This is a note to let you know that I've just added the patch titled
net/sched: act_mirred: better wording on protection against excessive stack growth
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
net-sched-act_mirred-better-wording-on-protection-against-excessive-stack-growth.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From stable-owner@xxxxxxxxxxxxxxx Tue May 16 20:01:56 2023
From: Dragos-Marian Panait <dragos.panait@xxxxxxxxxxxxx>
Date: Tue, 16 May 2023 22:00:39 +0300
Subject: net/sched: act_mirred: better wording on protection against excessive stack growth
To: stable@xxxxxxxxxxxxxxx
Cc: wenxu <wenxu@xxxxxxxxx>, Jakub Kicinski <kuba@xxxxxxxxxx>, Jamal Hadi Salim <jhs@xxxxxxxxxxxx>, Davide Caratti <dcaratti@xxxxxxxxxx>, Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>, Paolo Abeni <pabeni@xxxxxxxxxx>, William Zhao <wizhao@xxxxxxxxxx>, Xin Long <lucien.xin@xxxxxxxxx>, "David S . Miller" <davem@xxxxxxxxxxxxx>, Eric Dumazet <edumazet@xxxxxxxxxx>, Cong Wang <xiyou.wangcong@xxxxxxxxx>, Jiri Pirko <jiri@xxxxxxxxxxx>, Shuah Khan <shuah@xxxxxxxxxx>, linux-kselftest@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxxxxxx
Message-ID: <20230516190040.636627-3-dragos.panait@xxxxxxxxxxxxx>
From: Davide Caratti <dcaratti@xxxxxxxxxx>
[ Upstream commit 78dcdffe0418ac8f3f057f26fe71ccf4d8ed851f ]
with commit e2ca070f89ec ("net: sched: protect against stack overflow in
TC act_mirred"), act_mirred protected itself against excessive stack growth
using per_cpu counter of nested calls to tcf_mirred_act(), and capping it
to MIRRED_RECURSION_LIMIT. However, such protection does not detect
recursion/loops in case the packet is enqueued to the backlog (for example,
when the mirred target device has RPS or skb timestamping enabled). Change
the wording from "recursion" to "nesting" to make it more clear to readers.
CC: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
Signed-off-by: Davide Caratti <dcaratti@xxxxxxxxxx>
Reviewed-by: Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>
Acked-by: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
Stable-dep-of: ca22da2fbd69 ("act_mirred: use the backlog for nested calls to mirred ingress")
Signed-off-by: Dragos-Marian Panait <dragos.panait@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/sched/act_mirred.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
--- a/net/sched/act_mirred.c
+++ b/net/sched/act_mirred.c
@@ -28,8 +28,8 @@
static LIST_HEAD(mirred_list);
static DEFINE_SPINLOCK(mirred_list_lock);
-#define MIRRED_RECURSION_LIMIT 4
-static DEFINE_PER_CPU(unsigned int, mirred_rec_level);
+#define MIRRED_NEST_LIMIT 4
+static DEFINE_PER_CPU(unsigned int, mirred_nest_level);
static bool tcf_mirred_is_act_redirect(int action)
{
@@ -225,7 +225,7 @@ static int tcf_mirred_act(struct sk_buff
struct sk_buff *skb2 = skb;
bool m_mac_header_xmit;
struct net_device *dev;
- unsigned int rec_level;
+ unsigned int nest_level;
int retval, err = 0;
bool use_reinsert;
bool want_ingress;
@@ -236,11 +236,11 @@ static int tcf_mirred_act(struct sk_buff
int mac_len;
bool at_nh;
- rec_level = __this_cpu_inc_return(mirred_rec_level);
- if (unlikely(rec_level > MIRRED_RECURSION_LIMIT)) {
+ nest_level = __this_cpu_inc_return(mirred_nest_level);
+ if (unlikely(nest_level > MIRRED_NEST_LIMIT)) {
net_warn_ratelimited("Packet exceeded mirred recursion limit on dev %s\n",
netdev_name(skb->dev));
- __this_cpu_dec(mirred_rec_level);
+ __this_cpu_dec(mirred_nest_level);
return TC_ACT_SHOT;
}
@@ -310,7 +310,7 @@ static int tcf_mirred_act(struct sk_buff
err = tcf_mirred_forward(res->ingress, skb);
if (err)
tcf_action_inc_overlimit_qstats(&m->common);
- __this_cpu_dec(mirred_rec_level);
+ __this_cpu_dec(mirred_nest_level);
return TC_ACT_CONSUMED;
}
}
@@ -322,7 +322,7 @@ out:
if (tcf_mirred_is_act_redirect(m_eaction))
retval = TC_ACT_SHOT;
}
- __this_cpu_dec(mirred_rec_level);
+ __this_cpu_dec(mirred_nest_level);
return retval;
}
Patches currently in stable-queue which might be from stable-owner@xxxxxxxxxxxxxxx are
queue-5.10/act_mirred-use-the-backlog-for-nested-calls-to-mirred-ingress.patch
queue-5.10/net-sched-act_mirred-better-wording-on-protection-against-excessive-stack-growth.patch
queue-5.10/net-sched-act_mirred-refactor-the-handle-of-xmit.patch
