/[packages]/backports/8/kernel/current/SOURCES/netfilter-nf_tables-make-table-handle-allocation-per.patch
ViewVC logotype

Contents of /backports/8/kernel/current/SOURCES/netfilter-nf_tables-make-table-handle-allocation-per.patch

Parent Directory Parent Directory | Revision Log Revision Log

Revision 1881590 - (show annotations) (download)
Mon Aug 29 03:49:40 2022 UTC (19 months, 3 weeks ago) by tmb
File size: 2552 byte(s) 
- add current -stable queue
- io_uring: fix issue with io_write() not always undoing sb_start_write()
- HID: input: fix uclogic tablets
1 From c41964a21dbb3022b6c0c173e14694dedb9cb7fa Mon Sep 17 00:00:00 2001
2 From: Sasha Levin <sashal@kernel.org>
3 Date: Sun, 21 Aug 2022 10:52:48 +0200
4 Subject: netfilter: nf_tables: make table handle allocation per-netns friendly
5
6 From: Pablo Neira Ayuso <pablo@netfilter.org>
7
8 [ Upstream commit ab482c6b66a4a8c0a8c0b0f577a785cf9ff1c2e2 ]
9
10 mutex is per-netns, move table_netns to the pernet area.
11
12 *read-write* to 0xffffffff883a01e8 of 8 bytes by task 6542 on cpu 0:
13 nf_tables_newtable+0x6dc/0xc00 net/netfilter/nf_tables_api.c:1221
14 nfnetlink_rcv_batch net/netfilter/nfnetlink.c:513 [inline]
15 nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline]
16 nfnetlink_rcv+0xa6a/0x13a0 net/netfilter/nfnetlink.c:652
17 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]
18 netlink_unicast+0x652/0x730 net/netlink/af_netlink.c:1345
19 netlink_sendmsg+0x643/0x740 net/netlink/af_netlink.c:1921
20
21 Fixes: f102d66b335a ("netfilter: nf_tables: use dedicated mutex to guard transactions")
22 Reported-by: Abhishek Shah <abhishek.shah@columbia.edu>
23 Reviewed-by: Florian Westphal <fw@strlen.de>
24 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
25 Signed-off-by: Sasha Levin <sashal@kernel.org>
26 ---
27 include/net/netfilter/nf_tables.h | 1 +
28 net/netfilter/nf_tables_api.c | 3 +--
29 2 files changed, 2 insertions(+), 2 deletions(-)
30
31 diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
32 index b8890ace0f879..0daad6e63ccb2 100644
33 --- a/include/net/netfilter/nf_tables.h
34 +++ b/include/net/netfilter/nf_tables.h
35 @@ -1635,6 +1635,7 @@ struct nftables_pernet {
36 struct list_head module_list;
37 struct list_head notify_list;
38 struct mutex commit_mutex;
39 + u64 table_handle;
40 unsigned int base_seq;
41 u8 validate_state;
42 };
43 diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
44 index 8b6ee9df817fb..e171257739c2f 100644
45 --- a/net/netfilter/nf_tables_api.c
46 +++ b/net/netfilter/nf_tables_api.c
47 @@ -32,7 +32,6 @@ static LIST_HEAD(nf_tables_objects);
48 static LIST_HEAD(nf_tables_flowtables);
49 static LIST_HEAD(nf_tables_destroy_list);
50 static DEFINE_SPINLOCK(nf_tables_destroy_list_lock);
51 -static u64 table_handle;
52
53 enum {
54 NFT_VALIDATE_SKIP = 0,
55 @@ -1235,7 +1234,7 @@ static int nf_tables_newtable(struct sk_buff *skb, const struct nfnl_info *info,
56 INIT_LIST_HEAD(&table->flowtables);
57 table->family = family;
58 table->flags = flags;
59 - table->handle = ++table_handle;
60 + table->handle = ++nft_net->table_handle;
61 if (table->flags & NFT_TABLE_F_OWNER)
62 table->nlpid = NETLINK_CB(skb).portid;
63
64 --
65 2.35.1
66
  ViewVC Help
Powered by ViewVC 1.1.30