From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Taehee Yoo <ap420073@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.4 41/91] hsr: use rcu_read_lock() in hsr_get_node_{list/status}()
Date: Wed, 1 Apr 2020 18:17:37 +0200 [thread overview]
Message-ID: <20200401161527.874632679@linuxfoundation.org> (raw)
In-Reply-To: <20200401161512.917494101@linuxfoundation.org>
From: Taehee Yoo <ap420073@gmail.com>
[ Upstream commit 173756b86803655d70af7732079b3aa935e6ab68 ]
hsr_get_node_{list/status}() are not under rtnl_lock() because
they are callback functions of generic netlink.
But they use __dev_get_by_index() without rtnl_lock().
So, it would use unsafe data.
In order to fix it, rcu_read_lock() and dev_get_by_index_rcu()
are used instead of __dev_get_by_index().
Fixes: f421436a591d ("net/hsr: Add support for the High-availability Seamless Redundancy protocol (HSRv0)")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/hsr/hsr_framereg.c | 10 ++--------
net/hsr/hsr_netlink.c | 43 +++++++++++++++++++++----------------------
2 files changed, 23 insertions(+), 30 deletions(-)
--- a/net/hsr/hsr_framereg.c
+++ b/net/hsr/hsr_framereg.c
@@ -455,13 +455,9 @@ int hsr_get_node_data(struct hsr_priv *h
struct hsr_port *port;
unsigned long tdiff;
-
- rcu_read_lock();
node = find_node_by_AddrA(&hsr->node_db, addr);
- if (!node) {
- rcu_read_unlock();
- return -ENOENT; /* No such entry */
- }
+ if (!node)
+ return -ENOENT;
ether_addr_copy(addr_b, node->MacAddressB);
@@ -496,7 +492,5 @@ int hsr_get_node_data(struct hsr_priv *h
*addr_b_ifindex = -1;
}
- rcu_read_unlock();
-
return 0;
}
--- a/net/hsr/hsr_netlink.c
+++ b/net/hsr/hsr_netlink.c
@@ -259,17 +259,16 @@ static int hsr_get_node_status(struct sk
if (!na)
goto invalid;
- hsr_dev = __dev_get_by_index(genl_info_net(info),
- nla_get_u32(info->attrs[HSR_A_IFINDEX]));
+ rcu_read_lock();
+ hsr_dev = dev_get_by_index_rcu(genl_info_net(info),
+ nla_get_u32(info->attrs[HSR_A_IFINDEX]));
if (!hsr_dev)
- goto invalid;
+ goto rcu_unlock;
if (!is_hsr_master(hsr_dev))
- goto invalid;
-
+ goto rcu_unlock;
/* Send reply */
-
- skb_out = genlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
+ skb_out = genlmsg_new(NLMSG_GOODSIZE, GFP_ATOMIC);
if (!skb_out) {
res = -ENOMEM;
goto fail;
@@ -321,12 +320,10 @@ static int hsr_get_node_status(struct sk
res = nla_put_u16(skb_out, HSR_A_IF1_SEQ, hsr_node_if1_seq);
if (res < 0)
goto nla_put_failure;
- rcu_read_lock();
port = hsr_port_get_hsr(hsr, HSR_PT_SLAVE_A);
if (port)
res = nla_put_u32(skb_out, HSR_A_IF1_IFINDEX,
port->dev->ifindex);
- rcu_read_unlock();
if (res < 0)
goto nla_put_failure;
@@ -336,20 +333,22 @@ static int hsr_get_node_status(struct sk
res = nla_put_u16(skb_out, HSR_A_IF2_SEQ, hsr_node_if2_seq);
if (res < 0)
goto nla_put_failure;
- rcu_read_lock();
port = hsr_port_get_hsr(hsr, HSR_PT_SLAVE_B);
if (port)
res = nla_put_u32(skb_out, HSR_A_IF2_IFINDEX,
port->dev->ifindex);
- rcu_read_unlock();
if (res < 0)
goto nla_put_failure;
+ rcu_read_unlock();
+
genlmsg_end(skb_out, msg_head);
genlmsg_unicast(genl_info_net(info), skb_out, info->snd_portid);
return 0;
+rcu_unlock:
+ rcu_read_unlock();
invalid:
netlink_ack(skb_in, nlmsg_hdr(skb_in), -EINVAL);
return 0;
@@ -359,6 +358,7 @@ nla_put_failure:
/* Fall through */
fail:
+ rcu_read_unlock();
return res;
}
@@ -385,17 +385,16 @@ static int hsr_get_node_list(struct sk_b
if (!na)
goto invalid;
- hsr_dev = __dev_get_by_index(genl_info_net(info),
- nla_get_u32(info->attrs[HSR_A_IFINDEX]));
+ rcu_read_lock();
+ hsr_dev = dev_get_by_index_rcu(genl_info_net(info),
+ nla_get_u32(info->attrs[HSR_A_IFINDEX]));
if (!hsr_dev)
- goto invalid;
+ goto rcu_unlock;
if (!is_hsr_master(hsr_dev))
- goto invalid;
-
+ goto rcu_unlock;
/* Send reply */
-
- skb_out = genlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
+ skb_out = genlmsg_new(NLMSG_GOODSIZE, GFP_ATOMIC);
if (!skb_out) {
res = -ENOMEM;
goto fail;
@@ -415,14 +414,11 @@ static int hsr_get_node_list(struct sk_b
hsr = netdev_priv(hsr_dev);
- rcu_read_lock();
pos = hsr_get_next_node(hsr, NULL, addr);
while (pos) {
res = nla_put(skb_out, HSR_A_NODE_ADDR, ETH_ALEN, addr);
- if (res < 0) {
- rcu_read_unlock();
+ if (res < 0)
goto nla_put_failure;
- }
pos = hsr_get_next_node(hsr, pos, addr);
}
rcu_read_unlock();
@@ -432,6 +428,8 @@ static int hsr_get_node_list(struct sk_b
return 0;
+rcu_unlock:
+ rcu_read_unlock();
invalid:
netlink_ack(skb_in, nlmsg_hdr(skb_in), -EINVAL);
return 0;
@@ -441,6 +439,7 @@ nla_put_failure:
/* Fall through */
fail:
+ rcu_read_unlock();
return res;
}
next prev parent reply other threads:[~2020-04-01 16:31 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-01 16:16 [PATCH 4.4 00/91] 4.4.218-rc1 review Greg Kroah-Hartman
2020-04-01 16:16 ` [PATCH 4.4 01/91] spi: qup: call spi_qup_pm_resume_runtime before suspending Greg Kroah-Hartman
2020-04-01 16:16 ` [PATCH 4.4 02/91] powerpc: Include .BTF section Greg Kroah-Hartman
2020-04-01 16:16 ` [PATCH 4.4 03/91] ARM: dts: dra7: Add "dma-ranges" property to PCIe RC DT nodes Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 04/91] spi/zynqmp: remove entry that causes a cs glitch Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 05/91] drm/exynos: dsi: propagate error value and silence meaningless warning Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 06/91] drm/exynos: dsi: fix workaround for the legacy clock name Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 07/91] altera-stapl: altera_get_note: prevent write beyond end of key Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 08/91] USB: Disable LPM on WD19s Realtek Hub Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 09/91] usb: quirks: add NO_LPM quirk for RTL8153 based ethernet adapters Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 10/91] USB: serial: option: add ME910G1 ECM composition 0x110b Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 11/91] usb: host: xhci-plat: add a shutdown Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 12/91] USB: serial: pl2303: add device-id for HP LD381 Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 13/91] ALSA: line6: Fix endless MIDI read loop Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 14/91] ALSA: seq: virmidi: Fix running status after receiving sysex Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 15/91] ALSA: seq: oss: " Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 16/91] ALSA: pcm: oss: Avoid plugin buffer overflow Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 17/91] ALSA: pcm: oss: Remove WARNING from snd_pcm_plug_alloc() checks Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 18/91] staging: rtl8188eu: Add device id for MERCUSYS MW150US v2 Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 19/91] staging/speakup: fix get_word non-space look-ahead Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 20/91] intel_th: Fix user-visible error codes Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 21/91] rtc: max8907: add missing select REGMAP_IRQ Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 22/91] memcg: fix NULL pointer dereference in __mem_cgroup_usage_unregister_event Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 23/91] mm: slub: be more careful about the double cmpxchg of freelist Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 24/91] mm, slub: prevent kmalloc_node crashes and memory leaks Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 25/91] x86/mm: split vmalloc_sync_all() Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 26/91] USB: cdc-acm: fix close_delay and closing_wait units in TIOCSSERIAL Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 27/91] USB: cdc-acm: fix rounding error " Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 28/91] kbuild: Disable -Wpointer-to-enum-cast Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 29/91] futex: Fix inode life-time issue Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 30/91] futex: Unbreak futex hashing Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 31/91] ALSA: hda/realtek: Fix pop noise on ALC225 Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 32/91] arm64: smp: fix smp_send_stop() behaviour Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 33/91] Revert "drm/dp_mst: Skip validating ports during destruction, just ref" Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 34/91] hsr: fix general protection fault in hsr_addr_is_self() Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 35/91] net: dsa: Fix duplicate frames flooded by learning Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 36/91] net_sched: cls_route: remove the right filter from hashtable Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 37/91] net_sched: keep alloc_hash updated after hash allocation Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 38/91] NFC: fdp: Fix a signedness bug in fdp_nci_send_patch() Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 39/91] slcan: not call free_netdev before rtnl_unlock in slcan_open Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 40/91] vxlan: check return value of gro_cells_init() Greg Kroah-Hartman
2020-04-01 16:17 ` Greg Kroah-Hartman [this message]
2020-04-01 16:17 ` [PATCH 4.4 42/91] hsr: add restart routine into hsr_get_node_list() Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 43/91] hsr: set .netnsok flag Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 44/91] vhost: Check docket sk_family instead of call getname Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 45/91] IB/ipoib: Do not warn if IPoIB debugfs doesnt exist Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 46/91] uapi glibc compat: fix outer guard of net device flags enum Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 47/91] KVM: VMX: Do not allow reexecute_instruction() when skipping MMIO instr Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 48/91] drivers/hwspinlock: use correct radix tree API Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 49/91] net: ipv4: dont let PMTU updates increase route MTU Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 50/91] cpupower: avoid multiple definition with gcc -fno-common Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 51/91] dt-bindings: net: FMan erratum A050385 Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 52/91] scsi: ipr: Fix softlockup when rescanning devices in petitboot Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 53/91] mac80211: Do not send mesh HWMP PREQ if HWMP is disabled Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 54/91] sxgbe: Fix off by one in samsung driver strncpy size arg Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 55/91] i2c: hix5hd2: add missed clk_disable_unprepare in remove Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 56/91] perf probe: Do not depend on dwfl_module_addrsym() Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 57/91] scripts/dtc: Remove redundant YYLOC global declaration Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 58/91] scsi: sd: Fix optimal I/O size for devices that change reported values Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 59/91] mac80211: mark station unauthorized before key removal Greg Kroah-Hartman
2020-04-02 14:13 ` Ben Hutchings
2020-04-01 16:17 ` [PATCH 4.4 60/91] genirq: Fix reference leaks on irq affinity notifiers Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 61/91] vti[6]: fix packet tx through bpf_redirect() in XinY cases Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 62/91] xfrm: fix uctx len check in verify_sec_ctx_len Greg Kroah-Hartman
2020-04-01 16:17 ` [PATCH 4.4 63/91] xfrm: add the missing verify_sec_ctx_len check in xfrm_add_acquire Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 64/91] xfrm: policy: Fix doulbe free in xfrm_policy_timer Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 65/91] vti6: Fix memory leak of skb if input policy check fails Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 66/91] tools: Let O= makes handle a relative path with -C option Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 67/91] USB: serial: option: add support for ASKEY WWHC050 Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 68/91] USB: serial: option: add BroadMobi BM806U Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 69/91] USB: serial: option: add Wistron Neweb D19Q1 Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 70/91] USB: cdc-acm: restore capability check order Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 71/91] USB: serial: io_edgeport: fix slab-out-of-bounds read in edge_interrupt_callback Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 72/91] usb: musb: fix crash with highmen PIO and usbmon Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 73/91] media: flexcop-usb: fix endpoint sanity check Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 74/91] media: usbtv: fix control-message timeouts Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 75/91] staging: rtl8188eu: Add ASUS USB-N10 Nano B1 to device table Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 76/91] staging: wlan-ng: fix use-after-free Read in hfa384x_usbin_callback Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 77/91] libfs: fix infoleak in simple_attr_read() Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 78/91] media: ov519: add missing endpoint sanity checks Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 79/91] media: dib0700: fix rc endpoint lookup Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 80/91] media: stv06xx: add missing descriptor sanity checks Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 81/91] media: xirlink_cit: " Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 82/91] vt: selection, introduce vc_is_sel Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 83/91] vt: ioctl, switch VT_IS_IN_USE and VT_BUSY to inlines Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 84/91] vt: switch vt_dont_switch to bool Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 85/91] vt: vt_ioctl: remove unnecessary console allocation checks Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 86/91] vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 87/91] locking/atomic, kref: Add kref_read() Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 88/91] vt: vt_ioctl: fix use-after-free in vt_in_use() Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 89/91] bpf: Explicitly memset the bpf_attr structure Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 90/91] net: ks8851-ml: Fix IO operations, again Greg Kroah-Hartman
2020-04-01 16:18 ` [PATCH 4.4 91/91] perf map: Fix off by one in strncpy() size argument Greg Kroah-Hartman
2020-04-01 20:18 ` [PATCH 4.4 00/91] 4.4.218-rc1 review Chris Paterson
2020-04-02 0:10 ` Guenter Roeck
2020-04-02 7:09 ` Jon Hunter
2020-04-02 7:32 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200401161527.874632679@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=ap420073@gmail.com \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).