Message ID | 20230403194959.48928-3-kuniyu@amazon.com (mailing list archive) |
---|---|
State | Accepted |
Commit | ab5fb73ffa01072b4d8031cc05801fa1cb653bee |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | raw/ping: Fix locking in /proc/net/{raw,icmp}. | expand |
On Mon, Apr 3, 2023 at 9:51 PM Kuniyuki Iwashima <kuniyu@amazon.com> wrote: > > After commit dbca1596bbb0 ("ping: convert to RCU lookups, get rid > of rwlock"), we use RCU for ping sockets, but we should use spinlock > for /proc/net/icmp to avoid a potential NULL deref mentioned in > the previous patch. > > Let's go back to using spinlock there. > > Note we can convert ping sockets to use hlist instead of hlist_nulls > because we do not use SLAB_TYPESAFE_BY_RCU for ping sockets. Yes, this could be done later if we care enough. > > Fixes: dbca1596bbb0 ("ping: convert to RCU lookups, get rid of rwlock") > Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> > --- Reviewed-by: Eric Dumazet <edumazet@google.com> Thanks !
diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c index 409ec2a1f95b..5178a3f3cb53 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -1089,13 +1089,13 @@ static struct sock *ping_get_idx(struct seq_file *seq, loff_t pos) } void *ping_seq_start(struct seq_file *seq, loff_t *pos, sa_family_t family) - __acquires(RCU) + __acquires(ping_table.lock) { struct ping_iter_state *state = seq->private; state->bucket = 0; state->family = family; - rcu_read_lock(); + spin_lock(&ping_table.lock); return *pos ? ping_get_idx(seq, *pos-1) : SEQ_START_TOKEN; } @@ -1121,9 +1121,9 @@ void *ping_seq_next(struct seq_file *seq, void *v, loff_t *pos) EXPORT_SYMBOL_GPL(ping_seq_next); void ping_seq_stop(struct seq_file *seq, void *v) - __releases(RCU) + __releases(ping_table.lock) { - rcu_read_unlock(); + spin_unlock(&ping_table.lock); } EXPORT_SYMBOL_GPL(ping_seq_stop);
After commit dbca1596bbb0 ("ping: convert to RCU lookups, get rid of rwlock"), we use RCU for ping sockets, but we should use spinlock for /proc/net/icmp to avoid a potential NULL deref mentioned in the previous patch. Let's go back to using spinlock there. Note we can convert ping sockets to use hlist instead of hlist_nulls because we do not use SLAB_TYPESAFE_BY_RCU for ping sockets. Fixes: dbca1596bbb0 ("ping: convert to RCU lookups, get rid of rwlock") Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com> --- net/ipv4/ping.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-)