Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2215435/?format=api
{ "id": 2215435, "url": "http://patchwork.ozlabs.org/api/patches/2215435/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260324151827.2006656-3-longman@redhat.com/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260324151827.2006656-3-longman@redhat.com>", "list_archive_url": null, "date": "2026-03-24T15:18:27", "name": "[2/2] ipvs: Guard access of HK_TYPE_KTHREAD cpumask with RCU", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "3ff887895afbc7ef636f7eb9d7a7f6c698177950", "submitter": { "id": 71281, "url": "http://patchwork.ozlabs.org/api/people/71281/?format=api", "name": "Waiman Long", "email": "longman@redhat.com" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260324151827.2006656-3-longman@redhat.com/mbox/", "series": [ { "id": 497305, "url": "http://patchwork.ozlabs.org/api/series/497305/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=497305", "date": "2026-03-24T15:18:25", "name": "ipvs: Fix incorrect use of HK_TYPE_KTHREAD housekeeping cpumask", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/497305/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2215435/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2215435/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "\n <netfilter-devel+bounces-11384-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256\n header.s=mimecast20190719 header.b=DgZTSMk8;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c0a:e001:db::12fc:5321; helo=sea.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-11384-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com\n header.b=\"DgZTSMk8\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=170.10.129.124", "smtp.subspace.kernel.org;\n dmarc=pass (p=quarantine dis=none) header.from=redhat.com", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=redhat.com" ], "Received": [ "from sea.lore.kernel.org (sea.lore.kernel.org\n [IPv6:2600:3c0a:e001:db::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fgDbn57bKz1xy1\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 25 Mar 2026 02:34:13 +1100 (AEDT)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sea.lore.kernel.org (Postfix) with ESMTP id D07283197E0C\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 24 Mar 2026 15:19:38 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 191533FF8A4;\n\tTue, 24 Mar 2026 15:19:21 +0000 (UTC)", "from us-smtp-delivery-124.mimecast.com\n (us-smtp-delivery-124.mimecast.com [170.10.129.124])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id CBC623D5246\n\tfor <netfilter-devel@vger.kernel.org>; Tue, 24 Mar 2026 15:19:16 +0000 (UTC)", "from mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com\n (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by\n relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,\n cipher=TLS_AES_256_GCM_SHA384) id us-mta-265-fwC_8vFtNWuKSKRWqW9RmQ-1; Tue,\n 24 Mar 2026 11:19:11 -0400", "from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com\n (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n\t(No client certificate requested)\n\tby mx-prod-mc-05.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS\n id E95361956046;\n\tTue, 24 Mar 2026 15:19:08 +0000 (UTC)", "from llong-thinkpadp16vgen1.westford.csb (unknown [10.22.65.192])\n\tby mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP\n id 8BBCA1800764;\n\tTue, 24 Mar 2026 15:19:04 +0000 (UTC)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1774365559; cv=none;\n b=iI9na2B2g5H7hZFztuEX6ovDEiNRiJ3H9c173FhpkxgrFN27BPkrOeMT4VEbGHLQyqzaHbDXjntrIqJi9HosHFzhUnonP6SXk95NGFsCFMrN46k5khtPaaePB0nX7aoihAgK8og+UrlL2O1BqTwcx2+tTDCgkGAOGWd5bTyVLmE=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1774365559; c=relaxed/simple;\n\tbh=yQu+yg14FNYHLy+s+BbhOlgj6hTn6x3xR7kw0ed5ygA=;\n\th=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References:\n\t MIME-Version;\n b=oY0S1C9IlTmCQmPWOE2VYULXStvA/W8J4D2NAFI6fv1mMAGfkUroXnlZWAbxVUeMGa7vqyfDRjQbzzRsLlyhDhXUOE1O93a79xc2FJ+x1yUuHI2BhAuDmiQojg5qI0/q85hqwNM+RUPPcWY6OpGdxpLBLnuZcSeRgqb26sdzm1I=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=pass (p=quarantine dis=none) header.from=redhat.com;\n spf=pass smtp.mailfrom=redhat.com;\n dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com\n header.b=DgZTSMk8; arc=none smtp.client-ip=170.10.129.124", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;\n\ts=mimecast20190719; t=1774365555;\n\th=from:from:reply-to:subject:subject:date:date:message-id:message-id:\n\t to:to:cc:cc:mime-version:mime-version:\n\t content-transfer-encoding:content-transfer-encoding:\n\t in-reply-to:in-reply-to:references:references;\n\tbh=47K4ukq6ERapPLsJPgxXf1k9UvvwaRytR4+a7cgPSYw=;\n\tb=DgZTSMk8MUQwgAX1/wPeE5pBySz9IhkNrmfu9Y4t/noRwZpAVR6aLBqAXGB7IbAk18j2xh\n\ts3T0csefPxFehSgU5jxtVKMGFWyuZiQ9zM8yqdceQJHasgxVVqehcjQ/zJHp87VjyCTBuL\n\tagYBmver4BNqwR4PlFNqNff3xxHMTYA=", "X-MC-Unique": "fwC_8vFtNWuKSKRWqW9RmQ-1", "X-Mimecast-MFC-AGG-ID": "fwC_8vFtNWuKSKRWqW9RmQ_1774365549", "From": "Waiman Long <longman@redhat.com>", "To": "Simon Horman <horms@verge.net.au>,\n\tJulian Anastasov <ja@ssi.bg>,\n\t\"David S. Miller\" <davem@davemloft.net>,\n\tDavid Ahern <dsahern@kernel.org>,\n\tEric Dumazet <edumazet@google.com>,\n\tJakub Kicinski <kuba@kernel.org>,\n\tPaolo Abeni <pabeni@redhat.com>,\n\tPablo Neira Ayuso <pablo@netfilter.org>,\n\tFlorian Westphal <fw@strlen.de>,\n\tPhil Sutter <phil@nwl.cc>,\n\tFrederic Weisbecker <frederic@kernel.org>,\n\tChen Ridong <chenridong@huawei.com>,\n\tPhil Auld <pauld@redhat.com>", "Cc": "linux-kernel@vger.kernel.org,\n\tnetdev@vger.kernel.org,\n\tlvs-devel@vger.kernel.org,\n\tnetfilter-devel@vger.kernel.org,\n\tcoreteam@netfilter.org,\n\tsheviks <sheviks@gmail.com>,\n\tWaiman Long <longman@redhat.com>", "Subject": "[PATCH 2/2] ipvs: Guard access of HK_TYPE_KTHREAD cpumask with RCU", "Date": "Tue, 24 Mar 2026 11:18:27 -0400", "Message-ID": "<20260324151827.2006656-3-longman@redhat.com>", "In-Reply-To": "<20260324151827.2006656-1-longman@redhat.com>", "References": "<20260324151827.2006656-1-longman@redhat.com>", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "8bit", "X-Scanned-By": "MIMEDefang 3.4.1 on 10.30.177.93" }, "content": "The ip_vs_ctl.c file and the associated ip_vs.h file are the only places\nin the kernel where HK_TYPE_KTHREAD cpumask is being retrieved and used.\nNow that HK_TYPE_KTHREAD/HK_TYPE_DOMAIN cpumask can be changed at run\ntime. We need to use RCU to guard access to this cpumask to avoid a\npotential UAF problem as the returned cpumask may be freed before it\nis being used.\n\nSigned-off-by: Waiman Long <longman@redhat.com>\n---\n include/net/ip_vs.h | 20 ++++++++++++++++----\n net/netfilter/ipvs/ip_vs_ctl.c | 13 ++++++++-----\n 2 files changed, 24 insertions(+), 9 deletions(-)", "diff": "diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h\nindex 29a36709e7f3..17c85a575ef4 100644\n--- a/include/net/ip_vs.h\n+++ b/include/net/ip_vs.h\n@@ -1155,7 +1155,7 @@ static inline int sysctl_run_estimation(struct netns_ipvs *ipvs)\n \treturn ipvs->sysctl_run_estimation;\n }\n \n-static inline const struct cpumask *sysctl_est_cpulist(struct netns_ipvs *ipvs)\n+static inline const struct cpumask *__sysctl_est_cpulist(struct netns_ipvs *ipvs)\n {\n \tif (ipvs->est_cpulist_valid)\n \t\treturn ipvs->sysctl_est_cpulist;\n@@ -1273,7 +1273,7 @@ static inline int sysctl_run_estimation(struct netns_ipvs *ipvs)\n \treturn 1;\n }\n \n-static inline const struct cpumask *sysctl_est_cpulist(struct netns_ipvs *ipvs)\n+static inline const struct cpumask *__sysctl_est_cpulist(struct netns_ipvs *ipvs)\n {\n \treturn housekeeping_cpumask(HK_TYPE_KTHREAD);\n }\n@@ -1290,6 +1290,18 @@ static inline int sysctl_est_nice(struct netns_ipvs *ipvs)\n \n #endif\n \n+static inline bool sysctl_est_cpulist_empty(struct netns_ipvs *ipvs)\n+{\n+\tguard(rcu)();\n+\treturn cpumask_empty(__sysctl_est_cpulist(ipvs));\n+}\n+\n+static inline unsigned int sysctl_est_cpulist_weight(struct netns_ipvs *ipvs)\n+{\n+\tguard(rcu)();\n+\treturn cpumask_weight(__sysctl_est_cpulist(ipvs));\n+}\n+\n /* IPVS core functions\n * (from ip_vs_core.c)\n */\n@@ -1604,7 +1616,7 @@ static inline void ip_vs_est_stopped_recalc(struct netns_ipvs *ipvs)\n \t/* Stop tasks while cpulist is empty or if disabled with flag */\n \tipvs->est_stopped = !sysctl_run_estimation(ipvs) ||\n \t\t\t (ipvs->est_cpulist_valid &&\n-\t\t\t cpumask_empty(sysctl_est_cpulist(ipvs)));\n+\t\t\t sysctl_est_cpulist_empty(ipvs));\n #endif\n }\n \n@@ -1620,7 +1632,7 @@ static inline bool ip_vs_est_stopped(struct netns_ipvs *ipvs)\n static inline int ip_vs_est_max_threads(struct netns_ipvs *ipvs)\n {\n \tunsigned int limit = IPVS_EST_CPU_KTHREADS *\n-\t\t\t cpumask_weight(sysctl_est_cpulist(ipvs));\n+\t\t\t sysctl_est_cpulist_weight(ipvs);\n \n \treturn max(1U, limit);\n }\ndiff --git a/net/netfilter/ipvs/ip_vs_ctl.c b/net/netfilter/ipvs/ip_vs_ctl.c\nindex 35642de2a0fe..f38a2e2a9dc5 100644\n--- a/net/netfilter/ipvs/ip_vs_ctl.c\n+++ b/net/netfilter/ipvs/ip_vs_ctl.c\n@@ -1973,11 +1973,14 @@ static int ipvs_proc_est_cpumask_get(const struct ctl_table *table,\n \n \tmutex_lock(&ipvs->est_mutex);\n \n-\tif (ipvs->est_cpulist_valid)\n-\t\tmask = *valp;\n-\telse\n-\t\tmask = (struct cpumask *)housekeeping_cpumask(HK_TYPE_KTHREAD);\n-\tret = scnprintf(buffer, size, \"%*pbl\\n\", cpumask_pr_args(mask));\n+\t/* HK_TYPE_KTHREAD cpumask needs RCU protection */\n+\tscoped_guard(rcu) {\n+\t\tif (ipvs->est_cpulist_valid)\n+\t\t\tmask = *valp;\n+\t\telse\n+\t\t\tmask = (struct cpumask *)housekeeping_cpumask(HK_TYPE_KTHREAD);\n+\t\tret = scnprintf(buffer, size, \"%*pbl\\n\", cpumask_pr_args(mask));\n+\t}\n \n \tmutex_unlock(&ipvs->est_mutex);\n \n", "prefixes": [ "2/2" ] }