[PATCH v2 net-next 13/14] ipvlan: Protect ipvl_port.ipvlans with mutex.
From: Kuniyuki Iwashima <kuniyu@google.com>
Date: 2026-07-03 00:10:22
Subsystem:
networking drivers, the rest · Maintainers:
Andrew Lunn, "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Linus Torvalds
struct ipvl_port is shared between a lower device and its upper ipvlan devices. All upper devices are linked to ipvl_port.ipvlans. Once RTNL is removed, the list can be modified concurrently from different netns due to device removal. Let's protect it with a per-port mutex. NETDEV_PRECHANGEUPPER and NETDEV_CHANGEUPPER are explicitly skipped to avoid deadlock for netdev_upper_dev_unlink() called from NETDEV_UNREGISTER. Note that __ipvtap_dellink_ptr is added for CONFIG_IPVLAN=y but CONFIG_TAP=m and CONFIG_IPVTAP=m. Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com> --- v2: Add __ipvtap_dellink_ptr for CONFIG_IPVLAN=y and CONFIG_TAP=m --- drivers/net/ipvlan/ipvlan.h | 8 +++++- drivers/net/ipvlan/ipvlan_main.c | 49 ++++++++++++++++++++++++++++---- drivers/net/ipvlan/ipvtap.c | 23 ++++++++++++--- 3 files changed, 70 insertions(+), 10 deletions(-)
diff --git a/drivers/net/ipvlan/ipvlan.h b/drivers/net/ipvlan/ipvlan.h
index 78f9107fa752..9d3835c14e5e 100644
--- a/drivers/net/ipvlan/ipvlan.h
+++ b/drivers/net/ipvlan/ipvlan.h@@ -91,6 +91,7 @@ struct ipvl_port { struct hlist_head hlhead[IPVLAN_HASH_SIZE]; spinlock_t addrs_lock; /* guards hash-table and addrs */ struct list_head ipvlans; + struct mutex pnodes_lock; u16 mode; u16 flags; u16 dev_id_start;
@@ -168,7 +169,7 @@ void ipvlan_count_rx(const struct ipvl_dev *ipvlan, unsigned int len, bool success, bool mcast); int ipvlan_link_new(struct net_device *dev, struct rtnl_newlink_params *params, struct netlink_ext_ack *extack); -void ipvlan_link_delete(struct net_device *dev, struct list_head *head); +void __ipvlan_link_delete(struct net_device *dev, struct list_head *head); void ipvlan_link_setup(struct net_device *dev); int ipvlan_link_register(struct rtnl_link_ops *ops); #ifdef CONFIG_IPVLAN_L3S
@@ -207,4 +208,9 @@ static inline bool netif_is_ipvlan_port(const struct net_device *dev) return rcu_access_pointer(dev->rx_handler) == ipvlan_handle_frame; } +#if IS_ENABLED(CONFIG_IPVTAP) +extern void (*__ipvtap_dellink_ptr)(struct net_device *dev, + struct list_head *head); +#endif + #endif /* __IPVLAN_H */
diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c
index 7adad781e9b5..6d7479a8a9c6 100644
--- a/drivers/net/ipvlan/ipvlan_main.c
+++ b/drivers/net/ipvlan/ipvlan_main.c@@ -7,6 +7,12 @@ #include "ipvlan.h" +#if IS_ENABLED(CONFIG_IPVTAP) +void (*__ipvtap_dellink_ptr)(struct net_device *dev, + struct list_head *head); +EXPORT_SYMBOL(__ipvtap_dellink_ptr); +#endif + static int ipvlan_set_port_mode(struct ipvl_port *port, u16 nval, struct netlink_ext_ack *extack) {
@@ -16,6 +22,8 @@ static int ipvlan_set_port_mode(struct ipvl_port *port, u16 nval, ASSERT_RTNL(); if (port->mode != nval) { + mutex_lock(&port->pnodes_lock); + list_for_each_entry(ipvlan, &port->ipvlans, pnode) { flags = ipvlan->dev->flags; if (nval == IPVLAN_MODE_L3 || nval == IPVLAN_MODE_L3S) {
@@ -40,6 +48,8 @@ static int ipvlan_set_port_mode(struct ipvl_port *port, u16 nval, ipvlan_l3s_unregister(port); } port->mode = nval; + + mutex_unlock(&port->pnodes_lock); } return 0;
@@ -56,6 +66,8 @@ static int ipvlan_set_port_mode(struct ipvl_port *port, u16 nval, NULL); } + mutex_unlock(&port->pnodes_lock); + return err; }
@@ -76,6 +88,7 @@ static int ipvlan_port_create(struct net_device *dev) INIT_HLIST_HEAD(&port->hlhead[idx]); spin_lock_init(&port->addrs_lock); + mutex_init(&port->pnodes_lock); skb_queue_head_init(&port->backlog); INIT_WORK(&port->wq, ipvlan_process_multicast); ida_init(&port->ida);
@@ -676,7 +689,10 @@ int ipvlan_link_new(struct net_device *dev, struct rtnl_newlink_params *params, if (err) goto unlink_netdev; + mutex_lock(&port->pnodes_lock); list_add_tail_rcu(&ipvlan->pnode, &port->ipvlans); + mutex_unlock(&port->pnodes_lock); + netif_stacked_transfer_operstate(phy_dev, dev); return 0;
@@ -690,7 +706,7 @@ int ipvlan_link_new(struct net_device *dev, struct rtnl_newlink_params *params, } EXPORT_SYMBOL_GPL(ipvlan_link_new); -void ipvlan_link_delete(struct net_device *dev, struct list_head *head) +void __ipvlan_link_delete(struct net_device *dev, struct list_head *head) { struct ipvl_dev *ipvlan = netdev_priv(dev); struct ipvl_addr *addr, *next;
@@ -708,7 +724,16 @@ void ipvlan_link_delete(struct net_device *dev, struct list_head *head) unregister_netdevice_queue(dev, head); netdev_upper_dev_unlink(ipvlan->phy_dev, dev); } -EXPORT_SYMBOL_GPL(ipvlan_link_delete); +EXPORT_SYMBOL(__ipvlan_link_delete); + +static void ipvlan_link_delete(struct net_device *dev, struct list_head *head) +{ + struct ipvl_dev *ipvlan = netdev_priv(dev); + + mutex_lock(&ipvlan->port->pnodes_lock); + __ipvlan_link_delete(dev, head); + mutex_unlock(&ipvlan->port->pnodes_lock); +} void ipvlan_link_setup(struct net_device *dev) {
@@ -770,10 +795,16 @@ static int ipvlan_device_event(struct notifier_block *unused, struct ipvl_port *port; LIST_HEAD(lst_kill); + if (event == NETDEV_PRECHANGEUPPER || + event == NETDEV_CHANGEUPPER) + return ret; + port = ipvlan_port_get(dev); if (!port) return ret; + mutex_lock(&port->pnodes_lock); + switch (event) { case NETDEV_UP: case NETDEV_DOWN:
@@ -800,9 +831,15 @@ static int ipvlan_device_event(struct notifier_block *unused, if (dev->reg_state != NETREG_UNREGISTERING) break; - list_for_each_entry_safe(ipvlan, next, &port->ipvlans, pnode) - ipvlan->dev->rtnl_link_ops->dellink(ipvlan->dev, - &lst_kill); + list_for_each_entry_safe(ipvlan, next, &port->ipvlans, pnode) { +#if IS_ENABLED(CONFIG_IPVTAP) + if (ipvlan->dev->rtnl_link_ops != &ipvlan_link_ops) + __ipvtap_dellink_ptr(ipvlan->dev, &lst_kill); + else +#endif + __ipvlan_link_delete(ipvlan->dev, &lst_kill); + } + unregister_netdevice_many(&lst_kill); break;
@@ -850,6 +887,8 @@ static int ipvlan_device_event(struct notifier_block *unused, call_netdevice_notifiers(event, ipvlan->dev); } + mutex_unlock(&port->pnodes_lock); + ipvlan_port_put(port); return ret;
diff --git a/drivers/net/ipvlan/ipvtap.c b/drivers/net/ipvlan/ipvtap.c
index 2d6bbddd1edd..99eaa29057b4 100644
--- a/drivers/net/ipvlan/ipvtap.c
+++ b/drivers/net/ipvlan/ipvtap.c@@ -109,14 +109,24 @@ static int ipvtap_newlink(struct net_device *dev, return err; } +static void __ipvtap_dellink(struct net_device *dev, struct list_head *head) +{ + struct ipvtap_dev *vlantap = netdev_priv(dev); + + netdev_rx_handler_unregister(dev); + tap_del_queues(&vlantap->tap); + __ipvlan_link_delete(dev, head); +} + static void ipvtap_dellink(struct net_device *dev, struct list_head *head) { - struct ipvtap_dev *vlan = netdev_priv(dev); + struct ipvtap_dev *vlantap = netdev_priv(dev); + struct ipvl_port *port = vlantap->vlan.port; - netdev_rx_handler_unregister(dev); - tap_del_queues(&vlan->tap); - ipvlan_link_delete(dev, head); + mutex_lock(&port->pnodes_lock); + __ipvtap_dellink(dev, head); + mutex_unlock(&port->pnodes_lock); } static void ipvtap_setup(struct net_device *dev)
@@ -198,6 +208,8 @@ static int __init ipvtap_init(void) { int err; + __ipvtap_dellink_ptr = __ipvtap_dellink; + err = tap_create_cdev(&ipvtap_cdev, &ipvtap_major, "ipvtap", THIS_MODULE); if (err)
@@ -224,6 +236,8 @@ static int __init ipvtap_init(void) out2: tap_destroy_cdev(ipvtap_major, &ipvtap_cdev); out1: + __ipvtap_dellink_ptr = NULL; + return err; } module_init(ipvtap_init);
@@ -234,6 +248,7 @@ static void __exit ipvtap_exit(void) unregister_netdevice_notifier(&ipvtap_notifier_block); class_unregister(&ipvtap_class); tap_destroy_cdev(ipvtap_major, &ipvtap_cdev); + __ipvtap_dellink_ptr = NULL; } module_exit(ipvtap_exit); MODULE_ALIAS_RTNL_LINK("ipvtap");
--
2.55.0.rc0.799.gd6f94ed593-goog