From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
To: Petr Machata <petrm@mellanox.com>,
bridge@lists.linux-foundation.org, netdev@vger.kernel.org
Cc: stephen@networkplumber.org, davem@davemloft.net
Subject: Re: [PATCH net v2] net: bridge: Fix locking in br_fdb_find_port()
Date: Fri, 8 Jun 2018 16:39:50 +0300 [thread overview]
Message-ID: <3f7a5287-08c7-867d-10c5-e22ff4febfc6@cumulusnetworks.com> (raw)
In-Reply-To: <38d89430-32c4-8842-efd4-88e7d3912506@cumulusnetworks.com>
On 08/06/18 16:35, Nikolay Aleksandrov wrote:
> On 08/06/18 16:11, Petr Machata wrote:
>> Callers of br_fdb_find() need to hold the hash lock, which
>> br_fdb_find_port() doesn't do. However, since br_fdb_find_port() is not
>> doing any actual FDB manipulation, the hash lock is not really needed at
>> all. So convert to br_fdb_find_rcu(), surrounded by rcu_read_lock() /
>> _unlock() pair.
>>
>> The device pointer copied from inside the FDB entry is then kept alive
>> by the RTNL lock, which br_fdb_find_port() asserts.
>>
>> Fixes: 4d4fd36126d6 ("net: bridge: Publish bridge accessor functions")
>> Signed-off-by: Petr Machata <petrm@mellanox.com>
>> ---
>>
>> Notes:
>> Changes from v1 to v2:
>>
>> - Instead of taking hash lock, take RCU lock and call br_fdb_find_rcu().
>>
>> net/bridge/br_fdb.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/bridge/br_fdb.c b/net/bridge/br_fdb.c
>> index b19e310..502f663 100644
>> --- a/net/bridge/br_fdb.c
>> +++ b/net/bridge/br_fdb.c
>> @@ -135,9 +135,11 @@ struct net_device *br_fdb_find_port(const struct net_device *br_dev,
>> return NULL;
>>
>> br = netdev_priv(br_dev);
>> - f = br_fdb_find(br, addr, vid);
>> + rcu_read_lock();
>> + f = br_fdb_find_rcu(br, addr, vid);
>> if (f && f->dst)
>> dev = f->dst->dev;
>> + rcu_read_unlock();
>>
>> return dev;
>> }
>>
>
> Important note: the only reason this will not dereference a NULL pointer
> when getting f->dst is because RTNL is held in all of its current
> callers. I missed the comments on the previous version, but using RCU
> here is dangerous if someone decides to use this without rtnl they will
> get a false sense of security, that is why I acked the previous version.
> I'd suggest to use READ_ONCE() for f->dst to avoid reading it again.
>
Nevermind the READ_ONCE part, I missed that there's ASSERT_RTNL() in the
beginning of this function, so it'll always be used with RTNL. :-)
It's good as it stands, I need to get some coffee.
Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
next prev parent reply other threads:[~2018-06-08 13:39 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-08 13:11 [PATCH net v2] net: bridge: Fix locking in br_fdb_find_port() Petr Machata
2018-06-08 13:35 ` Nikolay Aleksandrov
2018-06-08 13:39 ` Nikolay Aleksandrov [this message]
2018-06-09 0:00 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3f7a5287-08c7-867d-10c5-e22ff4febfc6@cumulusnetworks.com \
--to=nikolay@cumulusnetworks.com \
--cc=bridge@lists.linux-foundation.org \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=petrm@mellanox.com \
--cc=stephen@networkplumber.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox