1. 21 Jul, 2022 8 commits
  2. 20 Jul, 2022 28 commits
  3. 19 Jul, 2022 4 commits
    • Paolo Abeni's avatar
      Merge branch 'amt-fix-validation-and-synchronization-bugs' · b3fcfc4f
      Paolo Abeni authored
      Taehee Yoo says:
      
      ====================
      amt: fix validation and synchronization bugs
      
      There are some synchronization issues in the amt module.
      Especially, an amt gateway doesn't well synchronize its own variables
      and status(amt->status).
      It tries to use a workqueue for handles in a single thread.
      A global lock is also good, but it would occur complex locking complex.
      
      In this patchset, only the gateway uses workqueue.
      The reason why only gateway interface uses workqueue is that gateway
      should manage its own states and variables a little bit statefully.
      But relay doesn't need to manage tunnels statefully, stateless is okay.
      So, relay side message handlers are okay to be called concurrently.
      But it doesn't mean that no lock is needed.
      
      Only amt multicast data message type will not be processed by the work
      queue because It contains actual multicast data.
      So, it should be processed immediately.
      
      When any amt gateway events are triggered(sending discovery message by
      delayed_work, sending request message by delayed_work and receiving
      messages), it stores event and skb into the event queue(amt->events[16]).
      Then, workqueue processes these events one by one.
      
      The first patch is to use the work queue.
      
      The second patch is to remove unnecessary lock due to a previous patch.
      
      The third patch is to use READ_ONCE() in the amt module.
      Even if the amt module uses a single thread, some variables (ready4,
      ready6, amt->status) can be accessed concurrently.
      
      The fourth patch is to add missing nonce generation logic when it sends a
      new request message.
      
      The fifth patch is to drop unexpected advertisement messages.
      advertisement message should be received only after the gateway sends
      a discovery message first.
      So, the gateway should drop advertisement messages if it has never
      sent a discovery message and it also should drop duplicate advertisement
      messages.
      Using nonce is good to distinguish whether a received message is an
      expected message or not.
      
      The sixth patch is to drop unexpected query messages.
      This is the same behavior as the fourth patch.
      Query messages should be received only after the gateway sends a request
      message first.
      The nonce variable is used to distinguish whether it is a reply to a
      previous request message or not.
      amt->ready4 and amt->ready6 are used to distinguish duplicate messages.
      
      The seventh patch is to drop unexpected multicast data.
      AMT gateway should not receive multicast data message type before
      establish between gateway and relay.
      In order to drop unexpected multicast data messages, it checks amt->status.
      
      The last patch is to fix a locking problem on the relay side.
      amt->nr_tunnels variable is protected by amt->lock.
      But amt_request_handler() doesn't protect this variable.
      
      v2:
       - Use local_bh_disable() instead of rcu_read_lock_bh() in
         amt_membership_query_handler.
       - Fix using uninitialized variables.
       - Fix unexpectedly start the event_wq after stopping.
       - Fix possible deadlock in amt_event_work().
       - Add a limit variable in amt_event_work() to prevent infinite working.
       - Rename amt_queue_events() to amt_queue_event().
      ====================
      
      Link: https://lore.kernel.org/r/20220717160910.19156-1-ap420073@gmail.comSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      b3fcfc4f
    • Taehee Yoo's avatar
      amt: do not use amt->nr_tunnels outside of lock · 98991848
      Taehee Yoo authored
      amt->nr_tunnels is protected by amt->lock.
      But, amt_request_handler() has been using this variable without the
      amt->lock.
      So, it expands context of amt->lock in the amt_request_handler() to
      protect amt->nr_tunnels variable.
      
      Fixes: cbc21dc1 ("amt: add data plane of amt interface")
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      98991848
    • Taehee Yoo's avatar
      amt: drop unexpected multicast data · e882827d
      Taehee Yoo authored
      AMT gateway interface should not receive unexpected multicast data.
      Multicast data message type should be received after sending an update
      message, which means all establishment between gateway and relay is
      finished.
      So, amt_multicast_data_handler() checks amt->status.
      
      Fixes: cbc21dc1 ("amt: add data plane of amt interface")
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      e882827d
    • Taehee Yoo's avatar
      amt: drop unexpected query message · 239d8866
      Taehee Yoo authored
      AMT gateway interface should not receive unexpected query messages.
      In order to drop unexpected query messages, it checks nonce.
      And it also checks ready4 and ready6 variables to drop duplicated messages.
      
      Fixes: cbc21dc1 ("amt: add data plane of amt interface")
      Signed-off-by: default avatarTaehee Yoo <ap420073@gmail.com>
      Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
      239d8866