tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

sctp: Add RCU protection to assoc->transport_addr_list

peer.transport_addr_list is currently only protected by sk_sock
which is inpractical to acquire for procfs dumping purposes.

This patch adds RCU protection allowing for the procfs readers to
enter RCU read-side critical sections.

Modification of the list continues to be serialized via sk_lock.

V2: Use list_del_rcu() in sctp_association_free() to be safe
Skip transports marked dead when dumping for procfs

Cc: Vlad Yasevich <vyasevich@gmail.com>
Cc: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Acked-by: Vlad Yasevich <vyasevich@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Thomas Graf and committed by
David S. Miller 45122ca2 0b0fe913

+30 -10
+2
include/net/sctp/structs.h
··· 949 949 950 950 /* 64-bit random number sent with heartbeat. */ 951 951 __u64 hb_nonce; 952 + 953 + struct rcu_head rcu; 952 954 }; 953 955 954 956 struct sctp_transport *sctp_transport_new(struct net *, const union sctp_addr *,
+3 -3
net/sctp/associola.c
··· 448 448 /* Release the transport structures. */ 449 449 list_for_each_safe(pos, temp, &asoc->peer.transport_addr_list) { 450 450 transport = list_entry(pos, struct sctp_transport, transports); 451 - list_del(pos); 451 + list_del_rcu(pos); 452 452 sctp_transport_free(transport); 453 453 } 454 454 ··· 568 568 sctp_assoc_update_retran_path(asoc); 569 569 570 570 /* Remove this peer from the list. */ 571 - list_del(&peer->transports); 571 + list_del_rcu(&peer->transports); 572 572 573 573 /* Get the first transport of asoc. */ 574 574 pos = asoc->peer.transport_addr_list.next; ··· 769 769 peer->state = peer_state; 770 770 771 771 /* Attach the remote transport to our asoc. */ 772 - list_add_tail(&peer->transports, &asoc->peer.transport_addr_list); 772 + list_add_tail_rcu(&peer->transports, &asoc->peer.transport_addr_list); 773 773 asoc->peer.transport_count++; 774 774 775 775 /* If we do not yet have a primary path, set one. */
+12 -2
net/sctp/proc.c
··· 162 162 struct sctp_af *af; 163 163 164 164 primary = &assoc->peer.primary_addr; 165 - list_for_each_entry(transport, &assoc->peer.transport_addr_list, 165 + rcu_read_lock(); 166 + list_for_each_entry_rcu(transport, &assoc->peer.transport_addr_list, 166 167 transports) { 167 168 addr = &transport->ipaddr; 169 + if (transport->dead) 170 + continue; 171 + 168 172 af = sctp_get_af_specific(addr->sa.sa_family); 169 173 if (af->cmp_addr(addr, primary)) { 170 174 seq_printf(seq, "*"); 171 175 } 172 176 af->seq_dump_addr(seq, addr); 173 177 } 178 + rcu_read_unlock(); 174 179 } 175 180 176 181 static void * sctp_eps_seq_start(struct seq_file *seq, loff_t *pos) ··· 446 441 head = &sctp_assoc_hashtable[hash]; 447 442 sctp_local_bh_disable(); 448 443 read_lock(&head->lock); 444 + rcu_read_lock(); 449 445 sctp_for_each_hentry(epb, node, &head->chain) { 450 446 if (!net_eq(sock_net(epb->sk), seq_file_net(seq))) 451 447 continue; 452 448 assoc = sctp_assoc(epb); 453 - list_for_each_entry(tsp, &assoc->peer.transport_addr_list, 449 + list_for_each_entry_rcu(tsp, &assoc->peer.transport_addr_list, 454 450 transports) { 451 + if (tsp->dead) 452 + continue; 453 + 455 454 /* 456 455 * The remote address (ADDR) 457 456 */ ··· 501 492 } 502 493 } 503 494 495 + rcu_read_unlock(); 504 496 read_unlock(&head->lock); 505 497 sctp_local_bh_enable(); 506 498
+13 -5
net/sctp/transport.c
··· 163 163 sctp_transport_put(transport); 164 164 } 165 165 166 - /* Destroy the transport data structure. 167 - * Assumes there are no more users of this structure. 168 - */ 169 - static void sctp_transport_destroy(struct sctp_transport *transport) 166 + static void sctp_transport_destroy_rcu(struct rcu_head *head) 170 167 { 171 - SCTP_ASSERT(transport->dead, "Transport is not dead", return); 168 + struct sctp_transport *transport; 172 169 170 + transport = container_of(head, struct sctp_transport, rcu); 173 171 if (transport->asoc) 174 172 sctp_association_put(transport->asoc); 175 173 ··· 176 178 dst_release(transport->dst); 177 179 kfree(transport); 178 180 SCTP_DBG_OBJCNT_DEC(transport); 181 + } 182 + 183 + /* Destroy the transport data structure. 184 + * Assumes there are no more users of this structure. 185 + */ 186 + static void sctp_transport_destroy(struct sctp_transport *transport) 187 + { 188 + SCTP_ASSERT(transport->dead, "Transport is not dead", return); 189 + 190 + call_rcu(&transport->rcu, sctp_transport_destroy_rcu); 179 191 } 180 192 181 193 /* Start T3_rtx timer if it is not already running and update the heartbeat