Skip to content

Commit 99f62a7

Browse files
vladimirolteandavem330
vladimiroltean
authored and
davem330
committed
net: bridge: br_vlan_get_pvid_rcu() should dereference the VLAN group under RCU
When calling the RCU brother of br_vlan_get_pvid(), lockdep warns: ============================= WARNING: suspicious RCU usage 5.9.0-rc3-01631-g13c17acb8e38-dirty #814 Not tainted ----------------------------- net/bridge/br_private.h:1054 suspicious rcu_dereference_protected() usage! Call trace: lockdep_rcu_suspicious+0xd4/0xf8 __br_vlan_get_pvid+0xc0/0x100 br_vlan_get_pvid_rcu+0x78/0x108 The warning is because br_vlan_get_pvid_rcu() calls nbp_vlan_group() which calls rtnl_dereference() instead of rcu_dereference(). In turn, rtnl_dereference() calls rcu_dereference_protected() which assumes operation under an RCU write-side critical section, which obviously is not the case here. So, when the incorrect primitive is used to access the RCU-protected VLAN group pointer, READ_ONCE() is not used, which may cause various unexpected problems. I'm sad to say that br_vlan_get_pvid() and br_vlan_get_pvid_rcu() cannot share the same implementation. So fix the bug by splitting the 2 functions, and making br_vlan_get_pvid_rcu() retrieve the VLAN groups under proper locking annotations. Fixes: 7582f5b ("bridge: add br_vlan_get_pvid_rcu()") Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 47cec3f commit 99f62a7

1 file changed

Lines changed: 17 additions & 10 deletions

File tree

net/bridge/br_vlan.c

Lines changed: 17 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -1288,11 +1288,13 @@ void br_vlan_get_stats(const struct net_bridge_vlan *v,
12881288
}
12891289
}
12901290

1291-
static int __br_vlan_get_pvid(const struct net_device *dev,
1292-
struct net_bridge_port *p, u16 *p_pvid)
1291+
int br_vlan_get_pvid(const struct net_device *dev, u16 *p_pvid)
12931292
{
12941293
struct net_bridge_vlan_group *vg;
1294+
struct net_bridge_port *p;
12951295

1296+
ASSERT_RTNL();
1297+
p = br_port_get_check_rtnl(dev);
12961298
if (p)
12971299
vg = nbp_vlan_group(p);
12981300
else if (netif_is_bridge_master(dev))
@@ -1303,18 +1305,23 @@ static int __br_vlan_get_pvid(const struct net_device *dev,
13031305
*p_pvid = br_get_pvid(vg);
13041306
return 0;
13051307
}
1306-
1307-
int br_vlan_get_pvid(const struct net_device *dev, u16 *p_pvid)
1308-
{
1309-
ASSERT_RTNL();
1310-
1311-
return __br_vlan_get_pvid(dev, br_port_get_check_rtnl(dev), p_pvid);
1312-
}
13131308
EXPORT_SYMBOL_GPL(br_vlan_get_pvid);
13141309

13151310
int br_vlan_get_pvid_rcu(const struct net_device *dev, u16 *p_pvid)
13161311
{
1317-
return __br_vlan_get_pvid(dev, br_port_get_check_rcu(dev), p_pvid);
1312+
struct net_bridge_vlan_group *vg;
1313+
struct net_bridge_port *p;
1314+
1315+
p = br_port_get_check_rcu(dev);
1316+
if (p)
1317+
vg = nbp_vlan_group_rcu(p);
1318+
else if (netif_is_bridge_master(dev))
1319+
vg = br_vlan_group_rcu(netdev_priv(dev));
1320+
else
1321+
return -EINVAL;
1322+
1323+
*p_pvid = br_get_pvid(vg);
1324+
return 0;
13181325
}
13191326
EXPORT_SYMBOL_GPL(br_vlan_get_pvid_rcu);
13201327

0 commit comments

Comments
 (0)