* Re: FW: [PATCH 2/2] ath10k: allow ATH10K_SNOC with COMPILE_TEST
From: Niklas Cassel @ 2018-06-13 13:28 UTC (permalink / raw)
To: Govind Singh, bjorn.andersson
Cc: kvalo, davem, netdev, linux-wireless, linux-kernel, ath10k
In-Reply-To: <20180612124403.GA26986@centauri.lan>
On Tue, Jun 12, 2018 at 02:44:03PM +0200, Niklas Cassel wrote:
> On Tue, Jun 12, 2018 at 06:02:48PM +0530, Govind Singh wrote:
> > On 2018-06-12 17:45, Govind Singh wrote:
> > > -----Original Message-----
> > > From: ath10k <ath10k-bounces@lists.infradead.org> On Behalf Of Niklas
> > > Cassel
> > > Sent: Tuesday, June 12, 2018 5:09 PM
> > > To: Kalle Valo <kvalo@codeaurora.org>; David S. Miller
> > > <davem@davemloft.net>
> > > Cc: Niklas Cassel <niklas.cassel@linaro.org>; netdev@vger.kernel.org;
> > > linux-wireless@vger.kernel.org; linux-kernel@vger.kernel.org;
> > > ath10k@lists.infradead.org
> > > Subject: [PATCH 2/2] ath10k: allow ATH10K_SNOC with COMPILE_TEST
> > >
> > > ATH10K_SNOC builds just fine with COMPILE_TEST, so make that possible.
> > >
> > > Signed-off-by: Niklas Cassel <niklas.cassel@linaro.org>
> > > ---
> > > drivers/net/wireless/ath/ath10k/Kconfig | 3 ++-
> > > 1 file changed, 2 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/drivers/net/wireless/ath/ath10k/Kconfig
> > > b/drivers/net/wireless/ath/ath10k/Kconfig
> > > index 54ff5930126c..6572a43590a8 100644
> > > --- a/drivers/net/wireless/ath/ath10k/Kconfig
> > > +++ b/drivers/net/wireless/ath/ath10k/Kconfig
> > > @@ -42,7 +42,8 @@ config ATH10K_USB
> > >
> > > config ATH10K_SNOC
> > > tristate "Qualcomm ath10k SNOC support (EXPERIMENTAL)"
> > > - depends on ATH10K && ARCH_QCOM
> > > + depends on ATH10K
> > > + depends on ARCH_QCOM || COMPILE_TEST
> > > ---help---
> > > This module adds support for integrated WCN3990 chip connected
> > > to system NOC(SNOC). Currently work in progress and will not
> >
> > Thanks Niklas for enabling COMPILE_TEST. With QMI set of
> > changes(https://patchwork.kernel.org/patch/10448183/), we need to enable
> > COMPILE_TEST for
> > QCOM_SCM/QMI_HELPERS which seems broken today. Are you planning to fix the
> > same.
>
>
This patch is good as is.
However, Govind's QMI patch set together with this patch
resulted in build errors.
FTR, these are fixed by:
https://marc.info/?l=linux-kernel&m=152880985402356
https://marc.info/?l=linux-kernel&m=152889452326350
Regards,
Niklas
^ permalink raw reply
* Re: [PATCH net/jkirsher] bpf, xdp, i40e: fix i40e_build_skb skb reserve and truesize
From: Keith Busch @ 2018-06-13 13:30 UTC (permalink / raw)
To: Daniel Borkmann
Cc: jeffrey.t.kirsher, intel-wired-lan, makita.toshiaki, bjorn.topel,
john.fastabend, netdev
In-Reply-To: <20180613090436.4266-1-daniel@iogearbox.net>
On Wed, Jun 13, 2018 at 11:04:36AM +0200, Daniel Borkmann wrote:
> Using skb_reserve(skb, I40E_SKB_PAD + (xdp->data - xdp->data_hard_start))
> is clearly wrong since I40E_SKB_PAD already points to the offset where
> the original xdp->data was sitting since xdp->data_hard_start is defined
> as xdp->data - i40e_rx_offset(rx_ring) where latter offsets to I40E_SKB_PAD
> when build skb is used.
>
> However, also before cc5b114dcf98 ("bpf, i40e: add meta data support")
> this seems broken since bpf_xdp_adjust_head() helper could have been used
> to alter headroom and enlarge / shrink the frame and with that the assumption
> that the xdp->data remains unchanged does not hold and would push a bogus
> packet to upper stack.
>
> ixgbe got this right in 924708081629 ("ixgbe: add XDP support for pass and
> drop actions"). In any case, fix it by removing the I40E_SKB_PAD from both
> skb_reserve() and truesize calculation.
>
> Fixes: cc5b114dcf98 ("bpf, i40e: add meta data support")
> Fixes: 0c8493d90b6b ("i40e: add XDP support for pass and drop actions")
> Reported-by: Keith Busch <keith.busch@linux.intel.com>
> Reported-by: Toshiaki Makita <makita.toshiaki@lab.ntt.co.jp>
> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
> Cc: Björn Töpel <bjorn.topel@intel.com>
> Cc: John Fastabend <john.fastabend@gmail.com>
Thanks for the quick fix! This works for me.
Tested-by: Keith Busch <keith.busch@linux.intel.com>
^ permalink raw reply
* Hello My Dear Friend,
From: Mrs.Zainab Ahmed @ 2018-06-13 13:25 UTC (permalink / raw)
In-Reply-To: <1487300945.4163989.1528896325939.ref@mail.yahoo.com>
I have a business proposal in the tune of $10.2 Million USD for you to handle with me. I have opportunity to transfer this abandon fund to your bank account in your country which belongs to our client.
I am inviting you in this transaction where this money can be shared between us at ratio of 60/40% and help the needy around us don’t be afraid of anything I am with you I will instruct you what you will do to maintain this fund.
Please kindly contact me with your information's if you are interested in this transaction for more details.
Your Name:..............
Your Bank Name:.............
Your Account Number:...........
Your Telephone Number:............
Your Country And Address:............
Your Age And Sex:.......................
Thanks
Mrs.Zainab Ahmed,
^ permalink raw reply
* [PATCH net 3/4] l2tp: prevent pppol2tp_connect() from creating kernel sockets
From: Guillaume Nault @ 2018-06-13 13:09 UTC (permalink / raw)
To: netdev; +Cc: James Chapman
In-Reply-To: <cover.1528887257.git.g.nault@alphalink.fr>
If 'fd' is negative, l2tp_tunnel_create() creates a tunnel socket using
the configuration passed in 'tcfg'. Currently, pppol2tp_connect() sets
the relevant fields to zero, tricking l2tp_tunnel_create() into setting
up an unusable kernel socket.
We can't set 'tcfg' with the required fields because there's no way to
get them from the current connect() parameters. So let's restrict
kernel sockets creation to the netlink API, which is the original use
case.
Fixes: 789a4a2c61d8 ("l2tp: Add support for static unmanaged L2TPv3 tunnels")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
---
net/l2tp/l2tp_ppp.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index 8b3b6947a07d..1b24f76ae210 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -701,6 +701,15 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
.encap = L2TP_ENCAPTYPE_UDP,
.debug = 0,
};
+
+ /* Prevent l2tp_tunnel_register() from trying to set up
+ * a kernel socket.
+ */
+ if (fd < 0) {
+ error = -EBADF;
+ goto end;
+ }
+
error = l2tp_tunnel_create(sock_net(sk), fd, ver, tunnel_id, peer_tunnel_id, &tcfg, &tunnel);
if (error < 0)
goto end;
--
2.17.1
^ permalink raw reply related
* [PATCH net 4/4] l2tp: clean up stale tunnel or session in pppol2tp_connect's error path
From: Guillaume Nault @ 2018-06-13 13:09 UTC (permalink / raw)
To: netdev; +Cc: James Chapman
In-Reply-To: <cover.1528887257.git.g.nault@alphalink.fr>
pppol2tp_connect() may create a tunnel or a session. Remove them in
case of error.
Fixes: fd558d186df2 ("l2tp: Split pppol2tp patch into separate l2tp and ppp parts")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
---
net/l2tp/l2tp_ppp.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index 1b24f76ae210..f429fed06a1e 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -612,6 +612,8 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
u32 session_id, peer_session_id;
bool drop_refcnt = false;
bool drop_tunnel = false;
+ bool new_session = false;
+ bool new_tunnel = false;
int ver = 2;
int fd;
@@ -722,6 +724,7 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
goto end;
}
drop_tunnel = true;
+ new_tunnel = true;
}
} else {
/* Error if we can't find the tunnel */
@@ -788,6 +791,7 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
goto end;
}
drop_refcnt = true;
+ new_session = true;
}
/* Special case: if source & dest session_id == 0x0000, this
@@ -834,6 +838,12 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
session->name);
end:
+ if (error) {
+ if (new_session)
+ l2tp_session_delete(session);
+ if (new_tunnel)
+ l2tp_tunnel_delete(tunnel);
+ }
if (drop_refcnt)
l2tp_session_dec_refcount(session);
if (drop_tunnel)
--
2.17.1
^ permalink raw reply related
* [PATCH net 2/4] l2tp: only accept PPP sessions in pppol2tp_connect()
From: Guillaume Nault @ 2018-06-13 13:09 UTC (permalink / raw)
To: netdev; +Cc: James Chapman
In-Reply-To: <cover.1528887257.git.g.nault@alphalink.fr>
l2tp_session_priv() returns a struct pppol2tp_session pointer only for
PPPoL2TP sessions. In particular, if the session is an L2TP_PWTYPE_ETH
pseudo-wire, l2tp_session_priv() returns a pointer to an l2tp_eth_sess
structure, which is much smaller than struct pppol2tp_session. This
leads to invalid memory dereference when trying to lock ps->sk_lock.
Fixes: d9e31d17ceba ("l2tp: Add L2TP ethernet pseudowire support")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
---
net/l2tp/l2tp_ppp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index 270a0a999eaf..8b3b6947a07d 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -734,6 +734,12 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
session = l2tp_session_get(sock_net(sk), tunnel, session_id);
if (session) {
drop_refcnt = true;
+
+ if (session->pwtype != L2TP_PWTYPE_PPP) {
+ error = -EPROTOTYPE;
+ goto end;
+ }
+
ps = l2tp_session_priv(session);
/* Using a pre-existing session is fine as long as it hasn't
--
2.17.1
^ permalink raw reply related
* [PATCH net 1/4] l2tp: fix pseudo-wire type for sessions created by pppol2tp_connect()
From: Guillaume Nault @ 2018-06-13 13:09 UTC (permalink / raw)
To: netdev; +Cc: James Chapman
In-Reply-To: <cover.1528887257.git.g.nault@alphalink.fr>
Define cfg.pw_type so that the new session is created with its .pwtype
field properly set (L2TP_PWTYPE_PPP).
Not setting the pseudo-wire type had several annoying effects:
* Invalid value returned in the L2TP_ATTR_PW_TYPE attribute when
dumping sessions with the netlink API.
* Impossibility to delete the session using the netlink API (because
l2tp_nl_cmd_session_delete() gets the deletion callback function
from an array indexed by the session's pseudo-wire type).
Also, there are several cases where we should check a session's
pseudo-wire type. For example, pppol2tp_connect() should refuse to
connect a session that is not PPPoL2TP, but that requires the session's
.pwtype field to be properly set.
Fixes: f7faffa3ff8e ("l2tp: Add L2TPv3 protocol support")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
---
net/l2tp/l2tp_ppp.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index b56cb1df4fc0..270a0a999eaf 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -751,6 +751,7 @@ static int pppol2tp_connect(struct socket *sock, struct sockaddr *uservaddr,
/* Default MTU must allow space for UDP/L2TP/PPP headers */
cfg.mtu = 1500 - PPPOL2TP_HEADER_OVERHEAD;
cfg.mru = cfg.mtu;
+ cfg.pw_type = L2TP_PWTYPE_PPP;
session = l2tp_session_create(sizeof(struct pppol2tp_session),
tunnel, session_id,
--
2.17.1
^ permalink raw reply related
* [PATCH net 0/4] l2tp: pppol2tp_connect() fixes
From: Guillaume Nault @ 2018-06-13 13:09 UTC (permalink / raw)
To: netdev; +Cc: James Chapman
This series fixes a few remaining issues with pppol2tp_connect().
It doesn't try to prevent invalid configurations that have no effect on
kernel's reliability. That would be work for a future patch set.
Patch 2 is the most important as it avoids an invalid pointer
dereference crashing the kernel. It depends on patch 1 for correctly
identifying L2TP session types.
Patches 3 and 4 avoid creating stale tunnels and sessions.
Guillaume Nault (4):
l2tp: fix pseudo-wire type for sessions created by pppol2tp_connect()
l2tp: only accept PPP sessions in pppol2tp_connect()
l2tp: prevent pppol2tp_connect() from creating kernel sockets
l2tp: clean up stale tunnel or session in pppol2tp_connect's error
path
net/l2tp/l2tp_ppp.c | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
--
2.17.1
^ permalink raw reply
* Re: [PATCH net-next 0/10] xfrm: remove flow cache
From: Florian Westphal @ 2018-06-13 12:40 UTC (permalink / raw)
To: Kristian Evensen
Cc: David Miller, Florian Westphal, Network Development,
Steffen Klassert, ilant
In-Reply-To: <CAKfDRXgL+KHsO78fpD12t1o_P3LZV_RAkOPdzW26f4DXH7PoMA@mail.gmail.com>
Kristian Evensen <kristian.evensen@gmail.com> wrote:
> Hello,
>
> On Tue, Jul 18, 2017 at 8:15 PM, David Miller <davem@davemloft.net> wrote:
> > Steffen, I know you have some level of trepidation about this because
> > there is obviously some performance cost immediately for removing this
> > DoS problem.
>
> In a project I am involved in, we are running ipsec (Strongswan) on
> different mt7621-based routers. Each router is configured as an
> initiator and has around ~30 tunnels to different responders (running
> on misc. devices). Before the flow cache was removed (kernel 4.9), we
> got a combined throughput of around 70Mbit/s for all tunnels on one
> router. However, we recently switched to kernel 4.14 (4.14.48), and
> the total throughput is somewhere around 57Mbit/s (best-case). I.e., a
> drop of around 20%. Reverting the flow cache removal restores, as
> expected, performance levels to that of kernel 4.9.
Can you test attached patch?
I'd like to see how much the pcpu cache helps or if it actually hurts
in your setup.
Subject: [TEST PATCH 4.14.y] xfrm: remove pcpu policy cache
We need to re-evaluate if this still buys anything after indirect calls
got more expensive (retpolines).
When pcpu xdst exists, it has to be validated first (which needs
indirect calls). So even if hit rate is good, it might be cheaper to
allocate a new xdst entry.
Furthermore, the current xdst cache needs to run with BH off, which
is also not needed when its removed.
Compile tested only.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
include/net/xfrm.h | 1 -
net/xfrm/xfrm_device.c | 10 ----
net/xfrm/xfrm_policy.c | 138 +------------------------------------------------
net/xfrm/xfrm_state.c | 5 +-
4 files changed, 3 insertions(+), 151 deletions(-)
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index db99efb2d1d0..bdf185ae93db 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -323,7 +323,6 @@ int xfrm_policy_register_afinfo(const struct xfrm_policy_afinfo *afinfo, int fam
void xfrm_policy_unregister_afinfo(const struct xfrm_policy_afinfo *afinfo);
void km_policy_notify(struct xfrm_policy *xp, int dir,
const struct km_event *c);
-void xfrm_policy_cache_flush(void);
void km_state_notify(struct xfrm_state *x, const struct km_event *c);
struct xfrm_tmpl;
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 30e5746085b8..4e458fd9236a 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -153,12 +153,6 @@ static int xfrm_dev_register(struct net_device *dev)
return NOTIFY_DONE;
}
-static int xfrm_dev_unregister(struct net_device *dev)
-{
- xfrm_policy_cache_flush();
- return NOTIFY_DONE;
-}
-
static int xfrm_dev_feat_change(struct net_device *dev)
{
if ((dev->features & NETIF_F_HW_ESP) && !dev->xfrmdev_ops)
@@ -178,7 +172,6 @@ static int xfrm_dev_down(struct net_device *dev)
if (dev->features & NETIF_F_HW_ESP)
xfrm_dev_state_flush(dev_net(dev), dev, true);
- xfrm_policy_cache_flush();
return NOTIFY_DONE;
}
@@ -190,9 +183,6 @@ static int xfrm_dev_event(struct notifier_block *this, unsigned long event, void
case NETDEV_REGISTER:
return xfrm_dev_register(dev);
- case NETDEV_UNREGISTER:
- return xfrm_dev_unregister(dev);
-
case NETDEV_FEAT_CHANGE:
return xfrm_dev_feat_change(dev);
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 9c57d6a5816c..cdfb60a9820b 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -45,8 +45,6 @@ struct xfrm_flo {
u8 flags;
};
-static DEFINE_PER_CPU(struct xfrm_dst *, xfrm_last_dst);
-static struct work_struct *xfrm_pcpu_work __read_mostly;
static DEFINE_SPINLOCK(xfrm_policy_afinfo_lock);
static struct xfrm_policy_afinfo const __rcu *xfrm_policy_afinfo[AF_INET6 + 1]
__read_mostly;
@@ -1715,108 +1713,6 @@ static int xfrm_expand_policies(const struct flowi *fl, u16 family,
}
-static void xfrm_last_dst_update(struct xfrm_dst *xdst, struct xfrm_dst *old)
-{
- this_cpu_write(xfrm_last_dst, xdst);
- if (old)
- dst_release(&old->u.dst);
-}
-
-static void __xfrm_pcpu_work_fn(void)
-{
- struct xfrm_dst *old;
-
- old = this_cpu_read(xfrm_last_dst);
- if (old && !xfrm_bundle_ok(old))
- xfrm_last_dst_update(NULL, old);
-}
-
-static void xfrm_pcpu_work_fn(struct work_struct *work)
-{
- local_bh_disable();
- rcu_read_lock();
- __xfrm_pcpu_work_fn();
- rcu_read_unlock();
- local_bh_enable();
-}
-
-void xfrm_policy_cache_flush(void)
-{
- struct xfrm_dst *old;
- bool found = 0;
- int cpu;
-
- might_sleep();
-
- local_bh_disable();
- rcu_read_lock();
- for_each_possible_cpu(cpu) {
- old = per_cpu(xfrm_last_dst, cpu);
- if (old && !xfrm_bundle_ok(old)) {
- if (smp_processor_id() == cpu) {
- __xfrm_pcpu_work_fn();
- continue;
- }
- found = true;
- break;
- }
- }
-
- rcu_read_unlock();
- local_bh_enable();
-
- if (!found)
- return;
-
- get_online_cpus();
-
- for_each_possible_cpu(cpu) {
- bool bundle_release;
-
- rcu_read_lock();
- old = per_cpu(xfrm_last_dst, cpu);
- bundle_release = old && !xfrm_bundle_ok(old);
- rcu_read_unlock();
-
- if (!bundle_release)
- continue;
-
- if (cpu_online(cpu)) {
- schedule_work_on(cpu, &xfrm_pcpu_work[cpu]);
- continue;
- }
-
- rcu_read_lock();
- old = per_cpu(xfrm_last_dst, cpu);
- if (old && !xfrm_bundle_ok(old)) {
- per_cpu(xfrm_last_dst, cpu) = NULL;
- dst_release(&old->u.dst);
- }
- rcu_read_unlock();
- }
-
- put_online_cpus();
-}
-
-static bool xfrm_xdst_can_reuse(struct xfrm_dst *xdst,
- struct xfrm_state * const xfrm[],
- int num)
-{
- const struct dst_entry *dst = &xdst->u.dst;
- int i;
-
- if (xdst->num_xfrms != num)
- return false;
-
- for (i = 0; i < num; i++) {
- if (!dst || dst->xfrm != xfrm[i])
- return false;
- dst = dst->child;
- }
-
- return xfrm_bundle_ok(xdst);
-}
-
static struct xfrm_dst *
xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols,
const struct flowi *fl, u16 family,
@@ -1824,7 +1720,7 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols,
{
struct net *net = xp_net(pols[0]);
struct xfrm_state *xfrm[XFRM_MAX_DEPTH];
- struct xfrm_dst *xdst, *old;
+ struct xfrm_dst *xdst;
struct dst_entry *dst;
int err;
@@ -1836,21 +1732,6 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols,
return ERR_PTR(err);
}
- xdst = this_cpu_read(xfrm_last_dst);
- if (xdst &&
- xdst->u.dst.dev == dst_orig->dev &&
- xdst->num_pols == num_pols &&
- memcmp(xdst->pols, pols,
- sizeof(struct xfrm_policy *) * num_pols) == 0 &&
- xfrm_xdst_can_reuse(xdst, xfrm, err)) {
- dst_hold(&xdst->u.dst);
- while (err > 0)
- xfrm_state_put(xfrm[--err]);
- return xdst;
- }
-
- old = xdst;
-
dst = xfrm_bundle_create(pols[0], xfrm, err, fl, dst_orig);
if (IS_ERR(dst)) {
XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTBUNDLEGENERROR);
@@ -1863,9 +1744,6 @@ xfrm_resolve_and_create_bundle(struct xfrm_policy **pols, int num_pols,
memcpy(xdst->pols, pols, sizeof(struct xfrm_policy *) * num_pols);
xdst->policy_genid = atomic_read(&pols[0]->genid);
- atomic_set(&xdst->u.dst.__refcnt, 2);
- xfrm_last_dst_update(xdst, old);
-
return xdst;
}
@@ -2066,11 +1944,8 @@ xfrm_bundle_lookup(struct net *net, const struct flowi *fl, u16 family, u8 dir,
if (num_xfrms <= 0)
goto make_dummy_bundle;
- local_bh_disable();
xdst = xfrm_resolve_and_create_bundle(pols, num_pols, fl, family,
xflo->dst_orig);
- local_bh_enable();
-
if (IS_ERR(xdst)) {
err = PTR_ERR(xdst);
if (err != -EAGAIN)
@@ -2157,11 +2032,9 @@ struct dst_entry *xfrm_lookup(struct net *net, struct dst_entry *dst_orig,
goto no_transform;
}
- local_bh_disable();
xdst = xfrm_resolve_and_create_bundle(
pols, num_pols, fl,
family, dst_orig);
- local_bh_enable();
if (IS_ERR(xdst)) {
xfrm_pols_put(pols, num_pols);
@@ -2982,15 +2855,6 @@ static struct pernet_operations __net_initdata xfrm_net_ops = {
void __init xfrm_init(void)
{
- int i;
-
- xfrm_pcpu_work = kmalloc_array(NR_CPUS, sizeof(*xfrm_pcpu_work),
- GFP_KERNEL);
- BUG_ON(!xfrm_pcpu_work);
-
- for (i = 0; i < NR_CPUS; i++)
- INIT_WORK(&xfrm_pcpu_work[i], xfrm_pcpu_work_fn);
-
register_pernet_subsys(&xfrm_net_ops);
seqcount_init(&xfrm_policy_hash_generation);
xfrm_input_init();
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 6c4ec69e11a0..bff47fd1519b 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -735,10 +735,9 @@ int xfrm_state_flush(struct net *net, u8 proto, bool task_valid)
}
out:
spin_unlock_bh(&net->xfrm.xfrm_state_lock);
- if (cnt) {
+ if (cnt)
err = 0;
- xfrm_policy_cache_flush();
- }
+
return err;
}
EXPORT_SYMBOL(xfrm_state_flush);
--
2.16.4
> Carrying around a fairly large revert patch is not something we want,
> we are more interested in trying to fix at least some of the
> performance problems. However, we are not very experienced when it
> comes to profiling the kernel code or the xfrm-code itself. Are there
> any known areas we should take a special look at, or should we just
> read-up on different profiling tools and get started?
>
> Also, the revert went very smooth, which always makes me a bit
> nervous. Are there any parts of the flow cache removal that should or
> would require a bit of special care when reverted?
>
> Thanks in advance for any help.
>
> BR,
> Kristian
--
Florian Westphal <fw@strlen.de>
4096R/AD5FF600 2015-09-13
Key fingerprint = 80A9 20C5 B203 E069 F586 AE9F 7091 A8D9 AD5F F600
Phone: +49 151 11132303
^ permalink raw reply related
* [PATCH 1/1] selftest: check tunnel type more accurately
From: Wang Jian @ 2018-06-13 12:03 UTC (permalink / raw)
To: ast, daniel, shuah, netdev
Grep tunnel type directly to make sure 'ip' command supports it.
Signed-off-by: Jian Wang <jianjian.wang1@gmail.com>
---
tools/testing/selftests/bpf/test_tunnel.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/testing/selftests/bpf/test_tunnel.sh
b/tools/testing/selftests/bpf/test_tunnel.sh
index aeb2901..c4b5fbb 100755
--- a/tools/testing/selftests/bpf/test_tunnel.sh
+++ b/tools/testing/selftests/bpf/test_tunnel.sh
@@ -668,7 +668,7 @@ cleanup_exit()
check()
{
- ip link help $1 2>&1 | grep -q "^Usage:"
+ ip link help 2>&1 | grep -q "\s$1\s"
if [ $? -ne 0 ];then
echo "SKIP $1: iproute2 not support"
cleanup
^ permalink raw reply related
* [PATCH] SUNRPC: Move inline xprt_alloc_xid() up to fix compiler warning
From: Geert Uytterhoeven @ 2018-06-13 12:01 UTC (permalink / raw)
To: Chuck Lever, J . Bruce Fields, Jeff Layton, Trond Myklebust,
Anna Schumaker, David S . Miller
Cc: linux-nfs, netdev, linux-kernel, Geert Uytterhoeven
With gcc 4.1.2:
net/sunrpc/xprt.c:69: warning: ‘xprt_alloc_xid’ declared inline after being called
net/sunrpc/xprt.c:69: warning: previous declaration of ‘xprt_alloc_xid’ was here
To fix this, move the function up, before its caller, and remove the no
longer needed forward declaration.
Fixes: 37ac86c3a76c1136 ("SUNRPC: Initialize rpc_rqst outside of xprt->reserve_lock")
Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
---
net/sunrpc/xprt.c | 11 +++++------
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/net/sunrpc/xprt.c b/net/sunrpc/xprt.c
index 3c85af058227d14b..60a8b9f91cf94b54 100644
--- a/net/sunrpc/xprt.c
+++ b/net/sunrpc/xprt.c
@@ -66,7 +66,6 @@
* Local functions
*/
static void xprt_init(struct rpc_xprt *xprt, struct net *net);
-static __be32 xprt_alloc_xid(struct rpc_xprt *xprt);
static void xprt_connect_status(struct rpc_task *task);
static int __xprt_get_cong(struct rpc_xprt *, struct rpc_task *);
static void __xprt_put_cong(struct rpc_xprt *, struct rpc_rqst *);
@@ -956,6 +955,11 @@ static void xprt_timer(struct rpc_task *task)
task->tk_status = 0;
}
+static inline __be32 xprt_alloc_xid(struct rpc_xprt *xprt)
+{
+ return (__force __be32)xprt->xid++;
+}
+
/**
* xprt_prepare_transmit - reserve the transport before sending a request
* @task: RPC task about to send a request
@@ -1296,11 +1300,6 @@ void xprt_retry_reserve(struct rpc_task *task)
xprt->ops->alloc_slot(xprt, task);
}
-static inline __be32 xprt_alloc_xid(struct rpc_xprt *xprt)
-{
- return (__force __be32)xprt->xid++;
-}
-
static inline void xprt_init_xid(struct rpc_xprt *xprt)
{
xprt->xid = prandom_u32();
--
2.7.4
^ permalink raw reply related
* REPLY URGENLY.
From: Matthias @ 2018-06-13 11:59 UTC (permalink / raw)
In-Reply-To: <1713973028.4792225.1528891175685.ref@mail.yahoo.com>
Dear Friend,
Mr. john Matthias ouedraogo, the manager in charge of auditing and accounting section
of Bank of Africa (BOA) Ouagadougou Burkina-Faso West-Africa. I would like you
to indicate your interest to receive the transfer of $19.3 Million Dollars. I
will like you to stand as the next of kin to our late customer whose account
is presently dormant for claims. Please once you are interested kindly send
me the following details information below,
1.Your full name:...........
2.Resident address:........
3.Private phone........
4.fax numbers:...............
5.Country :................
6.Occupation:..............
7.Age:.........
8.sex........
I shall send you more details as soon as i hear from you.
Regards,
My Regards,
Mr. john Matthias ouedraogo
REPLY URGENTLY.
^ permalink raw reply
* Re: ath10k: fix memory leak of tpc_stats
From: Kalle Valo @ 2018-06-13 11:51 UTC (permalink / raw)
To: Colin Ian King
Cc: linux-wireless, netdev, kernel-janitors, linux-kernel, ath10k,
David S . Miller
In-Reply-To: <20180527211702.23778-1-colin.king@canonical.com>
Colin Ian King <colin.king@canonical.com> wrote:
> Currently tpc_stats is allocated and is leaked on the return
> path if num_tx_chain is greater than WMI_TPC_TX_N_CHAIN. Avoid
> this leak by performing the check on num_tx_chain before the
> allocation of tpc_stats.
>
> Detected by CoverityScan, CID#1469422 ("Resource Leak")
> Fixes: 4b190675ad06 ("ath10k: fix kernel panic while reading tpc_stats")
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Patch applied to ath-next branch of ath.git, thanks.
260e629bbf44 ath10k: fix memory leak of tpc_stats
--
https://patchwork.kernel.org/patch/10429553/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply
* Re: ath10k: fix memory leak of tpc_stats
From: Kalle Valo @ 2018-06-13 11:51 UTC (permalink / raw)
To: Colin Ian King
Cc: David S . Miller, ath10k, linux-wireless, netdev, kernel-janitors,
linux-kernel
In-Reply-To: <20180527211702.23778-1-colin.king@canonical.com>
Colin Ian King <colin.king@canonical.com> wrote:
> Currently tpc_stats is allocated and is leaked on the return
> path if num_tx_chain is greater than WMI_TPC_TX_N_CHAIN. Avoid
> this leak by performing the check on num_tx_chain before the
> allocation of tpc_stats.
>
> Detected by CoverityScan, CID#1469422 ("Resource Leak")
> Fixes: 4b190675ad06 ("ath10k: fix kernel panic while reading tpc_stats")
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Patch applied to ath-next branch of ath.git, thanks.
260e629bbf44 ath10k: fix memory leak of tpc_stats
--
https://patchwork.kernel.org/patch/10429553/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply
* Re: ath9k: mark expected switch fall-throughs
From: Kalle Valo @ 2018-06-13 11:50 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: QCA ath9k Development, David S. Miller, linux-wireless, netdev,
linux-kernel, Gustavo A. R. Silva
In-Reply-To: <20180525212207.GA10681@embeddedor.com>
"Gustavo A. R. Silva" <gustavo@embeddedor.com> wrote:
> In preparation to enabling -Wimplicit-fallthrough, mark switch cases
> where we are expecting to fall through.
>
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Patch applied to ath-next branch of ath.git, thanks.
12b67b0d6bcb ath9k: mark expected switch fall-throughs
--
https://patchwork.kernel.org/patch/10428521/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply
* [Fwd: avahi-daemon.service startup failure post kernel commit f396922d862a]
From: Mike Galbraith @ 2018-06-13 11:45 UTC (permalink / raw)
To: LKML; +Cc: netdev
In-Reply-To: <1528889545.30527.6.camel@gmx.de>
Well, the folks at "To:" below apparently don't want bug reports from
non-subscribers (no mediation, simply rejected). Posting here simply
because it may save some other busy person a bisection.
-------- Forwarded Message --------
From: Mike Galbraith <efault@gmx.de>
To: avahi@lists.freedesktop.org
Subject: avahi-daemon.service startup failure post kernel commit
f396922d862a
Date: Wed, 13 Jun 2018 13:32:25 +0200
Greetings,
Service startup failure bisected to a kernel commit, but that commit
points the finger at userspace, ergo an attempt to report it. Let's
see if it bounces.
homer:~ # systemctl status avahi-daemon
● avahi-daemon.service - Avahi mDNS/DNS-SD Stack
Loaded: loaded (/usr/lib/systemd/system/avahi-daemon.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Wed 2018-06-13 09:49:58 CEST; 1min 54s ago
Process: 1930 ExecStart=/usr/sbin/avahi-daemon -s (code=exited, status=255)
Main PID: 1930 (code=exited, status=255)
Status: "avahi-daemon 0.6.32 exiting."
Jun 13 09:49:58 homer systemd[1]: Started Avahi mDNS/DNS-SD Stack.
Jun 13 09:49:58 homer avahi-daemon[1930]: Loading service file /etc/avahi/services/sftp-ssh.service.
Jun 13 09:49:58 homer avahi-daemon[1930]: Loading service file /etc/avahi/services/ssh.service.
Jun 13 09:49:58 homer avahi-daemon[1930]: SO_REUSEADDR failed: Structure needs cleaning
Jun 13 09:49:58 homer avahi-daemon[1930]: SO_REUSEADDR failed: Structure needs cleaning
Jun 13 09:49:58 homer avahi-daemon[1930]: Failed to create server: No suitable network protocol available
Jun 13 09:49:58 homer avahi-daemon[1930]: avahi-daemon 0.6.32 exiting.
Jun 13 09:49:58 homer systemd[1]: avahi-daemon.service: Main process exited, code=exited, status=255/n/a
Jun 13 09:49:58 homer systemd[1]: avahi-daemon.service: Unit entered failed state.
Jun 13 09:49:58 homer systemd[1]: avahi-daemon.service: Failed with result 'exit-code'.
homer:~ #
f396922d862aa05b53ad740596652691a723ee23 is the first bad commit
commit f396922d862aa05b53ad740596652691a723ee23
Author: Maciej Żenczykowski <maze@google.com>
Date: Sun Jun 3 10:47:05 2018 -0700
net: do not allow changing SO_REUSEADDR/SO_REUSEPORT on bound sockets
It is not safe to do so because such sockets are already in the
hash tables and changing these options can result in invalidating
the tb->fastreuse(port) caching.
This can have later far reaching consequences wrt. bind conflict checks
which rely on these caches (for optimization purposes).
Not to mention that you can currently end up with two identical
non-reuseport listening sockets bound to the same local ip:port
by clearing reuseport on them after they've already both been bound.
There is unfortunately no EISBOUND error or anything similar,
and EISCONN seems to be misleading for a bound-but-not-connected
socket, so use EUCLEAN 'Structure needs cleaning' which AFAICT
is the closest you can get to meaning 'socket in bad state'.
(although perhaps EINVAL wouldn't be a bad choice either?)
This does unfortunately run the risk of breaking buggy
userspace programs...
Signed-off-by: Maciej Żenczykowski <maze@google.com>
Cc: Eric Dumazet <edumazet@google.com>
Change-Id: I77c2b3429b2fdf42671eee0fa7a8ba721c94963b
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
:040000 040000 39b702bc132c8aa812fbd452822a7047331553a1 e0ed7194986fd828073702d5346a4f91fbd6ea01 M net
^ permalink raw reply
* Re: [v2] ath6kl: mark expected switch fall-throughs
From: Kalle Valo @ 2018-06-13 11:44 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: Kalle Valo, David S. Miller, Sergei Shtylyov, linux-wireless,
netdev, linux-kernel, Gustavo A. R. Silva
In-Reply-To: <20180525182311.GA3000@embeddedor.com>
"Gustavo A. R. Silva" <gustavo@embeddedor.com> wrote:
> In preparation to enabling -Wimplicit-fallthrough, mark switch cases
> where we are expecting to fall through.
>
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> Reviewed-by: Steve deRosier <derosier@cal-sierra.com>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Patch applied to ath-next branch of ath.git, thanks.
4de30c906ef0 ath6kl: mark expected switch fall-throughs
--
https://patchwork.kernel.org/patch/10428239/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply
* Re: ath5k: mark expected switch fall-through
From: Kalle Valo @ 2018-06-13 11:42 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: Jiri Slaby, Nick Kossifidis, Luis R. Rodriguez, David S. Miller,
linux-wireless, netdev, linux-kernel, Gustavo A. R. Silva
In-Reply-To: <20180524230700.GA21433@embeddedor.com>
"Gustavo A. R. Silva" <gustavo@embeddedor.com> wrote:
> In preparation to enabling -Wimplicit-fallthrough, mark switch cases
> where we are expecting to fall through.
>
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Patch applied to ath-next branch of ath.git, thanks.
aae28cefc279 ath5k: mark expected switch fall-through
--
https://patchwork.kernel.org/patch/10425693/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply
* Re: ath10k: htt_tx: mark expected switch fall-throughs
From: Kalle Valo @ 2018-06-13 11:41 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: Kalle Valo, David S. Miller, ath10k, linux-wireless, netdev,
linux-kernel, Gustavo A. R. Silva
In-Reply-To: <20180524225928.GA19570@embeddedor.com>
"Gustavo A. R. Silva" <gustavo@embeddedor.com> wrote:
> In preparation to enabling -Wimplicit-fallthrough, mark switch cases
> where we are expecting to fall through.
>
> Notice that in this particular case, I replaced "pass through" with
> a proper "fall through" comment, which is what GCC is expecting
> to find.
>
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Patch applied to ath-next branch of ath.git, thanks.
f1d270ae10ff ath10k: htt_tx: mark expected switch fall-throughs
--
https://patchwork.kernel.org/patch/10425691/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply
* Re: ath10k: htt_tx: mark expected switch fall-throughs
From: Kalle Valo @ 2018-06-13 11:40 UTC (permalink / raw)
To: Gustavo A. R. Silva
Cc: Gustavo A. R. Silva, netdev, linux-wireless, linux-kernel, ath10k,
Kalle Valo, David S. Miller
In-Reply-To: <20180524225928.GA19570@embeddedor.com>
"Gustavo A. R. Silva" <gustavo@embeddedor.com> wrote:
> In preparation to enabling -Wimplicit-fallthrough, mark switch cases
> where we are expecting to fall through.
>
> Notice that in this particular case, I replaced "pass through" with
> a proper "fall through" comment, which is what GCC is expecting
> to find.
>
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Patch applied to ath-next branch of ath.git, thanks.
f1d270ae10ff ath10k: htt_tx: mark expected switch fall-throughs
--
https://patchwork.kernel.org/patch/10425691/
https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches
^ permalink raw reply
* [PATCH net-next] tcp: add SNMP counter for zero-window drops
From: Yafang Shao @ 2018-06-13 11:38 UTC (permalink / raw)
To: edumazet, davem; +Cc: netdev, linux-kernel, Yafang Shao
It will be helpful if we could display the drops due to zero window or no
enough window space.
So a new SNMP MIB entry is added to track this behavior.
This entry is named LINUX_MIB_TCPZEROWINDOWDROP and published in
/proc/net/netstat in TcpExt line as TCPZeroWindowDrop.
Signed-off-by: Yafang Shao <laoar.shao@gmail.com>
---
include/uapi/linux/snmp.h | 1 +
net/ipv4/proc.c | 1 +
net/ipv4/tcp_input.c | 8 ++++++--
3 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/include/uapi/linux/snmp.h b/include/uapi/linux/snmp.h
index 750d891..97517f3 100644
--- a/include/uapi/linux/snmp.h
+++ b/include/uapi/linux/snmp.h
@@ -279,6 +279,7 @@ enum
LINUX_MIB_TCPDELIVERED, /* TCPDelivered */
LINUX_MIB_TCPDELIVEREDCE, /* TCPDeliveredCE */
LINUX_MIB_TCPACKCOMPRESSED, /* TCPAckCompressed */
+ LINUX_MIB_TCPZEROWINDOWDROP, /* TCPZeroWindowDrop */
__LINUX_MIB_MAX
};
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index 77350c1..225ef34 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -287,6 +287,7 @@ static int sockstat_seq_show(struct seq_file *seq, void *v)
SNMP_MIB_ITEM("TCPDelivered", LINUX_MIB_TCPDELIVERED),
SNMP_MIB_ITEM("TCPDeliveredCE", LINUX_MIB_TCPDELIVEREDCE),
SNMP_MIB_ITEM("TCPAckCompressed", LINUX_MIB_TCPACKCOMPRESSED),
+ SNMP_MIB_ITEM("TCPZeroWindowDrop", LINUX_MIB_TCPZEROWINDOWDROP),
SNMP_MIB_SENTINEL
};
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 355d3df..b0482b1 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4665,8 +4665,10 @@ static void tcp_data_queue(struct sock *sk, struct sk_buff *skb)
* Out of sequence packets to the out_of_order_queue.
*/
if (TCP_SKB_CB(skb)->seq == tp->rcv_nxt) {
- if (tcp_receive_window(tp) == 0)
+ if (tcp_receive_window(tp) == 0) {
+ NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPZEROWINDOWDROP);
goto out_of_window;
+ }
/* Ok. In sequence. In window. */
queue_and_out:
@@ -4732,8 +4734,10 @@ static void tcp_data_queue(struct sock *sk, struct sk_buff *skb)
/* If window is closed, drop tail of packet. But after
* remembering D-SACK for its head made in previous line.
*/
- if (!tcp_receive_window(tp))
+ if (!tcp_receive_window(tp)) {
+ NET_INC_STATS(sock_net(sk), LINUX_MIB_TCPZEROWINDOWDROP);
goto out_of_window;
+ }
goto queue_and_out;
}
--
1.8.3.1
^ permalink raw reply related
* Re: KASAN: out-of-bounds Read in rds_cong_queue_updates (2)
From: Dmitry Vyukov @ 2018-06-13 11:14 UTC (permalink / raw)
To: Sowmini Varadhan
Cc: David Miller, netdev, rds-devel, Santosh Shilimkar, Tetsuo Handa
In-Reply-To: <20180613101929.GA19385@oracle.com>
On Wed, Jun 13, 2018 at 12:19 PM, Sowmini Varadhan
<sowmini.varadhan@oracle.com> wrote:
> On (06/13/18 09:52), Dmitry Vyukov wrote:
>> I think this is:
>>
>> #syz dup: KASAN: use-after-free Read in rds_cong_queue_updates
>
> Indeed. We'd had a discussion about getting a dump of threads
> using sysrq (or similar), given the challenges around actually
> getting a crash dump, is that now possible? That will certainly help.
Still no automation around it.
But you can add thread dump on panic locally.
This is a common pattern recently that kernel does not provide enough
information for debugging on bugs. +Testuo
Since we panic on all kernel bugs, perhaps it's panic's work to dump
as much info as possible.
> another missing bit is that we still need the sychronize_net()
> in rds_release(). I realize synchronize_net() is sub-optimal for perf,
> but leaving this existing hole where races can occur in unexpected
> manifestations is not ideal either.
> (See https://www.spinics.net/lists/netdev/msg475074.html for earlier
> discussion thread)
^ permalink raw reply
* [PATCH 9/9] netfilter: nf_conncount: Fix garbage collection with zones
From: Pablo Neira Ayuso @ 2018-06-13 10:57 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20180613105700.12894-1-pablo@netfilter.org>
From: Yi-Hung Wei <yihung.wei@gmail.com>
Currently, we use check_hlist() for garbage colleciton. However, we
use the ‘zone’ from the counted entry to query the existence of
existing entries in the hlist. This could be wrong when they are in
different zones, and this patch fixes this issue.
Fixes: e59ea3df3fc2 ("netfilter: xt_connlimit: honor conntrack zone if available")
Signed-off-by: Yi-Hung Wei <yihung.wei@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
include/net/netfilter/nf_conntrack_count.h | 3 ++-
net/netfilter/nf_conncount.c | 13 +++++++++----
net/netfilter/nft_connlimit.c | 2 +-
3 files changed, 12 insertions(+), 6 deletions(-)
diff --git a/include/net/netfilter/nf_conntrack_count.h b/include/net/netfilter/nf_conntrack_count.h
index 1910b6572430..3a188a0923a3 100644
--- a/include/net/netfilter/nf_conntrack_count.h
+++ b/include/net/netfilter/nf_conntrack_count.h
@@ -20,7 +20,8 @@ unsigned int nf_conncount_lookup(struct net *net, struct hlist_head *head,
bool *addit);
bool nf_conncount_add(struct hlist_head *head,
- const struct nf_conntrack_tuple *tuple);
+ const struct nf_conntrack_tuple *tuple,
+ const struct nf_conntrack_zone *zone);
void nf_conncount_cache_free(struct hlist_head *hhead);
diff --git a/net/netfilter/nf_conncount.c b/net/netfilter/nf_conncount.c
index 3b5059a8dcdd..d8383609fe28 100644
--- a/net/netfilter/nf_conncount.c
+++ b/net/netfilter/nf_conncount.c
@@ -46,6 +46,7 @@
struct nf_conncount_tuple {
struct hlist_node node;
struct nf_conntrack_tuple tuple;
+ struct nf_conntrack_zone zone;
};
struct nf_conncount_rb {
@@ -80,7 +81,8 @@ static int key_diff(const u32 *a, const u32 *b, unsigned int klen)
}
bool nf_conncount_add(struct hlist_head *head,
- const struct nf_conntrack_tuple *tuple)
+ const struct nf_conntrack_tuple *tuple,
+ const struct nf_conntrack_zone *zone)
{
struct nf_conncount_tuple *conn;
@@ -88,6 +90,7 @@ bool nf_conncount_add(struct hlist_head *head,
if (conn == NULL)
return false;
conn->tuple = *tuple;
+ conn->zone = *zone;
hlist_add_head(&conn->node, head);
return true;
}
@@ -108,7 +111,7 @@ unsigned int nf_conncount_lookup(struct net *net, struct hlist_head *head,
/* check the saved connections */
hlist_for_each_entry_safe(conn, n, head, node) {
- found = nf_conntrack_find_get(net, zone, &conn->tuple);
+ found = nf_conntrack_find_get(net, &conn->zone, &conn->tuple);
if (found == NULL) {
hlist_del(&conn->node);
kmem_cache_free(conncount_conn_cachep, conn);
@@ -117,7 +120,8 @@ unsigned int nf_conncount_lookup(struct net *net, struct hlist_head *head,
found_ct = nf_ct_tuplehash_to_ctrack(found);
- if (tuple && nf_ct_tuple_equal(&conn->tuple, tuple)) {
+ if (tuple && nf_ct_tuple_equal(&conn->tuple, tuple) &&
+ nf_ct_zone_equal(found_ct, zone, zone->dir)) {
/*
* Just to be sure we have it only once in the list.
* We should not see tuples twice unless someone hooks
@@ -196,7 +200,7 @@ count_tree(struct net *net, struct rb_root *root,
if (!addit)
return count;
- if (!nf_conncount_add(&rbconn->hhead, tuple))
+ if (!nf_conncount_add(&rbconn->hhead, tuple, zone))
return 0; /* hotdrop */
return count + 1;
@@ -238,6 +242,7 @@ count_tree(struct net *net, struct rb_root *root,
}
conn->tuple = *tuple;
+ conn->zone = *zone;
memcpy(rbconn->key, key, sizeof(u32) * keylen);
INIT_HLIST_HEAD(&rbconn->hhead);
diff --git a/net/netfilter/nft_connlimit.c b/net/netfilter/nft_connlimit.c
index 50c068d660e5..a832c59f0a9c 100644
--- a/net/netfilter/nft_connlimit.c
+++ b/net/netfilter/nft_connlimit.c
@@ -52,7 +52,7 @@ static inline void nft_connlimit_do_eval(struct nft_connlimit *priv,
if (!addit)
goto out;
- if (!nf_conncount_add(&priv->hhead, tuple_ptr)) {
+ if (!nf_conncount_add(&priv->hhead, tuple_ptr, zone)) {
regs->verdict.code = NF_DROP;
spin_unlock_bh(&priv->lock);
return;
--
2.11.0
^ permalink raw reply related
* [PATCH 8/9] netfilter: xt_connmark: fix list corruption on rmmod
From: Pablo Neira Ayuso @ 2018-06-13 10:56 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20180613105700.12894-1-pablo@netfilter.org>
From: Florian Westphal <fw@strlen.de>
This needs to use xt_unregister_targets, else new revision is left
on the list which then causes list to point to a target struct that has been free'd.
Fixes: 472a73e00757 ("netfilter: xt_conntrack: Support bit-shifting for CONNMARK & MARK targets.")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/xt_connmark.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/netfilter/xt_connmark.c b/net/netfilter/xt_connmark.c
index 94df000abb92..29c38aa7f726 100644
--- a/net/netfilter/xt_connmark.c
+++ b/net/netfilter/xt_connmark.c
@@ -211,7 +211,7 @@ static int __init connmark_mt_init(void)
static void __exit connmark_mt_exit(void)
{
xt_unregister_match(&connmark_mt_reg);
- xt_unregister_target(connmark_tg_reg);
+ xt_unregister_targets(connmark_tg_reg, ARRAY_SIZE(connmark_tg_reg));
}
module_init(connmark_mt_init);
--
2.11.0
^ permalink raw reply related
* [PATCH 7/9] netfilter: ctnetlink: avoid null pointer dereference
From: Pablo Neira Ayuso @ 2018-06-13 10:56 UTC (permalink / raw)
To: netfilter-devel; +Cc: davem, netdev
In-Reply-To: <20180613105700.12894-1-pablo@netfilter.org>
From: Florian Westphal <fw@strlen.de>
Dan Carpenter points out that deref occurs after NULL check, we should
re-fetch the pointer and check that instead.
Fixes: 2c205dd3981f7 ("netfilter: add struct nf_nat_hook and use it")
Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/nf_conntrack_netlink.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_conntrack_netlink.c b/net/netfilter/nf_conntrack_netlink.c
index 39327a42879f..20a2e37c76d1 100644
--- a/net/netfilter/nf_conntrack_netlink.c
+++ b/net/netfilter/nf_conntrack_netlink.c
@@ -1446,7 +1446,8 @@ ctnetlink_parse_nat_setup(struct nf_conn *ct,
}
nfnl_lock(NFNL_SUBSYS_CTNETLINK);
rcu_read_lock();
- if (nat_hook->parse_nat_setup)
+ nat_hook = rcu_dereference(nf_nat_hook);
+ if (nat_hook)
return -EAGAIN;
#endif
return -EOPNOTSUPP;
--
2.11.0
^ permalink raw reply related
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox