niansa-misc/linux
1
0
Fork 0
mirror of synced 2025-03-06 20:59:54 +01:00
Code Issues Projects Releases Packages Wiki Activity

ipv6: icmp: convert to dev_net_rcu()

Browse source 
icmp6_send() must acquire rcu_read_lock() sooner to ensure
the dev_net() call done from a safe context.

Other ICMPv6 uses of dev_net() seem safe, change them to
dev_net_rcu() to get LOCKDEP support to catch bugs.

Fixes: 9a43b709a2 ("[NETNS][IPV6] icmp6 - make icmpv6_socket per namespace")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20250205155120.1676781-12-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Eric Dumazet 2025-02-05 15:51:19 +00:00 committed by Jakub Kicinski
parent 3c8ffcd248
commit 34aef2b0ce
1 changed files with 23 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
net/ipv6/icmp.c
View file

@ -76,7 +76,7 @@ static int icmpv6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
{ {
/* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */ /* icmpv6_notify checks 8 bytes can be pulled, icmp6hdr is 8 bytes */
struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset); struct icmp6hdr *icmp6 = (struct icmp6hdr *) (skb->data + offset);
struct net *net = dev_net(skb->dev); struct net *net = dev_net_rcu(skb->dev);
if (type == ICMPV6_PKT_TOOBIG) if (type == ICMPV6_PKT_TOOBIG)
ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL)); ip6_update_pmtu(skb, net, info, skb->dev->ifindex, 0, sock_net_uid(net, NULL));
@ -473,7 +473,10 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
if (!skb->dev) if (!skb->dev)
return; return;
net = dev_net(skb->dev);
rcu_read_lock();
net = dev_net_rcu(skb->dev);
mark = IP6_REPLY_MARK(net, skb->mark); mark = IP6_REPLY_MARK(net, skb->mark);
/* /*
* Make sure we respect the rules * Make sure we respect the rules
@ -496,7 +499,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
!(type == ICMPV6_PARAMPROB && !(type == ICMPV6_PARAMPROB &&
code == ICMPV6_UNK_OPTION && code == ICMPV6_UNK_OPTION &&
(opt_unrec(skb, info)))) (opt_unrec(skb, info))))
return; goto out;
saddr = NULL; saddr = NULL;
} }
@ -526,7 +529,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) { if ((addr_type == IPV6_ADDR_ANY) || (addr_type & IPV6_ADDR_MULTICAST)) {
net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n", net_dbg_ratelimited("icmp6_send: addr_any/mcast source [%pI6c > %pI6c]\n",
&hdr->saddr, &hdr->daddr); &hdr->saddr, &hdr->daddr);
return; goto out;
} }
/* /*
@ -535,7 +538,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
if (is_ineligible(skb)) { if (is_ineligible(skb)) {
net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n", net_dbg_ratelimited("icmp6_send: no reply to icmp error [%pI6c > %pI6c]\n",
&hdr->saddr, &hdr->daddr); &hdr->saddr, &hdr->daddr);
return; goto out;
} }
/* Needed by both icmpv6_global_allow and icmpv6_xmit_lock */ /* Needed by both icmpv6_global_allow and icmpv6_xmit_lock */
@ -582,7 +585,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
np = inet6_sk(sk); np = inet6_sk(sk);
if (!icmpv6_xrlim_allow(sk, type, &fl6, apply_ratelimit)) if (!icmpv6_xrlim_allow(sk, type, &fl6, apply_ratelimit))
goto out; goto out_unlock;
tmp_hdr.icmp6_type = type; tmp_hdr.icmp6_type = type;
tmp_hdr.icmp6_code = code; tmp_hdr.icmp6_code = code;
@ -600,7 +603,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
dst = icmpv6_route_lookup(net, skb, sk, &fl6); dst = icmpv6_route_lookup(net, skb, sk, &fl6);
if (IS_ERR(dst)) if (IS_ERR(dst))
goto out; goto out_unlock;
ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst); ipc6.hlimit = ip6_sk_dst_hoplimit(np, &fl6, dst);
@ -616,7 +619,6 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
goto out_dst_release; goto out_dst_release;
} }
rcu_read_lock();
idev = __in6_dev_get(skb->dev); idev = __in6_dev_get(skb->dev);
if (ip6_append_data(sk, icmpv6_getfrag, &msg, if (ip6_append_data(sk, icmpv6_getfrag, &msg,
@ -630,13 +632,15 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr, icmpv6_push_pending_frames(sk, &fl6, &tmp_hdr,
len + sizeof(struct icmp6hdr)); len + sizeof(struct icmp6hdr));
} }
rcu_read_unlock();
out_dst_release: out_dst_release:
dst_release(dst); dst_release(dst);
out: out_unlock:
icmpv6_xmit_unlock(sk); icmpv6_xmit_unlock(sk);
out_bh_enable: out_bh_enable:
local_bh_enable(); local_bh_enable();
out:
rcu_read_unlock();
} }
EXPORT_SYMBOL(icmp6_send); EXPORT_SYMBOL(icmp6_send);
@ -679,8 +683,8 @@ int ip6_err_gen_icmpv6_unreach(struct sk_buff *skb, int nhs, int type,
skb_pull(skb2, nhs); skb_pull(skb2, nhs);
skb_reset_network_header(skb2); skb_reset_network_header(skb2);
rt = rt6_lookup(dev_net(skb->dev), &ipv6_hdr(skb2)->saddr, NULL, 0, rt = rt6_lookup(dev_net_rcu(skb->dev), &ipv6_hdr(skb2)->saddr,
skb, 0); NULL, 0, skb, 0);
if (rt && rt->dst.dev) if (rt && rt->dst.dev)
skb2->dev = rt->dst.dev; skb2->dev = rt->dst.dev;
@ -717,7 +721,7 @@ EXPORT_SYMBOL(ip6_err_gen_icmpv6_unreach);
static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb) static enum skb_drop_reason icmpv6_echo_reply(struct sk_buff *skb)
{ {
struct net *net = dev_net(skb->dev); struct net *net = dev_net_rcu(skb->dev);
struct sock *sk; struct sock *sk;
struct inet6_dev *idev; struct inet6_dev *idev;
struct ipv6_pinfo *np; struct ipv6_pinfo *np;
@ -832,7 +836,7 @@ enum skb_drop_reason icmpv6_notify(struct sk_buff *skb, u8 type,
u8 code, __be32 info) u8 code, __be32 info)
{ {
struct inet6_skb_parm *opt = IP6CB(skb); struct inet6_skb_parm *opt = IP6CB(skb);
struct net *net = dev_net(skb->dev); struct net *net = dev_net_rcu(skb->dev);
const struct inet6_protocol *ipprot; const struct inet6_protocol *ipprot;
enum skb_drop_reason reason; enum skb_drop_reason reason;
int inner_offset; int inner_offset;
@ -889,7 +893,7 @@ out:
static int icmpv6_rcv(struct sk_buff *skb) static int icmpv6_rcv(struct sk_buff *skb)
{ {
enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED; enum skb_drop_reason reason = SKB_DROP_REASON_NOT_SPECIFIED;
struct net *net = dev_net(skb->dev); struct net *net = dev_net_rcu(skb->dev);
struct net_device *dev = icmp6_dev(skb); struct net_device *dev = icmp6_dev(skb);
struct inet6_dev *idev = __in6_dev_get(dev); struct inet6_dev *idev = __in6_dev_get(dev);
const struct in6_addr *saddr, *daddr; const struct in6_addr *saddr, *daddr;
@ -921,7 +925,7 @@ static int icmpv6_rcv(struct sk_buff *skb)
skb_set_network_header(skb, nh); skb_set_network_header(skb, nh);
} }
__ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INMSGS); __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_INMSGS);
saddr = &ipv6_hdr(skb)->saddr; saddr = &ipv6_hdr(skb)->saddr;
daddr = &ipv6_hdr(skb)->daddr; daddr = &ipv6_hdr(skb)->daddr;
@ -939,7 +943,7 @@ static int icmpv6_rcv(struct sk_buff *skb)
type = hdr->icmp6_type; type = hdr->icmp6_type;
ICMP6MSGIN_INC_STATS(dev_net(dev), idev, type); ICMP6MSGIN_INC_STATS(dev_net_rcu(dev), idev, type);
switch (type) { switch (type) {
case ICMPV6_ECHO_REQUEST: case ICMPV6_ECHO_REQUEST:
@ -1034,9 +1038,9 @@ static int icmpv6_rcv(struct sk_buff *skb)
csum_error: csum_error:
reason = SKB_DROP_REASON_ICMP_CSUM; reason = SKB_DROP_REASON_ICMP_CSUM;
__ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_CSUMERRORS); __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_CSUMERRORS);
discard_it: discard_it:
__ICMP6_INC_STATS(dev_net(dev), idev, ICMP6_MIB_INERRORS); __ICMP6_INC_STATS(dev_net_rcu(dev), idev, ICMP6_MIB_INERRORS);
drop_no_count: drop_no_count:
kfree_skb_reason(skb, reason); kfree_skb_reason(skb, reason);
return 0; return 0;