From: Greg KH <greg@kroah.com>
To: Pavel Machek <pavel@denx.de>
Cc: wens@csie.org, stable@vger.kernel.org,
mark.tomlinson@alliedtelesis.co.nz, pablo@netfilter.org
Subject: Re: [PATCH 4.4] netfilter: x_tables: Use correct memory barriers.
Date: Mon, 10 May 2021 09:52:06 +0200 [thread overview]
Message-ID: <YJjmJvw/urUncdcd@kroah.com> (raw)
In-Reply-To: <20210509082436.GA25504@amd>
On Sun, May 09, 2021 at 10:24:36AM +0200, Pavel Machek wrote:
>
> From: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
>
> commit 175e476b8cdf2a4de7432583b49c871345e4f8a1 upstream.
>
> When a new table value was assigned, it was followed by a write memory
> barrier. This ensured that all writes before this point would complete
> before any writes after this point. However, to determine whether the
> rules are unused, the sequence counter is read. To ensure that all
> writes have been done before these reads, a full memory barrier is
> needed, not just a write memory barrier. The same argument applies when
> incrementing the counter, before the rules are read.
>
> Changing to using smp_mb() instead of smp_wmb() fixes the kernel panic
> reported in cc00bcaa5899 (which is still present), while still
> maintaining the same speed of replacing tables.
>
> The smb_mb() barriers potentially slow the packet path, however testing
> has shown no measurable change in performance on a 4-core MIPS64
> platform.
>
> Fixes: 7f5c6d4f665b ("netfilter: get rid of atomic ops in fast path")
> Signed-off-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz>
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> [Ported to stable, affected barrier is added by d3d40f237480abf3268956daf18cdc56edd32834 in mainline]
> Signed-off-by: Pavel Machek (CIP) <pavel@denx.de>
> ---
> include/linux/netfilter/x_tables.h | 2 +-
> net/netfilter/x_tables.c | 3 +++
> 2 files changed, 4 insertions(+), 1 deletion(-)
What about 4.14 and 4.9? I can't take patches only for 4.4 that are not
also in newer releases.
thanks,
greg k-h
next prev parent reply other threads:[~2021-05-10 7:52 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-09 8:24 [PATCH 4.4] netfilter: x_tables: Use correct memory barriers Pavel Machek
2021-05-10 7:52 ` Greg KH [this message]
2021-05-20 8:04 ` Nobuhiro Iwamatsu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YJjmJvw/urUncdcd@kroah.com \
--to=greg@kroah.com \
--cc=mark.tomlinson@alliedtelesis.co.nz \
--cc=pablo@netfilter.org \
--cc=pavel@denx.de \
--cc=stable@vger.kernel.org \
--cc=wens@csie.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.