Received: by 2002:a05:6a10:16a7:0:0:0:0 with SMTP id gp39csp1377434pxb; Fri, 20 Nov 2020 08:05:54 -0800 (PST) X-Google-Smtp-Source: ABdhPJyFoe2uZ68HDgwlmIjok+2JwgjiaaVqNBBUXYBnD/DuXzFyDiTXWxZBQzirmrgIlUWyR2DS X-Received: by 2002:aa7:d888:: with SMTP id u8mr36951458edq.210.1605888354465; Fri, 20 Nov 2020 08:05:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605888354; cv=none; d=google.com; s=arc-20160816; b=FgIJtq1FwhNJ7xZsu/D4RmC1sm78JI9eMPVSNusXa7b5x5j4WKebOsWLuZQcfn5TSL sGyTXkn046pwBTxzmpvk70F6a+WXjRXXSXSKUesyvTIliQ8mD12SlIEKnN4IGNodkNKk ETgImc3l0H8QWkZ+UWQkWPkcprlU6Iylai1BRiG77uIKqIXpglO1xBH6esdCnb3+FBOo HZkJF11hfjIPHJW3NzwYJnDX5ZnUcjtlnPu32jwEpWLoisdoAtDgglkmy78EBFyzKa9Y 8ge5zJYERjuwLkWu++iA4sqPlO6dHxjY3PdI0bAgtloFmMx2IfONeHLNVrGHLScYMse4 qV1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=tbYGqqAjPP4JacfFkxVuonSUOAuQf03kYrEHun6wQ/E=; b=Vurctxq3dLRL95NU3XNT/pdNk+xHFb60k2TngT/BcesE8ZQnnsgm7uQoIEJEkHeO7o hRzyFiHXzdPAg3/bDyBe2iZpDb4pYlatECpJDxemJecAoW6XCWp2VTvkX28QNctpIHVv da7VHwYL6Voq0C/4a0CWHpsYXI1DqeCEJpxzJef/nWTacoe8BFfK1UsfhqpYMGypS7Sw hO+fXdQgn1F1SJRaRdjNPpdbWELObIbzWFjdMKxrHIlYb7JLWjNeJWbk1qNlFLbCFJWI GS3l5JRNIlArtl9qCOi5yHRFDW2WYaEEpF89aUSuIaFEUhdhYnmVkCfQaHqnzp077fX7 62bQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id bo6si1992834edb.67.2020.11.20.08.05.24; Fri, 20 Nov 2020 08:05:54 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730011AbgKTQCH (ORCPT + 99 others); Fri, 20 Nov 2020 11:02:07 -0500 Received: from www62.your-server.de ([213.133.104.62]:52972 "EHLO www62.your-server.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728718AbgKTQCG (ORCPT ); Fri, 20 Nov 2020 11:02:06 -0500 Received: from sslproxy01.your-server.de ([78.46.139.224]) by www62.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92.3) (envelope-from ) id 1kg8rG-0003lI-FJ; Fri, 20 Nov 2020 17:01:58 +0100 Received: from [85.7.101.30] (helo=pc-9.home) by sslproxy01.your-server.de with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1kg8rG-000MkX-6q; Fri, 20 Nov 2020 17:01:58 +0100 Subject: Re: [PATCH] bpf: Check the return value of dev_get_by_index_rcu() To: David Ahern , xiakaixu1987@gmail.com, ast@kernel.org, kafai@fb.com, songliubraving@fb.com, yhs@fb.com, andrii@kernel.org, john.fastabend@gmail.com, kpsingh@chromium.org Cc: netdev@vger.kernel.org, bpf@vger.kernel.org, linux-kernel@vger.kernel.org, Kaixu Xia References: <1605769468-2078-1-git-send-email-kaixuxia@tencent.com> <65d8f988-5b41-24c2-8501-7cbbddb1238e@iogearbox.net> From: Daniel Borkmann Message-ID: <41aac020-b7af-e83f-0639-252efa4f7fff@iogearbox.net> Date: Fri, 20 Nov 2020 17:01:57 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.7.2 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Authenticated-Sender: daniel@iogearbox.net X-Virus-Scanned: Clear (ClamAV 0.102.4/25994/Fri Nov 20 14:09:26 2020) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/20/20 4:19 PM, David Ahern wrote: > On 11/20/20 8:13 AM, Daniel Borkmann wrote: >> [ +David ] >> >> On 11/19/20 8:04 AM, xiakaixu1987@gmail.com wrote: >>> From: Kaixu Xia >>> >>> The return value of dev_get_by_index_rcu() can be NULL, so here it >>> is need to check the return value and return error code if it is NULL. >>> >>> Signed-off-by: Kaixu Xia >>> --- >>>   net/core/filter.c | 2 ++ >>>   1 file changed, 2 insertions(+) >>> >>> diff --git a/net/core/filter.c b/net/core/filter.c >>> index 2ca5eecebacf..1263fe07170a 100644 >>> --- a/net/core/filter.c >>> +++ b/net/core/filter.c >>> @@ -5573,6 +5573,8 @@ BPF_CALL_4(bpf_skb_fib_lookup, struct sk_buff *, >>> skb, >>>           struct net_device *dev; >>>             dev = dev_get_by_index_rcu(net, params->ifindex); >>> +        if (unlikely(!dev)) >>> +            return -EINVAL; >>>           if (!is_skb_forwardable(dev, skb)) >>>               rc = BPF_FIB_LKUP_RET_FRAG_NEEDED; > > rcu lock is held right? It is impossible for dev to return NULL here. Yes, we're under RCU read side. Was wondering whether we could unlink it from the list but not yet free it, but also that seems not possible since we'd first need to close it which already has a synchronize_net(). So not an issue what Kaixu describes in the commit msg, agree.