Re: [PATCH net] ppp: fix race conditions in ppp_fill_forward_path

From: Qingfang Deng
Date: Mon Aug 11 2025 - 05:37:38 EST

Next message: Alejandro Colomar: "Re: [PATCH v4 1/2] man/man2/mremap.2: describe multiple mapping move"
Previous message: Pankaj Raghav: "Re: [PATCH v3 5/5] block: use largest_zero_folio in __blkdev_issue_zero_pages()"
In reply to: Eric Dumazet: "Re: [PATCH net] ppp: fix race conditions in ppp_fill_forward_path"
Next in thread: Qingfang Deng: "Re: [PATCH net] ppp: fix race conditions in ppp_fill_forward_path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 11, 2025 at 5:19 PM Eric Dumazet <edumazet@xxxxxxxxxx> wrote:
>
> On Mon, Aug 11, 2025 at 1:44 AM Qingfang Deng <dqfext@xxxxxxxxx> wrote:
> It is unclear if rcu_read_lock() is held at this point.
>
> list_first_or_null_rcu() does not have a builtin __list_check_rcu()

ndo_fill_forward_path() is called by nf_tables chains, which is inside
an RCU critical section.

> > chan = pch->chan;
>
> chan = READ_ONCE(pch->chan);
>
> And add a WRITE_ONCE(pch->chan, NULL) in ppp_unregister_channel()
>
> And/or add __rcu to pch->chan

Should I add {READ,WRITE}_ONCE to all occurrences of pch->chan or only
to ppp_unregister_channel?

>

> > + synchronize_rcu();
>
> synchronize_net() is preferred.
>

Noted.

Thanks!

Next message: Alejandro Colomar: "Re: [PATCH v4 1/2] man/man2/mremap.2: describe multiple mapping move"
Previous message: Pankaj Raghav: "Re: [PATCH v3 5/5] block: use largest_zero_folio in __blkdev_issue_zero_pages()"
In reply to: Eric Dumazet: "Re: [PATCH net] ppp: fix race conditions in ppp_fill_forward_path"
Next in thread: Qingfang Deng: "Re: [PATCH net] ppp: fix race conditions in ppp_fill_forward_path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]