Revision f2764bd4f6a8dffaec3e220728385d9756b3c2cb authored by Florian Westphal on 16 April 2021, 19:29:13 UTC, committed by David S. Miller on 17 April 2021, 00:01:04 UTC
When I added support to allow generic netlink multicast groups to be
restricted to subscribers with CAP_NET_ADMIN I was unaware that a
genl_bind implementation already existed in the past.
It was reverted due to ABBA deadlock:
1. ->netlink_bind gets called with the table lock held.
2. genetlink bind callback is invoked, it grabs the genl lock.
But when a new genl subsystem is (un)registered, these two locks are
taken in reverse order.
One solution would be to revert again and add a comment in genl
referring 1e82a62fec613, "genetlink: remove genl_bind").
This would need a second change in mptcp to not expose the raw token
value anymore, e.g. by hashing the token with a secret key so userspace
can still associate subflow events with the correct mptcp connection.
However, Paolo Abeni reminded me to double-check why the netlink table is
locked in the first place.
I can't find one. netlink_bind() is already called without this lock
when userspace joins a group via NETLINK_ADD_MEMBERSHIP setsockopt.
Same holds for the netlink_unbind operation.
Digging through the history, commit f773608026ee1
("netlink: access nlk groups safely in netlink bind and getname")
expanded the lock scope.
commit 3a20773beeeeade ("net: netlink: cap max groups which will be considered in netlink_bind()")
... removed the nlk->ngroups access that the lock scope
extension was all about.
Reduce the lock scope again and always call ->netlink_bind without
the table lock.
The Fixes tag should be vs. the patch mentioned in the link below,
but that one got squash-merged into the patch that came earlier in the
series.
Fixes: 4d54cc32112d8d ("mptcp: avoid lock_fast usage in accept path")
Link: https://lore.kernel.org/mptcp/20210213000001.379332-8-mathew.j.martineau@linux.intel.com/T/#u
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Cc: Xin Long <lucien.xin@gmail.com>
Cc: Johannes Berg <johannes.berg@intel.com>
Cc: Sean Tranchetti <stranche@codeaurora.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent b022654
| File | Mode | Size |
|---|---|---|
| atomic | ||
| basic | ||
| clang-tools | ||
| coccinelle | ||
| dtc | ||
| dummy-tools | ||
| gcc-plugins | ||
| gdb | ||
| genksyms | ||
| kconfig | ||
| ksymoops | ||
| mod | ||
| package | ||
| selinux | ||
| tracing | ||
| .gitignore | -rw-r--r-- | 151 bytes |
| Kbuild.include | -rw-r--r-- | 11.7 KB |
| Kconfig.include | -rw-r--r-- | 2.2 KB |
| Lindent | -rwxr-xr-x | 502 bytes |
| Makefile | -rw-r--r-- | 1.6 KB |
| Makefile.asm-generic | -rw-r--r-- | 1.8 KB |
| Makefile.build | -rw-r--r-- | 18.1 KB |
| Makefile.clean | -rw-r--r-- | 2.2 KB |
| Makefile.dtbinst | -rw-r--r-- | 988 bytes |
| Makefile.extrawarn | -rw-r--r-- | 2.8 KB |
| Makefile.gcc-plugins | -rw-r--r-- | 2.5 KB |
| Makefile.headersinst | -rw-r--r-- | 2.9 KB |
| Makefile.host | -rw-r--r-- | 4.6 KB |
| Makefile.kasan | -rw-r--r-- | 1.5 KB |
| Makefile.kcov | -rw-r--r-- | 333 bytes |
| Makefile.kcsan | -rw-r--r-- | 739 bytes |
| Makefile.lib | -rw-r--r-- | 17.2 KB |
| Makefile.modfinal | -rw-r--r-- | 3.2 KB |
| Makefile.modinst | -rw-r--r-- | 1.1 KB |
| Makefile.modpost | -rw-r--r-- | 4.4 KB |
| Makefile.modsign | -rw-r--r-- | 791 bytes |
| Makefile.package | -rw-r--r-- | 6.6 KB |
| Makefile.ubsan | -rw-r--r-- | 837 bytes |
| Makefile.userprogs | -rw-r--r-- | 1.6 KB |
| adjust_autoksyms.sh | -rwxr-xr-x | 2.1 KB |
| asn1_compiler.c | -rw-r--r-- | 35.3 KB |
| bin2c.c | -rw-r--r-- | 743 bytes |
| bloat-o-meter | -rwxr-xr-x | 3.4 KB |
| bootgraph.pl | -rwxr-xr-x | 5.6 KB |
| bpf_helpers_doc.py | -rwxr-xr-x | 21.5 KB |
| cc-can-link.sh | -rwxr-xr-x | 166 bytes |
| cc-version.sh | -rwxr-xr-x | 1.8 KB |
| check-sysctl-docs | -rwxr-xr-x | 4.4 KB |
| check_extable.sh | -rwxr-xr-x | 4.9 KB |
| checkincludes.pl | -rwxr-xr-x | 1.9 KB |
| checkkconfigsymbols.py | -rwxr-xr-x | 15.5 KB |
| checkpatch.pl | -rwxr-xr-x | 219.8 KB |
| checkstack.pl | -rwxr-xr-x | 5.9 KB |
| checksyscalls.sh | -rwxr-xr-x | 7.3 KB |
| checkversion.pl | -rwxr-xr-x | 1.9 KB |
| cleanfile | -rwxr-xr-x | 3.5 KB |
| cleanpatch | -rwxr-xr-x | 5.1 KB |
| coccicheck | -rwxr-xr-x | 7.9 KB |
| config | -rwxr-xr-x | 4.7 KB |
| const_structs.checkpatch | -rw-r--r-- | 1009 bytes |
| decode_stacktrace.sh | -rwxr-xr-x | 5.2 KB |
| decodecode | -rwxr-xr-x | 2.9 KB |
| depmod.sh | -rwxr-xr-x | 1.4 KB |
| dev-needs.sh | -rwxr-xr-x | 6.1 KB |
| diffconfig | -rwxr-xr-x | 3.7 KB |
| documentation-file-ref-check | -rwxr-xr-x | 5.6 KB |
| export_report.pl | -rwxr-xr-x | 4.5 KB |
| extract-cert.c | -rw-r--r-- | 3.5 KB |
| extract-ikconfig | -rwxr-xr-x | 1.7 KB |
| extract-module-sig.pl | -rwxr-xr-x | 3.7 KB |
| extract-sys-certs.pl | -rwxr-xr-x | 3.7 KB |
| extract-vmlinux | -rwxr-xr-x | 1.7 KB |
| extract_xc3028.pl | -rwxr-xr-x | 44.6 KB |
| faddr2line | -rwxr-xr-x | 6.2 KB |
| file-size.sh | -rwxr-xr-x | 86 bytes |
| find-unused-docs.sh | -rwxr-xr-x | 1.3 KB |
| gcc-goto.sh | -rwxr-xr-x | 511 bytes |
| gcc-ld | -rwxr-xr-x | 711 bytes |
| gcc-x86_32-has-stack-protector.sh | -rwxr-xr-x | 173 bytes |
| gcc-x86_64-has-stack-protector.sh | -rwxr-xr-x | 198 bytes |
| gen_autoksyms.sh | -rwxr-xr-x | 2.0 KB |
| gen_ksymdeps.sh | -rwxr-xr-x | 399 bytes |
| generate_initcall_order.pl | -rwxr-xr-x | 5.9 KB |
| get_abi.pl | -rwxr-xr-x | 14.3 KB |
| get_dvb_firmware | -rwxr-xr-x | 24.5 KB |
| get_feat.pl | -rwxr-xr-x | 14.3 KB |
| get_maintainer.pl | -rwxr-xr-x | 67.1 KB |
| gfp-translate | -rwxr-xr-x | 1.7 KB |
| headerdep.pl | -rwxr-xr-x | 3.5 KB |
| headers_check.pl | -rwxr-xr-x | 3.7 KB |
| headers_install.sh | -rwxr-xr-x | 3.4 KB |
| insert-sys-cert.c | -rw-r--r-- | 8.9 KB |
| jobserver-exec | -rwxr-xr-x | 2.2 KB |
| kallsyms.c | -rw-r--r-- | 18.1 KB |
| kernel-doc | -rwxr-xr-x | 67.4 KB |
| ld-version.sh | -rwxr-xr-x | 1.7 KB |
| leaking_addresses.pl | -rwxr-xr-x | 12.8 KB |
| link-vmlinux.sh | -rwxr-xr-x | 10.9 KB |
| makelst | -rwxr-xr-x | 808 bytes |
| markup_oops.pl | -rwxr-xr-x | 7.9 KB |
| mkcompile_h | -rwxr-xr-x | 2.3 KB |
| mkmakefile | -rwxr-xr-x | 426 bytes |
| mksysmap | -rwxr-xr-x | 1.3 KB |
| mkuboot.sh | -rwxr-xr-x | 414 bytes |
| module.lds.S | -rw-r--r-- | 1.1 KB |
| modules-check.sh | -rwxr-xr-x | 434 bytes |
| nsdeps | -rw-r--r-- | 1.7 KB |
| objdiff | -rwxr-xr-x | 2.8 KB |
| parse-maintainers.pl | -rwxr-xr-x | 4.5 KB |
| patch-kernel | -rwxr-xr-x | 9.9 KB |
| profile2linkerlist.pl | -rwxr-xr-x | 414 bytes |
| prune-kernel | -rwxr-xr-x | 708 bytes |
| recordmcount.c | -rw-r--r-- | 16.7 KB |
| recordmcount.h | -rw-r--r-- | 19.3 KB |
| recordmcount.pl | -rwxr-xr-x | 18.8 KB |
| setlocalversion | -rwxr-xr-x | 4.7 KB |
| show_delta | -rwxr-xr-x | 3.0 KB |
| sign-file.c | -rw-r--r-- | 9.8 KB |
| sorttable.c | -rw-r--r-- | 8.7 KB |
| sorttable.h | -rw-r--r-- | 9.7 KB |
| spdxcheck-test.sh | -rw-r--r-- | 323 bytes |
| spdxcheck.py | -rwxr-xr-x | 10.1 KB |
| spelling.txt | -rw-r--r-- | 31.1 KB |
| sphinx-pre-install | -rwxr-xr-x | 21.7 KB |
| split-man.pl | -rwxr-xr-x | 604 bytes |
| stackdelta | -rwxr-xr-x | 1.8 KB |
| stackusage | -rwxr-xr-x | 794 bytes |
| subarch.include | -rw-r--r-- | 641 bytes |
| syscallhdr.sh | -rwxr-xr-x | 1.9 KB |
| syscalltbl.sh | -rwxr-xr-x | 1.3 KB |
| tags.sh | -rwxr-xr-x | 9.6 KB |
| test_dwarf5_support.sh | -rwxr-xr-x | 416 bytes |
| tools-support-relr.sh | -rwxr-xr-x | 518 bytes |
| unifdef.c | -rw-r--r-- | 34.8 KB |
| ver_linux | -rwxr-xr-x | 2.6 KB |
| xen-hypercalls.sh | -rw-r--r-- | 386 bytes |
| xz_wrap.sh | -rwxr-xr-x | 563 bytes |
Computing file changes ...
