On Sun, May 09, 2021 at 10:24:36AM +0200, Pavel Machek wrote:
>
> From: Mark Tomlinson <mark.tomlinson@xxxxxxxxxxxxxxxxxxx>
>
> commit 175e476b8cdf2a4de7432583b49c871345e4f8a1 upstream.
>
> When a new table value was assigned, it was followed by a write memory
> barrier. This ensured that all writes before this point would complete
> before any writes after this point. However, to determine whether the
> rules are unused, the sequence counter is read. To ensure that all
> writes have been done before these reads, a full memory barrier is
> needed, not just a write memory barrier. The same argument applies when
> incrementing the counter, before the rules are read.
>
> Changing to using smp_mb() instead of smp_wmb() fixes the kernel panic
> reported in cc00bcaa5899 (which is still present), while still
> maintaining the same speed of replacing tables.
>
> The smb_mb() barriers potentially slow the packet path, however testing
> has shown no measurable change in performance on a 4-core MIPS64
> platform.
>
> Fixes: 7f5c6d4f665b ("netfilter: get rid of atomic ops in fast path")
> Signed-off-by: Mark Tomlinson <mark.tomlinson@xxxxxxxxxxxxxxxxxxx>
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> [Ported to stable, affected barrier is added by d3d40f237480abf3268956daf18cdc56edd32834 in mainline]
> Signed-off-by: Pavel Machek (CIP) <pavel@xxxxxxx>
> ---
> include/linux/netfilter/x_tables.h | 2 +-
> net/netfilter/x_tables.c | 3 +++
> 2 files changed, 4 insertions(+), 1 deletion(-)
What about 4.14 and 4.9? I can't take patches only for 4.4 that are not
also in newer releases.
thanks,
greg k-h
