Patch "sched: act_ct: add netns into the key of tcf_ct_flow_table" has been added to the 5.10-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    sched: act_ct: add netns into the key of tcf_ct_flow_table

to the 5.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     sched-act_ct-add-netns-into-the-key-of-tcf_ct_flow_t.patch
and it can be found in the queue-5.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit e05ef988a87e2ba61a977bac4cd18e9915293a91
Author: Xin Long <lucien.xin@xxxxxxxxx>
Date:   Sat Jun 15 17:47:30 2024 -0400

    sched: act_ct: add netns into the key of tcf_ct_flow_table
    
    [ Upstream commit 88c67aeb14070bab61d3dd8be96c8b42ebcaf53a ]
    
    zones_ht is a global hashtable for flow_table with zone as key. However,
    it does not consider netns when getting a flow_table from zones_ht in
    tcf_ct_init(), and it means an act_ct action in netns A may get a
    flow_table that belongs to netns B if it has the same zone value.
    
    In Shuang's test with the TOPO:
    
      tcf2_c <---> tcf2_sw1 <---> tcf2_sw2 <---> tcf2_s
    
    tcf2_sw1 and tcf2_sw2 saw the same flow and used the same flow table,
    which caused their ct entries entering unexpected states and the
    TCP connection not able to end normally.
    
    This patch fixes the issue simply by adding netns into the key of
    tcf_ct_flow_table so that an act_ct action gets a flow_table that
    belongs to its own netns in tcf_ct_init().
    
    Note that for easy coding we don't use tcf_ct_flow_table.nf_ft.net,
    as the ct_ft is initialized after inserting it to the hashtable in
    tcf_ct_flow_table_get() and also it requires to implement several
    functions in rhashtable_params including hashfn, obj_hashfn and
    obj_cmpfn.
    
    Fixes: 64ff70b80fd4 ("net/sched: act_ct: Offload established connections to flow table")
    Reported-by: Shuang Li <shuali@xxxxxxxxxx>
    Signed-off-by: Xin Long <lucien.xin@xxxxxxxxx>
    Reviewed-by: Simon Horman <horms@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/1db5b6cc6902c5fc6f8c6cbd85494a2008087be5.1718488050.git.lucien.xin@xxxxxxxxx
    Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
index 155426d5a48f6..c6d6a6fe9602b 100644
--- a/net/sched/act_ct.c
+++ b/net/sched/act_ct.c
@@ -38,21 +38,26 @@ static struct workqueue_struct *act_ct_wq;
 static struct rhashtable zones_ht;
 static DEFINE_MUTEX(zones_mutex);
 
+struct zones_ht_key {
+	struct net *net;
+	u16 zone;
+};
+
 struct tcf_ct_flow_table {
 	struct rhash_head node; /* In zones tables */
 
 	struct rcu_work rwork;
 	struct nf_flowtable nf_ft;
 	refcount_t ref;
-	u16 zone;
+	struct zones_ht_key key;
 
 	bool dying;
 };
 
 static const struct rhashtable_params zones_params = {
 	.head_offset = offsetof(struct tcf_ct_flow_table, node),
-	.key_offset = offsetof(struct tcf_ct_flow_table, zone),
-	.key_len = sizeof_field(struct tcf_ct_flow_table, zone),
+	.key_offset = offsetof(struct tcf_ct_flow_table, key),
+	.key_len = sizeof_field(struct tcf_ct_flow_table, key),
 	.automatic_shrinking = true,
 };
 
@@ -277,11 +282,12 @@ static struct nf_flowtable_type flowtable_ct = {
 
 static int tcf_ct_flow_table_get(struct net *net, struct tcf_ct_params *params)
 {
+	struct zones_ht_key key = { .net = net, .zone = params->zone };
 	struct tcf_ct_flow_table *ct_ft;
 	int err = -ENOMEM;
 
 	mutex_lock(&zones_mutex);
-	ct_ft = rhashtable_lookup_fast(&zones_ht, &params->zone, zones_params);
+	ct_ft = rhashtable_lookup_fast(&zones_ht, &key, zones_params);
 	if (ct_ft && refcount_inc_not_zero(&ct_ft->ref))
 		goto out_unlock;
 
@@ -290,7 +296,7 @@ static int tcf_ct_flow_table_get(struct net *net, struct tcf_ct_params *params)
 		goto err_alloc;
 	refcount_set(&ct_ft->ref, 1);
 
-	ct_ft->zone = params->zone;
+	ct_ft->key = key;
 	err = rhashtable_insert_fast(&zones_ht, &ct_ft->node, zones_params);
 	if (err)
 		goto err_insert;




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux