Commit 8e9eacad authored by Paolo Abeni's avatar Paolo Abeni Committed by Jakub Kicinski

mptcp: fix msk traversal in mptcp_nl_cmd_set_flags()

The MPTCP endpoint list is under RCU protection, guarded by the
pernet spinlock. mptcp_nl_cmd_set_flags() traverses the list
without acquiring the spin-lock nor under the RCU critical section.

This change addresses the issue performing the lookup and the endpoint
update under the pernet spinlock.

Fixes: 0f9f696a ("mptcp: add set_flags command in PM netlink")
Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
Signed-off-by: default avatarMat Martineau <mathew.j.martineau@linux.intel.com>
Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 6f97fde8
...@@ -478,6 +478,20 @@ __lookup_addr_by_id(struct pm_nl_pernet *pernet, unsigned int id) ...@@ -478,6 +478,20 @@ __lookup_addr_by_id(struct pm_nl_pernet *pernet, unsigned int id)
return NULL; return NULL;
} }
static struct mptcp_pm_addr_entry *
__lookup_addr(struct pm_nl_pernet *pernet, const struct mptcp_addr_info *info,
bool lookup_by_id)
{
struct mptcp_pm_addr_entry *entry;
list_for_each_entry(entry, &pernet->local_addr_list, list) {
if ((!lookup_by_id && addresses_equal(&entry->addr, info, true)) ||
(lookup_by_id && entry->addr.id == info->id))
return entry;
}
return NULL;
}
static int static int
lookup_id_by_addr(struct pm_nl_pernet *pernet, const struct mptcp_addr_info *addr) lookup_id_by_addr(struct pm_nl_pernet *pernet, const struct mptcp_addr_info *addr)
{ {
...@@ -1763,18 +1777,21 @@ static int mptcp_nl_cmd_set_flags(struct sk_buff *skb, struct genl_info *info) ...@@ -1763,18 +1777,21 @@ static int mptcp_nl_cmd_set_flags(struct sk_buff *skb, struct genl_info *info)
return -EOPNOTSUPP; return -EOPNOTSUPP;
} }
list_for_each_entry(entry, &pernet->local_addr_list, list) { spin_lock_bh(&pernet->lock);
if ((!lookup_by_id && addresses_equal(&entry->addr, &addr.addr, true)) || entry = __lookup_addr(pernet, &addr.addr, lookup_by_id);
(lookup_by_id && entry->addr.id == addr.addr.id)) { if (!entry) {
mptcp_nl_addr_backup(net, &entry->addr, bkup); spin_unlock_bh(&pernet->lock);
return -EINVAL;
if (bkup)
entry->flags |= MPTCP_PM_ADDR_FLAG_BACKUP;
else
entry->flags &= ~MPTCP_PM_ADDR_FLAG_BACKUP;
}
} }
if (bkup)
entry->flags |= MPTCP_PM_ADDR_FLAG_BACKUP;
else
entry->flags &= ~MPTCP_PM_ADDR_FLAG_BACKUP;
addr = *entry;
spin_unlock_bh(&pernet->lock);
mptcp_nl_addr_backup(net, &addr.addr, bkup);
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment