Received: by 2002:ad5:4acb:0:0:0:0:0 with SMTP id n11csp4092766imw; Thu, 7 Jul 2022 12:36:24 -0700 (PDT) X-Google-Smtp-Source: AGRyM1uCL0797NW/iQiCf+21ndXiRglvC4PD9D3GKA//SPzuUzgfFbCNc87UNwhZaUOCIsxuL7aU X-Received: by 2002:a17:906:72cf:b0:722:e1a4:25 with SMTP id m15-20020a17090672cf00b00722e1a40025mr47463403ejl.205.1657222584186; Thu, 07 Jul 2022 12:36:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1657222584; cv=none; d=google.com; s=arc-20160816; b=JyrEG1rFOqfTHOGvnAs/y4XlVMuzNk8ar/OIvmXt8FwkAr1ONN7qbirsdcL50YwGV1 FN4lpchmBck2G4DnzrAELtgxWjZHn75Adr4ZY/4bSS+dcH0uVRbQKX+OuOhxeKSFPteL KS6K2C88PDislsPHvyFZH8i/4LcQadmhgacy4LnMJhLq7QPOWXzR11wxa6shqI5zpLfV BhFKk8qrSH5zu9fBgunMeh5Y4mSPq1RSfmEEldSoPKZcEjDnw4W7iGR4NR1lc64aIrlX ZZKDDp6FVzM4JGhGyyOAEFjp0v+6RKrRN6twifo0/ufziR6zSxd8wEYDiMC2825Byjdi /1FQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=of729cYQdZdatbdtOkxwYpHbBpVYD6mDwvI8OalqF/o=; b=JdgbNR9+NVvmxdSXgMTRWbymrcqngtSbYa5ID0TE/sO6xJjHeEyQGCs2fFor6YVnwO s16NhVJvwp02AQ1HgIHMHZIwsOKm9X/FOENM8bLM1f+zE5IqLmK05bcS/+94p2CanSwd hEwynj0Af91SWw2SX8r7KlVrl6mbLQPWl4WJslERcNLEw9P8j/qIybPjLvxl9L3zLmaw DvE96kcvCWJJH+tYcBIi7GFjcePbPdyOjk9lrhQkZQdY6/C30ICiF4F8r8GrlPCz/XbI iUCvVSyrYEhza1lnyFIw3/uHgHPYCTKNzo8V9UjcOtjnIfj/L52pCzEoai/K1ZSXRjRb N+JA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=V9nrML7A; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id j15-20020a05640211cf00b004356df8591csi4116033edw.373.2022.07.07.12.35.56; Thu, 07 Jul 2022 12:36:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore-com.20210112.gappssmtp.com header.s=20210112 header.b=V9nrML7A; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236735AbiGGTQK (ORCPT + 99 others); Thu, 7 Jul 2022 15:16:10 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36450 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236740AbiGGTQI (ORCPT ); Thu, 7 Jul 2022 15:16:08 -0400 Received: from mail-wm1-x331.google.com (mail-wm1-x331.google.com [IPv6:2a00:1450:4864:20::331]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9D9515C9C7 for ; Thu, 7 Jul 2022 12:16:04 -0700 (PDT) Received: by mail-wm1-x331.google.com with SMTP id l40-20020a05600c1d2800b003a18adff308so11801251wms.5 for ; Thu, 07 Jul 2022 12:16:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore-com.20210112.gappssmtp.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=of729cYQdZdatbdtOkxwYpHbBpVYD6mDwvI8OalqF/o=; b=V9nrML7ATfHvbYWklR0Oe2gzTDbjRLUtkda6dyGevx7bagNTD65ZqDTlKZirih5aQ1 nkX0TTKbRtilcre9JSlFYoQn3qcIXVkpQdvAbeJAItCMbjV9BvZD23iO9tn/VrjBpGru KZFli/CXWr3kFMVrmqXy+YPpEv3+dBG02Y6iuCQ9sqm8XAx/uLSHgUEXqjDzq3oXUdbQ mId9ygf9HdZzddUVAEuV/UqJOTkNMagpstdk+z9MSsEAraL5XHdPvcnaYEogTvZsdLjm haswyT1lsFEWpC18LYFOZ0t0WcKCbZDLQKiRF/HBqnJeGP4KN6guHx1djhwXS5SfZ2Hz vXCQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=of729cYQdZdatbdtOkxwYpHbBpVYD6mDwvI8OalqF/o=; b=KaDbQr2lq1udHICxZlWMbCFu+KMITs961GH8Xfrt3uv4PQWxbLm/Am8dF6Rger5MI/ uQHdEqdco0f45ptcVd++rJ9PbxSV3Bw0BrgwLhXngsKY05vLv6q6FwrdLSVIRhM0/42d WTL3wEVJEtruo5R8fLEZxOG6z1HmcgmJVyTgY8zf6eZOAD7XcUpvcdzqpn5wB84igAiz oXnPgJpZCbKF1JXo1ceQor+JK1tRIlccuESqcYzF55k+zVSSi1lb4a1VPG0eXkD7V5gD 3T+MOb+UrdrLRbSBpctDB+jvVziSsA1idqFMx83yaBNj73bogc7dgUMpLlD3qvp5EA7D +vRg== X-Gm-Message-State: AJIora/diyFojnwAHucUXZuj+4zjPX0jD9AHPDGggy0+4k7vvUO1yLFy 1E7v0AL0LjaN6IN8H6CWdJ0hhBl7iwoE65VoX8Jj X-Received: by 2002:a05:600c:4f85:b0:3a1:a8e7:232a with SMTP id n5-20020a05600c4f8500b003a1a8e7232amr6425558wmq.158.1657221363107; Thu, 07 Jul 2022 12:16:03 -0700 (PDT) MIME-Version: 1.0 References: <20220706234003.66760-1-kuniyu@amazon.com> <20220706234003.66760-11-kuniyu@amazon.com> In-Reply-To: <20220706234003.66760-11-kuniyu@amazon.com> From: Paul Moore Date: Thu, 7 Jul 2022 15:15:52 -0400 Message-ID: Subject: Re: [PATCH v2 net 10/12] cipso: Fix data-races around sysctl. To: Kuniyuki Iwashima Cc: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Luis Chamberlain , Kees Cook , Iurii Zaikin , Kuniyuki Iwashima , netdev@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 6, 2022 at 7:43 PM Kuniyuki Iwashima wrote: > > While reading cipso sysctl variables, they can be changed concurrently. > So, we need to add READ_ONCE() to avoid data-races. > > Fixes: 446fda4f2682 ("[NetLabel]: CIPSOv4 engine") > Signed-off-by: Kuniyuki Iwashima > --- > CC: Paul Moore Thanks for the patch, this looks good to me. However, in the future you should probably drop the extra "---" separator (just leave the one before the diffstat below) and move my "Cc:" up above "Fixes:". Acked-by: Paul Moore > --- > Documentation/networking/ip-sysctl.rst | 2 +- > net/ipv4/cipso_ipv4.c | 12 +++++++----- > 2 files changed, 8 insertions(+), 6 deletions(-) > > diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst > index 9f41961d11d5..0e58001f8580 100644 > --- a/Documentation/networking/ip-sysctl.rst > +++ b/Documentation/networking/ip-sysctl.rst > @@ -1085,7 +1085,7 @@ cipso_cache_enable - BOOLEAN > cipso_cache_bucket_size - INTEGER > The CIPSO label cache consists of a fixed size hash table with each > hash bucket containing a number of cache entries. This variable limits > - the number of entries in each hash bucket; the larger the value the > + the number of entries in each hash bucket; the larger the value is, the > more CIPSO label mappings that can be cached. When the number of > entries in a given hash bucket reaches this limit adding new entries > causes the oldest entry in the bucket to be removed to make room. > diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c > index 62d5f99760aa..6cd3b6c559f0 100644 > --- a/net/ipv4/cipso_ipv4.c > +++ b/net/ipv4/cipso_ipv4.c > @@ -239,7 +239,7 @@ static int cipso_v4_cache_check(const unsigned char *key, > struct cipso_v4_map_cache_entry *prev_entry = NULL; > u32 hash; > > - if (!cipso_v4_cache_enabled) > + if (!READ_ONCE(cipso_v4_cache_enabled)) > return -ENOENT; > > hash = cipso_v4_map_cache_hash(key, key_len); > @@ -296,13 +296,14 @@ static int cipso_v4_cache_check(const unsigned char *key, > int cipso_v4_cache_add(const unsigned char *cipso_ptr, > const struct netlbl_lsm_secattr *secattr) > { > + int bkt_size = READ_ONCE(cipso_v4_cache_bucketsize); > int ret_val = -EPERM; > u32 bkt; > struct cipso_v4_map_cache_entry *entry = NULL; > struct cipso_v4_map_cache_entry *old_entry = NULL; > u32 cipso_ptr_len; > > - if (!cipso_v4_cache_enabled || cipso_v4_cache_bucketsize <= 0) > + if (!READ_ONCE(cipso_v4_cache_enabled) || bkt_size <= 0) > return 0; > > cipso_ptr_len = cipso_ptr[1]; > @@ -322,7 +323,7 @@ int cipso_v4_cache_add(const unsigned char *cipso_ptr, > > bkt = entry->hash & (CIPSO_V4_CACHE_BUCKETS - 1); > spin_lock_bh(&cipso_v4_cache[bkt].lock); > - if (cipso_v4_cache[bkt].size < cipso_v4_cache_bucketsize) { > + if (cipso_v4_cache[bkt].size < bkt_size) { > list_add(&entry->list, &cipso_v4_cache[bkt].list); > cipso_v4_cache[bkt].size += 1; > } else { > @@ -1199,7 +1200,8 @@ static int cipso_v4_gentag_rbm(const struct cipso_v4_doi *doi_def, > /* This will send packets using the "optimized" format when > * possible as specified in section 3.4.2.6 of the > * CIPSO draft. */ > - if (cipso_v4_rbm_optfmt && ret_val > 0 && ret_val <= 10) > + if (READ_ONCE(cipso_v4_rbm_optfmt) && ret_val > 0 && > + ret_val <= 10) > tag_len = 14; > else > tag_len = 4 + ret_val; > @@ -1603,7 +1605,7 @@ int cipso_v4_validate(const struct sk_buff *skb, unsigned char **option) > * all the CIPSO validations here but it doesn't > * really specify _exactly_ what we need to validate > * ... so, just make it a sysctl tunable. */ > - if (cipso_v4_rbm_strictvalid) { > + if (READ_ONCE(cipso_v4_rbm_strictvalid)) { > if (cipso_v4_map_lvl_valid(doi_def, > tag[3]) < 0) { > err_offset = opt_iter + 3; > -- > 2.30.2 -- paul-moore.com