Received: by 2002:a05:7412:e794:b0:fa:551:50a7 with SMTP id o20csp254632rdd;
        Tue, 9 Jan 2024 03:12:58 -0800 (PST)
X-Google-Smtp-Source: AGHT+IEGv0/JQzFhAWTU2Avoxp62nq9PCVQRfaOrM9g+FQMyGtjaAss0/47H0pL5RSjukGAAW2qi
X-Received: by 2002:aa7:c606:0:b0:554:2359:51b2 with SMTP id h6-20020aa7c606000000b00554235951b2mr2245075edq.66.1704798778517;
        Tue, 09 Jan 2024 03:12:58 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1704798778; cv=none;
        d=google.com; s=arc-20160816;
        b=Nyg57MgpOPEsZ/T7+AtyLVtbVZSZt4goJ56ut7jyOdaClcgFrzQjiug2sKWDMMrS2D
         NL4xZvkOhMEoiLny9S/GuKnjYL4kK3vhkn62i3K/BHFqndgR2mv6/8W1UH8LNkHFwNFn
         rieq8U5CNkA18zJ4+/Nli6M8slciC3QOXQ2d63EwyxX/PxTio38fM22rGL0J4dvEgEzp
         u9S/roKbgwl/CHvJ9aNLcCBHa8d56flZ7CjKKJf4BQyf1nl88FNUBWihIS9H/UqRhU8w
         iD8Q3m+TJiYfT8E2cf1UOT80mC9bMB+1a0zFU8SpnukNmJ2omEB9GHDlWgCmiR3B6S0i
         yH1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=user-agent:in-reply-to:content-disposition:mime-version
         :list-unsubscribe:list-subscribe:list-id:precedence:references
         :message-id:subject:cc:to:from:date;
        bh=Y9Q/Vwqdxoh6oLhH+4dsGG21WfKWHM9ZokWle4pLZps=;
        fh=SdCAoAjqXZ+iPmpJxzAcIo6hvZ2QUw5FCSnJW+7VmY8=;
        b=NquL8TNEk8A36SnpOpBETJsK/hfgAwkX+Qx4BAG4YCV+8hhnebWPXl3oFO2GgZEKjR
         mj2GGKMu/Qu3yM5wYO1J80IaJUi7IlIJ+Z2lENXcjbXA6gsQNdomy+yRmW0CNtlk69kr
         Iye3abuJrgZBhO3Ub1mGeqvPtd/GEUEKGbsjuepZAUoJYX+MnyX8Cbz/BtIHnH7ApRAM
         AUtZdy8xHLzZKD0xtPy9KgKN6/M1SbTA8pB9AtX4ctb2fg4ZnOxLSjAf5lOTp+w+3jFh
         hcdekDsdEGoWeCpquAmvPe1bxReepeLbWbhdnriM8u+dAIktPmIRA98NWoWSSEv9WQTy
         G1mg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel+bounces-20752-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20752-linux.lists.archive=gmail.com@vger.kernel.org"
Return-Path: <linux-kernel+bounces-20752-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3])
        by mx.google.com with ESMTPS id dh19-20020a0564021d3300b0055367f1e720si673357edb.554.2024.01.09.03.12.58
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 09 Jan 2024 03:12:58 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-20752-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel+bounces-20752-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-20752-linux.lists.archive=gmail.com@vger.kernel.org"
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 485991F25876
	for <linux.lists.archive@gmail.com>; Tue,  9 Jan 2024 11:12:58 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 9F72036B0A;
	Tue,  9 Jan 2024 11:12:41 +0000 (UTC)
Received: from Chamillionaire.breakpoint.cc (Chamillionaire.breakpoint.cc [91.216.245.30])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id DEBB337159;
	Tue,  9 Jan 2024 11:12:38 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=strlen.de
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=strlen.de
Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.92)
	(envelope-from <fw@strlen.de>)
	id 1rNA20-0000Mw-VC; Tue, 09 Jan 2024 12:12:28 +0100
Date: Tue, 9 Jan 2024 12:12:28 +0100
From: Florian Westphal <fw@strlen.de>
To: Pavel Tikhomirov <ptikhomirov@virtuozzo.com>
Cc: Florian Westphal <fw@strlen.de>,
	"David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	netdev@vger.kernel.org, linux-kernel@vger.kernel.org,
	kernel@openvz.org
Subject: Re: [PATCH] neighbour: purge nf_bridged skb from foreign device neigh
Message-ID: <20240109111228.GA7664@breakpoint.cc>
References: <20240108085232.95437-1-ptikhomirov@virtuozzo.com>
 <20240108111504.GA23297@breakpoint.cc>
 <a84b2797-2008-45d6-9ca3-c72666d3c419@virtuozzo.com>
 <07490c75-86c3-4488-8adb-7740b14feb30@virtuozzo.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <07490c75-86c3-4488-8adb-7740b14feb30@virtuozzo.com>
User-Agent: Mutt/1.10.1 (2018-07-13)

Pavel Tikhomirov <ptikhomirov@virtuozzo.com> wrote:
> index f980edfdd2783..105fbdb029261 100644
> --- a/include/linux/netfilter_bridge.h
> +++ b/include/linux/netfilter_bridge.h
> @@ -56,11 +56,15 @@ static inline int nf_bridge_get_physoutif(const struct
> sk_buff *skb)
>  }
> 
>  static inline struct net_device *
> -nf_bridge_get_physindev(const struct sk_buff *skb)
> +nf_bridge_get_physindev_rcu(const struct sk_buff *skb)
>  {
>         const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);
> +       struct net_device *dev;
> 
> -       return nf_bridge ? nf_bridge->physindev : NULL;
> +       if (!nf_bridge || !skb->dev)
> +               return 0;
> +
> +       return dev_get_by_index_rcu(skb->dev->net, nf_bridge->physindev_if);

You could use dev_net(skb->dev), yes.

Or create a preparation patch that does:

-nf_bridge_get_physindev(const struct sk_buff *skb)
+nf_bridge_get_physindev(const struct sk_buff *skb, struct net *net)

(all callers have a struct net available).

No need to rename the function, see below.

> -       br_indev = nf_bridge_get_physindev(oldskb);
> +       rcu_read_lock_bh();
> +       br_indev = nf_bridge_get_physindev_rcu(oldskb);

No need for rcu read lock, all netfilter hooks run inside
rcu_read_lock().

> Does it sound good?

Yes, seems ok to me.

> Or maybe instead we can have extra physindev_if field in addition to
> existing physindev to only do dev_get_by_index_rcu inside
> br_nf_pre_routing_finish_bridge_slow to doublecheck the ->physindev link?
> 
> Sorry in advance if I'm missing anything obvious.

Alternative would be to add a 'br_nf_unreg_serno' that gets incremented
from brnf_device_event(), then store that in nf_bridge_info struct and
compare to current value before net_device deref. If not equal, toss skb.

Problem is that we'd need some indirection to retrieve the current
value, otherwise places like nfnetlink_log() gain a module dependency on
br_netfilter :-(

We'd likely need
const atomic_t *br_nf_unreg_serno __read_mostly;
EXPORT_SYMBOL_GPL(br_nf_unreg_serno);

in net/netfilter/core.c for this, then set/clear the
pointer from br_netfilter_hooks.c.

I can't say/don't know which of the two options is better/worse.

s/struct net_device */int// has the benefit of shrinking nf_bridge_info,
so I'd try that first.