subject:"Re\: \[PATCH\] net\/bridge\: Add missing in6_dev_put in br_validate

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

2015-07-06 Thread Florian Westphal

Julien Grall  wrote:
> On 03/07/15 21:42, Florian Westphal wrote:
> > I think it makes more sense to use __in6_dev_get() instead which doesn't
> > take a reference.
> 
> __in6_dev_get requires to hold rcu_read_lock or RTNL. My knowledge on
> this code is very limited. Are we sure that one this lock is hold? At
> first glance, I wasn't able to find one.

All netfilter hooks are rcu_read_locked via nf_hook_slow().

BTW, netfilter patches should be sent to netfilter-de...@vger.kernel.org.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

2015-07-06 Thread Eric Dumazet

On Mon, 2015-07-06 at 11:35 +0100, Julien Grall wrote:

> __in6_dev_get requires to hold rcu_read_lock or RTNL. My knowledge on
> this code is very limited. Are we sure that one this lock is hold? At
> first glance, I wasn't able to find one.

You could play it safe ;)

diff --git a/net/bridge/br_netfilter_ipv6.c b/net/bridge/br_netfilter_ipv6.c
index 6d12d2675c80..90e8ccc21cc5 100644
--- a/net/bridge/br_netfilter_ipv6.c
+++ b/net/bridge/br_netfilter_ipv6.c
@@ -104,10 +104,12 @@ int br_validate_ipv6(struct sk_buff *skb)
 {
const struct ipv6hdr *hdr;
struct net_device *dev = skb->dev;
-   struct inet6_dev *idev = in6_dev_get(skb->dev);
+   struct inet6_dev *idev;
u32 pkt_len;
u8 ip6h_len = sizeof(struct ipv6hdr);
 
+   rcu_read_lock();
+   idev = __in6_dev_get(dev);
if (!pskb_may_pull(skb, ip6h_len))
goto inhdr_error;
 
@@ -140,11 +142,13 @@ int br_validate_ipv6(struct sk_buff *skb)
/* No IP options in IPv6 header; however it should be
 * checked if some next headers need special treatment
 */
+   rcu_read_unlock();
return 0;
 
 inhdr_error:
IP6_INC_STATS_BH(dev_net(dev), idev, IPSTATS_MIB_INHDRERRORS);
 drop:
+   rcu_read_unlock();
return -1;
 }
 


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

2015-07-06 Thread Julien Grall

Hi,

On 03/07/15 21:42, Florian Westphal wrote:
> Julien Grall  wrote:
>> The commit efb6de9b4ba0092b2c55f6a52d16294a8a698edd "netfilter: bridge:
>> forward IPv6 fragmented packets" introduced a new function
>> br_validate_ipv6 which take a reference on the inet6 device. Although,
>> the reference is not released at the end.
>>
>> This will result to the impossibility to destroy any netdevice using
>> ipv6 and bridge.
>>
>> Spotted while trying to destroy a Xen guest on the upstream Linux:
>> "unregister_netdevice: waiting for vif1.0 to become free. Usage count = 1"
> 
> Ugh :-/
> 
> I think it makes more sense to use __in6_dev_get() instead which doesn't
> take a reference.

__in6_dev_get requires to hold rcu_read_lock or RTNL. My knowledge on
this code is very limited. Are we sure that one this lock is hold? At
first glance, I wasn't able to find one.

Regards,

-- 
Julien Grall
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

2015-07-06 Thread Eric Dumazet

On Mon, 2015-07-06 at 11:35 +0100, Julien Grall wrote:

 __in6_dev_get requires to hold rcu_read_lock or RTNL. My knowledge on
 this code is very limited. Are we sure that one this lock is hold? At
 first glance, I wasn't able to find one.

You could play it safe ;)

diff --git a/net/bridge/br_netfilter_ipv6.c b/net/bridge/br_netfilter_ipv6.c
index 6d12d2675c80..90e8ccc21cc5 100644
--- a/net/bridge/br_netfilter_ipv6.c
+++ b/net/bridge/br_netfilter_ipv6.c
@@ -104,10 +104,12 @@ int br_validate_ipv6(struct sk_buff *skb)
 {
const struct ipv6hdr *hdr;
struct net_device *dev = skb-dev;
-   struct inet6_dev *idev = in6_dev_get(skb-dev);
+   struct inet6_dev *idev;
u32 pkt_len;
u8 ip6h_len = sizeof(struct ipv6hdr);
 
+   rcu_read_lock();
+   idev = __in6_dev_get(dev);
if (!pskb_may_pull(skb, ip6h_len))
goto inhdr_error;
 
@@ -140,11 +142,13 @@ int br_validate_ipv6(struct sk_buff *skb)
/* No IP options in IPv6 header; however it should be
 * checked if some next headers need special treatment
 */
+   rcu_read_unlock();
return 0;
 
 inhdr_error:
IP6_INC_STATS_BH(dev_net(dev), idev, IPSTATS_MIB_INHDRERRORS);
 drop:
+   rcu_read_unlock();
return -1;
 }
 


--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

2015-07-06 Thread Julien Grall

Hi,

On 03/07/15 21:42, Florian Westphal wrote:
 Julien Grall julien.gr...@citrix.com wrote:
 The commit efb6de9b4ba0092b2c55f6a52d16294a8a698edd netfilter: bridge:
 forward IPv6 fragmented packets introduced a new function
 br_validate_ipv6 which take a reference on the inet6 device. Although,
 the reference is not released at the end.

 This will result to the impossibility to destroy any netdevice using
 ipv6 and bridge.

 Spotted while trying to destroy a Xen guest on the upstream Linux:
 unregister_netdevice: waiting for vif1.0 to become free. Usage count = 1
 
 Ugh :-/
 
 I think it makes more sense to use __in6_dev_get() instead which doesn't
 take a reference.

__in6_dev_get requires to hold rcu_read_lock or RTNL. My knowledge on
this code is very limited. Are we sure that one this lock is hold? At
first glance, I wasn't able to find one.

Regards,

-- 
Julien Grall
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

2015-07-06 Thread Florian Westphal

Julien Grall julien.gr...@citrix.com wrote:
 On 03/07/15 21:42, Florian Westphal wrote:
  I think it makes more sense to use __in6_dev_get() instead which doesn't
  take a reference.
 
 __in6_dev_get requires to hold rcu_read_lock or RTNL. My knowledge on
 this code is very limited. Are we sure that one this lock is hold? At
 first glance, I wasn't able to find one.

All netfilter hooks are rcu_read_locked via nf_hook_slow().

BTW, netfilter patches should be sent to netfilter-de...@vger.kernel.org.
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

2015-07-03 Thread Florian Westphal

Julien Grall  wrote:
> The commit efb6de9b4ba0092b2c55f6a52d16294a8a698edd "netfilter: bridge:
> forward IPv6 fragmented packets" introduced a new function
> br_validate_ipv6 which take a reference on the inet6 device. Although,
> the reference is not released at the end.
> 
> This will result to the impossibility to destroy any netdevice using
> ipv6 and bridge.
> 
> Spotted while trying to destroy a Xen guest on the upstream Linux:
> "unregister_netdevice: waiting for vif1.0 to become free. Usage count = 1"

Ugh :-/

I think it makes more sense to use __in6_dev_get() instead which doesn't
take a reference.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

2015-07-03 Thread Florian Westphal

Julien Grall julien.gr...@citrix.com wrote:
 The commit efb6de9b4ba0092b2c55f6a52d16294a8a698edd netfilter: bridge:
 forward IPv6 fragmented packets introduced a new function
 br_validate_ipv6 which take a reference on the inet6 device. Although,
 the reference is not released at the end.
 
 This will result to the impossibility to destroy any netdevice using
 ipv6 and bridge.
 
 Spotted while trying to destroy a Xen guest on the upstream Linux:
 unregister_netdevice: waiting for vif1.0 to become free. Usage count = 1

Ugh :-/

I think it makes more sense to use __in6_dev_get() instead which doesn't
take a reference.
--
To unsubscribe from this list: send the line unsubscribe linux-kernel in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

Re: [PATCH] net/bridge: Add missing in6_dev_put in br_validate_ipv6

8 matches

Site Navigation

Mail list logo

Footer information