From patchwork Wed Sep 4 11:49:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= X-Patchwork-Id: 1157617 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="QpckPe4T"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46Nhv062BXz9sDQ for ; Wed, 4 Sep 2019 21:49:32 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729415AbfIDLtc (ORCPT ); Wed, 4 Sep 2019 07:49:32 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:43115 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725829AbfIDLtc (ORCPT ); Wed, 4 Sep 2019 07:49:32 -0400 Received: by mail-pg1-f195.google.com with SMTP id u72so6930583pgb.10; Wed, 04 Sep 2019 04:49:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Rf5cm9DW3GYmLUhGmmReL+VRthRlK1ZY0sLaJ4jk6OE=; b=QpckPe4Tlgmy8GgSZme52KHTZXB3Vn0gU7/fatjHnpornjVrV5ShUyuUF1Q3SL6nqO guOyMAxl3agY7npQwHxhI7KAuHQ9oCj7arnnScXSF2Jz8U2IrFXC29YLm+0eJL5rJK7u 0GTc/vGnL0VQZ9lb90O5cUjP/fubJpqJboaX69qIH+iDNEcnYoWPEs3D/W7ShZHKwkTg cvGYJOJSKBYF0sNL1Si2KLxwpbqJnfeMOz2kytdZ5xuBAllL7bpfTWDbyNlzFQ62p4xK CDQiMGizlj1Wd/kLfA1JI+rlT2RMgqyWvQYuC/I/675dCb9s053RswWiFj29IcvtPB+R QvUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Rf5cm9DW3GYmLUhGmmReL+VRthRlK1ZY0sLaJ4jk6OE=; b=PVI9d6QWxW2WqmHKi2mvJHYkrvNZGa/eYjNrp34bHPUueZ4QxsD2mu5Y5HJD4y2zxK 5iIwgyAyVFmoSgAmBSiihw5eOvi7JAHalaNChAXSdB7zY2/o8QwgZ6BUTRxeQUOLdJnC wxlgyZsxtPgwTwbv866z8bCTURlgNrjmLyNNVDv6r6LyzS/DGZIQLfgNUSW4sbRlftfp 3QfK0cXmNDXLPXQA8cmcGfVuUI0WTk1ZDtHLDF/uVM/7upzgUBiskIOD3X1nNscjPpO4 8GCbpLP6wepPodcv/nC/8UqoJVrlqIapDx2guBf74g7rHnCkvEYiCaJJUP9Ozw/zndKQ JCWQ== X-Gm-Message-State: APjAAAVHmpxJiLi7RPjvJaOnFFSINq3hjTc6M6RW1W3lr7ba/7IORJ8a L9jDiBR6Riz7qzVnX1iJ5A4= X-Google-Smtp-Source: APXvYqwun13qkIqsxwyOUGIoOqs+AD/fNEIQv/hADdErW6Gp3/ZUOfbbIp7onSS1ULyarcpvYBoyxQ== X-Received: by 2002:a62:75d2:: with SMTP id q201mr10033584pfc.43.1567597771654; Wed, 04 Sep 2019 04:49:31 -0700 (PDT) Received: from btopel-mobl.ger.intel.com (fmdmzpr04-ext.fm.intel.com. [192.55.54.39]) by smtp.gmail.com with ESMTPSA id b126sm48257008pfa.177.2019.09.04.04.49.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Sep 2019 04:49:31 -0700 (PDT) From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= To: ast@kernel.org, daniel@iogearbox.net, netdev@vger.kernel.org Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , magnus.karlsson@intel.com, magnus.karlsson@gmail.com, bpf@vger.kernel.org, jonathan.lemon@gmail.com, syzbot+c82697e3043781e08802@syzkaller.appspotmail.com, hdanton@sina.com, i.maximets@samsung.com Subject: [PATCH bpf-next v3 1/4] xsk: avoid store-tearing when assigning queues Date: Wed, 4 Sep 2019 13:49:10 +0200 Message-Id: <20190904114913.17217-2-bjorn.topel@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190904114913.17217-1-bjorn.topel@gmail.com> References: <20190904114913.17217-1-bjorn.topel@gmail.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: Björn Töpel Use WRITE_ONCE when doing the store of tx, rx, fq, and cq, to avoid potential store-tearing. These members are read outside of the control mutex in the mmap implementation. Acked-by: Jonathan Lemon Fixes: 37b076933a8e ("xsk: add missing write- and data-dependency barrier") Signed-off-by: Björn Töpel --- net/xdp/xsk.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c index 187fd157fcff..271d8d3fb11e 100644 --- a/net/xdp/xsk.c +++ b/net/xdp/xsk.c @@ -434,7 +434,7 @@ static int xsk_init_queue(u32 entries, struct xsk_queue **queue, /* Make sure queue is ready before it can be seen by others */ smp_wmb(); - *queue = q; + WRITE_ONCE(*queue, q); return 0; } From patchwork Wed Sep 4 11:49:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= X-Patchwork-Id: 1157619 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="oNK7pr2b"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46Nhv53g6tz9sDQ for ; Wed, 4 Sep 2019 21:49:37 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729680AbfIDLth (ORCPT ); Wed, 4 Sep 2019 07:49:37 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:41397 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725829AbfIDLtg (ORCPT ); Wed, 4 Sep 2019 07:49:36 -0400 Received: by mail-pf1-f194.google.com with SMTP id b13so6451366pfo.8; Wed, 04 Sep 2019 04:49:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=PhC+V7Rf7TTz8H2JUPUgYNKFdLz/YcQTKpjwR+VAvpI=; b=oNK7pr2bi47NmjHoVwWKbZbff0GNxRWL7NmJXJtp85NZuHJV3lwwNElFpeQmMM0LUQ tSHM+KzJVbrHgYnAFRf2+xNkNlUrjQDC1MAkviOVTUz2PiNbmclhQmKNpZnLeCAoMFQT RAg+ynuDpEsTrYCqAprXqN8eIdVxsA1Fk54gaLvkVbjmwFJxWVxEao+JVF9QNMKRSN/i VCD54K+aiehraCgJvt9a+cich2NAichMwsMQr5WdyboZl2Kbg43uhqCDGVnqVexdpDMs qHfhU2qJ+CwlPjkL5dDBVddEQdwe/qCOGs39kc69MWx+Zr1Y4FfzAhmp3SUwOfxluIgO cgpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=PhC+V7Rf7TTz8H2JUPUgYNKFdLz/YcQTKpjwR+VAvpI=; b=j+SIHAQsgqBZ2twOfj23dPyylA8Ga5VSOKx8FbvDGCk4mxya1JivnI67k9s64YL66g QvHWfw+YuEV6P4lnfMjWsH6gvPIJop79cZNd6fn+z5ffGmJsQWPPq7fkHOecBbB1go36 H3gF0pCiEvjIJvuvweO3r5b2XW1z3JP+02Vl3Luwjkx6Zy1PcOM5e148AiWtVM1+L3i5 Iyaw6QEQn/UKgJNm0LVGiBoynroCrWh2zxQh0zYUHBhbvSVqb/MC7Z6QzkYOyaHqlGHQ B8NZR2TnVxci/cGfcCJV1IgLgX7Ulw/cin8nRun/rE5s515mDSzjzhBn5eDiptGgVGqw WDVQ== X-Gm-Message-State: APjAAAWznMttF/CQn59EpwjYqEgrfMlNuGp+gdUxnL3XQE73QJSZH+IC HBRbA2IcG/SNPRNS1zOG/pE= X-Google-Smtp-Source: APXvYqwOQ4P62a/xI+2UdjN0O8uzgO3mZqsWPPmRZTNaKmZBYzdpb9u4kAkg8Xolr2XRfOn/v4PqIA== X-Received: by 2002:aa7:9190:: with SMTP id x16mr15892340pfa.132.1567597776255; Wed, 04 Sep 2019 04:49:36 -0700 (PDT) Received: from btopel-mobl.ger.intel.com (fmdmzpr04-ext.fm.intel.com. [192.55.54.39]) by smtp.gmail.com with ESMTPSA id b126sm48257008pfa.177.2019.09.04.04.49.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Sep 2019 04:49:35 -0700 (PDT) From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= To: ast@kernel.org, daniel@iogearbox.net, netdev@vger.kernel.org Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , magnus.karlsson@intel.com, magnus.karlsson@gmail.com, bpf@vger.kernel.org, jonathan.lemon@gmail.com, syzbot+c82697e3043781e08802@syzkaller.appspotmail.com, hdanton@sina.com, i.maximets@samsung.com Subject: [PATCH bpf-next v3 2/4] xsk: avoid store-tearing when assigning umem Date: Wed, 4 Sep 2019 13:49:11 +0200 Message-Id: <20190904114913.17217-3-bjorn.topel@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190904114913.17217-1-bjorn.topel@gmail.com> References: <20190904114913.17217-1-bjorn.topel@gmail.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: Björn Töpel The umem member of struct xdp_sock is read outside of the control mutex, in the mmap implementation, and needs a WRITE_ONCE to avoid potential store-tearing. Acked-by: Jonathan Lemon Fixes: 423f38329d26 ("xsk: add umem fill queue support and mmap") Signed-off-by: Björn Töpel --- net/xdp/xsk.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c index 271d8d3fb11e..8c9056f06989 100644 --- a/net/xdp/xsk.c +++ b/net/xdp/xsk.c @@ -644,7 +644,7 @@ static int xsk_bind(struct socket *sock, struct sockaddr *addr, int addr_len) } xdp_get_umem(umem_xs->umem); - xs->umem = umem_xs->umem; + WRITE_ONCE(xs->umem, umem_xs->umem); sockfd_put(sock); } else if (!xs->umem || !xdp_umem_validate_queues(xs->umem)) { err = -EINVAL; @@ -751,7 +751,7 @@ static int xsk_setsockopt(struct socket *sock, int level, int optname, /* Make sure umem is ready before it can be seen by others */ smp_wmb(); - xs->umem = umem; + WRITE_ONCE(xs->umem, umem); mutex_unlock(&xs->mutex); return 0; } From patchwork Wed Sep 4 11:49:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= X-Patchwork-Id: 1157621 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: incoming-bpf@patchwork.ozlabs.org Delivered-To: patchwork-incoming-bpf@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=bpf-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="nIu6h6KL"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46NhvB21GYz9sNT for ; Wed, 4 Sep 2019 21:49:42 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729664AbfIDLtl (ORCPT ); Wed, 4 Sep 2019 07:49:41 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:33466 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729741AbfIDLtk (ORCPT ); Wed, 4 Sep 2019 07:49:40 -0400 Received: by mail-pf1-f193.google.com with SMTP id q10so8028363pfl.0; Wed, 04 Sep 2019 04:49:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=JL4I7qJK1zHSi0GRrPR9nlrsbzmktVefiaQA4nZlrlw=; b=nIu6h6KLuq6Z+MtxcgPMv+wPSoUNkbj968x5Y1t3TH2wuTl7VmOLWcvzhZto6lvOhi dtOLjtvK4S/NNM6t0Ot6Nv695zGNzeyKDgUJXkjCV7zgVcrJ9gtiIjDPBIOZnPolDcSA ZD1OF90ZzifXV8HPFYeqayUIVj4frr7N3MsBSzrGeY6+8BMWL8+nDUIb6OrTAFNZJUwR DtaLnJWpybv77sI/Ksa5JqDe4gSEnH33GEzjpZzRnayZYG9cpvXE+zAiA3HoxNA0b/cU Wf0mkY1atg0XxIfbtj9EGnkJg+WCDlGn5LIZJDrMdEMhi3JuESW4L79nHPmJZ1Btfx3b J1cA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=JL4I7qJK1zHSi0GRrPR9nlrsbzmktVefiaQA4nZlrlw=; b=KFPLIlfrAKbkzOI7z6+cF5dHBm89LfNP6zkdXhJr+gBeUIXiu8Vj/t8bngJG8EMZYw yCRaaT+h5kfM6SXiNPLUJTmMNNTvXOCbAWnxmXew4vTNUNgZEg7JmYfZXmjMYeR3P45G sTV1Vsl/mPzcdvAMnyPewX05vJAkfAOusF6cZv+bqtcH09xLtIPbP9hMcidR0ac3ggUs Sun3JONRr8+mpX6aNIxMv0gOmLIDaGIuIHr28tn0S3+/gQgaPfj05F+27UZwRJa41umQ /fxFfUEjLs5GBGElcFZoukDxOkVXVdw5WbSUUZVSg4j8In3r8GlQAuJKbCoDbla8O/gO l14g== X-Gm-Message-State: APjAAAX89kvg3IH+Jn978vKGpPcQG1CmZuYTSOdMOkBFN1t7JMYsCKZK VfwHPX7i2DJvrU8K/15saTU= X-Google-Smtp-Source: APXvYqx7DxpIowBefikDeI3MT9xUqQsb/Fyc2npFDukKFRamw9d9Pi/VR+n291Q9z208QdsgkL8vRQ== X-Received: by 2002:aa7:83d1:: with SMTP id j17mr39346096pfn.35.1567597779950; Wed, 04 Sep 2019 04:49:39 -0700 (PDT) Received: from btopel-mobl.ger.intel.com (fmdmzpr04-ext.fm.intel.com. [192.55.54.39]) by smtp.gmail.com with ESMTPSA id b126sm48257008pfa.177.2019.09.04.04.49.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Sep 2019 04:49:39 -0700 (PDT) From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= To: ast@kernel.org, daniel@iogearbox.net, netdev@vger.kernel.org Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , magnus.karlsson@intel.com, magnus.karlsson@gmail.com, bpf@vger.kernel.org, jonathan.lemon@gmail.com, syzbot+c82697e3043781e08802@syzkaller.appspotmail.com, hdanton@sina.com, i.maximets@samsung.com Subject: [PATCH bpf-next v3 3/4] xsk: use state member for socket synchronization Date: Wed, 4 Sep 2019 13:49:12 +0200 Message-Id: <20190904114913.17217-4-bjorn.topel@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190904114913.17217-1-bjorn.topel@gmail.com> References: <20190904114913.17217-1-bjorn.topel@gmail.com> MIME-Version: 1.0 Sender: bpf-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: bpf@vger.kernel.org From: Björn Töpel Prior the state variable was introduced by Ilya, the dev member was used to determine whether the socket was bound or not. However, when dev was read, proper SMP barriers and READ_ONCE were missing. In order to address the missing barriers and READ_ONCE, we start using the state variable as a point of synchronization. The state member read/write is paired with proper SMP barriers, and from this follows that the members described above does not need READ_ONCE if used in conjunction with state check. In all syscalls and the xsk_rcv path we check if state is XSK_BOUND. If that is the case we do a SMP read barrier, and this implies that the dev, umem and all rings are correctly setup. Note that no READ_ONCE are needed for these variable if used when state is XSK_BOUND (plus the read barrier). To summarize: The members struct xdp_sock members dev, queue_id, umem, fq, cq, tx, rx, and state were read lock-less, with incorrect barriers and missing {READ, WRITE}_ONCE. Now, umem, fq, cq, tx, rx, and state are read lock-less. When these members are updated, WRITE_ONCE is used. When read, READ_ONCE are only used when read outside the control mutex (e.g. mmap) or, not synchronized with the state member (XSK_BOUND plus smp_rmb()) Note that dev and queue_id do not need a WRITE_ONCE or READ_ONCE, due to the introduce state synchronization (XSK_BOUND plus smp_rmb()). Introducing the state check also fixes a race, found by syzcaller, in xsk_poll() where umem could be accessed when stale. Suggested-by: Hillf Danton Reported-by: syzbot+c82697e3043781e08802@syzkaller.appspotmail.com Fixes: 77cd0d7b3f25 ("xsk: add support for need_wakeup flag in AF_XDP rings") Signed-off-by: Björn Töpel Acked-by: Jonathan Lemon --- net/xdp/xsk.c | 54 +++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 39 insertions(+), 15 deletions(-) diff --git a/net/xdp/xsk.c b/net/xdp/xsk.c index 8c9056f06989..c2f1af3b6a7c 100644 --- a/net/xdp/xsk.c +++ b/net/xdp/xsk.c @@ -186,10 +186,23 @@ static int __xsk_rcv_zc(struct xdp_sock *xs, struct xdp_buff *xdp, u32 len) return err; } +static bool xsk_is_bound(struct xdp_sock *xs) +{ + if (READ_ONCE(xs->state) == XSK_BOUND) { + /* Matches smp_wmb() in bind(). */ + smp_rmb(); + return true; + } + return false; +} + int xsk_rcv(struct xdp_sock *xs, struct xdp_buff *xdp) { u32 len; + if (!xsk_is_bound(xs)) + return -EINVAL; + if (xs->dev != xdp->rxq->dev || xs->queue_id != xdp->rxq->queue_index) return -EINVAL; @@ -387,7 +400,7 @@ static int xsk_sendmsg(struct socket *sock, struct msghdr *m, size_t total_len) struct sock *sk = sock->sk; struct xdp_sock *xs = xdp_sk(sk); - if (unlikely(!xs->dev)) + if (unlikely(!xsk_is_bound(xs))) return -ENXIO; if (unlikely(!(xs->dev->flags & IFF_UP))) return -ENETDOWN; @@ -403,10 +416,15 @@ static unsigned int xsk_poll(struct file *file, struct socket *sock, struct poll_table_struct *wait) { unsigned int mask = datagram_poll(file, sock, wait); - struct sock *sk = sock->sk; - struct xdp_sock *xs = xdp_sk(sk); - struct net_device *dev = xs->dev; - struct xdp_umem *umem = xs->umem; + struct xdp_sock *xs = xdp_sk(sock->sk); + struct net_device *dev; + struct xdp_umem *umem; + + if (unlikely(!xsk_is_bound(xs))) + return mask; + + dev = xs->dev; + umem = xs->umem; if (umem->need_wakeup) dev->netdev_ops->ndo_xsk_wakeup(dev, xs->queue_id, @@ -442,10 +460,9 @@ static void xsk_unbind_dev(struct xdp_sock *xs) { struct net_device *dev = xs->dev; - if (!dev || xs->state != XSK_BOUND) + if (xs->state != XSK_BOUND) return; - - xs->state = XSK_UNBOUND; + WRITE_ONCE(xs->state, XSK_UNBOUND); /* Wait for driver to stop using the xdp socket. */ xdp_del_sk_umem(xs->umem, xs); @@ -520,7 +537,9 @@ static int xsk_release(struct socket *sock) local_bh_enable(); xsk_delete_from_maps(xs); + mutex_lock(&xs->mutex); xsk_unbind_dev(xs); + mutex_unlock(&xs->mutex); xskq_destroy(xs->rx); xskq_destroy(xs->tx); @@ -632,12 +651,12 @@ static int xsk_bind(struct socket *sock, struct sockaddr *addr, int addr_len) } umem_xs = xdp_sk(sock->sk); - if (!umem_xs->umem) { - /* No umem to inherit. */ + if (!xsk_is_bound(umem_xs)) { err = -EBADF; sockfd_put(sock); goto out_unlock; - } else if (umem_xs->dev != dev || umem_xs->queue_id != qid) { + } + if (umem_xs->dev != dev || umem_xs->queue_id != qid) { err = -EINVAL; sockfd_put(sock); goto out_unlock; @@ -671,10 +690,15 @@ static int xsk_bind(struct socket *sock, struct sockaddr *addr, int addr_len) xdp_add_sk_umem(xs->umem, xs); out_unlock: - if (err) + if (err) { dev_put(dev); - else - xs->state = XSK_BOUND; + } else { + /* Matches smp_rmb() in bind() for shared umem + * sockets, and xsk_is_bound(). + */ + smp_wmb(); + WRITE_ONCE(xs->state, XSK_BOUND); + } out_release: mutex_unlock(&xs->mutex); rtnl_unlock(); @@ -927,7 +951,7 @@ static int xsk_mmap(struct file *file, struct socket *sock, unsigned long pfn; struct page *qpg; - if (xs->state != XSK_READY) + if (READ_ONCE(xs->state) != XSK_READY) return -EBUSY; if (offset == XDP_PGOFF_RX_RING) { From patchwork Wed Sep 4 11:49:13 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= X-Patchwork-Id: 1157623 X-Patchwork-Delegate: bpf@iogearbox.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="Ufq6mgXa"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 46NhvG5dfWz9sNf for ; Wed, 4 Sep 2019 21:49:46 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729837AbfIDLtp (ORCPT ); Wed, 4 Sep 2019 07:49:45 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:42486 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729774AbfIDLtp (ORCPT ); Wed, 4 Sep 2019 07:49:45 -0400 Received: by mail-pg1-f195.google.com with SMTP id p3so11107718pgb.9; Wed, 04 Sep 2019 04:49:44 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=m2GWrCu6Yp2/AvmU7Djr4/KynHbwAR5ba11BQUHMvBU=; b=Ufq6mgXaQ5OjMGWeUrfmMi7aP7CdMIBgq5R1fXi+JbO0/qrKFAJX9NzhDe1TWBNTu2 ZozDuFLys9sJjY8tZ4KXagnUVsB5Cs4Gc74zH3OAC7Tr82PJPxr6NXVou8L4OLeRdXYK zBv7PPxbXOhUff/Mcx4JCXr6LSWBeQS7nfjCYgp0cB0UiUvo3fgagHUXy4fqvFTW3nsf XuOmJ0tJIVFBpctRL/m2hZypJiavkJA7zOH4Un3m3d5pdCPCdvf7Scx2YMXS1YBiNEQ/ xnN7j5dZsuG6tibM0PjePsd3FKfpHa2Bg+FwIK84caKyMrKzASt/qUjPcy78PdQeErX+ JcVg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=m2GWrCu6Yp2/AvmU7Djr4/KynHbwAR5ba11BQUHMvBU=; b=NXIZMBjJTIVwcHXoEF2d5VjanNdEOxzguvojLdIxOL/XecdDjm/J9v1gRg8lNlAshq kt+F7E8Z4chdGrPtO0BvwRTvyODt5Rid6LL+CXqaC6XpV+xapxQ+8kqYgT+d5C0ooebE xTVvmCST9C6BBBze3vT2ckdUMbWsmpYsIfkjoWvUh1NgLtI+h4Adhs87/1UBJ4XRTBBB +g/M40Hs7f7JhqJSXmv3NQ7wwHEL7KCbke+Mr+Tkzy0iSjVQR+LlBxhXNYFUIdDkNICj 5dyTmg/cmN1PnT2kWThg+UnwMj9Ij/7pXa7MqfB6vonLdgm3JNuPSs5vXsXelWNM8D9L mi8w== X-Gm-Message-State: APjAAAUPuVt6CZ5H0xSXI9HTYdTzohigbO02KgatC3a+DjbQiyk9xHdN Qs+eZboR/mHD6ePsY4wjSng= X-Google-Smtp-Source: APXvYqyZXXmKAsk9itmyadcRF21M7VVDXHGujlAHTvo1l9S6+ZtsLkMHjJk/iiU2jiUssO3og/C0wg== X-Received: by 2002:aa7:8219:: with SMTP id k25mr46219337pfi.72.1567597784535; Wed, 04 Sep 2019 04:49:44 -0700 (PDT) Received: from btopel-mobl.ger.intel.com (fmdmzpr04-ext.fm.intel.com. [192.55.54.39]) by smtp.gmail.com with ESMTPSA id b126sm48257008pfa.177.2019.09.04.04.49.40 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Sep 2019 04:49:44 -0700 (PDT) From: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= To: ast@kernel.org, daniel@iogearbox.net, netdev@vger.kernel.org Cc: =?utf-8?b?QmrDtnJuIFTDtnBlbA==?= , magnus.karlsson@intel.com, magnus.karlsson@gmail.com, bpf@vger.kernel.org, jonathan.lemon@gmail.com, syzbot+c82697e3043781e08802@syzkaller.appspotmail.com, hdanton@sina.com, i.maximets@samsung.com Subject: [PATCH bpf-next v3 4/4] xsk: lock the control mutex in sock_diag interface Date: Wed, 4 Sep 2019 13:49:13 +0200 Message-Id: <20190904114913.17217-5-bjorn.topel@gmail.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20190904114913.17217-1-bjorn.topel@gmail.com> References: <20190904114913.17217-1-bjorn.topel@gmail.com> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Björn Töpel When accessing the members of an XDP socket, the control mutex should be held. This commit fixes that. Acked-by: Jonathan Lemon Fixes: a36b38aa2af6 ("xsk: add sock_diag interface for AF_XDP") Signed-off-by: Björn Töpel --- net/xdp/xsk_diag.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/xdp/xsk_diag.c b/net/xdp/xsk_diag.c index 9986a759fe06..f59791ba43a0 100644 --- a/net/xdp/xsk_diag.c +++ b/net/xdp/xsk_diag.c @@ -97,6 +97,7 @@ static int xsk_diag_fill(struct sock *sk, struct sk_buff *nlskb, msg->xdiag_ino = sk_ino; sock_diag_save_cookie(sk, msg->xdiag_cookie); + mutex_lock(&xs->mutex); if ((req->xdiag_show & XDP_SHOW_INFO) && xsk_diag_put_info(xs, nlskb)) goto out_nlmsg_trim; @@ -117,10 +118,12 @@ static int xsk_diag_fill(struct sock *sk, struct sk_buff *nlskb, sock_diag_put_meminfo(sk, nlskb, XDP_DIAG_MEMINFO)) goto out_nlmsg_trim; + mutex_unlock(&xs->mutex); nlmsg_end(nlskb, nlh); return 0; out_nlmsg_trim: + mutex_unlock(&xs->mutex); nlmsg_cancel(nlskb, nlh); return -EMSGSIZE; }