From: Nikolay Aleksandrov nikolay@nvidia.com
Hi, While working on per-vlan multicast snooping I found two race conditions when multicast snooping is enabled. They're identical and happen when the router port list is modified without the multicast lock. One requires a PIM hello message to be received on a port and the other an MRD advertisement. To fix them we just need to take the multicast_lock when adding the ports to the router port list (marking them as router ports). Tested on an affected setup by generating the required packets while modifying the port list in parallel.
Thanks, Nik
Nikolay Aleksandrov (2): net: bridge: multicast: fix PIM hello router port marking race net: bridge: multicast: fix MRD advertisement router port marking race
net/bridge/br_multicast.c | 6 ++++++ 1 file changed, 6 insertions(+)
From: Nikolay Aleksandrov nikolay@nvidia.com
When a PIM hello packet is received on a bridge port with multicast snooping enabled, we mark it as a router port automatically, that includes adding that port the router port list. The multicast lock protects that list, but it is not acquired in the PIM message case leading to a race condition, we need to take it to fix the race.
Cc: stable@vger.kernel.org Fixes: 91b02d3d133b ("bridge: mcast: add router port on PIM hello message") Signed-off-by: Nikolay Aleksandrov nikolay@nvidia.com --- net/bridge/br_multicast.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c index 53c3a9d80d9c..3bbbc6d7b7c3 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c @@ -3264,7 +3264,9 @@ static void br_multicast_pim(struct net_bridge *br, pim_hdr_type(pimhdr) != PIM_TYPE_HELLO) return;
+ spin_lock(&br->multicast_lock); br_ip4_multicast_mark_router(br, port); + spin_unlock(&br->multicast_lock); }
static int br_ip4_multicast_mrd_rcv(struct net_bridge *br,
From: Nikolay Aleksandrov nikolay@nvidia.com
When an MRD advertisement is received on a bridge port with multicast snooping enabled, we mark it as a router port automatically, that includes adding that port to the router port list. The multicast lock protects that list, but it is not acquired in the MRD advertisement case leading to a race condition, we need to take it to fix the race.
Cc: stable@vger.kernel.org Cc: linus.luessing@c0d3.blue Fixes: 4b3087c7e37f ("bridge: Snoop Multicast Router Advertisements") Signed-off-by: Nikolay Aleksandrov nikolay@nvidia.com --- net/bridge/br_multicast.c | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/net/bridge/br_multicast.c b/net/bridge/br_multicast.c index 3bbbc6d7b7c3..d0434dc8c03b 100644 --- a/net/bridge/br_multicast.c +++ b/net/bridge/br_multicast.c @@ -3277,7 +3277,9 @@ static int br_ip4_multicast_mrd_rcv(struct net_bridge *br, igmp_hdr(skb)->type != IGMP_MRDISC_ADV) return -ENOMSG;
+ spin_lock(&br->multicast_lock); br_ip4_multicast_mark_router(br, port); + spin_unlock(&br->multicast_lock);
return 0; } @@ -3345,7 +3347,9 @@ static void br_ip6_multicast_mrd_rcv(struct net_bridge *br, if (icmp6_hdr(skb)->icmp6_type != ICMPV6_MRDISC_ADV) return;
+ spin_lock(&br->multicast_lock); br_ip6_multicast_mark_router(br, port); + spin_unlock(&br->multicast_lock); }
static int br_multicast_ipv6_rcv(struct net_bridge *br,
Hello:
This series was applied to netdev/net.git (refs/heads/master):
On Sun, 11 Jul 2021 12:56:27 +0300 you wrote:
From: Nikolay Aleksandrov nikolay@nvidia.com
Hi, While working on per-vlan multicast snooping I found two race conditions when multicast snooping is enabled. They're identical and happen when the router port list is modified without the multicast lock. One requires a PIM hello message to be received on a port and the other an MRD advertisement. To fix them we just need to take the multicast_lock when adding the ports to the router port list (marking them as router ports). Tested on an affected setup by generating the required packets while modifying the port list in parallel.
[...]
Here is the summary with links: - [net,1/2] net: bridge: multicast: fix PIM hello router port marking race https://git.kernel.org/netdev/net/c/04bef83a3358 - [net,2/2] net: bridge: multicast: fix MRD advertisement router port marking race https://git.kernel.org/netdev/net/c/000b7287b675
You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
linux-stable-mirror@lists.linaro.org
-
Nikolay Aleksandrov -
patchwork-bot+netdevbpf@kernel.org