AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
545052e9e3
kernel_optimize_test/include/net
History
Eric Dumazet 222d7dbd25 net: prevent dst uses after free 
In linux-4.13, Wei worked hard to convert dst to a traditional
refcounted model, removing GC.

We now want to make sure a dst refcount can not transition from 0 back
to 1.

The problem here is that input path attached a not refcounted dst to an
skb. Then later, because packet is forwarded and hits skb_dst_force()
before exiting RCU section, we might try to take a refcount on one dst
that is about to be freed, if another cpu saw 1 -> 0 transition in
dst_release() and queued the dst for freeing after one RCU grace period.

Lets unify skb_dst_force() and skb_dst_force_safe(), since we should
always perform the complete check against dst refcount, and not assume
it is not zero.

Bugzilla : https://bugzilla.kernel.org/show_bug.cgi?id=197005

[  989.919496]  skb_dst_force+0x32/0x34
[  989.919498]  __dev_queue_xmit+0x1ad/0x482
[  989.919501]  ? eth_header+0x28/0xc6
[  989.919502]  dev_queue_xmit+0xb/0xd
[  989.919504]  neigh_connected_output+0x9b/0xb4
[  989.919507]  ip_finish_output2+0x234/0x294
[  989.919509]  ? ipt_do_table+0x369/0x388
[  989.919510]  ip_finish_output+0x12c/0x13f
[  989.919512]  ip_output+0x53/0x87
[  989.919513]  ip_forward_finish+0x53/0x5a
[  989.919515]  ip_forward+0x2cb/0x3e6
[  989.919516]  ? pskb_trim_rcsum.part.9+0x4b/0x4b
[  989.919518]  ip_rcv_finish+0x2e2/0x321
[  989.919519]  ip_rcv+0x26f/0x2eb
[  989.919522]  ? vlan_do_receive+0x4f/0x289
[  989.919523]  __netif_receive_skb_core+0x467/0x50b
[  989.919526]  ? tcp_gro_receive+0x239/0x239
[  989.919529]  ? inet_gro_receive+0x226/0x238
[  989.919530]  __netif_receive_skb+0x4d/0x5f
[  989.919532]  netif_receive_skb_internal+0x5c/0xaf
[  989.919533]  napi_gro_receive+0x45/0x81
[  989.919536]  ixgbe_poll+0xc8a/0xf09
[  989.919539]  ? kmem_cache_free_bulk+0x1b6/0x1f7
[  989.919540]  net_rx_action+0xf4/0x266
[  989.919543]  __do_softirq+0xa8/0x19d
[  989.919545]  irq_exit+0x5d/0x6b
[  989.919546]  do_IRQ+0x9c/0xb5
[  989.919548]  common_interrupt+0x93/0x93
[  989.919548]  </IRQ>

Similarly dst_clone() can use dst_hold() helper to have additional
debugging, as a follow up to commit 44ebe79149 ("net: add debug
atomic_inc_not_zero() in dst_hold()")

In net-next we will convert dst atomic_t to refcount_t for peace of
mind.

Fixes: a4c2fd7f78 ("net: remove DST_NOCACHE flag")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Wei Wang <weiwan@google.com>
Reported-by: Paweł Staszewski <pstaszewski@itcare.pl>
Bisected-by: Paweł Staszewski <pstaszewski@itcare.pl>
Acked-by: Wei Wang <weiwan@google.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-09-21 20:42:15 -07:00
..
9p
bluetooth Bluetooth: make baswap src const 2017-09-01 22:49:47 +02:00
caif
iucv
netfilter netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable" 2017-09-08 18:55:50 +02:00
netns Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-09-03 17:08:42 -07:00
nfc
phonet
sctp sctp: fix an use-after-free issue in sctp_sock_dump 2017-09-15 14:47:49 -07:00
tc_act net: sched: add couple of goto_chain helpers 2017-08-23 20:44:32 -07:00
6lowpan.h
act_api.h net_sched: get rid of tcfa_rcu 2017-09-12 20:41:02 -07:00
addrconf.h
af_ieee802154.h
af_rxrpc.h rxrpc: Allow failed client calls to be retried 2017-08-29 10:55:20 +01:00
af_unix.h
af_vsock.h
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
bond_3ad.h
bond_alb.h
bond_options.h
bonding.h
busy_poll.h
calipso.h
cfg80211-wext.h
cfg80211.h
cfg802154.h
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel_impl.h
codel_qdisc.h
codel.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h devlink: Add IPv6 header for dpipe 2017-08-31 14:42:19 -07:00
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dn.h
dsa.h net: dsa: Allow switch drivers to indicate number of TX queues 2017-09-05 11:53:34 -07:00
dsfield.h
dst_cache.h
dst_metadata.h
dst_ops.h
dst.h net: prevent dst uses after free 2017-09-21 20:42:15 -07:00
erspan.h gre: introduce native tunnel support for ERSPAN 2017-08-22 14:29:30 -07:00
esp.h
ethoc.h
fib_notifier.h net: Add module reference to FIB notifiers 2017-09-01 20:33:42 -07:00
fib_rules.h
firewire.h
flow_dissector.h flow_dissector: Cleanup control flow 2017-09-05 11:40:08 -07:00
flow.h net: Extend struct flowi6 with multipath hash 2017-08-24 18:21:17 -07:00
fou.h
fq_impl.h
fq.h
garp.h
gen_stats.h
genetlink.h
geneve.h
gre.h
gro_cells.h
gtp.h
gue.h
hwbm.h
icmp.h
ieee80211_radiotap.h
ieee802154_netdev.h
if_inet6.h
ife.h
ila.h
inet_common.h
inet_connection_sock.h
inet_ecn.h
inet_frag.h Revert "net: fix percpu memory leaks" 2017-09-03 11:01:05 -07:00
inet_hashtables.h
inet_sock.h
inet_timewait_sock.h
inet6_connection_sock.h
inet6_hashtables.h
inetpeer.h
ip_fib.h
ip_tunnels.h gre: add collect_md mode to ERSPAN tunnel 2017-08-28 15:04:52 -07:00
ip_vs.h
ip.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-08-21 17:06:42 -07:00
ip6_checksum.h
ip6_fib.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
ip6_route.h ipv6: Use rt6i_idev index for echo replies to a local address 2017-08-29 15:32:25 -07:00
ip6_tunnel.h
ipcomp.h
ipconfig.h
ipv6.h
ipx.h
iw_handler.h
kcm.h
l3mdev.h
lapb.h
lib80211.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
lwtunnel.h
mac80211.h mac80211: fix VLAN handling with TXQs 2017-09-05 11:28:43 +02:00
mac802154.h
mip6.h
mld.h
mpls_iptunnel.h
mpls.h
mrp.h
ncsi.h net/ncsi: fix ncsi_vlan_rx_{add,kill}_vid references 2017-09-05 09:11:45 -07:00
ndisc.h
neighbour.h
net_namespace.h
net_ratelimit.h
netevent.h
netlabel.h
netlink.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-09-03 17:08:42 -07:00
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h
nsh.h net: add NSH header structures and helpers 2017-08-29 15:16:52 -07:00
p8022.h
ping.h
pkt_cls.h
pkt_sched.h
pptp.h
protocol.h
psample.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h
request_sock.h
rose.h
route.h net: prevent dst uses after free 2017-09-21 20:42:15 -07:00
rtnetlink.h
sch_generic.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
scm.h
secure_seq.h
seg6_hmac.h
seg6.h ipv6: sr: add support for ip4ip6 encapsulation 2017-08-25 17:10:23 -07:00
slhc_vj.h
smc.h
snmp.h
sock_reuseport.h
sock.h net: prevent dst uses after free 2017-09-21 20:42:15 -07:00
Space.h
stp.h
strparser.h strparser: initialize all callbacks 2017-08-24 21:57:50 -07:00
switchdev.h
tcp_states.h
tcp.h tcp: remove two unused functions 2017-09-18 17:26:11 -07:00
timewait_sock.h
tls.h
transp_v6.h
tso.h net: define the TSO header size in net/tso.h 2017-08-23 20:42:09 -07:00
tun_proto.h vxlan: factor out VXLAN-GPE next protocol 2017-08-29 15:16:52 -07:00
udp_tunnel.h
udp.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
udplite.h
vsock_addr.h
vxlan.h vxlan: factor out VXLAN-GPE next protocol 2017-08-29 15:16:52 -07:00
wext.h
wimax.h
x25.h
x25device.h
xfrm.h xfrm: Add support for network devices capable of removing the ESP trailer 2017-08-31 09:04:03 +02:00