ipv6: annotate data-races around cnf.forwarding

idev->cnf.forwarding and net->ipv6.devconf_all->forwarding
might be read locklessly, add appropriate READ_ONCE()
and WRITE_ONCE() annotations.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Jiri Pirko <jiri@nvidia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Eric Dumazet 2024-02-28 13:54:30 +00:00 committed by David S. Miller
parent e0bb2675fe
commit 32f754176e
7 changed files with 22 additions and 17 deletions

View File

@ -339,7 +339,7 @@ static void do_neigh_solicit(struct usbnet *dev, u8 *buf, u16 tci)
in6_dev = in6_dev_get(netdev); in6_dev = in6_dev_get(netdev);
if (!in6_dev) if (!in6_dev)
goto out; goto out;
is_router = !!in6_dev->cnf.forwarding; is_router = !!READ_ONCE(in6_dev->cnf.forwarding);
in6_dev_put(in6_dev); in6_dev_put(in6_dev);
/* ipv6_stub != NULL if in6_dev_get returned an inet6_dev */ /* ipv6_stub != NULL if in6_dev_get returned an inet6_dev */

View File

@ -534,13 +534,15 @@ static inline int ipv6_hopopt_jumbo_remove(struct sk_buff *skb)
return 0; return 0;
} }
static inline bool ipv6_accept_ra(struct inet6_dev *idev) static inline bool ipv6_accept_ra(const struct inet6_dev *idev)
{ {
s32 accept_ra = READ_ONCE(idev->cnf.accept_ra);
/* If forwarding is enabled, RA are not accepted unless the special /* If forwarding is enabled, RA are not accepted unless the special
* hybrid mode (accept_ra=2) is enabled. * hybrid mode (accept_ra=2) is enabled.
*/ */
return idev->cnf.forwarding ? idev->cnf.accept_ra == 2 : return READ_ONCE(idev->cnf.forwarding) ? accept_ra == 2 :
idev->cnf.accept_ra; accept_ra;
} }
#define IPV6_FRAG_HIGH_THRESH (4 * 1024*1024) /* 4194304 */ #define IPV6_FRAG_HIGH_THRESH (4 * 1024*1024) /* 4194304 */

View File

@ -5988,7 +5988,7 @@ static int bpf_ipv6_fib_lookup(struct net *net, struct bpf_fib_lookup *params,
return -ENODEV; return -ENODEV;
idev = __in6_dev_get_safely(dev); idev = __in6_dev_get_safely(dev);
if (unlikely(!idev || !idev->cnf.forwarding)) if (unlikely(!idev || !READ_ONCE(idev->cnf.forwarding)))
return BPF_FIB_LKUP_RET_FWD_DISABLED; return BPF_FIB_LKUP_RET_FWD_DISABLED;
if (flags & BPF_FIB_LOOKUP_OUTPUT) { if (flags & BPF_FIB_LOOKUP_OUTPUT) {

View File

@ -551,7 +551,8 @@ static int inet6_netconf_fill_devconf(struct sk_buff *skb, int ifindex,
goto out; goto out;
if ((all || type == NETCONFA_FORWARDING) && if ((all || type == NETCONFA_FORWARDING) &&
nla_put_s32(skb, NETCONFA_FORWARDING, devconf->forwarding) < 0) nla_put_s32(skb, NETCONFA_FORWARDING,
READ_ONCE(devconf->forwarding)) < 0)
goto nla_put_failure; goto nla_put_failure;
#ifdef CONFIG_IPV6_MROUTE #ifdef CONFIG_IPV6_MROUTE
if ((all || type == NETCONFA_MC_FORWARDING) && if ((all || type == NETCONFA_MC_FORWARDING) &&
@ -869,7 +870,8 @@ static void addrconf_forward_change(struct net *net, __s32 newf)
idev = __in6_dev_get(dev); idev = __in6_dev_get(dev);
if (idev) { if (idev) {
int changed = (!idev->cnf.forwarding) ^ (!newf); int changed = (!idev->cnf.forwarding) ^ (!newf);
idev->cnf.forwarding = newf;
WRITE_ONCE(idev->cnf.forwarding, newf);
if (changed) if (changed)
dev_forward_change(idev); dev_forward_change(idev);
} }
@ -886,7 +888,7 @@ static int addrconf_fixup_forwarding(struct ctl_table *table, int *p, int newf)
net = (struct net *)table->extra2; net = (struct net *)table->extra2;
old = *p; old = *p;
*p = newf; WRITE_ONCE(*p, newf);
if (p == &net->ipv6.devconf_dflt->forwarding) { if (p == &net->ipv6.devconf_dflt->forwarding) {
if ((!newf) ^ (!old)) if ((!newf) ^ (!old))
@ -901,7 +903,7 @@ static int addrconf_fixup_forwarding(struct ctl_table *table, int *p, int newf)
if (p == &net->ipv6.devconf_all->forwarding) { if (p == &net->ipv6.devconf_all->forwarding) {
int old_dflt = net->ipv6.devconf_dflt->forwarding; int old_dflt = net->ipv6.devconf_dflt->forwarding;
net->ipv6.devconf_dflt->forwarding = newf; WRITE_ONCE(net->ipv6.devconf_dflt->forwarding, newf);
if ((!newf) ^ (!old_dflt)) if ((!newf) ^ (!old_dflt))
inet6_netconf_notify_devconf(net, RTM_NEWNETCONF, inet6_netconf_notify_devconf(net, RTM_NEWNETCONF,
NETCONFA_FORWARDING, NETCONFA_FORWARDING,

View File

@ -501,7 +501,7 @@ int ip6_forward(struct sk_buff *skb)
u32 mtu; u32 mtu;
idev = __in6_dev_get_safely(dev_get_by_index_rcu(net, IP6CB(skb)->iif)); idev = __in6_dev_get_safely(dev_get_by_index_rcu(net, IP6CB(skb)->iif));
if (net->ipv6.devconf_all->forwarding == 0) if (READ_ONCE(net->ipv6.devconf_all->forwarding) == 0)
goto error; goto error;
if (skb->pkt_type != PACKET_HOST) if (skb->pkt_type != PACKET_HOST)

View File

@ -903,7 +903,7 @@ have_ifp:
} }
if (ipv6_chk_acast_addr(net, dev, &msg->target) || if (ipv6_chk_acast_addr(net, dev, &msg->target) ||
(idev->cnf.forwarding && (READ_ONCE(idev->cnf.forwarding) &&
(net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) && (net->ipv6.devconf_all->proxy_ndp || idev->cnf.proxy_ndp) &&
(is_router = pndisc_is_router(&msg->target, dev)) >= 0)) { (is_router = pndisc_is_router(&msg->target, dev)) >= 0)) {
if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) && if (!(NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED) &&
@ -929,7 +929,7 @@ have_ifp:
} }
if (is_router < 0) if (is_router < 0)
is_router = idev->cnf.forwarding; is_router = READ_ONCE(idev->cnf.forwarding);
if (dad) { if (dad) {
ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target, ndisc_send_na(dev, &in6addr_linklocal_allnodes, &msg->target,
@ -1080,7 +1080,7 @@ static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
* Note that we don't do a (daddr == all-routers-mcast) check. * Note that we don't do a (daddr == all-routers-mcast) check.
*/ */
new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE; new_state = msg->icmph.icmp6_solicited ? NUD_REACHABLE : NUD_STALE;
if (!neigh && lladdr && idev && idev->cnf.forwarding) { if (!neigh && lladdr && idev && READ_ONCE(idev->cnf.forwarding)) {
if (accept_untracked_na(dev, saddr)) { if (accept_untracked_na(dev, saddr)) {
neigh = neigh_create(&nd_tbl, &msg->target, dev); neigh = neigh_create(&nd_tbl, &msg->target, dev);
new_state = NUD_STALE; new_state = NUD_STALE;
@ -1100,7 +1100,8 @@ static enum skb_drop_reason ndisc_recv_na(struct sk_buff *skb)
* has already sent a NA to us. * has already sent a NA to us.
*/ */
if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) && if (lladdr && !memcmp(lladdr, dev->dev_addr, dev->addr_len) &&
net->ipv6.devconf_all->forwarding && net->ipv6.devconf_all->proxy_ndp && READ_ONCE(net->ipv6.devconf_all->forwarding) &&
net->ipv6.devconf_all->proxy_ndp &&
pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) { pneigh_lookup(&nd_tbl, net, &msg->target, dev, 0)) {
/* XXX: idev->cnf.proxy_ndp */ /* XXX: idev->cnf.proxy_ndp */
goto out; goto out;
@ -1148,7 +1149,7 @@ static enum skb_drop_reason ndisc_recv_rs(struct sk_buff *skb)
} }
/* Don't accept RS if we're not in router mode */ /* Don't accept RS if we're not in router mode */
if (!idev->cnf.forwarding) if (!READ_ONCE(idev->cnf.forwarding))
goto out; goto out;
/* /*

View File

@ -2220,7 +2220,7 @@ struct rt6_info *ip6_pol_route(struct net *net, struct fib6_table *table,
strict |= flags & RT6_LOOKUP_F_IFACE; strict |= flags & RT6_LOOKUP_F_IFACE;
strict |= flags & RT6_LOOKUP_F_IGNORE_LINKSTATE; strict |= flags & RT6_LOOKUP_F_IGNORE_LINKSTATE;
if (net->ipv6.devconf_all->forwarding == 0) if (READ_ONCE(net->ipv6.devconf_all->forwarding) == 0)
strict |= RT6_LOOKUP_F_REACHABLE; strict |= RT6_LOOKUP_F_REACHABLE;
rcu_read_lock(); rcu_read_lock();
@ -4149,7 +4149,7 @@ static void rt6_do_redirect(struct dst_entry *dst, struct sock *sk, struct sk_bu
in6_dev = __in6_dev_get(skb->dev); in6_dev = __in6_dev_get(skb->dev);
if (!in6_dev) if (!in6_dev)
return; return;
if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_redirects) if (READ_ONCE(in6_dev->cnf.forwarding) || !in6_dev->cnf.accept_redirects)
return; return;
/* RFC2461 8.1: /* RFC2461 8.1: