[0/2] ipset patches for nf

Message ID	20200222113005.5647-1-kadlec@netfilter.org
State	Accepted
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Jozsef Kadlecsik <kadlec@netfilter.org> To: netfilter-devel@vger.kernel.org Cc: Pablo Neira Ayuso <pablo@netfilter.org> Subject: [PATCH 0/2] ipset patches for nf Date: Sat, 22 Feb 2020 12:30:03 +0100 Message-Id: <20200222113005.5647-1-kadlec@netfilter.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk

Message ID

20200222113005.5647-1-kadlec@netfilter.org

State

Accepted

Delegated to:

Pablo Neira

Headers

From: Jozsef Kadlecsik <kadlec@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 0/2] ipset patches for nf
Date: Sat, 22 Feb 2020 12:30:03 +0100
Message-Id: <20200222113005.5647-1-kadlec@netfilter.org>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Message

Jozsef Kadlecsik Feb. 22, 2020, 11:30 a.m. UTC

Hi Pablo,

Please consider to apply the next two patches to the nf tree. The first one
is larger than usual, but the issue could not be solved simpler. Also, it's
a resend of the patch I submitted a few days ago, with a one line fix on
top of that: the size of the comment extensions was not taken into account
at reporting the full size of the set.

- Fix "INFO: rcu detected stall in hash_xxx" reports of syzbot
  by introducing region locking and using workqueue instead of timer based
  gc of timed out entries in hash types of sets in ipset.
- Fix the forceadd evaluation path - the bug was also uncovered by the syzbot.

Best regards,
Jozsef

The following changes since commit 83d0585f91da441a0b11bc5ff93f4cda56de6703:

  Merge branch 'Fix-reconnection-latency-caused-by-FIN-ACK-handling-race' (2020-02-02 13:45:05 -0800)

are available in the Git repository at:

  git://blackhole.kfki.hu/nf 8af1c6fbd923987799

for you to fetch changes up to 8af1c6fbd9239877998c7f5a591cb2c88d41fb66:

  netfilter: ipset: Fix forceadd evaluation path (2020-02-22 12:13:45 +0100)

----------------------------------------------------------------
Jozsef Kadlecsik (2):
      netfilter: ipset: Fix "INFO: rcu detected stall in hash_xxx" reports
      netfilter: ipset: Fix forceadd evaluation path

 include/linux/netfilter/ipset/ip_set.h |  11 +-
 net/netfilter/ipset/ip_set_core.c      |  34 +-
 net/netfilter/ipset/ip_set_hash_gen.h  | 635 +++++++++++++++++++++++----------
 3 files changed, 474 insertions(+), 206 deletions(-)

Comments

Pablo Neira Ayuso Feb. 26, 2020, 1:02 p.m. UTC | #1

On Sat, Feb 22, 2020 at 12:30:03PM +0100, Jozsef Kadlecsik wrote:
> Hi Pablo,
> 
> Please consider to apply the next two patches to the nf tree. The first one
> is larger than usual, but the issue could not be solved simpler. Also, it's
> a resend of the patch I submitted a few days ago, with a one line fix on
> top of that: the size of the comment extensions was not taken into account
> at reporting the full size of the set.
> 
> - Fix "INFO: rcu detected stall in hash_xxx" reports of syzbot
>   by introducing region locking and using workqueue instead of timer based
>   gc of timed out entries in hash types of sets in ipset.
> - Fix the forceadd evaluation path - the bug was also uncovered by the syzbot.

Pulled, thanks Jozsef.

[0/2] ipset patches for nf

Pull-request

Message

Comments