From: Florian Westphal <fw@strlen.de>
To: Zhang Tengfei <zhtfdev@gmail.com>
Cc: Simon Horman <horms@verge.net.au>, Julian Anastasov <ja@ssi.bg>,
lvs-devel@vger.kernel.org, netfilter-devel@vger.kernel.org,
Pablo Neira Ayuso <pablo@netfilter.org>,
Jozsef Kadlecsik <kadlec@netfilter.org>,
"David S . Miller" <davem@davemloft.net>,
David Ahern <dsahern@kernel.org>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
coreteam@netfilter.org,
syzbot+1651b5234028c294c339@syzkaller.appspotmail.com
Subject: Re: [PATCH] net/netfilter/ipvs: Fix data-race in ip_vs_add_service / ip_vs_out_hook
Date: Tue, 26 Aug 2025 16:18:43 +0200 [thread overview]
Message-ID: <aK3CQ1yNTtP4NgP4@strlen.de> (raw)
In-Reply-To: <20250826133104.212975-1-zhtfdev@gmail.com>
Zhang Tengfei <zhtfdev@gmail.com> wrote:
> A data-race was detected by KCSAN between ip_vs_add_service() which
> acts as a writer, and ip_vs_out_hook() which acts as a reader. This
> can lead to unpredictable behavior and crashes.
Really? How can this cause a crash?
> The race occurs on the `enable` flag within the `netns_ipvs`
> struct. This flag was being written in the configuration path without
> any protection, while concurrently being read in the packet processing
> path. This lack of synchronization means a reader on one CPU could see a
> partially initialized service, leading to incorrect behavior.
>
> To fix this, convert the `enable` flag from a plain integer to an
> atomic_t. This ensures that all reads and writes to the flag are atomic.
> More importantly, using atomic_set() and atomic_read() provides the
> necessary memory barriers to guarantee that changes to other fields of
> the service are visible to the reader CPU before the service is marked
> as enabled.
> - int enable; /* enable like nf_hooks do */
> + atomic_t enable; /* enable like nf_hooks do */
Julian, Simon, I will defer to your judgment but I dislike this,
because I see no reason for atomic_t. To me is seems better to use
READ/WRITE_ONCE as ->enable is only ever set but not modified
(increment for instance).
next prev parent reply other threads:[~2025-08-26 14:18 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-08-26 13:31 [PATCH] net/netfilter/ipvs: Fix data-race in ip_vs_add_service / ip_vs_out_hook Zhang Tengfei
2025-08-26 14:18 ` Florian Westphal [this message]
2025-08-26 14:40 ` Eric Dumazet
2025-08-26 15:56 ` Julian Anastasov
2025-08-27 6:48 ` Julian Anastasov
2025-08-27 14:43 ` Zhang Tengfei
2025-08-27 21:37 ` Pablo Neira Ayuso
2025-08-27 22:33 ` [PATCH v2] net/netfilter/ipvs: Use READ_ONCE/WRITE_ONCE for ipvs->enable Zhang Tengfei
2025-08-27 22:51 ` Zhang Tengfei
2025-08-31 13:01 ` Julian Anastasov
2025-09-01 13:46 ` [PATCH v3 nf-next] ipvs: " Zhang Tengfei
2025-09-03 17:31 ` Julian Anastasov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aK3CQ1yNTtP4NgP4@strlen.de \
--to=fw@strlen.de \
--cc=coreteam@netfilter.org \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=horms@verge.net.au \
--cc=ja@ssi.bg \
--cc=kadlec@netfilter.org \
--cc=kuba@kernel.org \
--cc=lvs-devel@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=syzbot+1651b5234028c294c339@syzkaller.appspotmail.com \
--cc=zhtfdev@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.