Commit 497c615a authored by Herbert Xu's avatar Herbert Xu Committed by David S. Miller

[IPV6]: Audit all ip6_dst_lookup/ip6_dst_store calls

The current users of ip6_dst_lookup can be divided into two classes:

1) The caller holds no locks and is in user-context (UDP).
2) The caller does not want to lookup the dst cache at all.

The second class covers everyone except UDP because most people do
the cache lookup directly before calling ip6_dst_lookup.  This patch
adds ip6_sk_dst_lookup for the first class.

Similarly ip6_dst_store users can be divded into those that need to
take the socket dst lock and those that don't.  This patch adds
__ip6_dst_store for those (everyone except UDP/datagram) that don't
need an extra lock.
Signed-off-by: default avatarHerbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 679e898a
...@@ -139,16 +139,22 @@ extern rwlock_t rt6_lock; ...@@ -139,16 +139,22 @@ extern rwlock_t rt6_lock;
/* /*
* Store a destination cache entry in a socket * Store a destination cache entry in a socket
*/ */
static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst, static inline void __ip6_dst_store(struct sock *sk, struct dst_entry *dst,
struct in6_addr *daddr) struct in6_addr *daddr)
{ {
struct ipv6_pinfo *np = inet6_sk(sk); struct ipv6_pinfo *np = inet6_sk(sk);
struct rt6_info *rt = (struct rt6_info *) dst; struct rt6_info *rt = (struct rt6_info *) dst;
write_lock(&sk->sk_dst_lock);
sk_setup_caps(sk, dst); sk_setup_caps(sk, dst);
np->daddr_cache = daddr; np->daddr_cache = daddr;
np->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0; np->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0;
}
static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst,
struct in6_addr *daddr)
{
write_lock(&sk->sk_dst_lock);
__ip6_dst_store(sk, dst, daddr);
write_unlock(&sk->sk_dst_lock); write_unlock(&sk->sk_dst_lock);
} }
......
...@@ -468,6 +468,9 @@ extern void ip6_flush_pending_frames(struct sock *sk); ...@@ -468,6 +468,9 @@ extern void ip6_flush_pending_frames(struct sock *sk);
extern int ip6_dst_lookup(struct sock *sk, extern int ip6_dst_lookup(struct sock *sk,
struct dst_entry **dst, struct dst_entry **dst,
struct flowi *fl); struct flowi *fl);
extern int ip6_sk_dst_lookup(struct sock *sk,
struct dst_entry **dst,
struct flowi *fl);
/* /*
* skb processing functions * skb processing functions
......
...@@ -230,7 +230,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr, ...@@ -230,7 +230,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
ipv6_addr_copy(&np->saddr, saddr); ipv6_addr_copy(&np->saddr, saddr);
inet->rcv_saddr = LOOPBACK4_IPV6; inet->rcv_saddr = LOOPBACK4_IPV6;
ip6_dst_store(sk, dst, NULL); __ip6_dst_store(sk, dst, NULL);
icsk->icsk_ext_hdr_len = 0; icsk->icsk_ext_hdr_len = 0;
if (np->opt != NULL) if (np->opt != NULL)
...@@ -863,7 +863,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk, ...@@ -863,7 +863,7 @@ static struct sock *dccp_v6_request_recv_sock(struct sock *sk,
* comment in that function for the gory details. -acme * comment in that function for the gory details. -acme
*/ */
ip6_dst_store(newsk, dst, NULL); __ip6_dst_store(newsk, dst, NULL);
newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM | newsk->sk_route_caps = dst->dev->features & ~(NETIF_F_IP_CSUM |
NETIF_F_TSO); NETIF_F_TSO);
newdp6 = (struct dccp6_sock *)newsk; newdp6 = (struct dccp6_sock *)newsk;
......
...@@ -658,7 +658,7 @@ int inet6_sk_rebuild_header(struct sock *sk) ...@@ -658,7 +658,7 @@ int inet6_sk_rebuild_header(struct sock *sk)
return err; return err;
} }
ip6_dst_store(sk, dst, NULL); __ip6_dst_store(sk, dst, NULL);
} }
return 0; return 0;
......
...@@ -185,7 +185,7 @@ int inet6_csk_xmit(struct sk_buff *skb, int ipfragok) ...@@ -185,7 +185,7 @@ int inet6_csk_xmit(struct sk_buff *skb, int ipfragok)
return err; return err;
} }
ip6_dst_store(sk, dst, NULL); __ip6_dst_store(sk, dst, NULL);
} }
skb->dst = dst_clone(dst); skb->dst = dst_clone(dst);
......
...@@ -723,48 +723,51 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *)) ...@@ -723,48 +723,51 @@ static int ip6_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *))
return err; return err;
} }
int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl) static struct dst_entry *ip6_sk_dst_check(struct sock *sk,
struct dst_entry *dst,
struct flowi *fl)
{ {
int err = 0; struct ipv6_pinfo *np = inet6_sk(sk);
struct rt6_info *rt = (struct rt6_info *)dst;
*dst = NULL; if (!dst)
if (sk) { goto out;
struct ipv6_pinfo *np = inet6_sk(sk);
/* Yes, checking route validity in not connected
*dst = sk_dst_check(sk, np->dst_cookie); * case is not very simple. Take into account,
if (*dst) { * that we do not support routing by source, TOS,
struct rt6_info *rt = (struct rt6_info*)*dst; * and MSG_DONTROUTE --ANK (980726)
*
/* Yes, checking route validity in not connected * 1. If route was host route, check that
* case is not very simple. Take into account, * cached destination is current.
* that we do not support routing by source, TOS, * If it is network route, we still may
* and MSG_DONTROUTE --ANK (980726) * check its validity using saved pointer
* * to the last used address: daddr_cache.
* 1. If route was host route, check that * We do not want to save whole address now,
* cached destination is current. * (because main consumer of this service
* If it is network route, we still may * is tcp, which has not this problem),
* check its validity using saved pointer * so that the last trick works only on connected
* to the last used address: daddr_cache. * sockets.
* We do not want to save whole address now, * 2. oif also should be the same.
* (because main consumer of this service */
* is tcp, which has not this problem), if (((rt->rt6i_dst.plen != 128 ||
* so that the last trick works only on connected !ipv6_addr_equal(&fl->fl6_dst, &rt->rt6i_dst.addr))
* sockets. && (np->daddr_cache == NULL ||
* 2. oif also should be the same. !ipv6_addr_equal(&fl->fl6_dst, np->daddr_cache)))
*/ || (fl->oif && fl->oif != dst->dev->ifindex)) {
if (((rt->rt6i_dst.plen != 128 || dst_release(dst);
!ipv6_addr_equal(&fl->fl6_dst, dst = NULL;
&rt->rt6i_dst.addr))
&& (np->daddr_cache == NULL ||
!ipv6_addr_equal(&fl->fl6_dst,
np->daddr_cache)))
|| (fl->oif && fl->oif != (*dst)->dev->ifindex)) {
dst_release(*dst);
*dst = NULL;
}
}
} }
out:
return dst;
}
static int ip6_dst_lookup_tail(struct sock *sk,
struct dst_entry **dst, struct flowi *fl)
{
int err;
if (*dst == NULL) if (*dst == NULL)
*dst = ip6_route_output(sk, fl); *dst = ip6_route_output(sk, fl);
...@@ -773,7 +776,6 @@ int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl) ...@@ -773,7 +776,6 @@ int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
if (ipv6_addr_any(&fl->fl6_src)) { if (ipv6_addr_any(&fl->fl6_src)) {
err = ipv6_get_saddr(*dst, &fl->fl6_dst, &fl->fl6_src); err = ipv6_get_saddr(*dst, &fl->fl6_dst, &fl->fl6_src);
if (err) if (err)
goto out_err_release; goto out_err_release;
} }
...@@ -786,8 +788,48 @@ int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl) ...@@ -786,8 +788,48 @@ int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
return err; return err;
} }
/**
* ip6_dst_lookup - perform route lookup on flow
* @sk: socket which provides route info
* @dst: pointer to dst_entry * for result
* @fl: flow to lookup
*
* This function performs a route lookup on the given flow.
*
* It returns zero on success, or a standard errno code on error.
*/
int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
{
*dst = NULL;
return ip6_dst_lookup_tail(sk, dst, fl);
}
EXPORT_SYMBOL_GPL(ip6_dst_lookup); EXPORT_SYMBOL_GPL(ip6_dst_lookup);
/**
* ip6_sk_dst_lookup - perform socket cached route lookup on flow
* @sk: socket which provides the dst cache and route info
* @dst: pointer to dst_entry * for result
* @fl: flow to lookup
*
* This function performs a route lookup on the given flow with the
* possibility of using the cached route in the socket if it is valid.
* It will take the socket dst lock when operating on the dst cache.
* As a result, this function can only be used in process context.
*
* It returns zero on success, or a standard errno code on error.
*/
int ip6_sk_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
{
*dst = NULL;
if (sk) {
*dst = sk_dst_check(sk, inet6_sk(sk)->dst_cookie);
*dst = ip6_sk_dst_check(sk, *dst, fl);
}
return ip6_dst_lookup_tail(sk, dst, fl);
}
EXPORT_SYMBOL_GPL(ip6_sk_dst_lookup);
static inline int ip6_ufo_append_data(struct sock *sk, static inline int ip6_ufo_append_data(struct sock *sk,
int getfrag(void *from, char *to, int offset, int len, int getfrag(void *from, char *to, int offset, int len,
int odd, struct sk_buff *skb), int odd, struct sk_buff *skb),
......
...@@ -270,7 +270,7 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr, ...@@ -270,7 +270,7 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
inet->rcv_saddr = LOOPBACK4_IPV6; inet->rcv_saddr = LOOPBACK4_IPV6;
sk->sk_gso_type = SKB_GSO_TCPV6; sk->sk_gso_type = SKB_GSO_TCPV6;
ip6_dst_store(sk, dst, NULL); __ip6_dst_store(sk, dst, NULL);
icsk->icsk_ext_hdr_len = 0; icsk->icsk_ext_hdr_len = 0;
if (np->opt) if (np->opt)
...@@ -947,7 +947,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb, ...@@ -947,7 +947,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
*/ */
sk->sk_gso_type = SKB_GSO_TCPV6; sk->sk_gso_type = SKB_GSO_TCPV6;
ip6_dst_store(newsk, dst, NULL); __ip6_dst_store(newsk, dst, NULL);
newtcp6sk = (struct tcp6_sock *)newsk; newtcp6sk = (struct tcp6_sock *)newsk;
inet_sk(newsk)->pinet6 = &newtcp6sk->inet6; inet_sk(newsk)->pinet6 = &newtcp6sk->inet6;
......
...@@ -782,7 +782,7 @@ static int udpv6_sendmsg(struct kiocb *iocb, struct sock *sk, ...@@ -782,7 +782,7 @@ static int udpv6_sendmsg(struct kiocb *iocb, struct sock *sk,
connected = 0; connected = 0;
} }
err = ip6_dst_lookup(sk, &dst, fl); err = ip6_sk_dst_lookup(sk, &dst, fl);
if (err) if (err)
goto out; goto out;
if (final_p) if (final_p)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment