GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/817709/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 817709,
    "url": "http://patchwork.ozlabs.org/api/patches/817709/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/netdev/patch/e899d1802d51e022e47e88cff37ffcd2bf7a36cc.1506114055.git.pabeni@redhat.com/",
    "project": {
        "id": 7,
        "url": "http://patchwork.ozlabs.org/api/projects/7/?format=api",
        "name": "Linux network development",
        "link_name": "netdev",
        "list_id": "netdev.vger.kernel.org",
        "list_email": "netdev@vger.kernel.org",
        "web_url": null,
        "scm_url": null,
        "webscm_url": null,
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<e899d1802d51e022e47e88cff37ffcd2bf7a36cc.1506114055.git.pabeni@redhat.com>",
    "list_archive_url": null,
    "date": "2017-09-22T21:06:26",
    "name": "[RFC,02/11] net: allow early demux to fetch noref socket",
    "commit_ref": null,
    "pull_url": null,
    "state": "rfc",
    "archived": true,
    "hash": "c232faab41dd0e3742787bf18236f24a6a1d6793",
    "submitter": {
        "id": 67312,
        "url": "http://patchwork.ozlabs.org/api/people/67312/?format=api",
        "name": "Paolo Abeni",
        "email": "pabeni@redhat.com"
    },
    "delegate": {
        "id": 34,
        "url": "http://patchwork.ozlabs.org/api/users/34/?format=api",
        "username": "davem",
        "first_name": "David",
        "last_name": "Miller",
        "email": "davem@davemloft.net"
    },
    "mbox": "http://patchwork.ozlabs.org/project/netdev/patch/e899d1802d51e022e47e88cff37ffcd2bf7a36cc.1506114055.git.pabeni@redhat.com/mbox/",
    "series": [
        {
            "id": 4709,
            "url": "http://patchwork.ozlabs.org/api/series/4709/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/netdev/list/?series=4709",
            "date": "2017-09-22T21:06:24",
            "name": "udp: full early demux for unconnected sockets",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/4709/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/817709/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/817709/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<netdev-owner@vger.kernel.org>",
        "X-Original-To": "patchwork-incoming@ozlabs.org",
        "Delivered-To": "patchwork-incoming@ozlabs.org",
        "Authentication-Results": [
            "ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)",
            "ext-mx01.extmail.prod.ext.phx2.redhat.com;\n\tdmarc=none (p=none dis=none) header.from=redhat.com",
            "ext-mx01.extmail.prod.ext.phx2.redhat.com;\n\tspf=fail smtp.mailfrom=pabeni@redhat.com"
        ],
        "Received": [
            "from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xzQzd4DXfz9sP1\n\tfor <patchwork-incoming@ozlabs.org>;\n\tSat, 23 Sep 2017 07:07:41 +1000 (AEST)",
            "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1752395AbdIVVHi (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tFri, 22 Sep 2017 17:07:38 -0400",
            "from mx1.redhat.com ([209.132.183.28]:43422 \"EHLO mx1.redhat.com\"\n\trhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP\n\tid S1752115AbdIVVHA (ORCPT <rfc822;netdev@vger.kernel.org>);\n\tFri, 22 Sep 2017 17:07:00 -0400",
            "from smtp.corp.redhat.com\n\t(int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])\n\t(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))\n\t(No client certificate requested)\n\tby mx1.redhat.com (Postfix) with ESMTPS id 23D9C81E05;\n\tFri, 22 Sep 2017 21:07:00 +0000 (UTC)",
            "from dhcppc0.redhat.com (ovpn-116-39.ams2.redhat.com\n\t[10.36.116.39])\n\tby smtp.corp.redhat.com (Postfix) with ESMTP id 69F0B5D6A2;\n\tFri, 22 Sep 2017 21:06:58 +0000 (UTC)"
        ],
        "DMARC-Filter": "OpenDMARC Filter v1.3.2 mx1.redhat.com 23D9C81E05",
        "From": "Paolo Abeni <pabeni@redhat.com>",
        "To": "netdev@vger.kernel.org",
        "Cc": "\"David S. Miller\" <davem@davemloft.net>,\n\tPablo Neira Ayuso <pablo@netfilter.org>, Florian Westphal <fw@strlen.de>,\n\tEric Dumazet <edumazet@google.com>,\n\tHannes Frederic Sowa <hannes@stressinduktion.org>",
        "Subject": "[RFC PATCH 02/11] net: allow early demux to fetch noref socket",
        "Date": "Fri, 22 Sep 2017 23:06:26 +0200",
        "Message-Id": "<e899d1802d51e022e47e88cff37ffcd2bf7a36cc.1506114055.git.pabeni@redhat.com>",
        "In-Reply-To": "<cover.1506114055.git.pabeni@redhat.com>",
        "References": "<cover.1506114055.git.pabeni@redhat.com>",
        "X-Scanned-By": "MIMEDefang 2.79 on 10.5.11.15",
        "X-Greylist": "Sender IP whitelisted, not delayed by milter-greylist-4.5.16\n\t(mx1.redhat.com [10.5.110.25]);\n\tFri, 22 Sep 2017 21:07:00 +0000 (UTC)",
        "Sender": "netdev-owner@vger.kernel.org",
        "Precedence": "bulk",
        "List-ID": "<netdev.vger.kernel.org>",
        "X-Mailing-List": "netdev@vger.kernel.org"
    },
    "content": "We must be careful to avoid leaking such sockets outside\nthe RCU section containing the early demux call; we clear\nthem on nonlocal delivery.\n\nFor ipv4 we clear sknoref even for multicast traffic entering\nthe ip_mr_input() path; we will lose the mcast early demux\noptimization when the host is acting as multicast router, but\nthat will help to keep to code simple.\n\nAlso update all iptables/nftables extension that can\nhappen in the input chain and can transmit the skb outside\nsuch patch, namely TEE, nft_dup and nfqueue.\n\nSigned-off-by: Paolo Abeni <pabeni@redhat.com>\n---\n net/ipv4/ip_input.c              | 8 ++++++++\n net/ipv4/netfilter/nf_dup_ipv4.c | 3 +++\n net/ipv6/ip6_input.c             | 4 ++++\n net/ipv6/netfilter/nf_dup_ipv6.c | 3 +++\n net/netfilter/nf_queue.c         | 3 +++\n 5 files changed, 21 insertions(+)",
    "diff": "diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c\nindex fa2dc8f692c6..5690ef09da28 100644\n--- a/net/ipv4/ip_input.c\n+++ b/net/ipv4/ip_input.c\n@@ -351,6 +351,14 @@ static int ip_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb)\n \t\t}\n \t}\n \n+\t/* Since the sk has no reference to the socket, we must\n+\t * clear it before escaping this RCU section.\n+\t * The sk is just an hint and we know we are not going to use\n+\t * it outside the input path.\n+\t */\n+\tif (skb_dst(skb)->input != ip_local_deliver)\n+\t\tskb_clear_noref_sk(skb);\n+\n #ifdef CONFIG_IP_ROUTE_CLASSID\n \tif (unlikely(skb_dst(skb)->tclassid)) {\n \t\tstruct ip_rt_acct *st = this_cpu_ptr(ip_rt_acct);\ndiff --git a/net/ipv4/netfilter/nf_dup_ipv4.c b/net/ipv4/netfilter/nf_dup_ipv4.c\nindex 39895b9ddeb9..bf8b78492fc8 100644\n--- a/net/ipv4/netfilter/nf_dup_ipv4.c\n+++ b/net/ipv4/netfilter/nf_dup_ipv4.c\n@@ -71,6 +71,9 @@ void nf_dup_ipv4(struct net *net, struct sk_buff *skb, unsigned int hooknum,\n \tnf_reset(skb);\n \tnf_ct_set(skb, NULL, IP_CT_UNTRACKED);\n #endif\n+\t/* Avoid leaking noref sk outside the input path */\n+\tskb_clear_noref_sk(skb);\n+\n \t/*\n \t * If we are in PREROUTING/INPUT, decrease the TTL to mitigate potential\n \t * loops between two hosts.\ndiff --git a/net/ipv6/ip6_input.c b/net/ipv6/ip6_input.c\nindex 9ee208a348f5..e15ec2d36b9e 100644\n--- a/net/ipv6/ip6_input.c\n+++ b/net/ipv6/ip6_input.c\n@@ -68,6 +68,10 @@ int ip6_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb)\n \tif (!skb_valid_dst(skb))\n \t\tip6_route_input(skb);\n \n+\t/* see comment on ipv4 edmux */\n+\tif (skb_dst(skb)->input != ip6_input)\n+\t\tskb_clear_noref_sk(skb);\n+\n \treturn dst_input(skb);\n }\n \ndiff --git a/net/ipv6/netfilter/nf_dup_ipv6.c b/net/ipv6/netfilter/nf_dup_ipv6.c\nindex 4a7ddeddbaab..939f6a2238f9 100644\n--- a/net/ipv6/netfilter/nf_dup_ipv6.c\n+++ b/net/ipv6/netfilter/nf_dup_ipv6.c\n@@ -60,6 +60,9 @@ void nf_dup_ipv6(struct net *net, struct sk_buff *skb, unsigned int hooknum,\n \tnf_reset(skb);\n \tnf_ct_set(skb, NULL, IP_CT_UNTRACKED);\n #endif\n+\t/* Avoid leaking noref sk outside the input path */\n+\tskb_clear_noref_sk(skb);\n+\n \tif (hooknum == NF_INET_PRE_ROUTING ||\n \t    hooknum == NF_INET_LOCAL_IN) {\n \t\tstruct ipv6hdr *iph = ipv6_hdr(skb);\ndiff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c\nindex f7e21953b1de..100eff08cb51 100644\n--- a/net/netfilter/nf_queue.c\n+++ b/net/netfilter/nf_queue.c\n@@ -145,6 +145,9 @@ static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state,\n \t\t.size\t= sizeof(*entry) + afinfo->route_key_size,\n \t};\n \n+\t/* Avoid leaking noref sk outside the input path */\n+\tskb_clear_noref_sk(skb);\n+\n \tnf_queue_entry_get_refs(entry);\n \tskb_dst_force(skb);\n \tafinfo->saveroute(skb, entry);\n",
    "prefixes": [
        "RFC",
        "02/11"
    ]
}