Received: by 2002:a05:6a10:f3d0:0:0:0:0 with SMTP id a16csp321984pxv; Wed, 30 Jun 2021 22:05:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxej+LyZzf3aLcZL1niG+T92h3/YoJmVH8+8jZNt0VkzBZFORLDV86WQW/0dLUOmVV1M/UJ X-Received: by 2002:a6b:b2d6:: with SMTP id b205mr9647845iof.107.1625115902261; Wed, 30 Jun 2021 22:05:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1625115902; cv=none; d=google.com; s=arc-20160816; b=eu5Weo7W6WYsN9A2XsicR6azW42hQb7uzWQmjB1L017PgoDD3p9Wf3iK2PWNZgfYzM HtmUg8ia8KnWTiavsIjRL+kvsA+kqE7gK39yS8JfJkHTVvLzRw0EcnHhnSU0mwGQcjI5 q5phswUKYH9Vz63S57480Uv7kVIrGny+gXkMlMZJuomXwqVQRRNGQwu6fn4wxMgncRUH 9Q1iiDOW3dM8prd+QmxAjatOup9cPC1j4OUg84mfvC6zNHzYZxI4k/XSTrybnorXPKk1 bStKRzMg0GhuPSmmJNW94juCNlwMscQTVH2+SkyisD5Hft9H25KMCUkx5DP+RYNSCy7u Pdxg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :mime-version:user-agent:date:message-id:cc:to:subject:from :dkim-signature; bh=j+NnwwOJ1AMrdrJeNJZBPanrIefil1SM4Aq4CQtIjvI=; b=KLI09HmY1q03gFVapfb2Hgud5QTmDodScU8DLeOaiArt7lmjtXD5am+7JU4NPuZ0tb Q/lrsVWVMD+mbQ6sQzfRuBsXdXnXopNwr8++jdDxxvJMBUNKlkvgPbN366pgZGmzngyn DnMdxDrIRHe0eY31WnOHMXEHlu5N/v12H8RwRpYoVsmONw0WLMd+78UWbp9QlzQsfVt5 mK+tsAn5caA7JUxy+1hceGBSgGp55AaOFenSR+vVW7tOcS5fO6Tkc/24Glhsv0p6q+aa yq0cHG9cp4GNv9n1nSRfYZe2yfOOrDLa7eI6h+x+ZmKwrytBGOYGxA/i2xFCo1P0xHKy zaJg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=AfqsE7m2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id q2si20433449jat.108.2021.06.30.22.04.49; Wed, 30 Jun 2021 22:05:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@virtuozzo.com header.s=relay header.b=AfqsE7m2; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=virtuozzo.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233893AbhGAFE6 (ORCPT + 99 others); Thu, 1 Jul 2021 01:04:58 -0400 Received: from relay.sw.ru ([185.231.240.75]:50828 "EHLO relay.sw.ru" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230293AbhGAFE5 (ORCPT ); Thu, 1 Jul 2021 01:04:57 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=virtuozzo.com; s=relay; h=Content-Type:MIME-Version:Date:Message-ID:Subject :From; bh=j+NnwwOJ1AMrdrJeNJZBPanrIefil1SM4Aq4CQtIjvI=; b=AfqsE7m2NsBgi6LznP5 hI5UIwMBs4bJyDrD6qhiOhXuFkUoqWqhxzzvZXiK52/Hj6OB/8rUpn2yAn/247Lbalv04zoMCJlk+ dCuINJyqI86JYTDYznvUL7toQq+OHo2aCUtfa7T+VpVdN7O/3szOzFG4S7UaOi5UMeMd6ofbOt0=; Received: from [10.93.0.56] by relay.sw.ru with esmtp (Exim 4.94.2) (envelope-from ) id 1lYVtY-002Tjh-IM; Thu, 01 Jul 2021 08:02:25 +0300 From: Vasily Averin Subject: [PATCH NETFILTER v2] netfilter: gre: nf_ct_gre_keymap_flush() removal To: Pablo Neira Ayuso , Jozsef Kadlecsik , Florian Westphal Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org, linux-kernel@vger.kernel.org Message-ID: <0e3cdbe6-33f7-60b0-64ca-72f6f6a42df8@virtuozzo.com> Date: Thu, 1 Jul 2021 08:02:24 +0300 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org nf_ct_gre_keymap_flush() is useless. It is called from nf_conntrack_cleanup_net_list() only and tries to remove nf_ct_gre_keymap entries from pernet gre keymap list. Though: a) at this point the list should already be empty, all its entries were deleted during the conntracks cleanup, because nf_conntrack_cleanup_net_list() executes nf_ct_iterate_cleanup(kill_all) before nf_conntrack_proto_pernet_fini(): nf_conntrack_cleanup_net_list +- nf_ct_iterate_cleanup | nf_ct_put | nf_conntrack_put | nf_conntrack_destroy | destroy_conntrack | destroy_gre_conntrack | nf_ct_gre_keymap_destroy `- nf_conntrack_proto_pernet_fini nf_ct_gre_keymap_flush b) Let's say we find that the keymap list is not empty. This means netns still has a conntrack associated with gre, in which case we should not free its memory, because this will lead to a double free and related crashes. However I doubt it could have gone unnoticed for years, obviously this does not happen in real life. So I think we can remove both nf_ct_gre_keymap_flush() and nf_conntrack_proto_pernet_fini(). Signed-off-by: Vasily Averin Acked-by: Florian Westphal --- v2: resent, original letter was graylisted include/net/netfilter/nf_conntrack_core.h | 1 - net/netfilter/nf_conntrack_core.c | 1 - net/netfilter/nf_conntrack_proto.c | 7 ------- net/netfilter/nf_conntrack_proto_gre.c | 13 ------------- 4 files changed, 22 deletions(-) diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h index 09f2efea0b97..13807ea94cd2 100644 --- a/include/net/netfilter/nf_conntrack_core.h +++ b/include/net/netfilter/nf_conntrack_core.h @@ -30,7 +30,6 @@ void nf_conntrack_cleanup_net(struct net *net); void nf_conntrack_cleanup_net_list(struct list_head *net_exit_list); void nf_conntrack_proto_pernet_init(struct net *net); -void nf_conntrack_proto_pernet_fini(struct net *net); int nf_conntrack_proto_init(void); void nf_conntrack_proto_fini(void); diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index e0befcf8113a..ad53666120e9 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -2461,7 +2461,6 @@ void nf_conntrack_cleanup_net_list(struct list_head *net_exit_list) } list_for_each_entry(net, net_exit_list, exit_list) { - nf_conntrack_proto_pernet_fini(net); nf_conntrack_ecache_pernet_fini(net); nf_conntrack_expect_pernet_fini(net); free_percpu(net->ct.stat); diff --git a/net/netfilter/nf_conntrack_proto.c b/net/netfilter/nf_conntrack_proto.c index 89e5bac384d7..2ca25aaad032 100644 --- a/net/netfilter/nf_conntrack_proto.c +++ b/net/netfilter/nf_conntrack_proto.c @@ -697,13 +697,6 @@ void nf_conntrack_proto_pernet_init(struct net *net) #endif } -void nf_conntrack_proto_pernet_fini(struct net *net) -{ -#ifdef CONFIG_NF_CT_PROTO_GRE - nf_ct_gre_keymap_flush(net); -#endif -} - module_param_call(hashsize, nf_conntrack_set_hashsize, param_get_uint, &nf_conntrack_htable_size, 0600); diff --git a/net/netfilter/nf_conntrack_proto_gre.c b/net/netfilter/nf_conntrack_proto_gre.c index db11e403d818..728eeb0aea87 100644 --- a/net/netfilter/nf_conntrack_proto_gre.c +++ b/net/netfilter/nf_conntrack_proto_gre.c @@ -55,19 +55,6 @@ static inline struct nf_gre_net *gre_pernet(struct net *net) return &net->ct.nf_ct_proto.gre; } -void nf_ct_gre_keymap_flush(struct net *net) -{ - struct nf_gre_net *net_gre = gre_pernet(net); - struct nf_ct_gre_keymap *km, *tmp; - - spin_lock_bh(&keymap_lock); - list_for_each_entry_safe(km, tmp, &net_gre->keymap_list, list) { - list_del_rcu(&km->list); - kfree_rcu(km, rcu); - } - spin_unlock_bh(&keymap_lock); -} - static inline int gre_key_cmpfn(const struct nf_ct_gre_keymap *km, const struct nf_conntrack_tuple *t) { -- 2.25.1