2022-02-21 22:52:04

by Niels Dossche

[permalink] [raw]
Subject: [PATCH] devlink: use devlink lock on DEVLINK_CMD_PORT_SPLIT

devlink_nl_cmd_port_split_doit is executed without taking the devlink
instance lock. This function calls to devlink_port_get_from_info, which
calls devlink_port_get_from_attrs, which calls
devlink_port_get_by_index, which accesses devlink->port_list without the
instance lock taken, while in other places devlink->port_list access
always happens with the instance lock taken. The documentation in the
struct also say that the devlink lock protects the port_list.

The flag for no locking was added after refactoring the code to no
longer use a global lock.

Fixes: 2406e7e546b2 ("devlink: Add per devlink instance lock")
Signed-off-by: Niels Dossche <[email protected]>
---
net/core/devlink.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/net/core/devlink.c b/net/core/devlink.c
index fcd9f6d85cf1..563becaa03a6 100644
--- a/net/core/devlink.c
+++ b/net/core/devlink.c
@@ -8645,7 +8645,6 @@ static const struct genl_small_ops devlink_nl_ops[] = {
.validate = GENL_DONT_VALIDATE_STRICT | GENL_DONT_VALIDATE_DUMP,
.doit = devlink_nl_cmd_port_split_doit,
.flags = GENL_ADMIN_PERM,
- .internal_flags = DEVLINK_NL_FLAG_NO_LOCK,
},
{
.cmd = DEVLINK_CMD_PORT_UNSPLIT,
--
2.35.1


2022-02-22 06:12:17

by Jakub Kicinski

[permalink] [raw]
Subject: Re: [PATCH] devlink: use devlink lock on DEVLINK_CMD_PORT_SPLIT

On Mon, 21 Feb 2022 14:33:25 +0100 Niels Dossche wrote:
> devlink_nl_cmd_port_split_doit is executed without taking the devlink
> instance lock. This function calls to devlink_port_get_from_info, which
> calls devlink_port_get_from_attrs, which calls
> devlink_port_get_by_index, which accesses devlink->port_list without the
> instance lock taken, while in other places devlink->port_list access
> always happens with the instance lock taken. The documentation in the
> struct also say that the devlink lock protects the port_list.
>
> The flag for no locking was added after refactoring the code to no
> longer use a global lock.
>
> Fixes: 2406e7e546b2 ("devlink: Add per devlink instance lock")
> Signed-off-by: Niels Dossche <[email protected]>

You can't do this, driver will likely try to register ports and try
to re-acquire the same lock. I have a series queued to fix this by
moving the locking into drivers. I'll send it out this week.