Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit e024bdc0 authored by David S. Miller's avatar David S. Miller
Browse files

Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
The following patchset contains Netfilter/IPVS fixes for your net
tree, they are:

* Fix BUG_ON splat due to malformed TCP packets seen by synproxy, from
  Patrick McHardy.

* Fix possible weight overflow in lblc and lblcr schedulers due to
  32-bits arithmetics, from Simon Kirby.

* Fix possible memory access race in the lblc and lblcr schedulers,
  introduced when it was converted to use RCU, two patches from
  Julian Anastasov.

* Fix hard dependency on CPU 0 when reading per-cpu stats in the
  rate estimator, from Julian Anastasov.

* Fix race that may lead to object use after release, when invoking
  ipvsadm -C && ipvsadm -R, introduced when adding RCU, from Julian
  Anastasov.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 1ed98ed5 f4a87e7b

include/net/ip_vs.h

+3 −6
Original line number Diff line number Diff line
@@ -723,8 +723,6 @@ struct ip_vs_dest_dst { 
	struct rcu_head		rcu_head;

};



/* In grace period after removing */

#define IP_VS_DEST_STATE_REMOVING	0x01

/*

 *	The real server destination forwarding entry

 *	with ip address, port number, and so on.
@@ -742,7 +740,7 @@ struct ip_vs_dest { 


	atomic_t		refcnt;		/* reference counter */

	struct ip_vs_stats      stats;          /* statistics */

	unsigned long		state;		/* state flags */

	unsigned long		idle_start;	/* start time, jiffies */



	/* connection counters and thresholds */

	atomic_t		activeconns;	/* active connections */
@@ -756,14 +754,13 @@ struct ip_vs_dest { 
	struct ip_vs_dest_dst __rcu *dest_dst;	/* cached dst info */



	/* for virtual service */

	struct ip_vs_service	*svc;		/* service it belongs to */

	struct ip_vs_service __rcu *svc;	/* service it belongs to */

	__u16			protocol;	/* which protocol (TCP/UDP) */

	__be16			vport;		/* virtual port number */

	union nf_inet_addr	vaddr;		/* virtual IP address */

	__u32			vfwmark;	/* firewall mark of service */



	struct list_head	t_list;		/* in dest_trash */

	struct rcu_head		rcu_head;

	unsigned int		in_rs_table:1;	/* we are in rs_table */

};
@@ -1649,7 +1646,7 @@ static inline void ip_vs_conn_drop_conntrack(struct ip_vs_conn *cp) 
/* CONFIG_IP_VS_NFCT */

#endif



static inline unsigned int

static inline int

ip_vs_dest_conn_overhead(struct ip_vs_dest *dest)

{

	/*

include/net/netfilter/nf_conntrack_synproxy.h

+1 −1
Original line number Diff line number Diff line
@@ -56,7 +56,7 @@ struct synproxy_options { 


struct tcphdr;

struct xt_synproxy_info;

extern void synproxy_parse_options(const struct sk_buff *skb, unsigned int doff,

extern bool synproxy_parse_options(const struct sk_buff *skb, unsigned int doff,

				   const struct tcphdr *th,

				   struct synproxy_options *opts);

extern unsigned int synproxy_options_size(const struct synproxy_options *opts);

net/ipv4/netfilter/ipt_SYNPROXY.c

+7 −3
Original line number Diff line number Diff line
@@ -267,7 +267,8 @@ synproxy_tg4(struct sk_buff *skb, const struct xt_action_param *par) 
	if (th == NULL)

		return NF_DROP;



	synproxy_parse_options(skb, par->thoff, th, &opts);

	if (!synproxy_parse_options(skb, par->thoff, th, &opts))

		return NF_DROP;



	if (th->syn && !(th->ack || th->fin || th->rst)) {

		/* Initial SYN from client */
@@ -350,7 +351,8 @@ static unsigned int ipv4_synproxy_hook(unsigned int hooknum, 


		/* fall through */

	case TCP_CONNTRACK_SYN_SENT:

		synproxy_parse_options(skb, thoff, th, &opts);

		if (!synproxy_parse_options(skb, thoff, th, &opts))

			return NF_DROP;



		if (!th->syn && th->ack &&

		    CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) {
@@ -373,7 +375,9 @@ static unsigned int ipv4_synproxy_hook(unsigned int hooknum, 
		if (!th->syn || !th->ack)

			break;



		synproxy_parse_options(skb, thoff, th, &opts);

		if (!synproxy_parse_options(skb, thoff, th, &opts))

			return NF_DROP;



		if (opts.options & XT_SYNPROXY_OPT_TIMESTAMP)

			synproxy->tsoff = opts.tsval - synproxy->its;

net/ipv6/netfilter/ip6t_SYNPROXY.c

+7 −3
Original line number Diff line number Diff line
@@ -282,7 +282,8 @@ synproxy_tg6(struct sk_buff *skb, const struct xt_action_param *par) 
	if (th == NULL)

		return NF_DROP;



	synproxy_parse_options(skb, par->thoff, th, &opts);

	if (!synproxy_parse_options(skb, par->thoff, th, &opts))

		return NF_DROP;



	if (th->syn && !(th->ack || th->fin || th->rst)) {

		/* Initial SYN from client */
@@ -372,7 +373,8 @@ static unsigned int ipv6_synproxy_hook(unsigned int hooknum, 


		/* fall through */

	case TCP_CONNTRACK_SYN_SENT:

		synproxy_parse_options(skb, thoff, th, &opts);

		if (!synproxy_parse_options(skb, thoff, th, &opts))

			return NF_DROP;



		if (!th->syn && th->ack &&

		    CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) {
@@ -395,7 +397,9 @@ static unsigned int ipv6_synproxy_hook(unsigned int hooknum, 
		if (!th->syn || !th->ack)

			break;



		synproxy_parse_options(skb, thoff, th, &opts);

		if (!synproxy_parse_options(skb, thoff, th, &opts))

			return NF_DROP;



		if (opts.options & XT_SYNPROXY_OPT_TIMESTAMP)

			synproxy->tsoff = opts.tsval - synproxy->its;

net/netfilter/ipvs/ip_vs_core.c

+10 −2
Original line number Diff line number Diff line
@@ -116,6 +116,7 @@ ip_vs_in_stats(struct ip_vs_conn *cp, struct sk_buff *skb) 


	if (dest && (dest->flags & IP_VS_DEST_F_AVAILABLE)) {

		struct ip_vs_cpu_stats *s;

		struct ip_vs_service *svc;



		s = this_cpu_ptr(dest->stats.cpustats);

		s->ustats.inpkts++;
@@ -123,11 +124,14 @@ ip_vs_in_stats(struct ip_vs_conn *cp, struct sk_buff *skb) 
		s->ustats.inbytes += skb->len;

		u64_stats_update_end(&s->syncp);



		s = this_cpu_ptr(dest->svc->stats.cpustats);

		rcu_read_lock();

		svc = rcu_dereference(dest->svc);

		s = this_cpu_ptr(svc->stats.cpustats);

		s->ustats.inpkts++;

		u64_stats_update_begin(&s->syncp);

		s->ustats.inbytes += skb->len;

		u64_stats_update_end(&s->syncp);

		rcu_read_unlock();



		s = this_cpu_ptr(ipvs->tot_stats.cpustats);

		s->ustats.inpkts++;
@@ -146,6 +150,7 @@ ip_vs_out_stats(struct ip_vs_conn *cp, struct sk_buff *skb) 


	if (dest && (dest->flags & IP_VS_DEST_F_AVAILABLE)) {

		struct ip_vs_cpu_stats *s;

		struct ip_vs_service *svc;



		s = this_cpu_ptr(dest->stats.cpustats);

		s->ustats.outpkts++;
@@ -153,11 +158,14 @@ ip_vs_out_stats(struct ip_vs_conn *cp, struct sk_buff *skb) 
		s->ustats.outbytes += skb->len;

		u64_stats_update_end(&s->syncp);



		s = this_cpu_ptr(dest->svc->stats.cpustats);

		rcu_read_lock();

		svc = rcu_dereference(dest->svc);

		s = this_cpu_ptr(svc->stats.cpustats);

		s->ustats.outpkts++;

		u64_stats_update_begin(&s->syncp);

		s->ustats.outbytes += skb->len;

		u64_stats_update_end(&s->syncp);

		rcu_read_unlock();



		s = this_cpu_ptr(ipvs->tot_stats.cpustats);

		s->ustats.outpkts++;