Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1018736ybe; Wed, 4 Sep 2019 11:13:28 -0700 (PDT) X-Google-Smtp-Source: APXvYqyrcuIcpjh2lXHZnaCVgkdKrDhr30a41BqMuefvNFRn63bUnk9N9B4CxWtvpK9y7c7IPAQN X-Received: by 2002:aa7:8436:: with SMTP id q22mr20006748pfn.74.1567620808360; Wed, 04 Sep 2019 11:13:28 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567620808; cv=none; d=google.com; s=arc-20160816; b=wMcb1pWgbDeql+O996YlXtaR+vjKWLRq5+5biL1eTqNMBYTW6g8tS3aDX0OVMQKuhs 2IuBK7vm+TwzLkV2l/OTVSrTpaC8WchxCuGaOF9o+dnES1WY+4JBBWZXuU7fAGnGt2AL zutvYiNiztEyeUcCISynyuv4wNYxFHhsziDx+0b0Iehhde3KG3+J8DyyX8KyhbdVvSqq TuUKG8hFMKn5Z2VMg+DWFPhkqIuL8mGhEEBJyJSXVKTB/snJ2I4Sxr+OLHj5UFzphWnq xpGMK7QAMkiDvndAGM/AM4r7Yy05isySvU6AAjv6loFCkJimPR9p52Nn3yqTS1v90vAV mNwA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Xt1kfVYbfHtprLx3SrmcEpgLVJrQwoyfFIni4XHs0EI=; b=Tk9esEjoO9s3iyJOPrpI8IdmwYCN+/zmMO5IzP1YAQ2q9oQdU4pP1DqRAzocCd4naS PvJnZGuW3ylXOtG1w0FMYbOHNrcRLBUeAjHDnCfG8/MBdjkhKSwaedFtuK3c4ZHc63CH 6IEtuLNTU5i3HnU7hVYQmgnm5HDwBI+G4A6Fzcitw7qwJq/71Ywcu+vJVEjUnasdERu4 b8lZNZ3RzWg/o2MkUhlu89RzzaoGQSqZtPuMihVO8dYkEofvQeK9iJqqtKZ+52GuzIcW /cgPe2RIfUcODfgnTTOq7JDiYxL2RBnfr5or5bNFyhYaWpihi7CfUe/zhBNwURBU+f1V pvHQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jCvFUH0D; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d13si21208486pfo.33.2019.09.04.11.13.13; Wed, 04 Sep 2019 11:13:28 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jCvFUH0D; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2390381AbfIDSLq (ORCPT + 99 others); Wed, 4 Sep 2019 14:11:46 -0400 Received: from mail.kernel.org ([198.145.29.99]:55856 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389971AbfIDSLn (ORCPT ); Wed, 4 Sep 2019 14:11:43 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id D05352087E; Wed, 4 Sep 2019 18:11:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1567620702; bh=3PPlJtyaYmGB8nr08FGdGC9v13Bgstuekc9LvF+Trjs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jCvFUH0DPNmcZ7bglVOCS+IrzPUR0gNqL/OldegLB+NugUXNuOdEtFeVlPymZOIu8 yCaef7hmRVI1nGTAgL+c9jlCuW2fAvQvaJRqjbZo05vDX/C9aZCpv6z8cV33A726eg e2SgXqf5Ae1qahsQc/OKn8ZpExDG4TwuHx51abcM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, kbuild test robot , Yi-Hung Wei , Pravin B Shelar , "David S. Miller" Subject: [PATCH 5.2 056/143] openvswitch: Fix conntrack cache with timeout Date: Wed, 4 Sep 2019 19:53:19 +0200 Message-Id: <20190904175316.266310168@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20190904175314.206239922@linuxfoundation.org> References: <20190904175314.206239922@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Yi-Hung Wei [ Upstream commit 7177895154e6a35179d332f4a584d396c50d0612 ] This patch addresses a conntrack cache issue with timeout policy. Currently, we do not check if the timeout extension is set properly in the cached conntrack entry. Thus, after packet recirculate from conntrack action, the timeout policy is not applied properly. This patch fixes the aforementioned issue. Fixes: 06bd2bdf19d2 ("openvswitch: Add timeout support to ct action") Reported-by: kbuild test robot Signed-off-by: Yi-Hung Wei Acked-by: Pravin B Shelar Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/openvswitch/conntrack.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c @@ -67,6 +67,7 @@ struct ovs_conntrack_info { struct md_mark mark; struct md_labels labels; char timeout[CTNL_TIMEOUT_NAME_MAX]; + struct nf_ct_timeout *nf_ct_timeout; #if IS_ENABLED(CONFIG_NF_NAT) struct nf_nat_range2 range; /* Only present for SRC NAT and DST NAT. */ #endif @@ -697,6 +698,14 @@ static bool skb_nfct_cached(struct net * if (help && rcu_access_pointer(help->helper) != info->helper) return false; } + if (info->nf_ct_timeout) { + struct nf_conn_timeout *timeout_ext; + + timeout_ext = nf_ct_timeout_find(ct); + if (!timeout_ext || info->nf_ct_timeout != + rcu_dereference(timeout_ext->timeout)) + return false; + } /* Force conntrack entry direction to the current packet? */ if (info->force && CTINFO2DIR(ctinfo) != IP_CT_DIR_ORIGINAL) { /* Delete the conntrack entry if confirmed, else just release @@ -1657,6 +1666,10 @@ int ovs_ct_copy_action(struct net *net, ct_info.timeout)) pr_info_ratelimited("Failed to associated timeout " "policy `%s'\n", ct_info.timeout); + else + ct_info.nf_ct_timeout = rcu_dereference( + nf_ct_timeout_find(ct_info.ct)->timeout); + } if (helper) {