Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp2797855ybv; Mon, 24 Feb 2020 11:49:23 -0800 (PST) X-Google-Smtp-Source: APXvYqxa27qwfevxElhw5wjJBwdXRSrkAtnk+t99u+S9nxH/64ZmZ4rNT1svdSVWg+K5rlcSQygL X-Received: by 2002:a05:6830:1042:: with SMTP id b2mr41035379otp.306.1582573763643; Mon, 24 Feb 2020 11:49:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582573763; cv=none; d=google.com; s=arc-20160816; b=gHMVZAc/zE/rH7l+tLP2KGsq0pgYC4ByHSF3JfEhruOwF0mvSRYtwnCtwWYJ8+lRM+ 1MJf9pXuZi+taaTghvRJyfArpoep9nsw0ZXOUjaQAcPOpQ0ygTA+aPme1LQ0VgNb8Q7V m4AN3Ueu5DBhdETVMJKJ9vPOAfCVwK3LivwVQApWpGNxc429TDVM3ZTL1NOG2zJT7UxX iTOGbwDWO7M9GFneIpwzxIT2tl7lZbL4OPQRc7dE2s0fOecla8BOs0KJmAn8NTfgQplK kyni7CSTKq64MfaA/edIST1kv5AZd0L2crldNd+3EuE72BVFEidwYXBIAyaqYTSucqOV P5IA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=nnxs4S3V4j1u81O81rJrhpwntUjBUuBdMvRvoYKsH34=; b=I2kgRI/YhE6bn5FQ02SS4hYqgtX1lqCAubMpuuf9CUbAAzseBP9YwihOgwaoG1lcdI 6ZJKphquEhes9+prABZeyaRr2YyxcKArRWTdwjNhpacxyQADEu67m0yawZ2an1nYm1k3 KZ5Ygmd2jE/jI8Dvw22Kl90Jk+A0LY1JJpuNZZ6MHxRhrGDO/uHRgBsJEU1qgT+gP+tv FBijzBwc16vb9tw7fJDZhQHlq8Nlmf+RYRmE9KNI+cjOVMroTJr0UCPcsSIsC4dYg6n3 QeKS/L/tLCTViI0ntF10XvLjrS9yoHKDqt6xc08NycEzwKxvbdW34SQ6zgRoOGwAMCTX VWlA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="LaKg1j/G"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m11si5747722oim.223.2020.02.24.11.49.09; Mon, 24 Feb 2020 11:49:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b="LaKg1j/G"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727115AbgBXTrx (ORCPT + 99 others); Mon, 24 Feb 2020 14:47:53 -0500 Received: from us-smtp-delivery-1.mimecast.com ([207.211.31.120]:41399 "EHLO us-smtp-1.mimecast.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1726593AbgBXTrw (ORCPT ); Mon, 24 Feb 2020 14:47:52 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1582573671; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=nnxs4S3V4j1u81O81rJrhpwntUjBUuBdMvRvoYKsH34=; b=LaKg1j/G9gGsl2G10l17H2sJ0owiEfVtPtL2XQpMEyYulxejBDOzVMBeJQMK71hOZ5FLUQ eoNTGysFJBKF0z8MTzTLhSoSFdANGDCxfoew9uwaK7XhnMzOk9zYDVcSdvO8c0wLFn7G6V rYPSVPNt+HGN1P74OucDJXsBY7AoR1o= Received: from mail-ed1-f70.google.com (mail-ed1-f70.google.com [209.85.208.70]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-145-UPehJHR9OAe72uxwGv7ctQ-1; Mon, 24 Feb 2020 14:47:50 -0500 X-MC-Unique: UPehJHR9OAe72uxwGv7ctQ-1 Received: by mail-ed1-f70.google.com with SMTP id y8so7407027edv.4 for ; Mon, 24 Feb 2020 11:47:50 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=nnxs4S3V4j1u81O81rJrhpwntUjBUuBdMvRvoYKsH34=; b=fYnPqdX66RFMVgD4o3+ae4FRzM6qsedHwp9pAtf2Htq1yFERirNOrzG5A7KLhnK+uw b4lfqsONS+VZxANSxC2V1vyuDY7pixwdQ4imL1wI+HkW2A2KUnH7DfoWftYEhlrrUb9W Q/qelziOUuOE0CSY3LTLEG+pOpY24BaQJKf9dkUbAfB96/JXg5dZdt+jqhnRbik0a4lK 0bBCaW+LnB0dG3t1p/4CkZzF3m85jQ0wbEkM8lS2ofQoYxbetsBZc+NIAAtAvRrii3sX tHSOb7gtN3hMCOXkOGhxFopHmHQJAdhS8meiB03cTYbomGxWZAfrK7Z73ZGMneK2j+/A crjA== X-Gm-Message-State: APjAAAW99QByIIVsuT/F43MaE6ANNNo/05BnjZXxFIh7eKRZSTqBPWgD krlUlZ0UbkNA1Nh6q3D8L9oU7CS3Htc27WrnvFw5sYDBc3mZk8P0QFre9Z/1usrZK8yZUh2RpXp gW+Jmpqh0W4tv/vvMAebEDaCrgCm1PVLiQ2NNhkgh X-Received: by 2002:a17:906:ce57:: with SMTP id se23mr48387488ejb.362.1582573669116; Mon, 24 Feb 2020 11:47:49 -0800 (PST) X-Received: by 2002:a17:906:ce57:: with SMTP id se23mr48387474ejb.362.1582573668885; Mon, 24 Feb 2020 11:47:48 -0800 (PST) MIME-Version: 1.0 References: <20200224185529.50530-1-mcroce@redhat.com> <20200224191154.GH19559@breakpoint.cc> In-Reply-To: From: Matteo Croce Date: Mon, 24 Feb 2020 20:47:13 +0100 Message-ID: Subject: Re: [PATCH nf] netfilter: ensure rcu_read_lock() in ipv4_find_option() To: Florian Westphal Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev , LKML , Pablo Neira Ayuso , Jozsef Kadlecsik , "David S. Miller" , Jakub Kicinski , Stephen Suryaputra Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Feb 24, 2020 at 8:42 PM Matteo Croce wrote: > > On Mon, Feb 24, 2020 at 8:12 PM Florian Westphal wrote: > > > > Matteo Croce wrote: > > > As in commit c543cb4a5f07 ("ipv4: ensure rcu_read_lock() in ipv4_link_failure()") > > > and commit 3e72dfdf8227 ("ipv4: ensure rcu_read_lock() in cipso_v4_error()"), > > > __ip_options_compile() must be called under rcu protection. > > > > This is not needed, all netfilter hooks run with rcu_read_lock held. > > > > Ok, so let's drop it, thanks. What about adding a RCU_LOCKDEP_WARN() in __ip_options_compile() to protect against future errors? Something like: ----------------------------------%<------------------------------------- @@ -262,6 +262,9 @@ int __ip_options_compile(struct net *net, unsigned char *iph; int optlen, l; + RCU_LOCKDEP_WARN(!rcu_read_lock_held(), + __FUNC__ " needs rcu_read_lock() protection"); + if (skb) { rt = skb_rtable(skb); optptr = (unsigned char *)&(ip_hdr(skb)[1]); ---------------------------------->%------------------------------------- Bye, -- Matteo Croce per aspera ad upstream