linux/net/sched
Marcelo Ricardo Leitner e65812fd22 net/sched: fix initialization order when updating chain 0 head
Currently, when inserting a new filter that needs to sit at the head
of chain 0, it will first update the heads pointer on all devices using
the (shared) block, and only then complete the initialization of the new
element so that it has a "next" element.

This can lead to a situation that the chain 0 head is propagated to
another CPU before the "next" initialization is done. When this race
condition is triggered, packets being matched on that CPU will simply
miss all other filters, and will flow through the stack as if there were
no other filters installed. If the system is using OVS + TC, such
packets will get handled by vswitchd via upcall, which results in much
higher latency and reordering. For other applications it may result in
packet drops.

This is reproducible with a tc only setup, but it varies from system to
system. It could be reproduced with a shared block amongst 10 veth
tunnels, and an ingress filter mirroring packets to another veth.
That's because using the last added veth tunnel to the shared block to
do the actual traffic, it makes the race window bigger and easier to
trigger.

The fix is rather simple, to just initialize the next pointer of the new
filter instance (tp) before propagating the head change.

The fixes tag is pointing to the original code though this issue should
only be observed when using it unlocked.

Fixes: 2190d1d094 ("net: sched: introduce helpers to work with filter chains")
Signed-off-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: Vlad Buslov <vladbu@nvidia.com>
Reviewed-by: Davide Caratti <dcaratti@redhat.com>
Link: https://lore.kernel.org/r/b97d5f4eaffeeb9d058155bcab63347527261abf.1649341369.git.marcelo.leitner@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-04-08 14:45:43 -07:00
..
act_api.c flow_offload: improve extack msg for user when adding invalid filter 2022-03-02 22:16:10 -08:00
act_bpf.c bpf: Keep the (rcv) timestamp behavior for the existing tc-bpf@ingress 2022-03-03 14:38:48 +00:00
act_connmark.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_csum.c flow_offload: allow user to offload tc action to net device 2021-12-19 14:08:48 +00:00
act_ct.c net/sched: act_ct: fix ref leak when switching zones 2022-03-26 17:00:51 -07:00
act_ctinfo.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_gact.c flow_offload: allow user to offload tc action to net device 2021-12-19 14:08:48 +00:00
act_gate.c flow_offload: allow user to offload tc action to net device 2021-12-19 14:08:48 +00:00
act_ife.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_ipt.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_meta_mark.c
act_meta_skbprio.c
act_meta_skbtcindex.c
act_mirred.c flow_offload: allow user to offload tc action to net device 2021-12-19 14:08:48 +00:00
act_mpls.c flow_offload: allow user to offload tc action to net device 2021-12-19 14:08:48 +00:00
act_nat.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_pedit.c flow_offload: add ops to tc_action_ops for flow action setup 2021-12-19 14:08:48 +00:00
act_police.c net: flow_offload: add tc police action parameters 2022-02-28 11:11:35 +00:00
act_sample.c flow_offload: allow user to offload tc action to net device 2021-12-19 14:08:48 +00:00
act_simple.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_skbedit.c flow_offload: allow user to offload tc action to net device 2021-12-19 14:08:48 +00:00
act_skbmod.c flow_offload: fill flags to action structure 2021-12-19 14:08:47 +00:00
act_tunnel_key.c flow_offload: allow user to offload tc action to net device 2021-12-19 14:08:48 +00:00
act_vlan.c net/sched: add vlan push_eth and pop_eth action to the hardware IR 2022-03-16 19:59:36 -07:00
cls_api.c net/sched: fix initialization order when updating chain 0 head 2022-04-08 14:45:43 -07:00
cls_basic.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_bpf.c bpf: Keep the (rcv) timestamp behavior for the existing tc-bpf@ingress 2022-03-03 14:38:48 +00:00
cls_cgroup.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_flow.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_flower.c net/sched: flower: fix parsing of ethertype following VLAN header 2022-04-08 12:07:37 +01:00
cls_fw.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_matchall.c flow_offload: validate flags of filter and actions 2021-12-19 14:08:48 +00:00
cls_route.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_rsvp6.c
cls_rsvp.c
cls_rsvp.h net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_tcindex.c net_sched: refactor TC action init API 2021-08-02 10:24:38 +01:00
cls_u32.c flow_offload: validate flags of filter and actions 2021-12-19 14:08:48 +00:00
em_canid.c net: sched: kerneldoc fixes 2020-07-13 17:20:40 -07:00
em_cmp.c net: sched: fix misspellings using misspell-fixer tool 2020-11-10 17:00:28 -08:00
em_ipset.c sched: consistently handle layer3 header accesses in the presence of VLANs 2020-07-03 14:34:53 -07:00
em_ipt.c sched: consistently handle layer3 header accesses in the presence of VLANs 2020-07-03 14:34:53 -07:00
em_meta.c net: introduce sk_forward_alloc_get() 2021-10-27 18:20:29 -07:00
em_nbyte.c net: sched: Return the correct errno code 2021-02-06 11:15:28 -08:00
em_text.c
em_u32.c
ematch.c net: sched: Fix spelling mistakes 2021-05-31 22:44:56 -07:00
Kconfig net: sched: incorrect Kconfig dependencies on Netfilter modules 2020-12-09 15:49:29 -08:00
Makefile net/sched: sch_frag: add generic packet fragment support. 2020-11-27 14:36:02 -08:00
sch_api.c net_sched: add __rcu annotation to netdev->qdisc 2022-02-14 13:36:36 +00:00
sch_atm.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_blackhole.c Revert "net: sched: Pass root lock to Qdisc_ops.enqueue" 2020-07-16 16:48:34 -07:00
sch_cake.c sch_cake: revise Diffserv docs 2022-01-07 08:41:29 -08:00
sch_cbq.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_cbs.c net: don't include ethtool.h from netdevice.h 2020-11-23 17:27:04 -08:00
sch_choke.c net: sched: validate stab values 2021-03-10 15:47:52 -08:00
sch_codel.c Revert "net: sched: Pass root lock to Qdisc_ops.enqueue" 2020-07-16 16:48:34 -07:00
sch_drr.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_dsmark.c net/sched: store the last executed chain also for clsact egress 2021-07-29 22:17:37 +01:00
sch_etf.c Revert "net: sched: Pass root lock to Qdisc_ops.enqueue" 2020-07-16 16:48:34 -07:00
sch_ets.c net/sched: sch_ets: don't remove idle classes from the round-robin list 2021-12-13 12:30:23 +00:00
sch_fifo.c net_sched: fix NULL deref in fifo_set_limit() 2021-10-01 14:59:10 -07:00
sch_fq_codel.c fq_codel: generalise ce_threshold marking for subset of traffic 2021-10-20 15:24:36 -07:00
sch_fq_pie.c net/sched: fq_pie: prevent dismantle issue 2021-12-09 08:01:00 -08:00
sch_fq.c Revert "net: sched: Pass root lock to Qdisc_ops.enqueue" 2020-07-16 16:48:34 -07:00
sch_frag.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2021-12-31 14:35:40 +00:00
sch_generic.c net_sched: add __rcu annotation to netdev->qdisc 2022-02-14 13:36:36 +00:00
sch_gred.c net: sched: gred: dynamically allocate tc_gred_qopt_offload 2021-10-27 12:06:52 -07:00
sch_hfsc.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_hhf.c Revert "net: sched: Pass root lock to Qdisc_ops.enqueue" 2020-07-16 16:48:34 -07:00
sch_htb.c sch_htb: Fail on unsupported parameters when offload is requested 2022-01-25 20:00:02 -08:00
sch_ingress.c net: sched: Pass ingress block to tcf_classify_ingress 2020-02-19 17:49:48 -08:00
sch_mq.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_mqprio.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_multiq.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_netem.c net: sched: sch_netem: Refactor code in 4-state loss generator 2021-11-15 13:23:23 +00:00
sch_pie.c net: sched: fix misspellings using misspell-fixer tool 2020-11-10 17:00:28 -08:00
sch_plug.c Revert "net: sched: Pass root lock to Qdisc_ops.enqueue" 2020-07-16 16:48:34 -07:00
sch_prio.c net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
sch_qfq.c sch_qfq: prevent shift-out-of-bounds in qfq_init_qdisc 2022-01-04 12:36:51 +00:00
sch_red.c net: sched: validate stab values 2021-03-10 15:47:52 -08:00
sch_sfb.c net/sched: store the last executed chain also for clsact egress 2021-07-29 22:17:37 +01:00
sch_sfq.c net/sched: store the last executed chain also for clsact egress 2021-07-29 22:17:37 +01:00
sch_skbprio.c Revert "net: sched: Pass root lock to Qdisc_ops.enqueue" 2020-07-16 16:48:34 -07:00
sch_taprio.c net/sched: sch_taprio: fix undefined behavior in ktime_mono_to_any 2021-11-09 19:16:23 -08:00
sch_tbf.c net: sch_tbf: Add a graft command 2021-10-19 12:24:51 +01:00
sch_teql.c net: sched: sch_teql: fix null-pointer dereference 2021-04-08 14:14:42 -07:00