public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-08-05 16:54:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/net
History
Jakub Kicinski a5b8fd6578 net: dev_addr_list: handle first address in __hw_addr_add_ex 
struct dev_addr_list is used for device addresses, unicast addresses
and multicast addresses. The first of those needs special handling
of the main address - netdev->dev_addr points directly the data
of the entry and drivers write to it freely, so we can't maintain
it in the rbtree (for now, at least, to be fixed in net-next).

Current work around sprinkles special handling of the first
address on the list throughout the code but it missed the case
where address is being added. First address will not be visible
during subsequent adds.

Syzbot found a warning where unicast addresses are modified
without holding the rtnl lock, tl;dr is that team generates
the same modification multiple times, not necessarily when
right locks are held.

In the repro we have:

  macvlan -> team -> veth

macvlan adds a unicast address to the team. Team then pushes
that address down to its memebers (veths). Next something unrelated
makes team sync member addrs again, and because of the bug
the addr entries get duplicated in the veths. macvlan gets
removed, removes its addr from team which removes only one
of the duplicated addresses from veths. This removal is done
under rtnl. Next syzbot uses iptables to add a multicast addr
to team (which does not hold rtnl lock). Team syncs veth addrs,
but because veths' unicast list still has the duplicate it will
also get sync, even though this update is intended for mc addresses.
Again, uc address updates need rtnl lock, boom.

Reported-by: syzbot+7a2ab2cdc14d134de553@syzkaller.appspotmail.com
Fixes: 406f42fa0d ("net-next: When a bond have a massive amount of VLANs with IPv6 addresses, performance of changing link state, attaching a VRF, changing an IPv6 address, etc. go down dramtically.")
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-09-30 13:29:09 +01:00
..
6lowpan
9p net/9p: increase default msize to 128k 2021-09-05 08:36:44 +09:00
802 net: 802: remove dead leftover after ipx driver removal 2021-08-13 16:30:35 -07:00
8021q
appletalk
atm
ax25
batman-adv Kbuild updates for v5.15 2021-09-03 15:33:47 -07:00
bluetooth TTY / Serial patches for 5.15-rc1 2021-09-01 09:51:16 -07:00
bpf bpf, test, cgroup: Use sk_{alloc,free} for test cases 2021-09-28 09:29:28 +02:00
bpfilter
bridge net: bridge: mcast: Associate the seqcount with its protecting lock. 2021-09-28 17:30:36 -07:00
caif net-caif: avoid user-triggerable WARN_ON(1) 2021-09-14 12:51:15 +01:00
can net: Remove redundant if statements 2021-08-05 13:27:50 +01:00
ceph
core net: dev_addr_list: handle first address in __hw_addr_add_ex 2021-09-30 13:29:09 +01:00
dcb
dccp dccp: don't duplicate ccid when cloning dccp sock 2021-09-08 11:28:35 +01:00
decnet net: Remove redundant if statements 2021-08-05 13:27:50 +01:00
dns_resolver
dsa net: dsa: don't allocate the slave_mii_bus using devres 2021-09-21 13:52:16 +01:00
ethernet
ethtool ethtool: extend coalesce setting uAPI with CQE mode 2021-08-24 07:38:29 -07:00
hsr
ieee802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-08-13 06:41:22 -07:00
ife
ipv4 net: udp: annotate data race around udp_sk(sk)->corkflag 2021-09-28 13:21:16 +01:00
ipv6 net: udp: annotate data race around udp_sk(sk)->corkflag 2021-09-28 13:21:16 +01:00
iucv net/iucv: Replace deprecated CPU-hotplug functions. 2021-08-09 10:13:32 +01:00
kcm
key
l2tp net/l2tp: Fix reference count leak in l2tp_udp_recv_core 2021-09-09 11:00:20 +01:00
l3mdev
lapb
llc net: Remove redundant if statements 2021-08-05 13:27:50 +01:00
mac80211 mac80211: check return value of rhashtable_init 2021-09-27 12:00:34 +02:00
mac802154 ieee802154: Remove redundant initialization of variable ret 2021-09-07 14:06:08 +01:00
mctp mctp: perform route destruction under RCU read lock 2021-09-08 11:29:16 +01:00
mpls
mptcp net: introduce and use lock_sock_fast_nested() 2021-09-30 13:06:47 +01:00
ncsi net/ncsi: add get MAC address command to get Intel i210 MAC address 2021-09-01 17:18:56 -07:00
netfilter netfilter: conntrack: serialize hash resizes and cleanups 2021-09-21 03:46:56 +02:00
netlabel net: fix NULL pointer reference in cipso_v4_doi_free 2021-08-30 12:23:18 +01:00
netlink
netrom net: Remove redundant if statements 2021-08-05 13:27:50 +01:00
nfc net: in_irq() cleanup 2021-08-13 14:09:19 -07:00
nsh
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-08-19 18:09:18 -07:00
packet net/packet: clarify source of pr_*() messages 2021-09-10 10:00:59 +01:00
phonet net: Remove redundant if statements 2021-08-05 13:27:50 +01:00
psample
qrtr net: qrtr: revert check in qrtr_endpoint_post() 2021-09-02 11:37:02 +01:00
rds net/rds: dma_map_sg is entitled to merge entries 2021-08-18 15:35:50 -07:00
rfkill
rose
rxrpc net: RxRPC: make dependent Kconfig symbols be shown indented 2021-08-18 10:12:11 +01:00
sched net: sched: flower: protect fl_walk() with rcu 2021-09-30 13:20:31 +01:00
sctp sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb 2021-09-24 10:36:19 +01:00
smc net/smc: fix 'workqueue leaked lock' in smc_conn_abort_work 2021-09-21 10:54:16 +01:00
strparser
sunrpc Critical bug fixes: 2021-09-08 15:55:42 -07:00
switchdev
tipc tipc: increase timeout in tipc_sk_enqueue() 2021-09-13 12:43:10 +01:00
tls
unix af_unix: Return errno instead of NULL in unix_create1(). 2021-09-28 13:22:57 +01:00
vmw_vsock af_vsock: rename variables in receive loop 2021-09-06 02:25:16 -04:00
wireless cfg80211: use wiphy DFS domain if it is self-managed 2021-08-26 11:04:55 +02:00
x25
xdp
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ 2021-08-27 11:16:29 +01:00
compat.c
devres.c
Kconfig
Makefile
socket.c Core: 2021-08-31 16:43:06 -07:00
sysctl_net.c