16 06/10] ipv4: fix a race in update_or_create_fnhe()

From: Ben Hutchings
Date: Thu May 09 2019 - 10:14:57 EST

Next message: Ben Hutchings: "[PATCH 3.16 08/10] fork: record start_time late"
Previous message: Ben Hutchings: "[PATCH 3.16 07/10] KVM: VMX: Fix x2apic check in vmx_msr_bitmap_mode()"
In reply to: Ben Hutchings: "[PATCH 3.16 07/10] KVM: VMX: Fix x2apic check in vmx_msr_bitmap_mode()"
Next in thread: Ben Hutchings: "[PATCH 3.16 08/10] fork: record start_time late"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.16.67-rc1 review patch. If anyone has any objections, please let me know.

------------------

From: Eric Dumazet <edumazet@xxxxxxxxxx>

commit caa415270c732505240bb60171c44a7838c555e8 upstream.

nh_exceptions is effectively used under rcu, but lacks proper
barriers. Between kzalloc() and setting of nh->nh_exceptions(),
we need a proper memory barrier.

Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Fixes: 4895c771c7f00 ("ipv4: Add FIB nexthop exceptions.")
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
include/net/ip_fib.h | 2 +-
net/ipv4/fib_semantics.c | 8 +++++---
net/ipv4/route.c | 6 +++---
3 files changed, 9 insertions(+), 7 deletions(-)

--- a/include/net/ip_fib.h
+++ b/include/net/ip_fib.h
@@ -89,7 +89,7 @@ struct fib_nh {
int nh_saddr_genid;
struct rtable __rcu * __percpu *nh_pcpu_rth_output;
struct rtable __rcu *nh_rth_input;
- struct fnhe_hash_bucket *nh_exceptions;
+ struct fnhe_hash_bucket __rcu *nh_exceptions;
};

/*
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -157,9 +157,12 @@ static void rt_fibinfo_free(struct rtabl

static void free_nh_exceptions(struct fib_nh *nh)
{
- struct fnhe_hash_bucket *hash = nh->nh_exceptions;
+ struct fnhe_hash_bucket *hash;
int i;

+ hash = rcu_dereference_protected(nh->nh_exceptions, 1);
+ if (!hash)
+ return;
for (i = 0; i < FNHE_HASH_SIZE; i++) {
struct fib_nh_exception *fnhe;

@@ -206,8 +209,7 @@ static void free_fib_info_rcu(struct rcu
change_nexthops(fi) {
if (nexthop_nh->nh_dev)
dev_put(nexthop_nh->nh_dev);
- if (nexthop_nh->nh_exceptions)
- free_nh_exceptions(nexthop_nh);
+ free_nh_exceptions(nexthop_nh);
rt_fibinfo_free_cpus(nexthop_nh->nh_pcpu_rth_output);
rt_fibinfo_free(&nexthop_nh->nh_rth_input);
} endfor_nexthops(fi);
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -635,12 +635,12 @@ static void update_or_create_fnhe(struct

spin_lock_bh(&fnhe_lock);

- hash = nh->nh_exceptions;
+ hash = rcu_dereference(nh->nh_exceptions);
if (!hash) {
hash = kzalloc(FNHE_HASH_SIZE * sizeof(*hash), GFP_ATOMIC);
if (!hash)
goto out_unlock;
- nh->nh_exceptions = hash;
+ rcu_assign_pointer(nh->nh_exceptions, hash);
}

hash += hval;
@@ -1293,7 +1293,7 @@ static void ip_del_fnhe(struct fib_nh *n

static struct fib_nh_exception *find_exception(struct fib_nh *nh, __be32 daddr)
{
- struct fnhe_hash_bucket *hash = nh->nh_exceptions;
+ struct fnhe_hash_bucket *hash = rcu_dereference(nh->nh_exceptions);
struct fib_nh_exception *fnhe;
u32 hval;

Next message: Ben Hutchings: "[PATCH 3.16 08/10] fork: record start_time late"
Previous message: Ben Hutchings: "[PATCH 3.16 07/10] KVM: VMX: Fix x2apic check in vmx_msr_bitmap_mode()"
In reply to: Ben Hutchings: "[PATCH 3.16 07/10] KVM: VMX: Fix x2apic check in vmx_msr_bitmap_mode()"
Next in thread: Ben Hutchings: "[PATCH 3.16 08/10] fork: record start_time late"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]