25 Sep, 2020

1 commit

• e49d8c22f   net_sched: defer tcf_idr_insert() in tcf_action_init_1() ... Browse Code »

  All TC actions call tcf_idr_insert() for new action at the end
  of their ->init(), so we can actually move it to a central place
  in tcf_action_init_1().

  And once the action is inserted into the global IDR, other parallel
  process could free it immediately as its refcnt is still 1, so we can
  not fail after this, we need to move it after the goto action
  validation to avoid handling the failure case after insertion.

  This is found during code review, is not directly triggered by syzbot.
  And this prepares for the next patch.

  Cc: Vlad Buslov
  Cc: Jamal Hadi Salim
  Cc: Jiri Pirko
  Signed-off-by: Cong Wang
  Signed-off-by: David S. Miller

  Cong Wang

  2020-09-25 10:46:21 +0800  

20 Jun, 2020

1 commit

• 4b61d3e8d   net: qos offload add flow status with dropped count ... Browse Code »

  This patch adds a drop frames counter to tc flower offloading.
  Reporting h/w dropped frames is necessary for some actions.
  Some actions like police action and the coming introduced stream gate
  action would produce dropped frames which is necessary for user. Status
  update shows how many filtered packets increasing and how many dropped
  in those packets.

  v2: Changes
  - Update commit comments suggest by Jiri Pirko.

  Signed-off-by: Po Liu
  Reviewed-by: Simon Horman
  Reviewed-by: Vlad Buslov
  Signed-off-by: David S. Miller

  Po Liu

  2020-06-20 03:53:30 +0800  

27 Nov, 2019

1 commit

• 1ae78780e   Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip ... Browse Code »

  Pull RCU updates from Ingo Molnar:
  "The main changes in this cycle were:

  - Dynamic tick (nohz) updates, perhaps most notably changes to force
  the tick on when needed due to lengthy in-kernel execution on CPUs
  on which RCU is waiting.

  - Linux-kernel memory consistency model updates.

  - Replace rcu_swap_protected() with rcu_prepace_pointer().

  - Torture-test updates.

  - Documentation updates.

  - Miscellaneous fixes"

  * 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip: (51 commits)
  security/safesetid: Replace rcu_swap_protected() with rcu_replace_pointer()
  net/sched: Replace rcu_swap_protected() with rcu_replace_pointer()
  net/netfilter: Replace rcu_swap_protected() with rcu_replace_pointer()
  net/core: Replace rcu_swap_protected() with rcu_replace_pointer()
  bpf/cgroup: Replace rcu_swap_protected() with rcu_replace_pointer()
  fs/afs: Replace rcu_swap_protected() with rcu_replace_pointer()
  drivers/scsi: Replace rcu_swap_protected() with rcu_replace_pointer()
  drm/i915: Replace rcu_swap_protected() with rcu_replace_pointer()
  x86/kvm/pmu: Replace rcu_swap_protected() with rcu_replace_pointer()
  rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()
  rcu: Suppress levelspread uninitialized messages
  rcu: Fix uninitialized variable in nocb_gp_wait()
  rcu: Update descriptions for rcu_future_grace_period tracepoint
  rcu: Update descriptions for rcu_nocb_wake tracepoint
  rcu: Remove obsolete descriptions for rcu_barrier tracepoint
  rcu: Ensure that ->rcu_urgent_qs is set before resched IPI
  workqueue: Convert for_each_wq to use built-in list check
  rcu: Several rcu_segcblist functions can be static
  rcu: Remove unused function hlist_bl_del_init_rcu()
  Documentation: Rename rcu_node_context_switch() to rcu_note_context_switch()
  ...

  Linus Torvalds

  2019-11-27 07:42:43 +0800  

31 Oct, 2019

3 commits

• e38226786   net: sched: update action implementations to support flags ... Browse Code »

  Extend struct tc_action with new "tcfa_flags" field. Set the field in
  tcf_idr_create() function and provide new helper
  tcf_idr_create_from_flags() that derives 'cpustats' boolean from flags
  value. Update individual hardware-offloaded actions init() to pass their
  "flags" argument to new helper in order to skip percpu stats allocation
  when user requested it through flags.

  Signed-off-by: Vlad Buslov
  Signed-off-by: David S. Miller

  Vlad Buslov

  2019-10-31 09:07:51 +0800  
• abbb0d336   net: sched: extend TCA_ACT space with TCA_ACT_FLAGS ... Browse Code »

  Extend TCA_ACT space with nla_bitfield32 flags. Add
  TCA_ACT_FLAGS_NO_PERCPU_STATS as the only allowed flag. Parse the flags in
  tcf_action_init_1() and pass resulting value as additional argument to
  a_o->init().

  Signed-off-by: Vlad Buslov
  Signed-off-by: David S. Miller

  Vlad Buslov

  2019-10-31 09:07:50 +0800  
• c8ecebd04   net: sched: extract common action counters update code into function ... Browse Code »

  Currently, all implementations of tc_action_ops->stats_update() callback
  have almost exactly the same implementation of counters update
  code (besides gact which also updates drop counter). In order to simplify
  support for using both percpu-allocated and regular action counters
  depending on run-time flag in following patches, extract action counters
  update code into standalone function in act API.

  This commit doesn't change functionality.

  Signed-off-by: Vlad Buslov
  Acked-by: Jiri Pirko
  Signed-off-by: David S. Miller

  Vlad Buslov

  2019-10-31 09:07:50 +0800  

30 Oct, 2019

1 commit

• 445d37493   net/sched: Replace rcu_swap_protected() with rcu_replace_pointer() ... Browse Code »

  This commit replaces the use of rcu_swap_protected() with the more
  intuitively appealing rcu_replace_pointer() as a step towards removing
  rcu_swap_protected().

  Link: https://lore.kernel.org/lkml/CAHk-=wiAsJLw1egFEE=Z7-GGtM6wcvtyytXZA1+BHqta4gg6Hw@mail.gmail.com/
  Reported-by: Linus Torvalds
  [ paulmck: From rcu_replace() to rcu_replace_pointer() per Ingo Molnar. ]
  Signed-off-by: Paul E. McKenney
  Cc: Jamal Hadi Salim
  Cc: Cong Wang
  Cc: Jiri Pirko
  Cc: "David S. Miller"
  Cc:
  Cc:

  Paul E. McKenney

  2019-10-30 23:45:48 +0800  

22 Oct, 2019

1 commit

• 985fd98ab   net/sched: act_police: re-use tcf_tm_dump() ... Browse Code »

  Use tcf_tm_dump(), instead of an open coded variant (no functional change
  in this patch).

  Signed-off-by: Davide Caratti
  Acked-by: Jiri Pirko
  Signed-off-by: David S. Miller

  Davide Caratti

  2019-10-22 02:22:40 +0800  

06 Sep, 2019

1 commit

• d1967e495   net_sched: act_police: add 2 new attributes to support police 64bit rate and peakrate ... Browse Code »

  For high speed adapter like Mellanox CX-5 card, it can reach upto
  100 Gbits per second bandwidth. Currently htb already supports 64bit rate
  in tc utility. However police action rate and peakrate are still limited
  to 32bit value (upto 32 Gbits per second). Add 2 new attributes
  TCA_POLICE_RATE64 and TCA_POLICE_RATE64 in kernel for 64bit support
  so that tc utility can use them for 64bit rate and peakrate value to
  break the 32bit limit, and still keep the backward binary compatibility.

  Tested-by: David Dai
  Signed-off-by: David Dai
  Acked-by: Cong Wang
  Signed-off-by: David S. Miller

  David Dai

  2019-09-06 21:02:16 +0800  

28 Aug, 2019

1 commit

• 981471bd3   net_sched: fix a NULL pointer deref in ipt action ... Browse Code »

  The net pointer in struct xt_tgdtor_param is not explicitly
  initialized therefore is still NULL when dereferencing it.
  So we have to find a way to pass the correct net pointer to
  ipt_destroy_target().

  The best way I find is just saving the net pointer inside the per
  netns struct tcf_idrinfo, which could make this patch smaller.

  Fixes: 0c66dc1ea3f0 ("netfilter: conntrack: register hooks in netns when needed by ruleset")
  Reported-and-tested-by: itugrok@yahoo.com
  Cc: Jamal Hadi Salim
  Cc: Jiri Pirko
  Signed-off-by: Cong Wang
  Signed-off-by: David S. Miller

  Cong Wang

  2019-08-28 06:05:58 +0800  

06 Aug, 2019

1 commit

• 7be8ef2cd   net: sched: use temporary variable for actions indexes ... Browse Code »

  Currently init call of all actions (except ipt) init their 'parm'
  structure as a direct pointer to nla data in skb. This leads to race
  condition when some of the filter actions were initialized successfully
  (and were assigned with idr action index that was written directly
  into nla data), but then were deleted and retried (due to following
  action module missing or classifier-initiated retry), in which case
  action init code tries to insert action to idr with index that was
  assigned on previous iteration. During retry the index can be reused
  by another action that was inserted concurrently, which causes
  unintended action sharing between filters.
  To fix described race condition, save action idr index to temporary
  stack-allocated variable instead on nla data.

  Fixes: 0190c1d452a9 ("net: sched: atomically check-allocate action")
  Signed-off-by: Dmytro Linkin
  Signed-off-by: Vlad Buslov
  Acked-by: Cong Wang
  Signed-off-by: David S. Miller

  Dmytro Linkin

  2019-08-06 01:59:14 +0800  

31 May, 2019

1 commit

• 2874c5fd2   treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 ... Browse Code »

  Based on 1 normalized pattern(s):

  this program is free software you can redistribute it and or modify
  it under the terms of the gnu general public license as published by
  the free software foundation either version 2 of the license or at
  your option any later version

  extracted by the scancode license scanner the SPDX license identifier

  GPL-2.0-or-later

  has been chosen to replace the boilerplate/reference in 3029 file(s).

  Signed-off-by: Thomas Gleixner
  Reviewed-by: Allison Randal
  Cc: linux-spdx@vger.kernel.org
  Link: https://lkml.kernel.org/r/20190527070032.746973796@linutronix.de
  Signed-off-by: Greg Kroah-Hartman

  Thomas Gleixner

  2019-05-31 02:26:32 +0800  

06 May, 2019

2 commits

• 12f02b6b1   net/sched: allow stats updates from offloaded police actions ... Browse Code »

  Implement the stats_update callback for the police action that
  will be used by drivers for hardware offload.

  Signed-off-by: Pieter Jansen van Vuuren
  Reviewed-by: Jakub Kicinski
  Acked-by: Jiri Pirko
  Signed-off-by: David S. Miller

  Pieter Jansen van Vuuren

  2019-05-06 12:49:24 +0800  
• fa762da94   net/sched: move police action structures to header ... Browse Code »

  Move tcf_police_params, tcf_police and tc_police_compat structures to a
  header. Making them usable to other code for example drivers that would
  offload police actions to hardware.

  Signed-off-by: Pieter Jansen van Vuuren
  Reviewed-by: Jakub Kicinski
  Signed-off-by: David S. Miller

  Pieter Jansen van Vuuren

  2019-05-06 12:49:24 +0800  

28 Apr, 2019

1 commit

• 8cb081746   netlink: make validation more configurable for future strictness ... Browse Code »

  We currently have two levels of strict validation:

  1) liberal (default)
  - undefined (type >= max) & NLA_UNSPEC attributes accepted
  - attribute length >= expected accepted
  - garbage at end of message accepted
  2) strict (opt-in)
  - NLA_UNSPEC attributes accepted
  - attribute length >= expected accepted

  Split out parsing strictness into four different options:
  * TRAILING - check that there's no trailing data after parsing
  attributes (in message or nested)
  * MAXTYPE - reject attrs > max known type
  * UNSPEC - reject attributes with NLA_UNSPEC policy entries
  * STRICT_ATTRS - strictly validate attribute size

  The default for future things should be *everything*.
  The current *_strict() is a combination of TRAILING and MAXTYPE,
  and is renamed to _deprecated_strict().
  The current regular parsing has none of this, and is renamed to
  *_parse_deprecated().

  Additionally it allows us to selectively set one of the new flags
  even on old policies. Notably, the UNSPEC flag could be useful in
  this case, since it can be arranged (by filling in the policy) to
  not be an incompatible userspace ABI change, but would then going
  forward prevent forgetting attribute entries. Similar can apply
  to the POLICY flag.

  We end up with the following renames:
  * nla_parse -> nla_parse_deprecated
  * nla_parse_strict -> nla_parse_deprecated_strict
  * nlmsg_parse -> nlmsg_parse_deprecated
  * nlmsg_parse_strict -> nlmsg_parse_deprecated_strict
  * nla_parse_nested -> nla_parse_nested_deprecated
  * nla_validate_nested -> nla_validate_nested_deprecated

  Using spatch, of course:
  @@
  expression TB, MAX, HEAD, LEN, POL, EXT;
  @@
  -nla_parse(TB, MAX, HEAD, LEN, POL, EXT)
  +nla_parse_deprecated(TB, MAX, HEAD, LEN, POL, EXT)

  @@
  expression NLH, HDRLEN, TB, MAX, POL, EXT;
  @@
  -nlmsg_parse(NLH, HDRLEN, TB, MAX, POL, EXT)
  +nlmsg_parse_deprecated(NLH, HDRLEN, TB, MAX, POL, EXT)

  @@
  expression NLH, HDRLEN, TB, MAX, POL, EXT;
  @@
  -nlmsg_parse_strict(NLH, HDRLEN, TB, MAX, POL, EXT)
  +nlmsg_parse_deprecated_strict(NLH, HDRLEN, TB, MAX, POL, EXT)

  @@
  expression TB, MAX, NLA, POL, EXT;
  @@
  -nla_parse_nested(TB, MAX, NLA, POL, EXT)
  +nla_parse_nested_deprecated(TB, MAX, NLA, POL, EXT)

  @@
  expression START, MAX, POL, EXT;
  @@
  -nla_validate_nested(START, MAX, POL, EXT)
  +nla_validate_nested_deprecated(START, MAX, POL, EXT)

  @@
  expression NLH, HDRLEN, MAX, POL, EXT;
  @@
  -nlmsg_validate(NLH, HDRLEN, MAX, POL, EXT)
  +nlmsg_validate_deprecated(NLH, HDRLEN, MAX, POL, EXT)

  For this patch, don't actually add the strict, non-renamed versions
  yet so that it breaks compile if I get it wrong.

  Also, while at it, make nla_validate and nla_parse go down to a
  common __nla_validate_parse() function to avoid code duplication.

  Ultimately, this allows us to have very strict validation for every
  new caller of nla_parse()/nlmsg_parse() etc as re-introduced in the
  next patch, while existing things will continue to work as is.

  In effect then, this adds fully strict validation for any new command.

  Signed-off-by: Johannes Berg
  Signed-off-by: David S. Miller

  Johannes Berg

  2019-04-28 05:07:21 +0800  

22 Mar, 2019

2 commits

• d6124d6ba   net/sched: act_police: validate the control action inside init() ... Browse Code »

  the following script:

  # tc qdisc add dev crash0 clsact
  # tc filter add dev crash0 egress matchall \
  > action police rate 3mbit burst 250k pass index 90
  # tc actions replace action police \
  > rate 3mbit burst 250k goto chain 42 index 90 cookie c1a0c1a0
  # tc actions show action police rate 3mbit burst

  had the following output:

  Error: Failed to init TC action chain.
  We have an error talking to the kernel
  total acts 1

  action order 0: police 0x5a rate 3Mbit burst 250Kb mtu 2Kb action goto chain 42 overhead 0b
  ref 2 bind 1
  cookie c1a0c1a0

  Then, when crash0 starts transmitting more than 3Mbit/s, the following
  kernel crash is observed:

  BUG: unable to handle kernel NULL pointer dereference at 0000000000000000
  #PF error: [normal kernel read fault]
  PGD 800000007a779067 P4D 800000007a779067 PUD 2ad96067 PMD 0
  Oops: 0000 [#1] SMP PTI
  CPU: 3 PID: 5032 Comm: netperf Not tainted 5.0.0-rc4.gotochain_crash+ #533
  Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
  RIP: 0010:tcf_action_exec+0xb8/0x100
  Code: 00 00 00 20 74 1d 83 f8 03 75 09 49 83 c4 08 4d 39 ec 75 bc 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f c3 49 8b 97 a8 00 00 00 8b 12 48 89 55 00 48 83 c4 10 5b 5d 41 5c 41 5d 41 5e 41 5f c3
  RSP: 0018:ffffb0e04064fa60 EFLAGS: 00010246
  RAX: 000000002000002a RBX: ffff93bb3322cce0 RCX: 0000000000000005
  RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffff93bb3322cce0
  RBP: ffffb0e04064fb00 R08: 0000000000000022 R09: 0000000000000000
  R10: 0000000000000000 R11: 0000000000000001 R12: ffff93bb3beed300
  R13: ffff93bb3beed308 R14: 0000000000000001 R15: ffff93bb3b64d000
  FS: 00007f0bc6be5740(0000) GS:ffff93bb3db80000(0000) knlGS:0000000000000000
  CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
  CR2: 0000000000000000 CR3: 00000000746a8001 CR4: 00000000001606e0
  Call Trace:
  tcf_classify+0x58/0x120
  __dev_queue_xmit+0x40a/0x890
  ? ipt_do_table+0x31c/0x420 [ip_tables]
  ? ip_finish_output2+0x16f/0x430
  ip_finish_output2+0x16f/0x430
  ? ip_output+0x69/0xe0
  ip_output+0x69/0xe0
  ? ip_forward_options+0x1a0/0x1a0
  __tcp_transmit_skb+0x563/0xa40
  tcp_write_xmit+0x243/0xfa0
  __tcp_push_pending_frames+0x32/0xf0
  tcp_sendmsg_locked+0x404/0xd30
  tcp_sendmsg+0x27/0x40
  sock_sendmsg+0x36/0x40
  __sys_sendto+0x10e/0x140
  ? __sys_connect+0x87/0xf0
  ? syscall_trace_enter+0x1df/0x2e0
  ? __audit_syscall_exit+0x216/0x260
  __x64_sys_sendto+0x24/0x30
  do_syscall_64+0x5b/0x180
  entry_SYSCALL_64_after_hwframe+0x44/0xa9
  RIP: 0033:0x7f0bc5ffbafd
  Code: 89 01 48 83 c8 ff c3 66 0f 1f 44 00 00 8b 05 ae c4 2c 00 85 c0 75 2d 45 31 c9 45 31 c0 4c 63 d1 48 63 ff b8 2c 00 00 00 0f 05 3d 00 f0 ff ff 77 01 c3 48 8b 15 63 63 2c 00 f7 d8 64 89 02 48
  RSP: 002b:00007fffef94b7f8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
  RAX: ffffffffffffffda RBX: 0000000000004000 RCX: 00007f0bc5ffbafd
  RDX: 0000000000004000 RSI: 00000000017e5420 RDI: 0000000000000004
  RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000
  R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
  R13: 00000000017e51d0 R14: 0000000000000010 R15: 0000000000000006
  Modules linked in: act_police veth ip6table_filter ip6_tables iptable_filter binfmt_misc ext4 snd_hda_codec_generic mbcache crct10dif_pclmul jbd2 crc32_pclmul ghash_clmulni_intel snd_hda_intel snd_hda_codec snd_hwdep snd_hda_core snd_seq snd_seq_device snd_pcm aesni_intel crypto_simd cryptd glue_helper snd_timer snd joydev pcspkr virtio_balloon soundcore i2c_piix4 nfsd auth_rpcgss nfs_acl lockd grace sunrpc ip_tables xfs ata_generic pata_acpi qxl drm_kms_helper syscopyarea sysfillrect sysimgblt fb_sys_fops ttm drm virtio_blk virtio_net virtio_console net_failover failover crc32c_intel ata_piix libata serio_raw virtio_pci virtio_ring virtio floppy dm_mirror dm_region_hash dm_log dm_mod
  CR2: 0000000000000000

  Validating the control action within tcf_police_init() proved to fix the
  above issue. A TDC selftest is added to verify the correct behavior.

  Fixes: db50514f9a9c ("net: sched: add termination action to allow goto chain")
  Fixes: 97763dc0f401 ("net_sched: reject unknown tcfa_action values")
  Signed-off-by: Davide Caratti
  Signed-off-by: David S. Miller

  Davide Caratti

  2019-03-22 04:26:41 +0800  
• 85d0966fa   net/sched: prepare TC actions to properly validate the control action ... Browse Code »

  - pass a pointer to struct tcf_proto in each actions's init() handler,
  to allow validating the control action, checking whether the chain
  exists and (eventually) refcounting it.
  - remove code that validates the control action after a successful call
  to the action's init() handler, and replace it with a test that forbids
  addition of actions having 'goto_chain' and NULL goto_chain pointer at
  the same time.
  - add tcf_action_check_ctrlact(), that will validate the control action
  and eventually allocate the action 'goto_chain' within the init()
  handler.
  - add tcf_action_set_ctrlact(), that will assign the control action and
  swap the current 'goto_chain' pointer with the new given one.

  This disallows 'goto_chain' on actions that don't initialize it properly
  in their init() handler, i.e. calling tcf_action_check_ctrlact() after
  successful IDR reservation and then calling tcf_action_set_ctrlact()
  to assign 'goto_chain' and 'tcf_action' consistently.

  By doing this, the kernel does not leak anymore refcounts when a valid
  'goto chain' handle is replaced in TC actions, causing kmemleak splats
  like the following one:

  # tc chain add dev dd0 chain 42 ingress protocol ip flower \
  > ip_proto tcp action drop
  # tc chain add dev dd0 chain 43 ingress protocol ip flower \
  > ip_proto udp action drop
  # tc filter add dev dd0 ingress matchall \
  > action gact goto chain 42 index 66
  # tc filter replace dev dd0 ingress matchall \
  > action gact goto chain 43 index 66
  # echo scan >/sys/kernel/debug/kmemleak
  
  unreferenced object 0xffff93c0ee09f000 (size 1024):
  comm "tc", pid 2565, jiffies 4295339808 (age 65.426s)
  hex dump (first 32 bytes):
  00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  00 00 00 00 08 00 06 00 00 00 00 00 00 00 00 00 ................
  backtrace:
  [] tc_ctl_chain+0x3d2/0x4c0
  [] rtnetlink_rcv_msg+0x263/0x2d0
  [] netlink_rcv_skb+0x4a/0x110
  [] netlink_unicast+0x1a0/0x250
  [] netlink_sendmsg+0x2c1/0x3c0
  [] sock_sendmsg+0x36/0x40
  [] ___sys_sendmsg+0x280/0x2f0
  [] __sys_sendmsg+0x5e/0xa0
  [] do_syscall_64+0x5b/0x180
  [] entry_SYSCALL_64_after_hwframe+0x44/0xa9
  [] 0xffffffffffffffff

  Fixes: db50514f9a9c ("net: sched: add termination action to allow goto chain")
  Fixes: 97763dc0f401 ("net_sched: reject unknown tcfa_action values")
  Signed-off-by: Davide Caratti
  Signed-off-by: David S. Miller

  Davide Caratti

  2019-03-22 04:26:41 +0800  

11 Feb, 2019

1 commit

• eddd2cf19   net: Change TCA_ACT_* to TCA_ID_* to match that of TCA_ID_POLICE ... Browse Code »

  Modify the kernel users of the TCA_ACT_* macros to use TCA_ID_*. For
  example, use TCA_ID_GACT instead of TCA_ACT_GACT. This will align with
  TCA_ID_POLICE and also differentiates these identifier, used in struct
  tc_action_ops type field, from other macros starting with TCA_ACT_.

  To make things clearer, we name the enum defining the TCA_ID_*
  identifiers and also change the "type" field of struct tc_action to
  id.

  Signed-off-by: Eli Cohen
  Acked-by: Jiri Pirko
  Signed-off-by: David S. Miller

  Eli Cohen

  2019-02-11 01:28:43 +0800  

01 Dec, 2018

1 commit

• fd6d43386   net/sched: act_police: fix memory leak in case of invalid control action ... Browse Code »

  when users set an invalid control action, kmemleak complains as follows:

  # echo clear >/sys/kernel/debug/kmemleak
  # ./tdc.py -e b48b
  Test b48b: Add police action with exceed goto chain control action
  All test results:

  1..1
  ok 1 - b48b # Add police action with exceed goto chain control action
  about to flush the tap output if tests need to be skipped
  done flushing skipped test tap output
  # echo scan >/sys/kernel/debug/kmemleak
  # cat /sys/kernel/debug/kmemleak
  unreferenced object 0xffffa0fafbc3dde0 (size 96):
  comm "tc", pid 2358, jiffies 4294922738 (age 17.022s)
  hex dump (first 32 bytes):
  2a 00 00 20 00 00 00 00 00 00 7d 00 00 00 00 00 *.. ......}.....
  f8 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
  backtrace:
  [] tcf_action_init_1+0x384/0x4c0
  [] tcf_action_init+0x12b/0x1a0
  [] tcf_action_add+0x73/0x170
  [] tc_ctl_action+0x122/0x160
  [] rtnetlink_rcv_msg+0x263/0x2d0
  [] netlink_rcv_skb+0x4d/0x130
  [] netlink_unicast+0x209/0x2d0
  [] netlink_sendmsg+0x2c1/0x3c0
  [] sock_sendmsg+0x33/0x40
  [] ___sys_sendmsg+0x2a0/0x2f0
  [] __sys_sendmsg+0x5e/0xa0
  [] do_syscall_64+0x5b/0x180
  [] entry_SYSCALL_64_after_hwframe+0x44/0xa9
  [] 0xffffffffffffffff

  change tcf_police_init() to avoid leaking 'new' in case TCA_POLICE_RESULT
  contains TC_ACT_GOTO_CHAIN extended action.

  Fixes: c08f5ed5d625 ("net/sched: act_police: disallow 'goto chain' on fallback control action")
  Reported-by: Dan Carpenter
  Signed-off-by: Davide Caratti
  Acked-by: Cong Wang
  Signed-off-by: David S. Miller

  Davide Caratti

  2018-12-01 09:14:06 +0800  

24 Nov, 2018

1 commit

• 484afd1bd   net/sched: act_police: add missing spinlock initialization ... Browse Code »

  commit f2cbd4852820 ("net/sched: act_police: fix race condition on state
  variables") introduces a new spinlock, but forgets its initialization.
  Ensure that tcf_police_init() initializes 'tcfp_lock' every time a 'police'
  action is newly created, to avoid the following lockdep splat:

  INFO: trying to register non-static key.
  the code is fine but needs lockdep annotation.
  turning off the locking correctness validator.
  
  Call Trace:
  dump_stack+0x85/0xcb
  register_lock_class+0x581/0x590
  __lock_acquire+0xd4/0x1330
  ? tcf_police_init+0x2fa/0x650 [act_police]
  ? lock_acquire+0x9e/0x1a0
  lock_acquire+0x9e/0x1a0
  ? tcf_police_init+0x2fa/0x650 [act_police]
  ? tcf_police_init+0x55a/0x650 [act_police]
  _raw_spin_lock_bh+0x34/0x40
  ? tcf_police_init+0x2fa/0x650 [act_police]
  tcf_police_init+0x2fa/0x650 [act_police]
  tcf_action_init_1+0x384/0x4c0
  tcf_action_init+0xf6/0x160
  tcf_action_add+0x73/0x170
  tc_ctl_action+0x122/0x160
  rtnetlink_rcv_msg+0x2a4/0x490
  ? netlink_deliver_tap+0x99/0x400
  ? validate_linkmsg+0x370/0x370
  netlink_rcv_skb+0x4d/0x130
  netlink_unicast+0x196/0x230
  netlink_sendmsg+0x2e5/0x3e0
  sock_sendmsg+0x36/0x40
  ___sys_sendmsg+0x280/0x2f0
  ? _raw_spin_unlock+0x24/0x30
  ? handle_pte_fault+0xafe/0xf30
  ? find_held_lock+0x2d/0x90
  ? syscall_trace_enter+0x1df/0x360
  ? __sys_sendmsg+0x5e/0xa0
  __sys_sendmsg+0x5e/0xa0
  do_syscall_64+0x60/0x210
  entry_SYSCALL_64_after_hwframe+0x49/0xbe
  RIP: 0033:0x7f1841c7cf10
  Code: c3 48 8b 05 82 6f 2c 00 f7 db 64 89 18 48 83 cb ff eb dd 0f 1f 80 00 00 00 00 83 3d 8d d0 2c 00 00 75 10 b8 2e 00 00 00 0f 05 3d 01 f0 ff ff 73 31 c3 48 83 ec 08 e8 ae cc 00 00 48 89 04 24
  RSP: 002b:00007ffcf9df4d68 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
  RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00007f1841c7cf10
  RDX: 0000000000000000 RSI: 00007ffcf9df4dc0 RDI: 0000000000000003
  RBP: 000000005bf56105 R08: 0000000000000002 R09: 00007ffcf9df8edc
  R10: 00007ffcf9df47e0 R11: 0000000000000246 R12: 0000000000671be0
  R13: 00007ffcf9df4e84 R14: 0000000000000008 R15: 0000000000000000

  Fixes: f2cbd4852820 ("net/sched: act_police: fix race condition on state variables")
  Reported-by: Cong Wang
  Signed-off-by: Davide Caratti
  Acked-by: Cong Wang
  Acked-by: Jiri Pirko
  Signed-off-by: David S. Miller

  Davide Caratti

  2018-11-24 03:20:02 +0800  

21 Nov, 2018

1 commit

• f2cbd4852   net/sched: act_police: fix race condition on state variables ... Browse Code »

  after 'police' configuration parameters were converted to use RCU instead
  of spinlock, the state variables used to compute the traffic rate (namely
  'tcfp_toks', 'tcfp_ptoks' and 'tcfp_t_c') are erroneously read/updated in
  the traffic path without any protection.

  Use a dedicated spinlock to avoid race conditions on these variables, and
  ensure proper cache-line alignment. In this way, 'police' is still faster
  than what we observed when 'tcf_lock' was used in the traffic path _ i.e.
  reverting commit 2d550dbad83c ("net/sched: act_police: don't use spinlock
  in the data path"). Moreover, we preserve the throughput improvement that
  was obtained after 'police' started using per-cpu counters, when 'avrate'
  is used instead of 'rate'.

  Changes since v1 (thanks to Eric Dumazet):
  - call ktime_get_ns() before acquiring the lock in the traffic path
  - use a dedicated spinlock instead of tcf_lock
  - improve cache-line usage

  Fixes: 2d550dbad83c ("net/sched: act_police: don't use spinlock in the data path")
  Reported-and-suggested-by: Eric Dumazet
  Signed-off-by: Davide Caratti
  Reviewed-by: Eric Dumazet

  Davide Caratti

  2018-11-21 06:59:58 +0800  

23 Oct, 2018

1 commit

• c08f5ed5d   net/sched: act_police: disallow 'goto chain' on fallback control action ... Browse Code »

  in the following command:

  # tc action add action police rate burst conform-exceed /

  'goto chain x' is allowed only for c1: setting it for c2 makes the kernel
  crash with NULL pointer dereference, since TC core doesn't initialize the
  chain handle.

  Signed-off-by: Davide Caratti
  Acked-by: Cong Wang
  Acked-by: Jiri Pirko
  Signed-off-by: David S. Miller

  Davide Caratti

  2018-10-23 10:42:50 +0800