Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp7224632rwd; Tue, 6 Jun 2023 07:57:12 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ670ZexXSoFMrs02s2uWYUtkDyvJUbDlSGaLHDctv/K+kijIuNWFSLJxuQnyfCFyRsMZyxe X-Received: by 2002:a05:620a:2710:b0:75e:b95b:4c7a with SMTP id b16-20020a05620a271000b0075eb95b4c7amr2241797qkp.7.1686063432243; Tue, 06 Jun 2023 07:57:12 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1686063432; cv=none; d=google.com; s=arc-20160816; b=m/vLYdTM8n7yss0zx8BLgCUWSzHWtDmC4FSe9LObsELPyWwjDpyeznm6hBhT1nJ1Ge +jGoZ1CqtcP8ZxTSzhcrMLSyFtaVDkb23+P/d6/2uH6dbhJEOPC9N+HIjlpiJ8Bh4hy+ sX1t4G9pqlOboOemh5dJxoCoHhzQ6hUKLA06B71L8Om8dxWdzhSbNwMOSLKbnZJfCPBW BeOLOqMj1LG6kdNOPI9gKandUZVlHc/5sUdSK4WlstqsddJq6cOtbH8rqjIn1xj1pewz ljurbaXjWdR1b5BCllYh7zAajbzj2pY1mjhdnxC3tSPtpW2caoVwQ17070yv9dkH748E 5X5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature:dkim-signature; bh=DhRajjqgVSyUUdEDX+1GOSjWl9w0ShEtXU/Xp2NUPAU=; b=wTXlE08k+ZWZox2jtMj17ArHtwhJp69p+wQkkZnojcTVvwLA0GEnGXj5oonV4MKDy4 HuaB3MWPWo5hcHULe3Sl/lC/K0ngLWjGNNDbfL9P4AwShkQf+y6fKeED7eZE2GSPwpmn woSasWUhudRuzs6ibTFM9AJcnVg8hCdmVSpdqoGftostz4ed8EhK8/tD7lmMcst27b5e rAoh5h0fZcvXQJTE/hdwaWRXQ6UJFoweHmnzWlJSpHxvP9uesw0d9g2FIQdxuCbrclo4 REVXnQ2WTApJkelAh+kcZLlVzLC1BTbBubfYn4Py4gr0/Ji+XDMX4BRUdBRnvqWIoCTN ry3Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=BerOiOvr; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=ElTQ1wIF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alu.unizg.hr Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id o16-20020a05620a111000b0075eca0fe753si1008333qkk.8.2023.06.06.07.56.57; Tue, 06 Jun 2023 07:57:12 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=BerOiOvr; dkim=fail header.i=@alu.unizg.hr header.s=mail header.b=ElTQ1wIF; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=alu.unizg.hr Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237948AbjFFO2o (ORCPT + 99 others); Tue, 6 Jun 2023 10:28:44 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:33826 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237838AbjFFO2f (ORCPT ); Tue, 6 Jun 2023 10:28:35 -0400 Received: from domac.alu.hr (domac.alu.unizg.hr [IPv6:2001:b68:2:2800::3]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1E0A6172C; Tue, 6 Jun 2023 07:28:09 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by domac.alu.hr (Postfix) with ESMTP id 17A6C60212; Tue, 6 Jun 2023 16:28:06 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=alu.unizg.hr; s=mail; t=1686061686; bh=WyGaO6S3i6ZE6h5RKEot8ZzWqDYoqEZ5M3+W5FY+Oq8=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=BerOiOvrFPA84MMTe0Jecw4p/zpuXCl9Dg755KjVy6YdbjLs+zvQcPMTS2hoHN7a8 PBEIBMqp/PfY7lfnxq7Qd+jiLglULAjKtxpxfFR2OvHxfUPCxplQbIQGsQ80j3/km8 xOu4q3KoSNFLTg9Bn8vpTagNEHZ9Tcq734ycjoiU1EXkV+f2zMPehzr4C1Pe8oDwL3 K1lDfOJE3pC9LUfLUxB6+2ACWywE0mDtxY7/yCmzmeJZrLJLolJ2bNbp2H5EcnLi3V CNmEW1KaItUp4VyADsKp7cDK93kg111wjlp85EP63mkvVmrJxCx8D2OKskTeU7+ECl gqCm3XBwsvPDw== X-Virus-Scanned: Debian amavisd-new at domac.alu.hr Received: from domac.alu.hr ([127.0.0.1]) by localhost (domac.alu.hr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DLGycccop9P0; Tue, 6 Jun 2023 16:28:03 +0200 (CEST) Received: from [193.198.186.200] (pc-mtodorov.slava.alu.hr [193.198.186.200]) by domac.alu.hr (Postfix) with ESMTPSA id 4AE276020C; Tue, 6 Jun 2023 16:28:03 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=alu.unizg.hr; s=mail; t=1686061683; bh=WyGaO6S3i6ZE6h5RKEot8ZzWqDYoqEZ5M3+W5FY+Oq8=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=ElTQ1wIF0XbErv+oxeOBTZ8ZL3tWWZGIRLzmjoxM294eQKH0zb5UZ7teaSGq2wjid FpGeAEfQOsmGKJypnKUYFD7RSMFrGzld7+/EKCNzF3nA7Bqp8XckRjoBs7hsdGnlLC 00IDp8orNHaZCLZGWk00bh8mXPZhKtoll+45Hs2Eh3LWFthjZ2TAg8yntI1zA298A4 79/OmQfAQHLYE5MG7ACEMD9Br4LmlT/XHTpzbKPaVid0rH4FRkm6micO9huws01FAn 5Brz249y6Ws6Mgbnboyn6iy6UfORMwRg2bTDBi7y3g4enbh7078uZsYiCWt8e3dWMt 1m4ktG8DX4WUw== Message-ID: <12c34bed-0885-3bb3-257f-3b2438ba206f@alu.unizg.hr> Date: Tue, 6 Jun 2023 16:28:02 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.11.0 Subject: Re: POSSIBLE BUG: selftests/net/fcnal-test.sh: [FAIL] in vrf "bind - ns-B IPv6 LLA" test Content-Language: en-US, hr To: Guillaume Nault Cc: netdev@vger.kernel.org, "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , Shuah Khan , linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org References: <60f78eaa-ace7-c27d-8e45-4777ecf3faa2@alu.unizg.hr> From: Mirsad Todorovac In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,NICE_REPLY_A,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 6/6/23 16:11, Guillaume Nault wrote: > On Tue, Jun 06, 2023 at 03:57:35PM +0200, Mirsad Todorovac wrote: >> diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c >> index c4835dbdfcff..c1d81c49b775 100644 >> --- a/net/ipv6/ping.c >> +++ b/net/ipv6/ping.c >> @@ -73,6 +73,10 @@ static int ping_v6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) >> struct rt6_info *rt; >> struct pingfakehdr pfh; >> struct ipcm6_cookie ipc6; >> + struct net *net = sock_net(sk); >> + struct net_device *dev = NULL; >> + struct net_device *mdev = NULL; >> + struct net_device *bdev = NULL; >> >> err = ping_common_sendmsg(AF_INET6, msg, len, &user_icmph, >> sizeof(user_icmph)); >> @@ -111,10 +115,26 @@ static int ping_v6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) >> else if (!oif) >> oif = np->ucast_oif; >> >> + if (oif) { >> + rcu_read_lock(); >> + dev = dev_get_by_index_rcu(net, oif); >> + rcu_read_unlock(); > > You can't assume '*dev' is still valid after rcu_read_unlock() unless > you hold a reference on it. > >> + rtnl_lock(); >> + mdev = netdev_master_upper_dev_get(dev); >> + rtnl_unlock(); > > Because of that, 'dev' might have already disappeared at the time > netdev_master_upper_dev_get() is called. So it may dereference an > invalid pointer here. Good point, thanks. I didn't expect those to change. This can be fixed, provided that RCU and RTNL locks can be nested: rcu_read_lock(); if (oif) { dev = dev_get_by_index_rcu(net, oif); rtnl_lock(); mdev = netdev_master_upper_dev_get(dev); rtnl_unlock(); } if (sk->sk_bound_dev_if) { bdev = dev_get_by_index_rcu(net, sk->sk_bound_dev_if); } addr_type = ipv6_addr_type(daddr); if ((__ipv6_addr_needs_scope_id(addr_type) && !oif) || (addr_type & IPV6_ADDR_MAPPED) || (oif && sk->sk_bound_dev_if && oif != sk->sk_bound_dev_if && !(mdev && sk->sk_bound_dev_if && bdev && mdev == bdev))) { rcu_read_unlock(); return -EINVAL; } rcu_read_unlock(); But again this is still probably not race-free (bdev might also disappear before the mdev == bdev test), even if it passed fcnal-test.sh, there is much duplication of code, so your one-line solution is obviously by far better. :-) Much obliged. Best regards, Mirsad >> + } >> + >> + if (sk->sk_bound_dev_if) { >> + rcu_read_lock(); >> + bdev = dev_get_by_index_rcu(net, sk->sk_bound_dev_if); >> + rcu_read_unlock(); >> + } >> + >> addr_type = ipv6_addr_type(daddr); >> if ((__ipv6_addr_needs_scope_id(addr_type) && !oif) || >> (addr_type & IPV6_ADDR_MAPPED) || >> - (oif && sk->sk_bound_dev_if && oif != sk->sk_bound_dev_if)) >> + (oif && sk->sk_bound_dev_if && oif != sk->sk_bound_dev_if && >> + !(mdev && sk->sk_bound_dev_if && bdev && mdev == bdev))) >> return -EINVAL; >> >> ipcm6_init_sk(&ipc6, np); >> >> However, this works by the test (888 passed) but your two liner is obviously >> better :-) > > :) -- Mirsad Goran Todorovac Sistem inženjer Grafički fakultet | Akademija likovnih umjetnosti Sveučilište u Zagrebu System engineer Faculty of Graphic Arts | Academy of Fine Arts University of Zagreb, Republic of Croatia