Received: by 2002:ac0:aed5:0:0:0:0:0 with SMTP id t21csp4593871imb; Wed, 6 Mar 2019 17:56:53 -0800 (PST) X-Google-Smtp-Source: APXvYqyZZWpVyfqJbKFLgzaVQ6/d6oYl+MR5Ke2C1EKST1CG1PZGGlspaTsSWaXOlmzGFplJi/8V X-Received: by 2002:a17:902:8bc2:: with SMTP id r2mr10295214plo.55.1551923813435; Wed, 06 Mar 2019 17:56:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1551923813; cv=none; d=google.com; s=arc-20160816; b=mavDXd+/F+9UmI5r5tS/LjL7I2NMBbRja9UUM0z/XDrXyvj+t+dpUPHePq6P0SIdWt PHEHa3/0VqjaGcsVvUVzGnd02YMJLYHM6O4NEzwfzyX+oouSzSRihxeSwaXXUxa+Abz+ mXtx9ZyDtjbEXPJtb1WxEloZdoAHro7QYo5LuBSe0PITKBCmlcqTq6nFA8104eVa0GsZ SH0iIlUW8jG39aBqM3vo43vj+nxuiDU8CQWG2ZW89vCeNtOl073yToV4WLy1BSqxB95Q LfEQrAov8vUpUcZQiI5tkCxQJH+ANBhBp+CtIX0J+2eUHd19MxIvbmvMqYFub9aFRLUE sIDw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:message-id:date:subject:cc :to:from; bh=/XgCinXMJOZ1WPDlLf3v3oYU8uszdrAXVhFtGAu6P70=; b=zgnkjtZ/X2NxuPtrT4DmnfpXjN3dYqGHprTzBY+Hl4qWRyEQKI+WBbRoRTza6B8JgO jOgG/+RG7Tqwe+Q5Il313XcaXS5tlEbIAx3x0siF9KYPsWdRtAbQJ1qNCaWFzlME1i31 WhSijBsgdBJ6Ah69r3ycO4g2RT9xlej9qNflCn5AxkSfI1e7NoWPknS7eCLY785THz+V XQVlP0nDpE12CG5ZMTAtXc/LOJ/Q/P3yaoFO4cBPoowARHc/OLWTeQCNYqjhyPldJLtn jNHLgu0unbWq8mHG1r24J36HtWFGTnZ2LISQTp5z5qxDMi++1IZtqKxXX3ikT6EmnmaA uEHQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u17si2745228pgh.487.2019.03.06.17.56.36; Wed, 06 Mar 2019 17:56:53 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726650AbfCGBy5 (ORCPT + 99 others); Wed, 6 Mar 2019 20:54:57 -0500 Received: from mail.cn.fujitsu.com ([183.91.158.132]:61621 "EHLO heian.cn.fujitsu.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726139AbfCGBy4 (ORCPT ); Wed, 6 Mar 2019 20:54:56 -0500 X-IronPort-AV: E=Sophos;i="5.58,450,1544457600"; d="scan'208";a="56109091" Received: from unknown (HELO cn.fujitsu.com) ([10.167.33.5]) by heian.cn.fujitsu.com with ESMTP; 07 Mar 2019 09:54:54 +0800 Received: from G08CNEXCHPEKD03.g08.fujitsu.local (unknown [10.167.33.85]) by cn.fujitsu.com (Postfix) with ESMTP id 9F37F4C80229; Thu, 7 Mar 2019 09:54:36 +0800 (CST) Received: from ubuntu.g08.fujitsu.local (10.167.226.33) by G08CNEXCHPEKD03.g08.fujitsu.local (10.167.33.89) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 7 Mar 2019 09:54:58 +0800 From: Su Yanjun To: , , CC: , , Subject: [PATCH v3] net: xfrm: Add '_rcu' tag for rcu protected pointer in netns_xfrm Date: Wed, 6 Mar 2019 20:54:08 -0500 Message-ID: <1551923648-17656-1-git-send-email-suyj.fnst@cn.fujitsu.com> X-Mailer: git-send-email 2.7.4 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.167.226.33] X-yoursite-MailScanner-ID: 9F37F4C80229.AEF04 X-yoursite-MailScanner: Found to be clean X-yoursite-MailScanner-From: suyj.fnst@cn.fujitsu.com X-Spam-Status: No Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org For rcu protected pointers, we'd better add '__rcu' for them. Once added '__rcu' tag for rcu protected pointer, the sparse tool reports warnings. net/xfrm/xfrm_user.c:1198:39: sparse: expected struct sock *sk net/xfrm/xfrm_user.c:1198:39: sparse: got struct sock [noderef] *nlsk [...] So introduce a new wrapper function of nlmsg_unicast to handle type conversions. This patch also fixes a direct access of a rcu protected socket. Fixes: be33690d8fcf("[XFRM]: Fix aevent related crash") Signed-off-by: Su Yanjun --- Changes from v2: - add 'Fixes' tag and some description include/net/netns/xfrm.h | 2 +- net/xfrm/xfrm_user.c | 30 +++++++++++++++++++++++------- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/include/net/netns/xfrm.h b/include/net/netns/xfrm.h index 59f45b1..d2a36fb 100644 --- a/include/net/netns/xfrm.h +++ b/include/net/netns/xfrm.h @@ -57,7 +57,7 @@ struct netns_xfrm { struct list_head inexact_bins; - struct sock *nlsk; + struct sock __rcu *nlsk; struct sock *nlsk_stash; u32 sysctl_aevent_etime; diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index d832783..e8f23e4 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1071,6 +1071,22 @@ static inline int xfrm_nlmsg_multicast(struct net *net, struct sk_buff *skb, return nlmsg_multicast(nlsk, skb, pid, group, GFP_ATOMIC); } +/* A similar wrapper like xfrm_nlmsg_multicast checking that nlsk is still + * available. + */ +static inline int xfrm_nlmsg_unicast(struct net *net, struct sk_buff *skb, + u32 pid) +{ + struct sock *nlsk = rcu_dereference(net->xfrm.nlsk); + + if (!nlsk) { + kfree_skb(skb); + return -EPIPE; + } + + return nlmsg_unicast(nlsk, skb, pid); +} + static inline unsigned int xfrm_spdinfo_msgsize(void) { return NLMSG_ALIGN(4) @@ -1195,7 +1211,7 @@ static int xfrm_get_spdinfo(struct sk_buff *skb, struct nlmsghdr *nlh, err = build_spdinfo(r_skb, net, sportid, seq, *flags); BUG_ON(err < 0); - return nlmsg_unicast(net->xfrm.nlsk, r_skb, sportid); + return xfrm_nlmsg_unicast(net, r_skb, sportid); } static inline unsigned int xfrm_sadinfo_msgsize(void) @@ -1254,7 +1270,7 @@ static int xfrm_get_sadinfo(struct sk_buff *skb, struct nlmsghdr *nlh, err = build_sadinfo(r_skb, net, sportid, seq, *flags); BUG_ON(err < 0); - return nlmsg_unicast(net->xfrm.nlsk, r_skb, sportid); + return xfrm_nlmsg_unicast(net, r_skb, sportid); } static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, @@ -1274,7 +1290,7 @@ static int xfrm_get_sa(struct sk_buff *skb, struct nlmsghdr *nlh, if (IS_ERR(resp_skb)) { err = PTR_ERR(resp_skb); } else { - err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).portid); + err = xfrm_nlmsg_unicast(net, resp_skb, NETLINK_CB(skb).portid); } xfrm_state_put(x); out_noput: @@ -1337,7 +1353,7 @@ static int xfrm_alloc_userspi(struct sk_buff *skb, struct nlmsghdr *nlh, goto out; } - err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, NETLINK_CB(skb).portid); + err = xfrm_nlmsg_unicast(net, resp_skb, NETLINK_CB(skb).portid); out: xfrm_state_put(x); @@ -1903,8 +1919,8 @@ static int xfrm_get_policy(struct sk_buff *skb, struct nlmsghdr *nlh, if (IS_ERR(resp_skb)) { err = PTR_ERR(resp_skb); } else { - err = nlmsg_unicast(net->xfrm.nlsk, resp_skb, - NETLINK_CB(skb).portid); + err = xfrm_nlmsg_unicast(net, resp_skb, + NETLINK_CB(skb).portid); } } else { xfrm_audit_policy_delete(xp, err ? 0 : 1, true); @@ -2062,7 +2078,7 @@ static int xfrm_get_ae(struct sk_buff *skb, struct nlmsghdr *nlh, err = build_aevent(r_skb, x, &c); BUG_ON(err < 0); - err = nlmsg_unicast(net->xfrm.nlsk, r_skb, NETLINK_CB(skb).portid); + err = xfrm_nlmsg_unicast(net, r_skb, NETLINK_CB(skb).portid); spin_unlock_bh(&x->lock); xfrm_state_put(x); return err; -- 2.7.4