Skip to content

Commit 9958a28

Browse files
edumazetmehmetb0
edumazet
authored and
mehmetb0
committed
net: fib_rules: annotate data-races around rule->[io]ifindex
BugLink: https://bugs.launchpad.net/bugs/2104873 [ Upstream commit cb827db ] rule->iifindex and rule->oifindex can be read without holding RTNL. Add READ_ONCE()/WRITE_ONCE() annotations where needed. Fixes: 32affa5 ("fib: rules: no longer hold RTNL in fib_nl_dumprule()") Signed-off-by: Eric Dumazet <[email protected]> Reviewed-by: Kuniyuki Iwashima <[email protected]> Reviewed-by: Ido Schimmel <[email protected]> Link: https://patch.msgid.link/[email protected] Signed-off-by: Jakub Kicinski <[email protected]> Signed-off-by: Sasha Levin <[email protected]> Signed-off-by: Noah Wager <[email protected]>
1 parent 7b16547 commit 9958a28

File tree

1 file changed

+13
-11
lines changed

1 file changed

+13
-11
lines changed

net/core/fib_rules.c

Lines changed: 13 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,8 @@ static const struct fib_kuid_range fib_kuid_range_unset = {
3636

3737
bool fib_rule_matchall(const struct fib_rule *rule)
3838
{
39-
if (rule->iifindex || rule->oifindex || rule->mark || rule->tun_id ||
40-
rule->flags)
39+
if (READ_ONCE(rule->iifindex) || READ_ONCE(rule->oifindex) ||
40+
rule->mark || rule->tun_id || rule->flags)
4141
return false;
4242
if (rule->suppress_ifgroup != -1 || rule->suppress_prefixlen != -1)
4343
return false;
@@ -259,12 +259,14 @@ static int fib_rule_match(struct fib_rule *rule, struct fib_rules_ops *ops,
259259
struct flowi *fl, int flags,
260260
struct fib_lookup_arg *arg)
261261
{
262-
int ret = 0;
262+
int iifindex, oifindex, ret = 0;
263263

264-
if (rule->iifindex && (rule->iifindex != fl->flowi_iif))
264+
iifindex = READ_ONCE(rule->iifindex);
265+
if (iifindex && (iifindex != fl->flowi_iif))
265266
goto out;
266267

267-
if (rule->oifindex && (rule->oifindex != fl->flowi_oif))
268+
oifindex = READ_ONCE(rule->oifindex);
269+
if (oifindex && (oifindex != fl->flowi_oif))
268270
goto out;
269271

270272
if ((rule->mark ^ fl->flowi_mark) & rule->mark_mask)
@@ -1036,14 +1038,14 @@ static int fib_nl_fill_rule(struct sk_buff *skb, struct fib_rule *rule,
10361038
if (rule->iifname[0]) {
10371039
if (nla_put_string(skb, FRA_IIFNAME, rule->iifname))
10381040
goto nla_put_failure;
1039-
if (rule->iifindex == -1)
1041+
if (READ_ONCE(rule->iifindex) == -1)
10401042
frh->flags |= FIB_RULE_IIF_DETACHED;
10411043
}
10421044

10431045
if (rule->oifname[0]) {
10441046
if (nla_put_string(skb, FRA_OIFNAME, rule->oifname))
10451047
goto nla_put_failure;
1046-
if (rule->oifindex == -1)
1048+
if (READ_ONCE(rule->oifindex) == -1)
10471049
frh->flags |= FIB_RULE_OIF_DETACHED;
10481050
}
10491051

@@ -1216,10 +1218,10 @@ static void attach_rules(struct list_head *rules, struct net_device *dev)
12161218
list_for_each_entry(rule, rules, list) {
12171219
if (rule->iifindex == -1 &&
12181220
strcmp(dev->name, rule->iifname) == 0)
1219-
rule->iifindex = dev->ifindex;
1221+
WRITE_ONCE(rule->iifindex, dev->ifindex);
12201222
if (rule->oifindex == -1 &&
12211223
strcmp(dev->name, rule->oifname) == 0)
1222-
rule->oifindex = dev->ifindex;
1224+
WRITE_ONCE(rule->oifindex, dev->ifindex);
12231225
}
12241226
}
12251227

@@ -1229,9 +1231,9 @@ static void detach_rules(struct list_head *rules, struct net_device *dev)
12291231

12301232
list_for_each_entry(rule, rules, list) {
12311233
if (rule->iifindex == dev->ifindex)
1232-
rule->iifindex = -1;
1234+
WRITE_ONCE(rule->iifindex, -1);
12331235
if (rule->oifindex == dev->ifindex)
1234-
rule->oifindex = -1;
1236+
WRITE_ONCE(rule->oifindex, -1);
12351237
}
12361238
}
12371239

0 commit comments

Comments
 (0)