Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2227992/?format=api
{ "id": 2227992, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2227992/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260424190513.32823-11-pablo@netfilter.org/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260424190513.32823-11-pablo@netfilter.org>", "date": "2026-04-24T19:05:12", "name": "[net,10/11] ipvs: fix races around the conn_lfactor and svc_lfactor sysctl vars", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "6c6d3e1c2aa9f7ba3aef54368828b03d5bdac1fb", "submitter": { "id": 1315, "url": "http://patchwork.ozlabs.org/api/1.1/people/1315/?format=api", "name": "Pablo Neira Ayuso", "email": "pablo@netfilter.org" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260424190513.32823-11-pablo@netfilter.org/mbox/", "series": [ { "id": 501399, "url": "http://patchwork.ozlabs.org/api/1.1/series/501399/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=501399", "date": "2026-04-24T19:05:02", "name": "[net,01/11] netfilter: arp_tables: fix IEEE1394 ARP payload parsing", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/501399/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2227992/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2227992/checks/", "tags": {}, "headers": { "Return-Path": "\n <netfilter-devel+bounces-12192-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=netfilter.org header.i=@netfilter.org\n header.a=rsa-sha256 header.s=2025 header.b=wLf7OWW6;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c09:e001:a7::12fc:5321; helo=sto.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12192-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=\"wLf7OWW6\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=217.70.190.124", "smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=netfilter.org" ], "Received": [ "from sto.lore.kernel.org (sto.lore.kernel.org\n [IPv6:2600:3c09:e001:a7::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g2MrF1Dwrz1yDD\n\tfor <incoming@patchwork.ozlabs.org>; Sat, 25 Apr 2026 05:06:21 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sto.lore.kernel.org (Postfix) with ESMTP id 95FDC300B9EA\n\tfor <incoming@patchwork.ozlabs.org>; Fri, 24 Apr 2026 19:06:07 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 6FF243FA5EA;\n\tFri, 24 Apr 2026 19:06:03 +0000 (UTC)", "from mail.netfilter.org (mail.netfilter.org [217.70.190.124])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id DFE7E3FA5DE;\n\tFri, 24 Apr 2026 19:05:59 +0000 (UTC)", "from localhost.localdomain (mail-agni [217.70.190.124])\n\tby mail.netfilter.org (Postfix) with ESMTPSA id AF8A960289;\n\tFri, 24 Apr 2026 21:05:57 +0200 (CEST)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777057563; cv=none;\n b=giMwWQmkgo5Zzr9D13EqvuxbmPdZKhqmxxXD4+A4JAANQJUJeF2sN6JmRLsE5/KMGjl2ew+3jjmh9VLFFfcPucWVIrfTKqBojNKuJHNQScMuySN0WyEs2r6gN+dIuuB1Vzuh7srC8rasumfUrl+U0wluBksXObSwWiBSwrE1jDA=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777057563; c=relaxed/simple;\n\tbh=29wWlStnyCXeqDvHmB64rl/bAHBUlz5UggpdhR7TL0E=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=ABp1x2mgBJpjtHqXyN9Oiv9jLlvn30IVbMRuoeCatXpYVjXPChCGoTt1qJ+RLR7tFeIynyIqxCjJNBLnoKt+WYqo5zJG2jW658NnvsmkQoYeqF2TxezNinKD93PsDUtYY6njahP3HQxoSJg3C5PnpUp5TZNksDBcp9a2Rrq7aBM=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org;\n spf=pass smtp.mailfrom=netfilter.org;\n dkim=pass (2048-bit key) header.d=netfilter.org header.i=@netfilter.org\n header.b=wLf7OWW6; arc=none smtp.client-ip=217.70.190.124", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=netfilter.org;\n\ts=2025; t=1777057558;\n\tbh=w5WjPpyUh/+YeCeHBR5uyrR2t2Uk2pwl5Ldk2Aq2JOI=;\n\th=From:To:Cc:Subject:Date:In-Reply-To:References:From;\n\tb=wLf7OWW6UAsp/eC+3h6Ay1wBrWt8kYMZ8RAM39nlbHWH2x8aWU42VMm7tYILlX/m0\n\t FqExYz0JOPV3gGlpgHFY1DYsajfh36KEYX2+DHgCHhxGrxnPWemSzUVctCA9yJFtDe\n\t A4I9nqYZUrvwGU6t6UTS/KA+YYZTWoeym5gRgw+aveIgW3WfcjJFN+1cMHfgcvVyf5\n\t 5Xwvd3pIuPqzj12++nt6TOiqfnRiCBwNAa04IvrxTAFX3w+8JdPahfzodsiZnabb/Y\n\t 0O6zPCPtjHsPyDq2UFNkETMrQBrJvw3EMoFCRmq8aJ4imtYG0z/oXsEwWC0TktYeKH\n\t 4ywJ2xQ5k6i/w==", "From": "Pablo Neira Ayuso <pablo@netfilter.org>", "To": "netfilter-devel@vger.kernel.org", "Cc": "davem@davemloft.net,\n\tnetdev@vger.kernel.org,\n\tkuba@kernel.org,\n\tpabeni@redhat.com,\n\tedumazet@google.com,\n\tfw@strlen.de,\n\thorms@kernel.org", "Subject": "[PATCH net 10/11] ipvs: fix races around the conn_lfactor and\n svc_lfactor sysctl vars", "Date": "Fri, 24 Apr 2026 21:05:12 +0200", "Message-ID": "<20260424190513.32823-11-pablo@netfilter.org>", "X-Mailer": "git-send-email 2.47.3", "In-Reply-To": "<20260424190513.32823-1-pablo@netfilter.org>", "References": "<20260424190513.32823-1-pablo@netfilter.org>", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit" }, "content": "From: Julian Anastasov <ja@ssi.bg>\n\nSashiko warns that the new sysctls vars can be changed\nafter the hash tables are destroyed and their respective\nresizing works canceled, leading to mod_delayed_work()\nbeing called for canceled works.\n\nSolve this in different ways. conn_tab can be present even\nwithout services and is destroyed only on netns exit, so use\ndisable_delayed_work_sync() to disable the work instead of\nadding more synchronization mechanisms.\n\nAs for the svc_table, it is destroyed when the services\nare deleted, so we must be sure that netns exit is not\ncalled yet (the check for 'enable') and the work is\nnot canceled by checking all under same mutex lock.\n\nAlso, use WRITE_ONCE when updating the sysctl vars as we\nalready read them with READ_ONCE.\n\nLink: https://sashiko.dev/#/patchset/20260410112352.23599-1-fw%40strlen.de\nSigned-off-by: Julian Anastasov <ja@ssi.bg>\nSigned-off-by: Pablo Neira Ayuso <pablo@netfilter.org>\n---\n net/netfilter/ipvs/ip_vs_conn.c | 2 +-\n net/netfilter/ipvs/ip_vs_ctl.c | 12 +++++++++---\n 2 files changed, 10 insertions(+), 4 deletions(-)", "diff": "diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c\nindex 2082bfb2d93c..84a4921a7865 100644\n--- a/net/netfilter/ipvs/ip_vs_conn.c\n+++ b/net/netfilter/ipvs/ip_vs_conn.c\n@@ -1835,7 +1835,7 @@ static void ip_vs_conn_flush(struct netns_ipvs *ipvs)\n \n \tif (!rcu_dereference_protected(ipvs->conn_tab, 1))\n \t\treturn;\n-\tcancel_delayed_work_sync(&ipvs->conn_resize_work);\n+\tdisable_delayed_work_sync(&ipvs->conn_resize_work);\n \tif (!atomic_read(&ipvs->conn_count))\n \t\tgoto unreg;\n \ndiff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c\nindex 27e50afe9a54..caec516856e9 100644\n--- a/net/netfilter/ipvs/ip_vs_ctl.c\n+++ b/net/netfilter/ipvs/ip_vs_ctl.c\n@@ -2469,7 +2469,7 @@ static int ipvs_proc_conn_lfactor(const struct ctl_table *table, int write,\n \t\tif (val < -8 || val > 8) {\n \t\t\tret = -EINVAL;\n \t\t} else {\n-\t\t\t*valp = val;\n+\t\t\tWRITE_ONCE(*valp, val);\n \t\t\tif (rcu_access_pointer(ipvs->conn_tab))\n \t\t\t\tmod_delayed_work(system_unbound_wq,\n \t\t\t\t\t\t &ipvs->conn_resize_work, 0);\n@@ -2496,10 +2496,16 @@ static int ipvs_proc_svc_lfactor(const struct ctl_table *table, int write,\n \t\tif (val < -8 || val > 8) {\n \t\t\tret = -EINVAL;\n \t\t} else {\n-\t\t\t*valp = val;\n-\t\t\tif (rcu_access_pointer(ipvs->svc_table))\n+\t\t\tmutex_lock(&ipvs->service_mutex);\n+\t\t\tWRITE_ONCE(*valp, val);\n+\t\t\t/* Make sure the services are present */\n+\t\t\tif (rcu_access_pointer(ipvs->svc_table) &&\n+\t\t\t READ_ONCE(ipvs->enable) &&\n+\t\t\t !test_bit(IP_VS_WORK_SVC_NORESIZE,\n+\t\t\t\t &ipvs->work_flags))\n \t\t\t\tmod_delayed_work(system_unbound_wq,\n \t\t\t\t\t\t &ipvs->svc_resize_work, 0);\n+\t\t\tmutex_unlock(&ipvs->service_mutex);\n \t\t}\n \t}\n \treturn ret;\n", "prefixes": [ "net", "10/11" ] }