thr3ads.net - Linux Ethernet Bridging - [Bridge] [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races [Jul 2021]

If this information is useful, please help other people find it:
Share via:

Nikolay Aleksandrov

2021-Jul-11 09:56 UTC

[Bridge] [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races

From: Nikolay Aleksandrov <nikolay at nvidia.com>

Hi,
While working on per-vlan multicast snooping I found two race conditions
when multicast snooping is enabled. They're identical and happen when
the router port list is modified without the multicast lock. One requires
a PIM hello message to be received on a port and the other an MRD
advertisement. To fix them we just need to take the multicast_lock when
adding the ports to the router port list (marking them as router ports).
Tested on an affected setup by generating the required packets while
modifying the port list in parallel.

Thanks,
 Nik

Nikolay Aleksandrov (2):
  net: bridge: multicast: fix PIM hello router port marking race
  net: bridge: multicast: fix MRD advertisement router port marking race

 net/bridge/br_multicast.c | 6 ++++++
 1 file changed, 6 insertions(+)

-- 
2.31.1

Nikolay Aleksandrov

2021-Jul-11 09:56 UTC

head link

[Bridge] [PATCH net 1/2] net: bridge: multicast: fix PIM hello router port marking race

From: Nikolay Aleksandrov <nikolay at nvidia.com>

When a PIM hello packet is received on a bridge port with multicast
snooping enabled, we mark it as a router port automatically, that
includes adding that port the router port list. The multicast lock
protects that list, but it is not acquired in the PIM message case
leading to a race condition, we need to take it to fix the race.

Cc: stable at vger.kernel.org
Fixes: 91b02d3d133b ("bridge: mcast: add router port on PIM hello
message")
Signed-off-by: Nikolay Aleksandrov <nikolay at nvidia.com>
---
 net/bridge/br_multicast.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 53c3a9d80d9c..3bbbc6d7b7c3 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -3264,7 +3264,9 @@ static void br_multicast_pim(struct net_bridge *br,
 	    pim_hdr_type(pimhdr) != PIM_TYPE_HELLO)
 		return;
 
+	spin_lock(&br->multicast_lock);
 	br_ip4_multicast_mark_router(br, port);
+	spin_unlock(&br->multicast_lock);
 }
 
 static int br_ip4_multicast_mrd_rcv(struct net_bridge *br,
-- 
2.31.1

Nikolay Aleksandrov

2021-Jul-11 09:56 UTC

head link

[Bridge] [PATCH net 2/2] net: bridge: multicast: fix MRD advertisement router port marking race

From: Nikolay Aleksandrov <nikolay at nvidia.com>

When an MRD advertisement is received on a bridge port with multicast
snooping enabled, we mark it as a router port automatically, that
includes adding that port to the router port list. The multicast lock
protects that list, but it is not acquired in the MRD advertisement case
leading to a race condition, we need to take it to fix the race.

Cc: stable at vger.kernel.org
Cc: linus.luessing at c0d3.blue
Fixes: 4b3087c7e37f ("bridge: Snoop Multicast Router Advertisements")
Signed-off-by: Nikolay Aleksandrov <nikolay at nvidia.com>
---
 net/bridge/br_multicast.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c
index 3bbbc6d7b7c3..d0434dc8c03b 100644
--- a/net/bridge/br_multicast.c
+++ b/net/bridge/br_multicast.c
@@ -3277,7 +3277,9 @@ static int br_ip4_multicast_mrd_rcv(struct net_bridge *br,
 	    igmp_hdr(skb)->type != IGMP_MRDISC_ADV)
 		return -ENOMSG;
 
+	spin_lock(&br->multicast_lock);
 	br_ip4_multicast_mark_router(br, port);
+	spin_unlock(&br->multicast_lock);
 
 	return 0;
 }
@@ -3345,7 +3347,9 @@ static void br_ip6_multicast_mrd_rcv(struct net_bridge
*br,
 	if (icmp6_hdr(skb)->icmp6_type != ICMPV6_MRDISC_ADV)
 		return;
 
+	spin_lock(&br->multicast_lock);
 	br_ip6_multicast_mark_router(br, port);
+	spin_unlock(&br->multicast_lock);
 }
 
 static int br_multicast_ipv6_rcv(struct net_bridge *br,
-- 
2.31.1

patchwork-bot+netdevbpf at kernel.org

2021-Jul-12 17:50 UTC

head link

[Bridge] [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races

Hello:

This series was applied to netdev/net.git (refs/heads/master):

On Sun, 11 Jul 2021 12:56:27 +0300 you wrote:> From: Nikolay Aleksandrov <nikolay at nvidia.com>
> 
> Hi,
> While working on per-vlan multicast snooping I found two race conditions
> when multicast snooping is enabled. They're identical and happen when
> the router port list is modified without the multicast lock. One requires
> a PIM hello message to be received on a port and the other an MRD
> advertisement. To fix them we just need to take the multicast_lock when
> adding the ports to the router port list (marking them as router ports).
> Tested on an affected setup by generating the required packets while
> modifying the port list in parallel.
> 
> [...]
Here is the summary with links:
  - [net,1/2] net: bridge: multicast: fix PIM hello router port marking race
    https://git.kernel.org/netdev/net/c/04bef83a3358
  - [net,2/2] net: bridge: multicast: fix MRD advertisement router port marking
race
    https://git.kernel.org/netdev/net/c/000b7287b675

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html

Linux Ethernet Bridging - Jul 2021 - [Bridge] [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races

[Bridge] [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races

[Bridge] [PATCH net 1/2] net: bridge: multicast: fix PIM hello router port marking race

[Bridge] [PATCH net 2/2] net: bridge: multicast: fix MRD advertisement router port marking race

[Bridge] [PATCH net 0/2] net: bridge: multicast: fix automatic router port marking races