tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

neighbour: Convert RTM_SETNEIGHTBL to RCU.

neightbl_set() fetches neigh_tables[] and updates attributes under
write_lock_bh(&tbl->lock), so RTNL is not needed.

neigh_table_clear() synchronises RCU only, and rcu_dereference_rtnl()
protects nothing here.

If we released RCU after fetching neigh_tables[], there would be no
synchronisation to block neigh_table_clear() further, so RCU is held
until the end of the function.

Another option would be to protect neigh_tables[] user with SRCU
and add synchronize_srcu() in neigh_table_clear().

But, holding RCU should be fine as we hold write_lock_bh() for the
rest of neightbl_set() anyway.

Let's perform RTM_SETNEIGHTBL under RCU and drop RTNL.

Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20251022054004.2514876-5-kuniyu@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

authored by

Kuniyuki Iwashima and committed by
Jakub Kicinski 55a6046b 4ae34be5

+14 -5
+14 -5
net/core/neighbour.c
··· 2362 2362 struct netlink_ext_ack *extack) 2363 2363 { 2364 2364 struct net *net = sock_net(skb->sk); 2365 + struct nlattr *tb[NDTA_MAX + 1]; 2365 2366 struct neigh_table *tbl; 2366 2367 struct ndtmsg *ndtmsg; 2367 - struct nlattr *tb[NDTA_MAX+1]; 2368 2368 bool found = false; 2369 2369 int err, tidx; 2370 2370 ··· 2380 2380 2381 2381 ndtmsg = nlmsg_data(nlh); 2382 2382 2383 + rcu_read_lock(); 2384 + 2383 2385 for (tidx = 0; tidx < NEIGH_NR_TABLES; tidx++) { 2384 - tbl = rcu_dereference_rtnl(neigh_tables[tidx]); 2386 + tbl = rcu_dereference(neigh_tables[tidx]); 2385 2387 if (!tbl) 2386 2388 continue; 2389 + 2387 2390 if (ndtmsg->ndtm_family && tbl->family != ndtmsg->ndtm_family) 2388 2391 continue; 2392 + 2389 2393 if (nla_strcmp(tb[NDTA_NAME], tbl->id) == 0) { 2390 2394 found = true; 2391 2395 break; 2392 2396 } 2393 2397 } 2394 2398 2395 - if (!found) 2396 - return -ENOENT; 2399 + if (!found) { 2400 + rcu_read_unlock(); 2401 + err = -ENOENT; 2402 + goto errout; 2403 + } 2397 2404 2398 2405 /* 2399 2406 * We acquire tbl->lock to be nice to the periodic timers and ··· 2526 2519 2527 2520 errout_tbl_lock: 2528 2521 write_unlock_bh(&tbl->lock); 2522 + rcu_read_unlock(); 2529 2523 errout: 2530 2524 return err; 2531 2525 } ··· 3917 3909 .flags = RTNL_FLAG_DOIT_UNLOCKED | RTNL_FLAG_DUMP_UNLOCKED}, 3918 3910 {.msgtype = RTM_GETNEIGHTBL, .dumpit = neightbl_dump_info, 3919 3911 .flags = RTNL_FLAG_DUMP_UNLOCKED}, 3920 - {.msgtype = RTM_SETNEIGHTBL, .doit = neightbl_set}, 3912 + {.msgtype = RTM_SETNEIGHTBL, .doit = neightbl_set, 3913 + .flags = RTNL_FLAG_DOIT_UNLOCKED}, 3921 3914 }; 3922 3915 3923 3916 static int __init neigh_init(void)