Merge branch 'tun-races'
Eric Dumazet says: ==================== tun: address two syzbot reports Small changes addressing races discovered by syzbot. First patch is a cleanup. Second patch moves a mutex init sooner. Third patch makes sure each tfile gets its own napi enable flags. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
commit
2547496eb1
|
|
@ -181,6 +181,7 @@ struct tun_file {
|
|||
};
|
||||
struct napi_struct napi;
|
||||
bool napi_enabled;
|
||||
bool napi_frags_enabled;
|
||||
struct mutex napi_mutex; /* Protects access to the above napi */
|
||||
struct list_head next;
|
||||
struct tun_struct *detached;
|
||||
|
|
@ -313,32 +314,32 @@ static int tun_napi_poll(struct napi_struct *napi, int budget)
|
|||
}
|
||||
|
||||
static void tun_napi_init(struct tun_struct *tun, struct tun_file *tfile,
|
||||
bool napi_en)
|
||||
bool napi_en, bool napi_frags)
|
||||
{
|
||||
tfile->napi_enabled = napi_en;
|
||||
tfile->napi_frags_enabled = napi_en && napi_frags;
|
||||
if (napi_en) {
|
||||
netif_napi_add(tun->dev, &tfile->napi, tun_napi_poll,
|
||||
NAPI_POLL_WEIGHT);
|
||||
napi_enable(&tfile->napi);
|
||||
mutex_init(&tfile->napi_mutex);
|
||||
}
|
||||
}
|
||||
|
||||
static void tun_napi_disable(struct tun_struct *tun, struct tun_file *tfile)
|
||||
static void tun_napi_disable(struct tun_file *tfile)
|
||||
{
|
||||
if (tfile->napi_enabled)
|
||||
napi_disable(&tfile->napi);
|
||||
}
|
||||
|
||||
static void tun_napi_del(struct tun_struct *tun, struct tun_file *tfile)
|
||||
static void tun_napi_del(struct tun_file *tfile)
|
||||
{
|
||||
if (tfile->napi_enabled)
|
||||
netif_napi_del(&tfile->napi);
|
||||
}
|
||||
|
||||
static bool tun_napi_frags_enabled(const struct tun_struct *tun)
|
||||
static bool tun_napi_frags_enabled(const struct tun_file *tfile)
|
||||
{
|
||||
return READ_ONCE(tun->flags) & IFF_NAPI_FRAGS;
|
||||
return tfile->napi_frags_enabled;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_TUN_VNET_CROSS_LE
|
||||
|
|
@ -690,8 +691,8 @@ static void __tun_detach(struct tun_file *tfile, bool clean)
|
|||
tun = rtnl_dereference(tfile->tun);
|
||||
|
||||
if (tun && clean) {
|
||||
tun_napi_disable(tun, tfile);
|
||||
tun_napi_del(tun, tfile);
|
||||
tun_napi_disable(tfile);
|
||||
tun_napi_del(tfile);
|
||||
}
|
||||
|
||||
if (tun && !tfile->detached) {
|
||||
|
|
@ -758,7 +759,7 @@ static void tun_detach_all(struct net_device *dev)
|
|||
for (i = 0; i < n; i++) {
|
||||
tfile = rtnl_dereference(tun->tfiles[i]);
|
||||
BUG_ON(!tfile);
|
||||
tun_napi_disable(tun, tfile);
|
||||
tun_napi_disable(tfile);
|
||||
tfile->socket.sk->sk_shutdown = RCV_SHUTDOWN;
|
||||
tfile->socket.sk->sk_data_ready(tfile->socket.sk);
|
||||
RCU_INIT_POINTER(tfile->tun, NULL);
|
||||
|
|
@ -774,7 +775,7 @@ static void tun_detach_all(struct net_device *dev)
|
|||
synchronize_net();
|
||||
for (i = 0; i < n; i++) {
|
||||
tfile = rtnl_dereference(tun->tfiles[i]);
|
||||
tun_napi_del(tun, tfile);
|
||||
tun_napi_del(tfile);
|
||||
/* Drop read queue */
|
||||
tun_queue_purge(tfile);
|
||||
xdp_rxq_info_unreg(&tfile->xdp_rxq);
|
||||
|
|
@ -793,7 +794,7 @@ static void tun_detach_all(struct net_device *dev)
|
|||
}
|
||||
|
||||
static int tun_attach(struct tun_struct *tun, struct file *file,
|
||||
bool skip_filter, bool napi)
|
||||
bool skip_filter, bool napi, bool napi_frags)
|
||||
{
|
||||
struct tun_file *tfile = file->private_data;
|
||||
struct net_device *dev = tun->dev;
|
||||
|
|
@ -866,7 +867,7 @@ static int tun_attach(struct tun_struct *tun, struct file *file,
|
|||
tun_enable_queue(tfile);
|
||||
} else {
|
||||
sock_hold(&tfile->sk);
|
||||
tun_napi_init(tun, tfile, napi);
|
||||
tun_napi_init(tun, tfile, napi, napi_frags);
|
||||
}
|
||||
|
||||
tun_set_real_num_queues(tun);
|
||||
|
|
@ -1709,7 +1710,7 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile,
|
|||
int err;
|
||||
u32 rxhash = 0;
|
||||
int skb_xdp = 1;
|
||||
bool frags = tun_napi_frags_enabled(tun);
|
||||
bool frags = tun_napi_frags_enabled(tfile);
|
||||
|
||||
if (!(tun->dev->flags & IFF_UP))
|
||||
return -EIO;
|
||||
|
|
@ -2534,7 +2535,8 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
|
|||
return err;
|
||||
|
||||
err = tun_attach(tun, file, ifr->ifr_flags & IFF_NOFILTER,
|
||||
ifr->ifr_flags & IFF_NAPI);
|
||||
ifr->ifr_flags & IFF_NAPI,
|
||||
ifr->ifr_flags & IFF_NAPI_FRAGS);
|
||||
if (err < 0)
|
||||
return err;
|
||||
|
||||
|
|
@ -2632,7 +2634,8 @@ static int tun_set_iff(struct net *net, struct file *file, struct ifreq *ifr)
|
|||
(ifr->ifr_flags & TUN_FEATURES);
|
||||
|
||||
INIT_LIST_HEAD(&tun->disabled);
|
||||
err = tun_attach(tun, file, false, ifr->ifr_flags & IFF_NAPI);
|
||||
err = tun_attach(tun, file, false, ifr->ifr_flags & IFF_NAPI,
|
||||
ifr->ifr_flags & IFF_NAPI_FRAGS);
|
||||
if (err < 0)
|
||||
goto err_free_flow;
|
||||
|
||||
|
|
@ -2781,7 +2784,8 @@ static int tun_set_queue(struct file *file, struct ifreq *ifr)
|
|||
ret = security_tun_dev_attach_queue(tun->security);
|
||||
if (ret < 0)
|
||||
goto unlock;
|
||||
ret = tun_attach(tun, file, false, tun->flags & IFF_NAPI);
|
||||
ret = tun_attach(tun, file, false, tun->flags & IFF_NAPI,
|
||||
tun->flags & IFF_NAPI_FRAGS);
|
||||
} else if (ifr->ifr_flags & IFF_DETACH_QUEUE) {
|
||||
tun = rtnl_dereference(tfile->tun);
|
||||
if (!tun || !(tun->flags & IFF_MULTI_QUEUE) || tfile->detached)
|
||||
|
|
@ -3199,6 +3203,7 @@ static int tun_chr_open(struct inode *inode, struct file * file)
|
|||
return -ENOMEM;
|
||||
}
|
||||
|
||||
mutex_init(&tfile->napi_mutex);
|
||||
RCU_INIT_POINTER(tfile->tun, NULL);
|
||||
tfile->flags = 0;
|
||||
tfile->ifindex = 0;
|
||||
|
|
|
|||
Loading…
Reference in New Issue