Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-12-14 15:13:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'cls_u32-fix-refcount-leak'

Browse Source 
Davide Caratti says:

====================
net/sched: cls_u32: fix refcount leak

a refcount leak in the error path of u32_change() has been recently
introduced. It can be observed with the following commands:

  [root@f31 ~]# tc filter replace dev eth0 ingress protocol ip prio 97 \
  > u32 match ip src 127.0.0.1/32 indev notexist20 flowid 1:1 action drop
  RTNETLINK answers: Invalid argument
  We have an error talking to the kernel
  [root@f31 ~]# tc filter replace dev eth0 ingress protocol ip prio 98 \
  > handle 42:42 u32 divisor 256
  Error: cls_u32: Divisor can only be used on a hash table.
  We have an error talking to the kernel
  [root@f31 ~]# tc filter replace dev eth0 ingress protocol ip prio 99 \
  > u32 ht 47:47
  Error: cls_u32: Specified hash table not found.
  We have an error talking to the kernel

they all legitimately return -EINVAL; however, they leave semi-configured
filters at eth0 tc ingress:

 [root@f31 ~]# tc filter show dev eth0 ingress
 filter protocol ip pref 97 u32 chain 0
 filter protocol ip pref 97 u32 chain 0 fh 800: ht divisor 1
 filter protocol ip pref 98 u32 chain 0
 filter protocol ip pref 98 u32 chain 0 fh 801: ht divisor 1
 filter protocol ip pref 99 u32 chain 0
 filter protocol ip pref 99 u32 chain 0 fh 802: ht divisor 1

With older kernels, filters were unconditionally considered empty (and
thus de-refcounted) on the error path of ->change().
After commit 8b64678e0a ("net: sched: refactor tp insert/delete for
concurrent execution"), filters were considered empty when the walk()
function didn't set 'walker.stop' to 1.
Finally, with commit 6676d5e416 ("net: sched: set dedicated tcf_walker
flag when tp is empty"), tc filters are considered empty unless the walker
function is called with a non-NULL handle. This last change doesn't fit
cls_u32 design, because at least the "root hnode" is (almost) always
non-NULL, as it's allocated in u32_init().

- patch 1/2 is a proposal to restore the original kernel behavior, where
  no filter was installed in the error path of u32_change().
- patch 2/2 adds tdc selftests that can be ued to verify the correct
  behavior of u32 in the error path of ->change().
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller 2019-12-19 17:53:05 -08:00
commit 307201a3d4
3 changed files with 230 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
net/sched/cls_u32.c
View File

@ -1108,10 +1108,33 @@ erridr:
return err;
}
static bool u32_hnode_empty(struct tc_u_hnode *ht, bool *non_root_ht)
{
int i;
if (!ht)
return true;
if (!ht->is_root) {
*non_root_ht = true;
return false;
}
if (*non_root_ht)
return false;
if (ht->refcnt < 2)
return true;
for (i = 0; i <= ht->divisor; i++) {
if (rtnl_dereference(ht->ht[i]))
return false;
}
return true;
}
static void u32_walk(struct tcf_proto *tp, struct tcf_walker *arg,
bool rtnl_held)
{
struct tc_u_common *tp_c = tp->data;
bool non_root_ht = false;
struct tc_u_hnode *ht;
struct tc_u_knode *n;
unsigned int h;
@ -1124,6 +1147,8 @@ static void u32_walk(struct tcf_proto *tp, struct tcf_walker *arg,
ht = rtnl_dereference(ht->next)) {
if (ht->prio != tp->prio)
continue;
if (u32_hnode_empty(ht, &non_root_ht))
return;
if (arg->count >= arg->skip) {
if (arg->fn(tp, ht, arg) < 0) {
arg->stop = 1;

22
tools/testing/selftests/tc-testing/tc-tests/filters/tests.json
View File

@ -1,26 +1,4 @@
[
{
"id": "e9a3",
"name": "Add u32 with source match",
"category": [
"filter",
"u32"
],
"plugins": {
"requires": "nsPlugin"
},
"setup": [
"$TC qdisc add dev $DEV1 ingress"
],
"cmdUnderTest": "$TC filter add dev $DEV1 parent ffff: protocol ip prio 1 u32 match ip src 127.0.0.1/32 flowid 1:1 action ok",
"expExitCode": "0",
"verifyCmd": "$TC filter show dev $DEV1 parent ffff:",
"matchPattern": "match 7f000001/ffffffff at 12",
"matchCount": "1",
"teardown": [
"$TC qdisc del dev $DEV1 ingress"
]
},
{
"id": "2638",
"name": "Add matchall and try to get it",

205
tools/testing/selftests/tc-testing/tc-tests/filters/u32.json Normal file
View File

@ -0,0 +1,205 @@
[
{
"id": "afa9",
"name": "Add u32 with source match",
"category": [
"filter",
"u32"
],
"plugins": {
"requires": "nsPlugin"
},
"setup": [
"$TC qdisc add dev $DEV1 ingress"
],
"cmdUnderTest": "$TC filter add dev $DEV1 ingress protocol ip prio 1 u32 match ip src 127.0.0.1/32 flowid 1:1 action ok",
"expExitCode": "0",
"verifyCmd": "$TC filter show dev $DEV1 ingress",
"matchPattern": "filter protocol ip pref 1 u32 chain (0[ ]+$|0 fh 800: ht divisor 1|0 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:1.*match 7f000001/ffffffff at 12)",
"matchCount": "3",
"teardown": [
"$TC qdisc del dev $DEV1 ingress"
]
},
{
"id": "6aa7",
"name": "Add/Replace u32 with source match and invalid indev",
"category": [
"filter",
"u32"
],
"plugins": {
"requires": "nsPlugin"
},
"setup": [
"$TC qdisc add dev $DEV1 ingress"
],
"cmdUnderTest": "$TC filter replace dev $DEV1 ingress protocol ip prio 1 u32 match ip src 127.0.0.1/32 indev notexist20 flowid 1:1 action ok",
"expExitCode": "2",
"verifyCmd": "$TC filter show dev $DEV1 ingress",
"matchPattern": "filter protocol ip pref 1 u32 chain 0",
"matchCount": "0",
"teardown": [
"$TC qdisc del dev $DEV1 ingress"
]
},
{
"id": "bc4d",
"name": "Replace valid u32 with source match and invalid indev",
"category": [
"filter",
"u32"
],
"plugins": {
"requires": "nsPlugin"
},
"setup": [
"$TC qdisc add dev $DEV1 ingress",
"$TC filter add dev $DEV1 ingress protocol ip prio 1 u32 match ip src 127.0.0.3/32 flowid 1:3 action ok"
],
"cmdUnderTest": "$TC filter replace dev $DEV1 ingress protocol ip prio 1 u32 match ip src 127.0.0.2/32 indev notexist20 flowid 1:2 action ok",
"expExitCode": "2",
"verifyCmd": "$TC filter show dev $DEV1 ingress",
"matchPattern": "filter protocol ip pref 1 u32 chain (0[ ]+$|0 fh 800: ht divisor 1|0 fh 800::800 order 2048 key ht 800 bkt 0 flowid 1:3.*match 7f000003/ffffffff at 12)",
"matchCount": "3",
"teardown": [
"$TC qdisc del dev $DEV1 ingress"
]
},
{
"id": "648b",
"name": "Add u32 with custom hash table",
"category": [
"filter",
"u32"
],
"plugins": {
"requires": "nsPlugin"
},
"setup": [
"$TC qdisc add dev $DEV1 ingress"
],
"cmdUnderTest": "$TC filter add dev $DEV1 ingress prio 99 handle 42: u32 divisor 256",
"expExitCode": "0",
"verifyCmd": "$TC filter show dev $DEV1 ingress",
"matchPattern": "pref 99 u32 chain (0[ ]+$|0 fh 42: ht divisor 256|0 fh 800: ht divisor 1)",
"matchCount": "3",
"teardown": [
"$TC qdisc del dev $DEV1 ingress"
]
},
{
"id": "6658",
"name": "Add/Replace u32 with custom hash table and invalid handle",
"category": [
"filter",
"u32"
],
"plugins": {
"requires": "nsPlugin"
},
"setup": [
"$TC qdisc add dev $DEV1 ingress"
],
"cmdUnderTest": "$TC filter replace dev $DEV1 ingress prio 99 handle 42:42 u32 divisor 256",
"expExitCode": "2",
"verifyCmd": "$TC filter show dev $DEV1 ingress",
"matchPattern": "pref 99 u32 chain 0",
"matchCount": "0",
"teardown": [
"$TC qdisc del dev $DEV1 ingress"
]
},
{
"id": "9d0a",
"name": "Replace valid u32 with custom hash table and invalid handle",
"category": [
"filter",
"u32"
],
"plugins": {
"requires": "nsPlugin"
},
"setup": [
"$TC qdisc add dev $DEV1 ingress",
"$TC filter add dev $DEV1 ingress prio 99 handle 42: u32 divisor 256"
],
"cmdUnderTest": "$TC filter replace dev $DEV1 ingress prio 99 handle 42:42 u32 divisor 128",
"expExitCode": "2",
"verifyCmd": "$TC filter show dev $DEV1 ingress",
"matchPattern": "pref 99 u32 chain (0[ ]+$|0 fh 42: ht divisor 256|0 fh 800: ht divisor 1)",
"matchCount": "3",
"teardown": [
"$TC qdisc del dev $DEV1 ingress"
]
},
{
"id": "1644",
"name": "Add u32 filter that links to a custom hash table",
"category": [
"filter",
"u32"
],
"plugins": {
"requires": "nsPlugin"
},
"setup": [
"$TC qdisc add dev $DEV1 ingress",
"$TC filter add dev $DEV1 ingress prio 99 handle 43: u32 divisor 256"
],
"cmdUnderTest": "$TC filter add dev $DEV1 ingress protocol ip prio 98 u32 link 43: hashkey mask 0x0000ff00 at 12 match ip src 192.168.0.0/16",
"expExitCode": "0",
"verifyCmd": "$TC filter show dev $DEV1 ingress",
"matchPattern": "filter protocol ip pref 98 u32 chain (0[ ]+$|0 fh 801: ht divisor 1|0 fh 801::800 order 2048 key ht 801 bkt 0 link 43:.*match c0a80000/ffff0000 at 12.*hash mask 0000ff00 at 12)",
"matchCount": "3",
"teardown": [
"$TC qdisc del dev $DEV1 ingress"
]
},
{
"id": "74c2",
"name": "Add/Replace u32 filter with invalid hash table id",
"category": [
"filter",
"u32"
],
"plugins": {
"requires": "nsPlugin"
},
"setup": [
"$TC qdisc add dev $DEV1 ingress"
],
"cmdUnderTest": "$TC filter replace dev $DEV1 ingress protocol ip prio 20 u32 ht 47:47 action drop",
"expExitCode": "2",
"verifyCmd": "$TC filter show dev $DEV1 ingress",
"matchPattern": "filter protocol ip pref 20 u32 chain 0",
"matchCount": "0",
"teardown": [
"$TC qdisc del dev $DEV1 ingress"
]
},
{
"id": "1fe6",
"name": "Replace valid u32 filter with invalid hash table id",
"category": [
"filter",
"u32"
],
"plugins": {
"requires": "nsPlugin"
},
"setup": [
"$TC qdisc add dev $DEV1 ingress",
"$TC filter add dev $DEV1 ingress protocol ip prio 99 handle 43: u32 divisor 1",
"$TC filter add dev $DEV1 ingress protocol ip prio 98 u32 ht 43: match tcp src 22 FFFF classid 1:3"
],
"cmdUnderTest": "$TC filter replace dev $DEV1 ingress protocol ip prio 98 u32 ht 43:1 match tcp src 23 FFFF classid 1:4",
"expExitCode": "2",
"verifyCmd": "$TC filter show dev $DEV1 ingress",
"matchPattern": "filter protocol ip pref 99 u32 chain (0[ ]+$|0 fh (43|800): ht divisor 1|0 fh 43::800 order 2048 key ht 43 bkt 0 flowid 1:3.*match 00160000/ffff0000 at nexthdr\\+0)",
"matchCount": "4",
"teardown": [
"$TC qdisc del dev $DEV1 ingress"
]
}
]