Re: [PATCH net v2] ipv6: fix data race in fib6_metric_set() using cmpxchg
From: Hangbin Liu
Date: Mon Mar 30 2026 - 21:12:31 EST
On Mon, Mar 30, 2026 at 05:46:28PM -0700, Jakub Kicinski wrote:
> On Fri, 27 Mar 2026 10:24:47 +0800 Hangbin Liu wrote:
> > --- a/net/ipv6/ip6_fib.c
> > +++ b/net/ipv6/ip6_fib.c
> > @@ -730,17 +730,24 @@ void fib6_metric_set(struct fib6_info *f6i, int metric, u32 val)
> > if (!f6i)
> > return;
> >
> > - if (f6i->fib6_metrics == &dst_default_metrics) {
> > + if (READ_ONCE(f6i->fib6_metrics) == &dst_default_metrics) {
> > + struct dst_metrics *dflt = (struct dst_metrics *)&dst_default_metrics;
>
> Why does this exist? To cast away the const?
Yes, cause cmpxchg doesn't accept const type.
>
> > struct dst_metrics *p = kzalloc_obj(*p, GFP_ATOMIC);
> >
> > if (!p)
> > return;
> >
> > + p->metrics[metric - 1] = val;
> > refcount_set(&p->refcnt, 1);
> > - f6i->fib6_metrics = p;
> > + if (cmpxchg(&f6i->fib6_metrics, dflt, p) != dflt)
> > + kfree(p);
> > + else
> > + return;
> > }
> >
> > - f6i->fib6_metrics->metrics[metric - 1] = val;
> > + struct dst_metrics *m = READ_ONCE(f6i->fib6_metrics);
>
> No variable declarations in the middle of a function please.
Oh, I thought it's OK now since kernel supports C99...
I will fix it.
Thanks
Hangbin