NACK/Cmnt: [SRU][F:linux-bluefield][PATCH] net/sched: act_ct: remove and free nf_table callbacks
Stefan Bader
stefan.bader at canonical.com
Thu Jul 8 06:53:05 UTC 2021
On 06.07.21 22:16, Bodong Wang wrote:
> From: Louis Peens <louis.peens at corigine.com>
>
> BugLink: https://launchpad.net/bugs/1934822
>
> When cleaning up the nf_table in tcf_ct_flow_table_cleanup_work
> there is no guarantee that the callback list, added to by
> nf_flow_table_offload_add_cb, is empty. This means that it is
> possible that the flow_block_cb memory allocated will be lost.
>
> Fix this by iterating the list and freeing the flow_block_cb entries
> before freeing the nf_table entry (via freeing ct_ft).
>
> Fixes: 978703f42549 ("netfilter: flowtable: Add API for registering to flow table events")
> Signed-off-by: Louis Peens <louis.peens at corigine.com>
> Signed-off-by: Yinjun Zhang <yinjun.zhang at corigine.com>
> Signed-off-by: Simon Horman <simon.horman at corigine.com>
> Signed-off-by: David S. Miller <davem at davemloft.net>
> (cherry-picked from commit 77ac5e40c44eb78333fbc38482d61fc2af7dda0a)
> https://patchwork.kernel.org/project/netdevbpf/patch/20210702092139.25662-2-simon.horman@corigine.com/
> Signed-off-by: Bodong Wang <bodong at nvidia.com>
> ---
> net/sched/act_ct.c | 11 +++++++++++
> 1 file changed, 11 insertions(+)
>
> diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c
> index 43c5b3f..99b9f1f 100644
> --- a/net/sched/act_ct.c
> +++ b/net/sched/act_ct.c
> @@ -322,11 +322,22 @@ static int tcf_ct_flow_table_get(struct tcf_ct_params *params)
>
> static void tcf_ct_flow_table_cleanup_work(struct work_struct *work)
> {
> + struct flow_block_cb *block_cb, *tmp_cb;
> struct tcf_ct_flow_table *ct_ft;
> + struct flow_block *block;
>
> ct_ft = container_of(to_rcu_work(work), struct tcf_ct_flow_table,
> rwork);
> nf_flow_table_free(&ct_ft->nf_ft);
> +
> + /* Remove any remaining callbacks before cleanup */
> + block = &ct_ft->nf_ft.flow_block;
> + down_write(&ct_ft->nf_ft.flow_block_lock);
> + list_for_each_entry_safe(block_cb, tmp_cb, &block->cb_list, list) {
> + list_del(&block_cb->list);
> + flow_block_cb_free(block_cb);
> + }
> + up_write(&ct_ft->nf_ft.flow_block_lock);
> kfree(ct_ft);
>
> module_put(THIS_MODULE);
>
See v2 on mailing list.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20210708/3e81fb48/attachment.sig>
More information about the kernel-team
mailing list