linux/net/core
Chinmay Agarwal eb4e8fac00 neighbour: Prevent a dead entry from updating gc_list
Following race condition was detected:
<CPU A, t0> - neigh_flush_dev() is under execution and calls
neigh_mark_dead(n) marking the neighbour entry 'n' as dead.

<CPU B, t1> - Executing: __netif_receive_skb() ->
__netif_receive_skb_core() -> arp_rcv() -> arp_process().arp_process()
calls __neigh_lookup() which takes a reference on neighbour entry 'n'.

<CPU A, t2> - Moves further along neigh_flush_dev() and calls
neigh_cleanup_and_release(n), but since reference count increased in t2,
'n' couldn't be destroyed.

<CPU B, t3> - Moves further along, arp_process() and calls
neigh_update()-> __neigh_update() -> neigh_update_gc_list(), which adds
the neighbour entry back in gc_list(neigh_mark_dead(), removed it
earlier in t0 from gc_list)

<CPU B, t4> - arp_process() finally calls neigh_release(n), destroying
the neighbour entry.

This leads to 'n' still being part of gc_list, but the actual
neighbour structure has been freed.

The situation can be prevented from happening if we disallow a dead
entry to have any possibility of updating gc_list. This is what the
patch intends to achieve.

Fixes: 9c29a2f55e ("neighbor: Fix locking order for gc_list changes")
Signed-off-by: Chinmay Agarwal <chinagar@codeaurora.org>
Reviewed-by: Cong Wang <xiyou.wangcong@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20210127165453.GA20514@chinagar-linux.qualcomm.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-30 11:09:07 -08:00
..
bpf_sk_storage.c bpf: Expose bpf_sk_storage_* to iterator programs 2020-12-04 22:32:40 +01:00
datagram.c net: datagram: fix some kernel-doc markups 2020-11-17 14:15:03 -08:00
datagram.h
dev_addr_lists.c net: core: add nested_level variable in net_device 2020-09-28 15:00:15 -07:00
dev_ioctl.c net: dev_ioctl: remove redundant initialization of variable err 2020-11-03 17:49:26 -08:00
dev.c net: Disable NETIF_F_HW_TLS_RX when RXCSUM is disabled 2021-01-19 15:58:05 -08:00
devlink.c net: core: devlink: use right genl user_ptr when handling port param get/set 2021-01-19 11:45:41 -08:00
drop_monitor.c genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
dst_cache.c
dst.c net: Correct the comment of dst_dev_put() 2020-09-10 13:28:57 -07:00
failover.c
fib_notifier.c
fib_rules.c treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
filter.c bpf: Only provide bpf_sock_from_file with CONFIG_NET 2020-12-08 18:23:36 -08:00
flow_dissector.c net: core: fix spelling typo in flow_dissector.c 2020-11-07 15:52:21 -08:00
flow_offload.c net: flow_offload: Fix memory leak for indirect flow block 2020-12-09 16:08:33 -08:00
gen_estimator.c net_sched: gen_estimator: support large ewma log 2021-01-15 18:11:06 -08:00
gen_stats.c docs: networking: convert gen_stats.txt to ReST 2020-04-28 14:39:46 -07:00
gro_cells.c gro_cells: reduce number of synchronize_net() calls 2020-11-25 11:28:12 -08:00
hwbm.c
link_watch.c net: Add IF_OPER_TESTING 2020-04-20 12:43:24 -07:00
lwt_bpf.c lwt_bpf: Replace preempt_disable() with migrate_disable() 2020-12-07 11:53:40 -08:00
lwtunnel.c net: ipv6: add rpl sr tunnel 2020-03-29 22:30:57 -07:00
Makefile
neighbour.c neighbour: Prevent a dead entry from updating gc_list 2021-01-30 11:09:07 -08:00
net_namespace.c fixes-v5.11 2020-12-14 16:40:27 -08:00
net-procfs.c net-sysfs: add backlog len and CPU id to softnet data 2020-09-21 13:56:37 -07:00
net-sysfs.c net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc 2020-12-28 13:26:46 -08:00
net-sysfs.h
net-traces.c
netclassid_cgroup.c net: Remove the err argument from sock_from_file 2020-12-04 22:32:40 +01:00
netevent.c
netpoll.c net: Have netpoll bring-up DSA management interface 2020-11-18 11:04:11 -08:00
netprio_cgroup.c net: Remove the err argument from sock_from_file 2020-12-04 22:32:40 +01:00
page_pool.c net: page_pool: Add bulk support for ptr_ring 2020-11-14 02:29:00 +01:00
pktgen.c pktgen: Fix inconsistent of format with argument type in pktgen.c 2020-10-01 18:45:23 -07:00
ptp_classifier.c ptp: Add generic ptp v2 header parsing function 2020-08-19 16:07:49 -07:00
request_sock.c
rtnetlink.c net: make free_netdev() more lenient with unregistering devices 2021-01-08 19:27:41 -08:00
scm.c fs: Add receive_fd() wrapper for __receive_fd() 2020-07-13 11:03:44 -07:00
secure_seq.c crypto: lib/sha1 - remove unnecessary includes of linux/cryptohash.h 2020-05-08 15:32:17 +10:00
skbuff.c skbuff: back tiny skbs with kmalloc() in __netdev_alloc_skb() too 2021-01-16 19:02:04 -08:00
skmsg.c bpf, sockmap: Avoid failures from skb_to_sgvec when skb has frag_list 2020-11-18 00:14:04 +01:00
sock_diag.c bpf, net: Rework cookie generator as per-cpu one 2020-09-30 11:50:35 -07:00
sock_map.c bpf: Eliminate rlimit-based memory accounting for sockmap and sockhash maps 2020-12-02 18:32:47 -08:00
sock_reuseport.c udp: Prevent reuseport_select_sock from reading uninitialized socks 2021-01-08 19:15:40 -08:00
sock.c net: Remove the err argument from sock_from_file 2020-12-04 22:32:40 +01:00
stream.c
sysctl_net_core.c net: add option to not create fall-back tunnels in root-ns as well 2020-08-28 06:52:44 -07:00
timestamping.c
tso.c net: tso: add UDP segmentation support 2020-06-18 20:46:23 -07:00
utils.c
xdp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-12-11 22:29:38 -08:00