| Message ID | 1625666419-28751-1-git-send-email-bodong@nvidia.com |
|---|---|
| State | New |
| Headers | show |
| Series | [SRU,F:linux-bluefield,v2] net/sched: act_ct: fix err check for nf_conntrack_confirm | expand |
On 07.07.21 16:00, Bodong Wang wrote: > From: wenxu <wenxu@ucloud.cn> > > BugLink: https://bugs.launchpad.net/bugs/1934819 > > The confirm operation should be checked. If there are any failed, > the packet should be dropped like in ovs and netfilter. > > Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct") > Signed-off-by: wenxu <wenxu@ucloud.cn> > Signed-off-by: David S. Miller <davem@davemloft.net> > (cherry picked from commit 8955b90c3cdad199137809aac8ccbbb585355913 linux-next) > https://patchwork.kernel.org/project/netdevbpf/patch/1625196871-2780-1-git-send-email-wenxu@ucloud.cn/ > Signed-off-by: Bodong Wang <bodong@nvidia.com> > Acked-by: Tim Gardner <tim.gardner@canonical.com> An ACK should not be carried forward by the submitter from one version of the patch to the next without an explicit consent. The issue with doing it is that a person which reviewed and acknowledged one version of a patch is not automatically acknowledging the follow-up submissions even if the changes made are the ones suggested by this person. For the kind of changes suggested by Tim Gardner on v1 a re-submission of the patch is not needed, we can add/change this kind of information while applying the patch. No need to resubmit this, we can fix it up when applying it. Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Thanks > --- > net/sched/act_ct.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c > index 43c5b3f..6299214 100644 > --- a/net/sched/act_ct.c > +++ b/net/sched/act_ct.c > @@ -1004,7 +1004,8 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, > /* This will take care of sending queued events > * even if the connection is already confirmed. > */ > - nf_conntrack_confirm(skb); > + if (nf_conntrack_confirm(skb) != NF_ACCEPT) > + goto drop; > } > > if (!skip_add) >
Acked-by: Tim Gardner <tim.gardner@canonical.com> On 7/7/21 8:00 AM, Bodong Wang wrote: > From: wenxu <wenxu@ucloud.cn> > > BugLink: https://bugs.launchpad.net/bugs/1934819 > > The confirm operation should be checked. If there are any failed, > the packet should be dropped like in ovs and netfilter. > > Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct") > Signed-off-by: wenxu <wenxu@ucloud.cn> > Signed-off-by: David S. Miller <davem@davemloft.net> > (cherry picked from commit 8955b90c3cdad199137809aac8ccbbb585355913 linux-next) > https://patchwork.kernel.org/project/netdevbpf/patch/1625196871-2780-1-git-send-email-wenxu@ucloud.cn/ > Signed-off-by: Bodong Wang <bodong@nvidia.com> > Acked-by: Tim Gardner <tim.gardner@canonical.com> > --- > net/sched/act_ct.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c > index 43c5b3f..6299214 100644 > --- a/net/sched/act_ct.c > +++ b/net/sched/act_ct.c > @@ -1004,7 +1004,8 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, > /* This will take care of sending queued events > * even if the connection is already confirmed. > */ > - nf_conntrack_confirm(skb); > + if (nf_conntrack_confirm(skb) != NF_ACCEPT) > + goto drop; > } > > if (!skip_add) >
On 7/9/2021 3:49 AM, Kleber Souza wrote: > On 07.07.21 16:00, Bodong Wang wrote: >> From: wenxu <wenxu@ucloud.cn> >> >> BugLink: https://bugs.launchpad.net/bugs/1934819 >> >> The confirm operation should be checked. If there are any failed, >> the packet should be dropped like in ovs and netfilter. >> >> Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct") >> Signed-off-by: wenxu <wenxu@ucloud.cn> >> Signed-off-by: David S. Miller <davem@davemloft.net> >> (cherry picked from commit 8955b90c3cdad199137809aac8ccbbb585355913 >> linux-next) >> https://patchwork.kernel.org/project/netdevbpf/patch/1625196871-2780-1-git-send-email-wenxu@ucloud.cn/ >> >> Signed-off-by: Bodong Wang <bodong@nvidia.com> >> Acked-by: Tim Gardner <tim.gardner@canonical.com> > > An ACK should not be carried forward by the submitter from one version > of the patch to the next without an explicit consent. The issue with > doing > it is that a person which reviewed and acknowledged one version of a > patch > is not automatically acknowledging the follow-up submissions even if the > changes made are the ones suggested by this person. > > For the kind of changes suggested by Tim Gardner on v1 a re-submission > of the patch is not needed, we can add/change this kind of information > while applying the patch. > > No need to resubmit this, we can fix it up when applying it. > > > Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> > > Thanks Got it, thanks for the info.
On 07.07.21 16:00, Bodong Wang wrote: > From: wenxu <wenxu@ucloud.cn> > > BugLink: https://bugs.launchpad.net/bugs/1934819 > > The confirm operation should be checked. If there are any failed, > the packet should be dropped like in ovs and netfilter. > > Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct") > Signed-off-by: wenxu <wenxu@ucloud.cn> > Signed-off-by: David S. Miller <davem@davemloft.net> > (cherry picked from commit 8955b90c3cdad199137809aac8ccbbb585355913 linux-next) > https://patchwork.kernel.org/project/netdevbpf/patch/1625196871-2780-1-git-send-email-wenxu@ucloud.cn/ > Signed-off-by: Bodong Wang <bodong@nvidia.com> > Acked-by: Tim Gardner <tim.gardner@canonical.com> > --- Applied to focal:linux-bluefield/master-next. Thanks. -Stefan > net/sched/act_ct.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c > index 43c5b3f..6299214 100644 > --- a/net/sched/act_ct.c > +++ b/net/sched/act_ct.c > @@ -1004,7 +1004,8 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, > /* This will take care of sending queued events > * even if the connection is already confirmed. > */ > - nf_conntrack_confirm(skb); > + if (nf_conntrack_confirm(skb) != NF_ACCEPT) > + goto drop; > } > > if (!skip_add) >
diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c index 43c5b3f..6299214 100644 --- a/net/sched/act_ct.c +++ b/net/sched/act_ct.c @@ -1004,7 +1004,8 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, /* This will take care of sending queued events * even if the connection is already confirmed. */ - nf_conntrack_confirm(skb); + if (nf_conntrack_confirm(skb) != NF_ACCEPT) + goto drop; } if (!skip_add)