diff mbox series

[net] net: bridge: vlan: Fix dumping with ifindex

Message ID 20220125061903.714509-1-bpoirier@nvidia.com (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series [net] net: bridge: vlan: Fix dumping with ifindex | expand

Checks

Context Check Description
netdev/tree_selection success Clearly marked for net
netdev/fixes_present success Fixes tag present in non-next series
netdev/subject_prefix success Link
netdev/cover_letter success Single patches do not need cover letters
netdev/patch_count success Link
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 0 this patch: 0
netdev/cc_maintainers success CCed 6 of 6 maintainers
netdev/build_clang success Errors and warnings before: 0 this patch: 0
netdev/module_param success Was 0 now: 0
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 0 this patch: 0
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 18 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Benjamin Poirier Jan. 25, 2022, 6:19 a.m. UTC 
Specifying ifindex in a RTM_GETVLAN dump leads to an infinite repetition
of the same entries. netlink_dump() normally calls the dump function
repeatedly until it returns 0 which br_vlan_rtm_dump() never does in
that case.

Fixes: 8dcea187088b ("net: bridge: vlan: add rtm definitions and dump support")
Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
---
 net/bridge/br_vlan.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

The problem can be reproduced by using the following iproute2 patch and
running:
ip link add br0 type bridge
ip link add dummy0 master br0 type dummy
bridge vlan add dev dummy0 vid 100

./bridge/bridge -d vlan show dev dummy0
[infinite loop]

	diff --git a/bridge/vlan.c b/bridge/vlan.c
	index 8300f353..f206a671 100644
	--- a/bridge/vlan.c
	+++ b/bridge/vlan.c
	@@ -1128,7 +1128,8 @@ static int vlan_show(int argc, char **argv, int subject)
		if (show_details && subject == VLAN_SHOW_VLAN) {
			__u32 dump_flags = show_stats ? BRIDGE_VLANDB_DUMPF_STATS : 0;
	 
	-		if (rtnl_brvlandump_req(&rth, PF_BRIDGE, dump_flags) < 0) {
	+		if (rtnl_brvlandump_req(&rth, PF_BRIDGE, dump_flags,
	+					filter_index) < 0) {
				perror("Cannot send dump request");
				exit(1);
			}
	@@ -1240,7 +1241,8 @@ static int vlan_global_show(int argc, char **argv)
	 
		new_json_obj(json);
	 
	-	if (rtnl_brvlandump_req(&rth, PF_BRIDGE, dump_flags) < 0) {
	+	if (rtnl_brvlandump_req(&rth, PF_BRIDGE, dump_flags, filter_index)
	+	    < 0) {
			perror("Cannot send dump request");
			exit(1);
		}
	diff --git a/include/libnetlink.h b/include/libnetlink.h
	index 9e4cc101..276b7fbf 100644
	--- a/include/libnetlink.h
	+++ b/include/libnetlink.h
	@@ -69,7 +69,8 @@ int rtnl_neightbldump_req(struct rtnl_handle *rth, int family)
		__attribute__((warn_unused_result));
	 int rtnl_mdbdump_req(struct rtnl_handle *rth, int family)
		__attribute__((warn_unused_result));
	-int rtnl_brvlandump_req(struct rtnl_handle *rth, int family, __u32 dump_flags)
	+int rtnl_brvlandump_req(struct rtnl_handle *rth, int family, __u32 dump_flags,
	+			int ifindex)
		__attribute__((warn_unused_result));
	 int rtnl_netconfdump_req(struct rtnl_handle *rth, int family)
		__attribute__((warn_unused_result));
	diff --git a/lib/libnetlink.c b/lib/libnetlink.c
	index 7e977a67..e0fce8e5 100644
	--- a/lib/libnetlink.c
	+++ b/lib/libnetlink.c
	@@ -450,7 +450,8 @@ int rtnl_mdbdump_req(struct rtnl_handle *rth, int family)
		return send(rth->fd, &req, sizeof(req), 0);
	 }
	 
	-int rtnl_brvlandump_req(struct rtnl_handle *rth, int family, __u32 dump_flags)
	+int rtnl_brvlandump_req(struct rtnl_handle *rth, int family, __u32 dump_flags,
	+			int ifindex)
	 {
		struct {
			struct nlmsghdr nlh;
	@@ -462,6 +463,7 @@ int rtnl_brvlandump_req(struct rtnl_handle *rth, int family, __u32 dump_flags)
			.nlh.nlmsg_flags = NLM_F_DUMP | NLM_F_REQUEST,
			.nlh.nlmsg_seq = rth->dump = ++rth->seq,
			.bvm.family = family,
	+		.bvm.ifindex = ifindex,
		};
	 
		addattr32(&req.nlh, sizeof(req), BRIDGE_VLANDB_DUMP_FLAGS, dump_flags);
	--

Comments

Nikolay Aleksandrov Jan. 25, 2022, 8:24 a.m. UTC | #1 
On 25/01/2022 08:19, Benjamin Poirier wrote:
> Specifying ifindex in a RTM_GETVLAN dump leads to an infinite repetition
> of the same entries. netlink_dump() normally calls the dump function
> repeatedly until it returns 0 which br_vlan_rtm_dump() never does in
> that case.
> 
> Fixes: 8dcea187088b ("net: bridge: vlan: add rtm definitions and dump support")
> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
> ---
>  net/bridge/br_vlan.c | 6 ++++--
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
[snip]
> 
> diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
> index 84ba456a78cc..2e606f2b9a4d 100644
> --- a/net/bridge/br_vlan.c
> +++ b/net/bridge/br_vlan.c
> @@ -2013,7 +2013,7 @@ static int br_vlan_rtm_dump(struct sk_buff *skb, struct netlink_callback *cb)
>  		dump_flags = nla_get_u32(dtb[BRIDGE_VLANDB_DUMP_FLAGS]);
>  
>  	rcu_read_lock();
> -	if (bvm->ifindex) {
> +	if (bvm->ifindex && !s_idx) {
>  		dev = dev_get_by_index_rcu(net, bvm->ifindex);
>  		if (!dev) {
>  			err = -ENODEV;
> @@ -2022,7 +2022,9 @@ static int br_vlan_rtm_dump(struct sk_buff *skb, struct netlink_callback *cb)
>  		err = br_vlan_dump_dev(dev, skb, cb, dump_flags);
>  		if (err && err != -EMSGSIZE)
>  			goto out_err;
> -	} else {
> +		else if (!err)
> +			idx++;
> +	} else if (!bvm->ifindex) {
>  		for_each_netdev_rcu(net, dev) {
>  			if (idx < s_idx)
>  				goto skip;

Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
Nikolay Aleksandrov Jan. 25, 2022, 9:51 a.m. UTC | #2 
On 25/01/2022 10:24, Nikolay Aleksandrov wrote:
> On 25/01/2022 08:19, Benjamin Poirier wrote:
>> Specifying ifindex in a RTM_GETVLAN dump leads to an infinite repetition
>> of the same entries. netlink_dump() normally calls the dump function
>> repeatedly until it returns 0 which br_vlan_rtm_dump() never does in
>> that case.
>>
>> Fixes: 8dcea187088b ("net: bridge: vlan: add rtm definitions and dump support")
>> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
>> ---
>>  net/bridge/br_vlan.c | 6 ++++--
>>  1 file changed, 4 insertions(+), 2 deletions(-)
>>
> [snip]
>>
>> diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
>> index 84ba456a78cc..2e606f2b9a4d 100644
>> --- a/net/bridge/br_vlan.c
>> +++ b/net/bridge/br_vlan.c
>> @@ -2013,7 +2013,7 @@ static int br_vlan_rtm_dump(struct sk_buff *skb, struct netlink_callback *cb)
>>  		dump_flags = nla_get_u32(dtb[BRIDGE_VLANDB_DUMP_FLAGS]);
>>  
>>  	rcu_read_lock();
>> -	if (bvm->ifindex) {
>> +	if (bvm->ifindex && !s_idx) {
>>  		dev = dev_get_by_index_rcu(net, bvm->ifindex);
>>  		if (!dev) {
>>  			err = -ENODEV;
>> @@ -2022,7 +2022,9 @@ static int br_vlan_rtm_dump(struct sk_buff *skb, struct netlink_callback *cb)
>>  		err = br_vlan_dump_dev(dev, skb, cb, dump_flags);
>>  		if (err && err != -EMSGSIZE)
>>  			goto out_err;
>> -	} else {
>> +		else if (!err)
>> +			idx++;
>> +	} else if (!bvm->ifindex) {
>>  		for_each_netdev_rcu(net, dev) {
>>  			if (idx < s_idx)
>>  				goto skip;
> 
> Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>

Actually I'd prefer an alternative that would encapsulate handling the single
device dump in its block, avoid all the "else if"s and is simpler (untested):

diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
index 84ba456a78cc..43201260e37b 100644
--- a/net/bridge/br_vlan.c
+++ b/net/bridge/br_vlan.c
@@ -2020,7 +2020,8 @@ static int br_vlan_rtm_dump(struct sk_buff *skb, struct netlink_callback *cb)
                        goto out_err;
                }
                err = br_vlan_dump_dev(dev, skb, cb, dump_flags);
-               if (err && err != -EMSGSIZE)
+               /* if the dump completed without an error we return 0 here */
+               if (err != -EMSGSIZE)
                        goto out_err;
        } else {
                for_each_netdev_rcu(net, dev) {
Benjamin Poirier Jan. 26, 2022, 2:54 a.m. UTC | #3 
On 2022-01-25 11:51 +0200, Nikolay Aleksandrov wrote:
> On 25/01/2022 10:24, Nikolay Aleksandrov wrote:
> > On 25/01/2022 08:19, Benjamin Poirier wrote:
> >> Specifying ifindex in a RTM_GETVLAN dump leads to an infinite repetition
> >> of the same entries. netlink_dump() normally calls the dump function
> >> repeatedly until it returns 0 which br_vlan_rtm_dump() never does in
> >> that case.
> >>
> >> Fixes: 8dcea187088b ("net: bridge: vlan: add rtm definitions and dump support")
> >> Signed-off-by: Benjamin Poirier <bpoirier@nvidia.com>
> >> ---
> >>  net/bridge/br_vlan.c | 6 ++++--
> >>  1 file changed, 4 insertions(+), 2 deletions(-)
> >>
> > [snip]
> >>
> >> diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
> >> index 84ba456a78cc..2e606f2b9a4d 100644
> >> --- a/net/bridge/br_vlan.c
> >> +++ b/net/bridge/br_vlan.c
> >> @@ -2013,7 +2013,7 @@ static int br_vlan_rtm_dump(struct sk_buff *skb, struct netlink_callback *cb)
> >>  		dump_flags = nla_get_u32(dtb[BRIDGE_VLANDB_DUMP_FLAGS]);
> >>  
> >>  	rcu_read_lock();
> >> -	if (bvm->ifindex) {
> >> +	if (bvm->ifindex && !s_idx) {
> >>  		dev = dev_get_by_index_rcu(net, bvm->ifindex);
> >>  		if (!dev) {
> >>  			err = -ENODEV;
> >> @@ -2022,7 +2022,9 @@ static int br_vlan_rtm_dump(struct sk_buff *skb, struct netlink_callback *cb)
> >>  		err = br_vlan_dump_dev(dev, skb, cb, dump_flags);
> >>  		if (err && err != -EMSGSIZE)
> >>  			goto out_err;
> >> -	} else {
> >> +		else if (!err)
> >> +			idx++;
> >> +	} else if (!bvm->ifindex) {
> >>  		for_each_netdev_rcu(net, dev) {
> >>  			if (idx < s_idx)
> >>  				goto skip;
> > 
> > Acked-by: Nikolay Aleksandrov <nikolay@nvidia.com>
> 
> Actually I'd prefer an alternative that would encapsulate handling the single
> device dump in its block, avoid all the "else if"s and is simpler (untested):
> 
> diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
> index 84ba456a78cc..43201260e37b 100644
> --- a/net/bridge/br_vlan.c
> +++ b/net/bridge/br_vlan.c
> @@ -2020,7 +2020,8 @@ static int br_vlan_rtm_dump(struct sk_buff *skb, struct netlink_callback *cb)
>                         goto out_err;
>                 }
>                 err = br_vlan_dump_dev(dev, skb, cb, dump_flags);
> -               if (err && err != -EMSGSIZE)
> +               /* if the dump completed without an error we return 0 here */
> +               if (err != -EMSGSIZE)
>                         goto out_err;
>         } else {
>                 for_each_netdev_rcu(net, dev) {

LGTM, thank you.
diff mbox series

Patch

diff --git a/net/bridge/br_vlan.c b/net/bridge/br_vlan.c
index 84ba456a78cc..2e606f2b9a4d 100644
--- a/net/bridge/br_vlan.c
+++ b/net/bridge/br_vlan.c
@@ -2013,7 +2013,7 @@  static int br_vlan_rtm_dump(struct sk_buff *skb, struct netlink_callback *cb)
 		dump_flags = nla_get_u32(dtb[BRIDGE_VLANDB_DUMP_FLAGS]);
 
 	rcu_read_lock();
-	if (bvm->ifindex) {
+	if (bvm->ifindex && !s_idx) {
 		dev = dev_get_by_index_rcu(net, bvm->ifindex);
 		if (!dev) {
 			err = -ENODEV;
@@ -2022,7 +2022,9 @@  static int br_vlan_rtm_dump(struct sk_buff *skb, struct netlink_callback *cb)
 		err = br_vlan_dump_dev(dev, skb, cb, dump_flags);
 		if (err && err != -EMSGSIZE)
 			goto out_err;
-	} else {
+		else if (!err)
+			idx++;
+	} else if (!bvm->ifindex) {
 		for_each_netdev_rcu(net, dev) {
 			if (idx < s_idx)
 				goto skip;