From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Stefano Brivio <sbrivio@redhat.com>,
NOYB <JunkYardMail1@Frontier.com>,
Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
Sasha Levin <sashal@kernel.org>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.19 051/158] ipset: Fix memory accounting for hash types on resize
Date: Mon, 15 Jul 2019 10:16:22 -0400 [thread overview]
Message-ID: <20190715141809.8445-51-sashal@kernel.org> (raw)
In-Reply-To: <20190715141809.8445-1-sashal@kernel.org>
From: Stefano Brivio <sbrivio@redhat.com>
[ Upstream commit 11921796f4799ca9c61c4b22cc54d84aa69f8a35 ]
If a fresh array block is allocated during resize, the current in-memory
set size should be increased by the size of the block, not replaced by it.
Before the fix, adding entries to a hash set type, leading to a table
resize, caused an inconsistent memory size to be reported. This becomes
more obvious when swapping sets with similar sizes:
# cat hash_ip_size.sh
#!/bin/sh
FAIL_RETRIES=10
tries=0
while [ ${tries} -lt ${FAIL_RETRIES} ]; do
ipset create t1 hash:ip
for i in `seq 1 4345`; do
ipset add t1 1.2.$((i / 255)).$((i % 255))
done
t1_init="$(ipset list t1|sed -n 's/Size in memory: \(.*\)/\1/p')"
ipset create t2 hash:ip
for i in `seq 1 4360`; do
ipset add t2 1.2.$((i / 255)).$((i % 255))
done
t2_init="$(ipset list t2|sed -n 's/Size in memory: \(.*\)/\1/p')"
ipset swap t1 t2
t1_swap="$(ipset list t1|sed -n 's/Size in memory: \(.*\)/\1/p')"
t2_swap="$(ipset list t2|sed -n 's/Size in memory: \(.*\)/\1/p')"
ipset destroy t1
ipset destroy t2
tries=$((tries + 1))
if [ ${t1_init} -lt 10000 ] || [ ${t2_init} -lt 10000 ]; then
echo "FAIL after ${tries} tries:"
echo "T1 size ${t1_init}, after swap ${t1_swap}"
echo "T2 size ${t2_init}, after swap ${t2_swap}"
exit 1
fi
done
echo "PASS"
# echo -n 'func hash_ip4_resize +p' > /sys/kernel/debug/dynamic_debug/control
# ./hash_ip_size.sh
[ 2035.018673] attempt to resize set t1 from 10 to 11, t 00000000fe6551fa
[ 2035.078583] set t1 resized from 10 (00000000fe6551fa) to 11 (00000000172a0163)
[ 2035.080353] Table destroy by resize 00000000fe6551fa
FAIL after 4 tries:
T1 size 9064, after swap 71128
T2 size 71128, after swap 9064
Reported-by: NOYB <JunkYardMail1@Frontier.com>
Fixes: 9e41f26a505c ("netfilter: ipset: Count non-static extension memory for userspace")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/ipset/ip_set_hash_gen.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index 8a33dac4e805..ddfe06d7530b 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -625,7 +625,7 @@ mtype_resize(struct ip_set *set, bool retried)
goto cleanup;
}
m->size = AHASH_INIT_SIZE;
- extsize = ext_size(AHASH_INIT_SIZE, dsize);
+ extsize += ext_size(AHASH_INIT_SIZE, dsize);
RCU_INIT_POINTER(hbucket(t, key), m);
} else if (m->pos >= m->size) {
struct hbucket *ht;
--
2.20.1
next prev parent reply other threads:[~2019-07-15 14:20 UTC|newest]
Thread overview: 63+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-15 14:15 [PATCH AUTOSEL 4.19 001/158] wil6210: fix potential out-of-bounds read Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 002/158] ath10k: Do not send probe response template for mesh Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 003/158] ath9k: Check for errors when reading SREV register Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 004/158] ath6kl: add some bounds checking Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 005/158] ath10k: add peer id check in ath10k_peer_find_by_id Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 007/158] wil6210: fix spurious interrupts in 3-msi Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 008/158] ath: DFS JP domain W56 fixed pulse type 3 RADAR detection Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 010/158] batman-adv: fix for leaked TVLV handler Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 018/158] net: stmmac: dwmac1000: Clear unused address entries Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 019/158] net: stmmac: dwmac4/5: " Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 020/158] qed: Set the doorbell address correctly Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 023/158] af_key: fix leaks in key_pol_get_resp and dump_sp Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 024/158] xfrm: Fix xfrm sel prefix length validation Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 027/158] Revert "e1000e: fix cyclic resets at link up with active tx" Sasha Levin
2019-07-15 14:15 ` [PATCH AUTOSEL 4.19 028/158] e1000e: start network tx queue only when link is up Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 032/158] net: phy: Check against net_device being NULL Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 036/158] batman-adv: Fix duplicated OGMs on NETDEV_UP Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 039/158] net: hns3: set ops to null when unregister ad_dev Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 043/158] net: stmmac: dwmac4: fix flow control issue Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 044/158] net: stmmac: modify default value of tx-frames Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 046/158] net: fec: Do not use netdev messages too early Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 047/158] net: axienet: Fix race condition causing TX hang Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 050/158] net: sfp: add mutex to prevent concurrent state checks Sasha Levin
2019-07-15 14:16 ` Sasha Levin [this message]
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 062/158] bpf: silence warning messages in core Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 069/158] qed: iWARP - Fix tc for MPA ll2 connection Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 070/158] net: hns3: fix for skb leak when doing selftest Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 073/158] xfrm: fix sa selector validation Sasha Levin
2019-07-15 14:16 ` [PATCH AUTOSEL 4.19 079/158] vhost_net: disable zerocopy by default Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 090/158] ipsec: select crypto ciphers for xfrm_algo Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 091/158] ipvs: defer hook registration to avoid leaks Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 102/158] net: stmmac: sun8i: force select external PHY when no internal one Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 103/158] rtlwifi: rtl8192cu: fix error handle when usb probe failed Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 104/158] mt7601u: do not schedule rx_tasklet when the device has been disconnected Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 106/158] mt7601u: fix possible memory leak when the device is disconnected Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 107/158] ipvs: fix tinfo memory leak in start_sync_thread Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 108/158] ath10k: add missing error handling Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 109/158] ath10k: fix PCIE device wake up failed Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 114/158] xsk: Properly terminate assignment in xskq_produce_flush_desc Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 117/158] ixgbe: Check DDM existence in transceiver before access Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 121/158] wil6210: drop old event after wmi_call timeout Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 129/158] net: hns3: fix a -Wformat-nonliteral compile warning Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 130/158] net: hns3: add some error checking in hclge_tm module Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 131/158] ath10k: destroy sdio workqueue while remove sdio module Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 132/158] net: mvpp2: prs: Don't override the sign bit in SRAM parser shift Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 133/158] igb: clear out skb->tstamp after reading the txtime Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 134/158] iwlwifi: mvm: Drop large non sta frames Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 135/158] bpf: fix uapi bpf_prog_info fields alignment Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 138/158] bnx2x: Prevent ptp_task to be rescheduled indefinitely Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 139/158] net: usb: asix: init MAC address buffers Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 141/158] bpf, libbpf, smatch: Fix potential NULL pointer dereference Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 142/158] selftests: bpf: fix inlines in test_lwt_seg6local Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 143/158] bonding: validate ip header before check IPPROTO_IGMP Sasha Levin
2019-07-15 14:17 ` [PATCH AUTOSEL 4.19 145/158] tools: bpftool: Fix json dump crash on powerpc Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 149/158] Bluetooth: 6lowpan: search for destination address in all peers Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 151/158] Bluetooth: Check state in l2cap_disconnect_rsp Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 152/158] gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 153/158] Bluetooth: validate BLE connection interval updates Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 154/158] gtp: fix suspicious RCU usage Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 155/158] gtp: fix Illegal context switch in RCU read-side critical section Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 156/158] gtp: fix use-after-free in gtp_encap_destroy() Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 157/158] gtp: fix use-after-free in gtp_newlink() Sasha Levin
2019-07-15 14:18 ` [PATCH AUTOSEL 4.19 158/158] net: mvmdio: defer probe of orion-mdio if a clock is not ready Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190715141809.8445-51-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=JunkYardMail1@Frontier.com \
--cc=coreteam@netfilter.org \
--cc=kadlec@blackhole.kfki.hu \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=sbrivio@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).