Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1823870imm; Mon, 3 Sep 2018 10:22:18 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZ/Rgm+THeIUAf04m0PW0jIK84NW1rHf33JtsCS7y3nfsohfgIYSqo0UXXrij0HJ1GqozC5 X-Received: by 2002:a63:6054:: with SMTP id u81-v6mr27748814pgb.433.1535995338623; Mon, 03 Sep 2018 10:22:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535995338; cv=none; d=google.com; s=arc-20160816; b=ASD/tTOCaDut2/XbmiiJwSB7Gk+MWkJdiMu3p4ixv8te/SObvyAYf2rT88RlWBu7Wo j9k9JqbtUNwvKRcEczxxXOCKtsUZWgq+tMAsZXM3FqNTfWxYoybETaRs+9UmZTzwIt3k RcyVBW5Q+7YjsEqJadm+sriGShGT24T6f7xTRtLl7KE98IgzjhPndDngfL4K4SjYaEwn LTaiiIBdyLMjg9qosG8tB/7FH6gQkryJ+c6XNiiZo4VxPbznCQpVD3Q9NAFX7msj6R26 7lBMsEHwkI1wwNlfIjx20bsxx9qP2Yz9eZgnrQUyF34bSmlY8ixR1tBnaqRBiciTRGLa 8yyg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=Dt53NPnDXTEvJjdyu/yfqH4TjYoXJz4KyMH6O6TGPhM=; b=qVrWC2ZojVDlpl7Fn4jvPga6f9/wVHMv1vQr1Zc9OUhvLP1O0iSIH7RxM7rJ5wVL6w aHtreZVX7QNYur8Usnsalb5adltbe8VzBEqJaiNOzSwu2v7GmNE6BoqdjHSbrigwyPo8 H2/krakuXsE3a0BoMQP6D7btMPM2KzRNe0JAOH9arg3tJVSwYd4JpfEJqfo8UFWP5LKZ o44phe1RbP14ISAoRHJnlgNBKPXNMkUvjdSfpjm/V4Lou4YMKdkV2uCqvNLSCbgc9kHz n/y8/U7kkK7ZQuLSBptMUHEKBbhvbTOCp4dZvaJ29EwZ+6MFesugsDIUhBtff3eIEo/s xT1g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 63-v6si19101554pfg.67.2018.09.03.10.22.03; Mon, 03 Sep 2018 10:22:18 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730336AbeICVjb (ORCPT + 99 others); Mon, 3 Sep 2018 17:39:31 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:43054 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728154AbeICVjb (ORCPT ); Mon, 3 Sep 2018 17:39:31 -0400 Received: from localhost (ip-213-127-74-90.ip.prioritytelecom.net [213.127.74.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 390B4D13; Mon, 3 Sep 2018 17:18:26 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Taehee Yoo , Pablo Neira Ayuso , Sasha Levin Subject: [PATCH 4.14 027/165] netfilter: nft_set_hash: add rcu_barrier() in the nft_rhash_destroy() Date: Mon, 3 Sep 2018 18:55:13 +0200 Message-Id: <20180903165656.409210655@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180903165655.003605184@linuxfoundation.org> References: <20180903165655.003605184@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Taehee Yoo [ Upstream commit 9970a8e40d4c39e23d62d32540366d1d7d2cce9b ] GC of set uses call_rcu() to destroy elements. So that elements would be destroyed after destroying sets and chains. But, elements should be destroyed before destroying sets and chains. In order to wait calling call_rcu(), a rcu_barrier() is added. In order to test correctly, below patch should be applied. https://patchwork.ozlabs.org/patch/940883/ test scripts: %cat test.nft table ip aa { map map1 { type ipv4_addr : verdict; flags timeout; elements = { 0 : jump a0, 1 : jump a0, 2 : jump a0, 3 : jump a0, 4 : jump a0, 5 : jump a0, 6 : jump a0, 7 : jump a0, 8 : jump a0, 9 : jump a0, } timeout 1s; } chain a0 { } } flush ruleset [ ... ] table ip aa { map map1 { type ipv4_addr : verdict; flags timeout; elements = { 0 : jump a0, 1 : jump a0, 2 : jump a0, 3 : jump a0, 4 : jump a0, 5 : jump a0, 6 : jump a0, 7 : jump a0, 8 : jump a0, 9 : jump a0, } timeout 1s; } chain a0 { } } flush ruleset Splat looks like: [ 200.795603] kernel BUG at net/netfilter/nf_tables_api.c:1363! [ 200.806944] invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI [ 200.812253] CPU: 1 PID: 1582 Comm: nft Not tainted 4.17.0+ #24 [ 200.820297] Hardware name: To be filled by O.E.M. To be filled by O.E.M./Aptio CRB, BIOS 5.6.5 07/08/2015 [ 200.830309] RIP: 0010:nf_tables_chain_destroy.isra.34+0x62/0x240 [nf_tables] [ 200.838317] Code: 43 50 85 c0 74 26 48 8b 45 00 48 8b 4d 08 ba 54 05 00 00 48 c7 c6 60 6d 29 c0 48 c7 c7 c0 65 29 c0 4c 8b 40 08 e8 58 e5 fd f8 <0f> 0b 48 89 da 48 b8 00 00 00 00 00 fc ff [ 200.860366] RSP: 0000:ffff880118dbf4d0 EFLAGS: 00010282 [ 200.866354] RAX: 0000000000000061 RBX: ffff88010cdeaf08 RCX: 0000000000000000 [ 200.874355] RDX: 0000000000000061 RSI: 0000000000000008 RDI: ffffed00231b7e90 [ 200.882361] RBP: ffff880118dbf4e8 R08: ffffed002373bcfb R09: ffffed002373bcfa [ 200.890354] R10: 0000000000000000 R11: ffffed002373bcfb R12: dead000000000200 [ 200.898356] R13: dead000000000100 R14: ffffffffbb62af38 R15: dffffc0000000000 [ 200.906354] FS: 00007fefc31fd700(0000) GS:ffff88011b800000(0000) knlGS:0000000000000000 [ 200.915533] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 200.922355] CR2: 0000557f1c8e9128 CR3: 0000000106880000 CR4: 00000000001006e0 [ 200.930353] Call Trace: [ 200.932351] ? nf_tables_commit+0x26f6/0x2c60 [nf_tables] [ 200.939525] ? nf_tables_setelem_notify.constprop.49+0x1a0/0x1a0 [nf_tables] [ 200.947525] ? nf_tables_delchain+0x6e0/0x6e0 [nf_tables] [ 200.952383] ? nft_add_set_elem+0x1700/0x1700 [nf_tables] [ 200.959532] ? nla_parse+0xab/0x230 [ 200.963529] ? nfnetlink_rcv_batch+0xd06/0x10d0 [nfnetlink] [ 200.968384] ? nfnetlink_net_init+0x130/0x130 [nfnetlink] [ 200.975525] ? debug_show_all_locks+0x290/0x290 [ 200.980363] ? debug_show_all_locks+0x290/0x290 [ 200.986356] ? sched_clock_cpu+0x132/0x170 [ 200.990352] ? find_held_lock+0x39/0x1b0 [ 200.994355] ? sched_clock_local+0x10d/0x130 [ 200.999531] ? memset+0x1f/0x40 Fixes: 9d0982927e79 ("netfilter: nft_hash: add support for timeouts") Signed-off-by: Taehee Yoo Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- net/netfilter/nft_set_hash.c | 1 + 1 file changed, 1 insertion(+) --- a/net/netfilter/nft_set_hash.c +++ b/net/netfilter/nft_set_hash.c @@ -359,6 +359,7 @@ static void nft_rhash_destroy(const stru struct nft_rhash *priv = nft_set_priv(set); cancel_delayed_work_sync(&priv->gc_work); + rcu_barrier(); rhashtable_free_and_destroy(&priv->ht, nft_rhash_elem_destroy, (void *)set); }