linux/net/sched
Xin Long 88c67aeb14 sched: act_ct: add netns into the key of tcf_ct_flow_table
zones_ht is a global hashtable for flow_table with zone as key. However,
it does not consider netns when getting a flow_table from zones_ht in
tcf_ct_init(), and it means an act_ct action in netns A may get a
flow_table that belongs to netns B if it has the same zone value.

In Shuang's test with the TOPO:

  tcf2_c <---> tcf2_sw1 <---> tcf2_sw2 <---> tcf2_s

tcf2_sw1 and tcf2_sw2 saw the same flow and used the same flow table,
which caused their ct entries entering unexpected states and the
TCP connection not able to end normally.

This patch fixes the issue simply by adding netns into the key of
tcf_ct_flow_table so that an act_ct action gets a flow_table that
belongs to its own netns in tcf_ct_init().

Note that for easy coding we don't use tcf_ct_flow_table.nf_ft.net,
as the ct_ft is initialized after inserting it to the hashtable in
tcf_ct_flow_table_get() and also it requires to implement several
functions in rhashtable_params including hashfn, obj_hashfn and
obj_cmpfn.

Fixes: 64ff70b80f ("net/sched: act_ct: Offload established connections to flow table")
Reported-by: Shuang Li <shuali@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/1db5b6cc6902c5fc6f8c6cbd85494a2008087be5.1718488050.git.lucien.xin@gmail.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-06-18 15:24:24 +02:00
..
act_api.c net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() 2024-06-18 12:28:01 +02:00
act_bpf.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_connmark.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_csum.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_ct.c sched: act_ct: add netns into the key of tcf_ct_flow_table 2024-06-18 15:24:24 +02:00
act_ctinfo.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_gact.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_gate.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_ife.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_meta_mark.c
act_meta_skbprio.c
act_meta_skbtcindex.c
act_mirred.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-22 15:29:26 -08:00
act_mpls.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_nat.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_pedit.c net: sched: Annotate struct tc_pedit with __counted_by 2024-02-19 10:58:24 +00:00
act_police.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_sample.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_simple.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_skbedit.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
act_skbmod.c net/sched: act_skbmod: prevent kernel-infoleak 2024-04-04 09:32:29 -07:00
act_tunnel_key.c ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
act_vlan.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_api.c net: sched: cls_api: fix slab-use-after-free in fl_dump_key 2024-04-10 08:28:26 +01:00
cls_basic.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_bpf.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_cgroup.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_flow.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_flower.c pfcp: always set pfcp metadata 2024-04-01 10:49:28 +01:00
cls_fw.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_matchall.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_route.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
cls_u32.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
em_canid.c net: fill in MODULE_DESCRIPTION()s for net/sched 2024-02-09 14:12:02 -08:00
em_cmp.c net: fill in MODULE_DESCRIPTION()s for net/sched 2024-02-09 14:12:02 -08:00
em_ipset.c
em_ipt.c
em_meta.c net: fill in MODULE_DESCRIPTION()s for net/sched 2024-02-09 14:12:02 -08:00
em_nbyte.c net: fill in MODULE_DESCRIPTION()s for net/sched 2024-02-09 14:12:02 -08:00
em_text.c net: fill in MODULE_DESCRIPTION()s for net/sched 2024-02-09 14:12:02 -08:00
em_u32.c net: fill in MODULE_DESCRIPTION()s for net/sched 2024-02-09 14:12:02 -08:00
ematch.c
Kconfig net: sched: Remove NET_ACT_IPT from Kconfig 2024-02-13 11:24:35 +01:00
Makefile net/sched: Retire ipt action 2024-01-02 12:41:16 +00:00
sch_api.c rtnetlink: do not depend on RTNL for IFLA_TXQLEN output 2024-05-07 11:14:50 +02:00
sch_blackhole.c
sch_cake.c net_sched: cake: implement lockless cake_dump() 2024-04-19 11:34:07 +01:00
sch_cbs.c net_sched: sch_cbs: implement lockless cbs_dump() 2024-04-19 11:34:07 +01:00
sch_choke.c net_sched: sch_choke: implement lockless choke_dump() 2024-04-19 11:34:07 +01:00
sch_codel.c net_sched: sch_codel: implement lockless codel_dump() 2024-04-19 11:34:07 +01:00
sch_drr.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
sch_etf.c net_sched: sch_tfs: implement lockless etf_dump() 2024-04-19 11:34:07 +01:00
sch_ets.c net_sched: sch_ets: implement lockless ets_dump() 2024-04-19 11:34:07 +01:00
sch_fifo.c net_sched: sch_fifo: implement lockless __fifo_dump() 2024-04-19 11:34:07 +01:00
sch_fq_codel.c net_sched: sch_fq_codel: implement lockless fq_codel_dump() 2024-04-19 11:34:07 +01:00
sch_fq_pie.c net_sched: sch_fq_pie: implement lockless fq_pie_dump() 2024-04-19 11:34:07 +01:00
sch_fq.c net_sched: sch_fq: implement lockless fq_dump() 2024-04-19 11:34:07 +01:00
sch_frag.c net: dst: remove unnecessary input parameter in dst_alloc and dst_init 2023-09-12 11:42:25 +02:00
sch_generic.c net/sched: initialize noop_qdisc owner 2024-06-10 19:36:49 -07:00
sch_gred.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
sch_hfsc.c net_sched: sch_hfsc: implement lockless accesses to q->defcls 2024-04-19 11:34:08 +01:00
sch_hhf.c net_sched: sch_hhf: implement lockless hhf_dump() 2024-04-19 11:34:08 +01:00
sch_htb.c net/sched: fix false lockdep warning on qdisc root lock 2024-04-26 10:46:41 +02:00
sch_ingress.c net/sched: Remove alias of sch_clsact 2024-02-02 10:57:56 -08:00
sch_mq.c
sch_mqprio_lib.c net: sched: Fill in missing MODULE_DESCRIPTION for qdiscs 2023-11-01 21:49:09 -07:00
sch_mqprio_lib.h
sch_mqprio.c netlink: introduce type-checking attribute iteration 2024-03-29 15:06:02 -07:00
sch_multiq.c net: sched: sch_multiq: fix possible OOB write in multiq_tune() 2024-06-05 10:50:19 +01:00
sch_netem.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
sch_pie.c net_sched: sch_pie: implement lockless pie_dump() 2024-04-19 11:34:08 +01:00
sch_plug.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
sch_prio.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
sch_qfq.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
sch_red.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
sch_sfb.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
sch_sfq.c net_sched: sch_sfq: annotate data-races around q->perturb_period 2024-05-02 19:01:35 -07:00
sch_skbprio.c net_sched: sch_skbprio: implement lockless skbprio_dump() 2024-04-19 11:34:08 +01:00
sch_taprio.c net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP 2024-06-05 15:54:51 -07:00
sch_tbf.c net/sched: Add module aliases for cls_,sch_,act_ modules 2024-02-02 10:57:55 -08:00
sch_teql.c net: annotate writes on dev->mtu from ndo_change_mtu() 2024-05-07 16:19:14 -07:00