From: Vlad Yasevich <vyasevich@gmail.com>
To: Jiri Pirko <jiri@resnulli.us>,
Stephen Hemminger <stephen@networkplumber.org>
Cc: jtluka@redhat.com, mst@redhat.com, netdev@vger.kernel.org,
bridge@lists.linux-foundation.org, edumazet@google.com,
laine@redhat.com, zhiguohong@tencent.com,
David Miller <davem@davemloft.net>
Subject: Re: [Bridge] [patch net/stable v2] br: fix use of ->rx_handler_data in code executed on non-rx_handler path
Date: Sat, 07 Dec 2013 14:10:45 -0500 [thread overview]
Message-ID: <52A372B5.8010602@gmail.com> (raw)
In-Reply-To: <20131207085105.GA2496@minipsycho.orion>
On 12/07/2013 03:51 AM, Jiri Pirko wrote:
> Fri, Dec 06, 2013 at 10:10:28PM CET, stephen@networkplumber.org wrote:
>> On Fri, 06 Dec 2013 15:43:21 -0500 (EST)
>> David Miller <davem@davemloft.net> wrote:
>>
>>> From: Jiri Pirko <jiri@resnulli.us>
>>> Date: Thu, 5 Dec 2013 16:27:37 +0100
>>>
>>>> br_stp_rcv() is reached by non-rx_handler path. That means there is no
>>>> guarantee that dev is bridge port and therefore simple NULL check of
>>>> ->rx_handler_data is not enough. There is need to check if dev is really
>>>> bridge port and since only rcu read lock is held here, do it by checking
>>>> ->rx_handler pointer.
>>>>
>>>> Note that synchronize_net() in netdev_rx_handler_unregister() ensures
>>>> this approach as valid.
>>>>
>>>> Introduced originally by:
>>>> commit f350a0a87374418635689471606454abc7beaa3a
>>>> "bridge: use rx_handler_data pointer to store net_bridge_port pointer"
>>>>
>>>> Fixed but not in the best way by:
>>>> commit b5ed54e94d324f17c97852296d61a143f01b227a
>>>> "bridge: fix RCU races with bridge port"
>>>>
>>>> Reintroduced by:
>>>> commit 716ec052d2280d511e10e90ad54a86f5b5d4dcc2
>>>> "bridge: fix NULL pointer deref of br_port_get_rcu"
>>>>
>>>> Please apply to stable trees as well. Thanks.
>>>>
>>>> RH bugzilla reference: https://bugzilla.redhat.com/show_bug.cgi?id=1025770
>>>>
>>>> Reported-by: Laine Stump <laine@redhat.com>
>>>> Debugged-by: Michael S. Tsirkin <mst@redhat.com>
>>>> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
>>>> Signed-off-by: Jiri Pirko <jiri@resnulli.us>
>>>> ---
>>>> v1->v2: moved br_port_get_check_rcu definition below br_handle_frame definition
>>>
>>> Applied and queued up for -stable, thanks Jiri.
>>
>> How come you ignored my simpler fix, that used the existing logic.
>> I don't like introducing this especially into the stable; much prefer
>> to go back to testing the flag as was being done before.
>
> Although your patch is technically sane, it depends on rtnl indirectly.
Pardon my ignorance, but I've been staring at this and I can't for
the life of me see the dependency.
The IFF_BRIDGE_PORT flag is set after the rx_handler is registered,
so we are safe there. The rcu primitives will guarantee that the flag
will be set by the time rx_handler and rx_handler_data are set.
The flag is cleared before rx_handler is unregistered, so it is
still valid to check for it in stp code. Once the flag is cleared
we may still have a valid rx_handler during the rcu grace period, but
will still avoid doing processing.
So, where is the dependency on the rtnl?
Thanks
-vlad
> My patch depends on rcu locking and synchronize_rcu which is direct.
> Therefore I think it is more appropriate.
>
> Jiri
>
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
WARNING: multiple messages have this Message-ID (diff)
From: Vlad Yasevich <vyasevich@gmail.com>
To: Jiri Pirko <jiri@resnulli.us>,
Stephen Hemminger <stephen@networkplumber.org>
Cc: David Miller <davem@davemloft.net>,
netdev@vger.kernel.org, jtluka@redhat.com,
zhiguohong@tencent.com, bridge@lists.linux-foundation.org,
edumazet@google.com, laine@redhat.com, mst@redhat.com
Subject: Re: [patch net/stable v2] br: fix use of ->rx_handler_data in code executed on non-rx_handler path
Date: Sat, 07 Dec 2013 14:10:45 -0500 [thread overview]
Message-ID: <52A372B5.8010602@gmail.com> (raw)
In-Reply-To: <20131207085105.GA2496@minipsycho.orion>
On 12/07/2013 03:51 AM, Jiri Pirko wrote:
> Fri, Dec 06, 2013 at 10:10:28PM CET, stephen@networkplumber.org wrote:
>> On Fri, 06 Dec 2013 15:43:21 -0500 (EST)
>> David Miller <davem@davemloft.net> wrote:
>>
>>> From: Jiri Pirko <jiri@resnulli.us>
>>> Date: Thu, 5 Dec 2013 16:27:37 +0100
>>>
>>>> br_stp_rcv() is reached by non-rx_handler path. That means there is no
>>>> guarantee that dev is bridge port and therefore simple NULL check of
>>>> ->rx_handler_data is not enough. There is need to check if dev is really
>>>> bridge port and since only rcu read lock is held here, do it by checking
>>>> ->rx_handler pointer.
>>>>
>>>> Note that synchronize_net() in netdev_rx_handler_unregister() ensures
>>>> this approach as valid.
>>>>
>>>> Introduced originally by:
>>>> commit f350a0a87374418635689471606454abc7beaa3a
>>>> "bridge: use rx_handler_data pointer to store net_bridge_port pointer"
>>>>
>>>> Fixed but not in the best way by:
>>>> commit b5ed54e94d324f17c97852296d61a143f01b227a
>>>> "bridge: fix RCU races with bridge port"
>>>>
>>>> Reintroduced by:
>>>> commit 716ec052d2280d511e10e90ad54a86f5b5d4dcc2
>>>> "bridge: fix NULL pointer deref of br_port_get_rcu"
>>>>
>>>> Please apply to stable trees as well. Thanks.
>>>>
>>>> RH bugzilla reference: https://bugzilla.redhat.com/show_bug.cgi?id=1025770
>>>>
>>>> Reported-by: Laine Stump <laine@redhat.com>
>>>> Debugged-by: Michael S. Tsirkin <mst@redhat.com>
>>>> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
>>>> Signed-off-by: Jiri Pirko <jiri@resnulli.us>
>>>> ---
>>>> v1->v2: moved br_port_get_check_rcu definition below br_handle_frame definition
>>>
>>> Applied and queued up for -stable, thanks Jiri.
>>
>> How come you ignored my simpler fix, that used the existing logic.
>> I don't like introducing this especially into the stable; much prefer
>> to go back to testing the flag as was being done before.
>
> Although your patch is technically sane, it depends on rtnl indirectly.
Pardon my ignorance, but I've been staring at this and I can't for
the life of me see the dependency.
The IFF_BRIDGE_PORT flag is set after the rx_handler is registered,
so we are safe there. The rcu primitives will guarantee that the flag
will be set by the time rx_handler and rx_handler_data are set.
The flag is cleared before rx_handler is unregistered, so it is
still valid to check for it in stp code. Once the flag is cleared
we may still have a valid rx_handler during the rcu grace period, but
will still avoid doing processing.
So, where is the dependency on the rtnl?
Thanks
-vlad
> My patch depends on rcu locking and synchronize_rcu which is direct.
> Therefore I think it is more appropriate.
>
> Jiri
>
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe netdev" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
next prev parent reply other threads:[~2013-12-07 19:10 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-12-05 15:27 [Bridge] [patch net/stable v2] br: fix use of ->rx_handler_data in code executed on non-rx_handler path Jiri Pirko
2013-12-05 15:27 ` Jiri Pirko
2013-12-05 15:35 ` [Bridge] " Michael S. Tsirkin
2013-12-05 15:35 ` Michael S. Tsirkin
2013-12-05 15:37 ` [Bridge] " Eric Dumazet
2013-12-05 15:37 ` Eric Dumazet
2013-12-05 16:55 ` [Bridge] " Stephen Hemminger
2013-12-05 16:55 ` Stephen Hemminger
2013-12-06 2:26 ` [Bridge] " Gao feng
2013-12-06 2:26 ` Gao feng
2013-12-07 1:44 ` [Bridge] " Vlad Yasevich
2013-12-07 1:44 ` Vlad Yasevich
2013-12-06 20:43 ` [Bridge] " David Miller
2013-12-06 20:43 ` David Miller
2013-12-06 21:10 ` [Bridge] " Stephen Hemminger
2013-12-06 21:10 ` Stephen Hemminger
2013-12-06 21:16 ` [Bridge] " David Miller
2013-12-06 21:16 ` David Miller
2013-12-07 8:51 ` [Bridge] " Jiri Pirko
2013-12-07 8:51 ` Jiri Pirko
2013-12-07 17:42 ` [Bridge] " Stephen Hemminger
2013-12-07 17:42 ` Stephen Hemminger
2013-12-07 18:18 ` [Bridge] " Jiri Pirko
2013-12-07 18:18 ` Jiri Pirko
2013-12-07 19:10 ` Vlad Yasevich [this message]
2013-12-07 19:10 ` Vlad Yasevich
2013-12-07 20:07 ` [Bridge] " Jiri Pirko
2013-12-07 20:07 ` Jiri Pirko
2013-12-09 2:07 ` [Bridge] " Vlad Yasevich
2013-12-09 2:07 ` Vlad Yasevich
2013-12-09 9:36 ` [Bridge] " Jiri Pirko
2013-12-09 9:36 ` Jiri Pirko
2013-12-09 11:58 ` [Bridge] " Michael S. Tsirkin
2013-12-09 11:58 ` Michael S. Tsirkin
2013-12-09 12:13 ` [Bridge] " Jiri Pirko
2013-12-09 12:13 ` Jiri Pirko
2013-12-09 19:31 ` [Bridge] " Vlad Yasevich
2013-12-09 19:31 ` Vlad Yasevich
2013-12-09 21:52 ` [Bridge] " Jiri Pirko
2013-12-09 21:52 ` Jiri Pirko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=52A372B5.8010602@gmail.com \
--to=vyasevich@gmail.com \
--cc=bridge@lists.linux-foundation.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=jiri@resnulli.us \
--cc=jtluka@redhat.com \
--cc=laine@redhat.com \
--cc=mst@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=stephen@networkplumber.org \
--cc=zhiguohong@tencent.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.