From patchwork Sun Nov 4 18:44:39 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Taehee Yoo X-Patchwork-Id: 992778 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="H20AKi1A"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42p4VQ6tLpzB6ML for ; Mon, 5 Nov 2018 05:44:46 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728240AbeKEEAn (ORCPT ); Sun, 4 Nov 2018 23:00:43 -0500 Received: from mail-pl1-f196.google.com ([209.85.214.196]:35210 "EHLO mail-pl1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726789AbeKEEAn (ORCPT ); Sun, 4 Nov 2018 23:00:43 -0500 Received: by mail-pl1-f196.google.com with SMTP id n4-v6so3328357plp.2 for ; Sun, 04 Nov 2018 10:44:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=snyg68Ysm2gt2DZimsKJaiqna4lhJxVXu2iQOwTzAYA=; b=H20AKi1AW9bmGOPW2u4ePhVIbWJNwiW/PGkLjMZq9lBqGSB9cRyUPU4kNz1Bf/v+MZ Z3UTYBhAppUudQk1RL2j055QJHGddb3inMgtL//g+owiEtTXQFe9LWodyJ8I9LFM7Kgy 2NzreuQ0suVkn8aY5sFqSwQ7+v/GGO55NA2NK2vil3kgtjRozD7SoJzA571kuMeEYcOt Cszan/Its8JYi4PHXJBls3okG4JKD1+20M3FC/FktOO5gtfLsiHHWtMT9BsMbAp6OYVk faBoRIastN8yvPouMONemJhf1klj8NDQZMHCMvUlifsCx8q82D4vnreFWJECctzXCwid zeeQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=snyg68Ysm2gt2DZimsKJaiqna4lhJxVXu2iQOwTzAYA=; b=h4rR/n5lHMCr7nfalLQanU6pcDdV6UD13jJciRLqZQa1ThPcRviQQ1Dsng11mJpEsJ +5fS0JOXhud122AeuoT5kQQ8qRIZ0fzbrBeMM9c+2DLJzL780UC6VoE+zwbd48gsSZUh zlTakjqgfs0/avqtE9clllBcOQcHubC5+ULPcBo3/3Y8vOEvzACPDg0yI9g5pwlrqF2s AwVES8s76YLbNxohuxKtyr80l74ox8Ixz1D1CgteLimE7elKvTHFEw4bMBXl2HVdyZr6 Ga9EPHOGEHF0Dzid9GBKWWx7q570zgPjthRsj0Z7jVdH1U5OdExXT9mTVOBJBvy+GI5v JKsA== X-Gm-Message-State: AGRZ1gIZI5KiXXt3xd1eswRgQxzZZOAwZ61Gr0MFLPV6OyrijTAlNMWa IdDjl8BQHKj6G6sfVO+LR5A= X-Google-Smtp-Source: AJdET5cX/WZHyBJzERuPlSegcHQiz2dC/PW9q0LhWbHTr/0xXK6v5xkvxAqZaLcg/6G+oeOZVLMJ6A== X-Received: by 2002:a17:902:a984:: with SMTP id bh4-v6mr19422628plb.163.1541357085625; Sun, 04 Nov 2018 10:44:45 -0800 (PST) Received: from ap-To-be-filled-by-O-E-M.8.8.8.8 ([125.130.197.10]) by smtp.gmail.com with ESMTPSA id v5-v6sm57661852pfd.64.2018.11.04.10.44.43 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 04 Nov 2018 10:44:45 -0800 (PST) From: Taehee Yoo To: pablo@netfilter.org, fw@strlen.de, yihung.wei@gmail.com, netfilter-devel@vger.kernel.org Cc: ap420073@gmail.com Subject: [PATCH nf v2 3/3] netfilter: nf_conncount: fix unexpected permanent node of list. Date: Mon, 5 Nov 2018 03:44:39 +0900 Message-Id: <20181104184439.19766-1-ap420073@gmail.com> X-Mailer: git-send-email 2.17.1 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org When list->count is 0, the list is deleted by GC. But list->count is never reached 0. because Initial count value is 1 and it is increased when node is inserted. So that initial value of list->count should be 0. Originally GC always finds zero count list through deleting node and decreasing count. it has problem that it couldn't find lists that didn't insert nodes(by allocating problem, etc...). In order to solve this problem, GC routine also finds zero count list without deleting node. v2: - Use spin_lock_bh() in nf_conncount_add() (Pablo Neira Ayuso) - Add Third patch. v1: Initial patch Fixes: cb2b36f5a97d ("netfilter: nf_conncount: Switch to plain list") Signed-off-by: Taehee Yoo --- net/netfilter/nf_conncount.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/net/netfilter/nf_conncount.c b/net/netfilter/nf_conncount.c index cb33709138df..b5dc749112a1 100644 --- a/net/netfilter/nf_conncount.c +++ b/net/netfilter/nf_conncount.c @@ -144,8 +144,10 @@ static bool conn_free(struct nf_conncount_list *list, list->count--; conn->dead = true; list_del_rcu(&conn->node); - if (list->count == 0) + if (list->count == 0) { + list->dead = true; free_entry = true; + } spin_unlock_bh(&list->list_lock); call_rcu(&conn->rcu_head, __conn_free); @@ -248,7 +250,7 @@ void nf_conncount_list_init(struct nf_conncount_list *list) { spin_lock_init(&list->list_lock); INIT_LIST_HEAD(&list->head); - list->count = 1; + list->count = 0; list->dead = false; } EXPORT_SYMBOL_GPL(nf_conncount_list_init); @@ -262,6 +264,7 @@ bool nf_conncount_gc_list(struct net *net, struct nf_conn *found_ct; unsigned int collected = 0; bool free_entry = false; + bool ret = false; list_for_each_entry_safe(conn, conn_n, &list->head, node) { found = find_or_evict(net, list, conn, &free_entry); @@ -291,7 +294,14 @@ bool nf_conncount_gc_list(struct net *net, if (collected > CONNCOUNT_GC_MAX_NODES) return false; } - return false; + + spin_lock_bh(&list->list_lock); + if (!list->count) { + list->dead = true; + ret = true; + } + spin_unlock_bh(&list->list_lock); + return ret; } EXPORT_SYMBOL_GPL(nf_conncount_gc_list); @@ -417,6 +427,7 @@ insert_tree(struct net *net, nf_conncount_list_init(&rbconn->list); list_add(&conn->node, &rbconn->list.head); count = 1; + rbconn->list.count = count; rb_link_node(&rbconn->node, parent, rbnode); rb_insert_color(&rbconn->node, root);