From patchwork Tue May 9 23:50:40 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1779139 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=i/qzl/Y6; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QGFLG5w9Tz214c for ; Wed, 10 May 2023 09:51:33 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pwX79-0007QL-2v; Tue, 09 May 2023 23:51:27 +0000 Received: from smtp-relay-internal-1.internal ([10.131.114.114] helo=smtp-relay-internal-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pwX77-0007PK-Kj for kernel-team@lists.ubuntu.com; Tue, 09 May 2023 23:51:25 +0000 Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-1.canonical.com (Postfix) with ESMTPS id 6DF313F486 for ; Tue, 9 May 2023 23:51:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1683676285; bh=FdG6r8xgs1juXwwmaF9vZGxCD3gEADbn/oMeSHCwVRA=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=i/qzl/Y6Kav7kLU7gGZNC9fJBRPshBj2r7KFbNA4rZfY3orPhM5jKBm7ShdBpqszi Aiin3sbvg7p3XrDEryzj6Xp5xdrMYUypjWRFJYw1EgNY2R8DfcDgvxoYCk67dxv6Wv zTmBWFhpHjUBZgHTc8FFmI9njplUK4LBcYRBV0ofOIE0uEwvPsV6NHkH2zRX8m8Ugv aqnonrqobkMbnoaGDzK5QqyV5i2FblAEJ5ES8eT21Hjsj9dk5ZwkE2ZGFoq6tAWuI6 orsOISHv5ZRiVg6OcKusK41FBeSorKBKuGHr+y24qT3KE+goCOpsxwgs9PvfWO/OZd bEic3G4KGB48A== Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-50bffc723c5so6169787a12.1 for ; Tue, 09 May 2023 16:51:25 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683676284; x=1686268284; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FdG6r8xgs1juXwwmaF9vZGxCD3gEADbn/oMeSHCwVRA=; b=fUTlQia47hR47m3auBdsNcDn8gftang9xVV+6JzMAUXzJnXLa/FTG4NJFnO0sf0n3Z kUx9U2LJEqWM/O+ULdTakK/fuzxeZuG5LKCYnfE6w0fXlz2m2OEiX/N4AXf357EfVoEB m+GpB/y2mvPcZ7U3BMy6X+kaAWJsWF6VQJmSuVXx7kAC30DnfFcqVZmcg2Q8pdO//hoB y8M54yvGEbNjK5rygcD6t0vOHFrIZRu0YvxhpMHB7Jk1I/G8CIDpSEYndOTIM9MhK5FA b9MY6Q0S0bAqeAXMraCmlPyxQiYrJ6CZE7q+Jk5vtSAhDmBz7YQwHxWW6R7APqA6FG3x S0Dg== X-Gm-Message-State: AC+VfDywzaBf5oaIClDCI0shS+6piN7EmXMaCMC3CKKWad5OCDgcz0Bi eE3z1rUlZOq/4dg1HPRLWZ2vcEYXAz2KOsZEsROC18jRMG31Y9bD3bLYRxLdVQg68fD4W0FaHLo yqOv2OnZ/IQOQT2O4Lx0GVN4DAe867oU1+Fip0pcGoWQhXrte5w== X-Received: by 2002:aa7:ce0a:0:b0:506:af22:1271 with SMTP id d10-20020aa7ce0a000000b00506af221271mr13855145edv.0.1683676284184; Tue, 09 May 2023 16:51:24 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ4GGwmoGpEQNiyRFmAM/tYGrDUBK7Ktj5EupSijJq58nGXbDRlBv4PsSd26K3VYxhXyOOhcYQ== X-Received: by 2002:aa7:ce0a:0:b0:506:af22:1271 with SMTP id d10-20020aa7ce0a000000b00506af221271mr13855139edv.0.1683676283962; Tue, 09 May 2023 16:51:23 -0700 (PDT) Received: from localhost.localdomain ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id p15-20020aa7cc8f000000b0050bcca2e459sm1295429edt.8.2023.05.09.16.51.22 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 16:51:23 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [SRU][Focal][PATCH 1/3] net/sched: act_mirred: better wording on protection against excessive stack growth Date: Tue, 9 May 2023 19:50:40 -0400 Message-Id: <20230509235043.69974-3-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230509235043.69974-1-yuxuan.luo@canonical.com> References: <20230509235043.69974-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Davide Caratti with commit e2ca070f89ec ("net: sched: protect against stack overflow in TC act_mirred"), act_mirred protected itself against excessive stack growth using per_cpu counter of nested calls to tcf_mirred_act(), and capping it to MIRRED_RECURSION_LIMIT. However, such protection does not detect recursion/loops in case the packet is enqueued to the backlog (for example, when the mirred target device has RPS or skb timestamping enabled). Change the wording from "recursion" to "nesting" to make it more clear to readers. CC: Jamal Hadi Salim Signed-off-by: Davide Caratti Reviewed-by: Marcelo Ricardo Leitner Acked-by: Jamal Hadi Salim Signed-off-by: Paolo Abeni (cherry picked from commit 78dcdffe0418ac8f3f057f26fe71ccf4d8ed851f) CVE-2022-4269 Signed-off-by: Yuxuan Luo --- net/sched/act_mirred.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index dad6a29f6e074..6ddc0b3304cd5 100644 --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -28,8 +28,8 @@ static LIST_HEAD(mirred_list); static DEFINE_SPINLOCK(mirred_list_lock); -#define MIRRED_RECURSION_LIMIT 4 -static DEFINE_PER_CPU(unsigned int, mirred_rec_level); +#define MIRRED_NEST_LIMIT 4 +static DEFINE_PER_CPU(unsigned int, mirred_nest_level); static bool tcf_mirred_is_act_redirect(int action) { @@ -225,7 +225,7 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, struct sk_buff *skb2 = skb; bool m_mac_header_xmit; struct net_device *dev; - unsigned int rec_level; + unsigned int nest_level; int retval, err = 0; bool use_reinsert; bool want_ingress; @@ -236,11 +236,11 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, int mac_len; bool at_nh; - rec_level = __this_cpu_inc_return(mirred_rec_level); - if (unlikely(rec_level > MIRRED_RECURSION_LIMIT)) { + nest_level = __this_cpu_inc_return(mirred_nest_level); + if (unlikely(nest_level > MIRRED_NEST_LIMIT)) { net_warn_ratelimited("Packet exceeded mirred recursion limit on dev %s\n", netdev_name(skb->dev)); - __this_cpu_dec(mirred_rec_level); + __this_cpu_dec(mirred_nest_level); return TC_ACT_SHOT; } @@ -309,7 +309,7 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, err = tcf_mirred_forward(want_ingress, skb); if (err) tcf_action_inc_overlimit_qstats(&m->common); - __this_cpu_dec(mirred_rec_level); + __this_cpu_dec(mirred_nest_level); return TC_ACT_CONSUMED; } } @@ -321,7 +321,7 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, if (tcf_mirred_is_act_redirect(m_eaction)) retval = TC_ACT_SHOT; } - __this_cpu_dec(mirred_rec_level); + __this_cpu_dec(mirred_nest_level); return retval; } From patchwork Tue May 9 23:50:41 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1779142 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=s1VsR1+D; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QGFLH19ZZz214l for ; Wed, 10 May 2023 09:51:35 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pwX7B-0007Sg-E9; Tue, 09 May 2023 23:51:29 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pwX78-0007PY-Ev for kernel-team@lists.ubuntu.com; Tue, 09 May 2023 23:51:26 +0000 Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 3D58B3F481 for ; Tue, 9 May 2023 23:51:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1683676286; bh=hlGoYxBxqO7LEUqFb4IF9CJJDGQA/rQJ8HVnqy/JFXk=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version:Content-Type; b=s1VsR1+Dt9WbyYspYSgntGHiKXoKIdlsmxbnwxuuieBKefOd6zHCdrqwWrwbM6759 /PNb9xLE7eFNW2YJtoNywZjcMUtCiCJgnHJryudUUVy0cWAfoP01MMgQCLVQPY2oBy nRWf4dNAyDmc/P96T/j330fhxPtUbDhmgGchaxmxb1S39Op/vdo+lLx8CGoAluEhCv i5NB1cGAKsqM02fFWo1XfobBhZP3RoGmjoYbLv5zYLbE5YUtj/n6M7UJk0WNocLK6J JJEen5GDeFF3T8LoGYrYdNUZDSUc1HrkN4uqRSzYZR3duNEUH232s3uuMsvDkjVXlh c7OOxeZX07jWA== Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-50bd1f08901so6180618a12.0 for ; Tue, 09 May 2023 16:51:26 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683676285; x=1686268285; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=hlGoYxBxqO7LEUqFb4IF9CJJDGQA/rQJ8HVnqy/JFXk=; b=DzMb/YpcCoOZ/pK6rAbF/wPK7GaL995x7NxjeMqx+2bnBFBAvmL5fSaFtyG+suqy6t nT+5kMN64OFzqnsjJxqoWakVHCZG7Eu3ObyA1zcGC4Yl/VT1PkF+aYqLbgqNmEA44GWP z6qiJThTb0fwTVAcoQDzcrfT5+xMGo8vDg739pwsoOLKlBJPB7nMJY4ZCWRmiptQzlcV zyKmyaSNBQwKvJi7TtnRAmUG/3yMgKMl8BMYAj6MosNm0qaokJpTJFn92jkCxFQFgkui Aw0ZLK8uw5eHHmP7642jFces3gE4Bm2u8VGJKgGdZ/EPvOaDJiadXfvB298+h9HN2OVf ZAmg== X-Gm-Message-State: AC+VfDyq2gf3YZyjROUh4E8tB1BqcV3QBDe99IczADr97sT5U5svRwhy GUnzmcYjdfMqukSQkJL5zNCv87KqOQtBRZ3POVWmEQM6F5ORCmJEzLV61c8n2w9bXy3MnMWg5Vp L8lquh3Dg1ABomjRr8ojeScd91hB9fGSwYXMYqrqpciOGkiUD7A== X-Received: by 2002:aa7:c589:0:b0:50b:c9d4:8804 with SMTP id g9-20020aa7c589000000b0050bc9d48804mr13352879edq.4.1683676285550; Tue, 09 May 2023 16:51:25 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ7DAkRdsuvmhRJML0x6EpK1VlPVkd70dhZur0Ipep/IePXxhCloUGrOxP0GK9n5FeIrYIEffQ== X-Received: by 2002:aa7:c589:0:b0:50b:c9d4:8804 with SMTP id g9-20020aa7c589000000b0050bc9d48804mr13352869edq.4.1683676285191; Tue, 09 May 2023 16:51:25 -0700 (PDT) Received: from localhost.localdomain ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id p15-20020aa7cc8f000000b0050bcca2e459sm1295429edt.8.2023.05.09.16.51.24 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 16:51:24 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [SRU][Focal][PATCH 2/3] act_mirred: use the backlog for nested calls to mirred ingress Date: Tue, 9 May 2023 19:50:41 -0400 Message-Id: <20230509235043.69974-4-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230509235043.69974-1-yuxuan.luo@canonical.com> References: <20230509235043.69974-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Davide Caratti William reports kernel soft-lockups on some OVS topologies when TC mirred egress->ingress action is hit by local TCP traffic [1]. The same can also be reproduced with SCTP (thanks Xin for verifying), when client and server reach themselves through mirred egress to ingress, and one of the two peers sends a "heartbeat" packet (from within a timer). Enqueueing to backlog proved to fix this soft lockup; however, as Cong noticed [2], we should preserve - when possible - the current mirred behavior that counts as "overlimits" any eventual packet drop subsequent to the mirred forwarding action [3]. A compromise solution might use the backlog only when tcf_mirred_act() has a nest level greater than one: change tcf_mirred_forward() accordingly. Also, add a kselftest that can reproduce the lockup and verifies TC mirred ability to account for further packet drops after TC mirred egress->ingress (when the nest level is 1). [1] https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti@redhat.com/ [2] https://lore.kernel.org/netdev/Y0w%2FWWY60gqrtGLp@pop-os.localdomain/ [3] such behavior is not guaranteed: for example, if RPS or skb RX timestamping is enabled on the mirred target device, the kernel can defer receiving the skb and return NET_RX_SUCCESS inside tcf_mirred_forward(). Reported-by: William Zhao CC: Xin Long Signed-off-by: Davide Caratti Reviewed-by: Marcelo Ricardo Leitner Acked-by: Jamal Hadi Salim Signed-off-by: Paolo Abeni (backported from commit ca22da2fbd693b54dc8e3b7b54ccc9f7e9ba3640) [yuxuan.luo: conflict at tcf_mirred_forward(), needs c129412f74e9 (“net/sched: sch_frag: add generic packet fragment support.”). However, it is negligible since it only added a wrapper function on top of the existing one, and considering the large scope of the files this commit affects. ] CVE-2022-4269 Signed-off-by: Yuxuan Luo --- net/sched/act_mirred.c | 7 +++ .../selftests/net/forwarding/tc_actions.sh | 49 ++++++++++++++++++- 2 files changed, 55 insertions(+), 1 deletion(-) diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index 6ddc0b3304cd5..bfed9b6ebe32d 100644 --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -206,12 +206,19 @@ static int tcf_mirred_init(struct net *net, struct nlattr *nla, return err; } +static bool is_mirred_nested(void) +{ + return unlikely(__this_cpu_read(mirred_nest_level) > 1); +} + static int tcf_mirred_forward(bool want_ingress, struct sk_buff *skb) { int err; if (!want_ingress) err = dev_queue_xmit(skb); + else if (is_mirred_nested()) + err = netif_rx(skb); else err = netif_receive_skb(skb); diff --git a/tools/testing/selftests/net/forwarding/tc_actions.sh b/tools/testing/selftests/net/forwarding/tc_actions.sh index 813d02d1939dd..aaa1ea10ac838 100755 --- a/tools/testing/selftests/net/forwarding/tc_actions.sh +++ b/tools/testing/selftests/net/forwarding/tc_actions.sh @@ -2,7 +2,8 @@ # SPDX-License-Identifier: GPL-2.0 ALL_TESTS="gact_drop_and_ok_test mirred_egress_redirect_test \ - mirred_egress_mirror_test gact_trap_test" + mirred_egress_mirror_test gact_trap_test \ + mirred_egress_to_ingress_tcp_test" NUM_NETIFS=4 source tc_common.sh source lib.sh @@ -148,6 +149,52 @@ gact_trap_test() log_test "trap ($tcflags)" } +mirred_egress_to_ingress_tcp_test() +{ + local tmpfile=$(mktemp) tmpfile1=$(mktemp) + + RET=0 + dd conv=sparse status=none if=/dev/zero bs=1M count=2 of=$tmpfile + tc filter add dev $h1 protocol ip pref 100 handle 100 egress flower \ + $tcflags ip_proto tcp src_ip 192.0.2.1 dst_ip 192.0.2.2 \ + action ct commit nat src addr 192.0.2.2 pipe \ + action ct clear pipe \ + action ct commit nat dst addr 192.0.2.1 pipe \ + action ct clear pipe \ + action skbedit ptype host pipe \ + action mirred ingress redirect dev $h1 + tc filter add dev $h1 protocol ip pref 101 handle 101 egress flower \ + $tcflags ip_proto icmp \ + action mirred ingress redirect dev $h1 + tc filter add dev $h1 protocol ip pref 102 handle 102 ingress flower \ + ip_proto icmp \ + action drop + + ip vrf exec v$h1 nc --recv-only -w10 -l -p 12345 -o $tmpfile1 & + local rpid=$! + ip vrf exec v$h1 nc -w1 --send-only 192.0.2.2 12345 <$tmpfile + wait -n $rpid + cmp -s $tmpfile $tmpfile1 + check_err $? "server output check failed" + + $MZ $h1 -c 10 -p 64 -a $h1mac -b $h1mac -A 192.0.2.1 -B 192.0.2.1 \ + -t icmp "ping,id=42,seq=5" -q + tc_check_packets "dev $h1 egress" 101 10 + check_err $? "didn't mirred redirect ICMP" + tc_check_packets "dev $h1 ingress" 102 10 + check_err $? "didn't drop mirred ICMP" + local overlimits=$(tc_rule_stats_get ${h1} 101 egress .overlimits) + test ${overlimits} = 10 + check_err $? "wrong overlimits, expected 10 got ${overlimits}" + + tc filter del dev $h1 egress protocol ip pref 100 handle 100 flower + tc filter del dev $h1 egress protocol ip pref 101 handle 101 flower + tc filter del dev $h1 ingress protocol ip pref 102 handle 102 flower + + rm -f $tmpfile $tmpfile1 + log_test "mirred_egress_to_ingress_tcp ($tcflags)" +} + setup_prepare() { h1=${NETIFS[p1]} From patchwork Tue May 9 23:50:43 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Yuxuan Luo X-Patchwork-Id: 1779144 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=mAWg4XXl; dkim-atps=neutral Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QGFLM6Q5cz214S for ; Wed, 10 May 2023 09:51:39 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1pwX7F-0007Xv-V7; Tue, 09 May 2023 23:51:33 +0000 Received: from smtp-relay-internal-0.internal ([10.131.114.225] helo=smtp-relay-internal-0.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1pwX7A-0007Rw-Nj for kernel-team@lists.ubuntu.com; Tue, 09 May 2023 23:51:28 +0000 Received: from mail-ed1-f71.google.com (mail-ed1-f71.google.com [209.85.208.71]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 78C863F481 for ; Tue, 9 May 2023 23:51:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1683676288; bh=Hd2NphSrvf/2wCL0Q7bjMnFTfSeNesU1E2UeLP2MqT8=; h=From:To:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=mAWg4XXlQXegxW5IT1Jr1IMZqk/jbQmMpLV0ntvnsWNV9mrMtmO5q1pjNDiwn+/K+ ceTDltvzhliO5eaN/cMpgw7J6y2XeXdxHharCkWIj3RR8tDxDPJihbkOQD6zsQ+G+Q 5bn6IAUPgc1R9WD/PxO/nm1g1Jp4eOY5xk0KCiTV3sFxOnlsP5dqAqi+u8YZOPSq1y VONe5WcMrBbHPTBWkj5Ea2xNiDi0Wya+iAxZ5OSHnZBVk4ovLISuDn/Z2692B4lR00 nRWyGJY1zQoD90UW4WKtw+/hU2g78Md1ym/YNb6X2gf4SI2HCaM9hn5zBob0fDECsv VCtt6Avflbk6A== Received: by mail-ed1-f71.google.com with SMTP id 4fb4d7f45d1cf-50bcb45f749so6116323a12.2 for ; Tue, 09 May 2023 16:51:28 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683676288; x=1686268288; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=Hd2NphSrvf/2wCL0Q7bjMnFTfSeNesU1E2UeLP2MqT8=; b=a0zunYXQhKR2BSo+3dr/QlJ8BZztJGF517ZKMSLpoEdsJnp1Wi37Xl2UTCf0u/XNNm dBbERtr8ChJYfMO5KAP1M3IUYWQTMwKCLjpm2FVXBN8xKKWJiRRKY5QLJyufrIj1jROQ /0H92A6CGXSGMN2vw964gIpkvJkk0+bQdZbjfvHzCY22Ijr3f6FoVPlU5mYNZUFPOQMe klTfdkczcrEYd9ig3sT260wdZ716vmtfCgCXCv2cXOzVeaOLzY7QrWQutnleolrinyOq QGmxnQ1t5fKo8c1fLotpnP7bctxe21CIB6ZxbzwZl0ALP6WajfkJtNLJuaOkD6giORyt YCqg== X-Gm-Message-State: AC+VfDyCH4+V248dWiA+GgCERx4blsrIn05Q6uVbRYELXUUYITe5CARQ v3UZ7cg8QAYD2vTfzknBEokaYNAl0Us+s9AsqZplIJ/WuLhf/pUFqVG5YP02LpUN6rUh8ElUdWH z/AS8pB52fiECtqr9/Sv4GZsEbWHTeLmeM4HAEMwaD6u+3REKmQ== X-Received: by 2002:a05:6402:74e:b0:508:3b1f:e6b5 with SMTP id p14-20020a056402074e00b005083b1fe6b5mr12950710edy.15.1683676287840; Tue, 09 May 2023 16:51:27 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6IUE/KBEx3sOlpnCLPi8fzN5FWCU+GeKVuxZzA0aTlxKbZjAFV5zlmzm25WlChpcxR7kqe3g== X-Received: by 2002:a05:6402:74e:b0:508:3b1f:e6b5 with SMTP id p14-20020a056402074e00b005083b1fe6b5mr12950705edy.15.1683676287588; Tue, 09 May 2023 16:51:27 -0700 (PDT) Received: from localhost.localdomain ([2001:67c:1562:8007::aac:4795]) by smtp.gmail.com with ESMTPSA id p15-20020aa7cc8f000000b0050bcca2e459sm1295429edt.8.2023.05.09.16.51.26 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 May 2023 16:51:27 -0700 (PDT) From: Yuxuan Luo To: kernel-team@lists.ubuntu.com Subject: [SRU][Focal][PATCH 3/3] net: sched: extract qstats update code into functions Date: Tue, 9 May 2023 19:50:43 -0400 Message-Id: <20230509235043.69974-6-yuxuan.luo@canonical.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20230509235043.69974-1-yuxuan.luo@canonical.com> References: <20230509235043.69974-1-yuxuan.luo@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: Vlad Buslov Extract common code that increments cpu_qstats counters into standalone act API functions. Change hardware offloaded actions that use percpu counter allocation to use the new functions instead of accessing cpu_qstats directly. This commit doesn't change functionality. Signed-off-by: Vlad Buslov Acked-by: Jiri Pirko Signed-off-by: David S. Miller (cherry picked from commit 26b537a88ca5b7399c7ab0656e06dbd9da9513c1) Signed-off-by: Yuxuan Luo --- include/net/act_api.h | 15 +++++++++++++++ net/sched/act_csum.c | 2 +- net/sched/act_ct.c | 2 +- net/sched/act_gact.c | 2 +- net/sched/act_mirred.c | 2 +- net/sched/act_vlan.c | 2 +- 6 files changed, 20 insertions(+), 5 deletions(-) diff --git a/include/net/act_api.h b/include/net/act_api.h index 4dabe4730f00f..d9f9ae3803d58 100644 --- a/include/net/act_api.h +++ b/include/net/act_api.h @@ -186,6 +186,21 @@ int tcf_action_dump(struct sk_buff *skb, struct tc_action *actions[], int bind, int ref); int tcf_action_dump_old(struct sk_buff *skb, struct tc_action *a, int, int); int tcf_action_dump_1(struct sk_buff *skb, struct tc_action *a, int, int); +static inline struct gnet_stats_queue * +tcf_action_get_qstats(struct tc_action *a) +{ + return this_cpu_ptr(a->cpu_qstats); +} + +static inline void tcf_action_inc_drop_qstats(struct tc_action *a) +{ + qstats_drop_inc(this_cpu_ptr(a->cpu_qstats)); +} + +static inline void tcf_action_inc_overlimit_qstats(struct tc_action *a) +{ + qstats_overlimit_inc(this_cpu_ptr(a->cpu_qstats)); +} int tcf_action_copy_stats(struct sk_buff *, struct tc_action *, int); int tcf_action_check_ctrlact(int action, struct tcf_proto *tp, diff --git a/net/sched/act_csum.c b/net/sched/act_csum.c index fa1b1fd10c441..a88f39c118194 100644 --- a/net/sched/act_csum.c +++ b/net/sched/act_csum.c @@ -621,7 +621,7 @@ static int tcf_csum_act(struct sk_buff *skb, const struct tc_action *a, return action; drop: - qstats_drop_inc(this_cpu_ptr(p->common.cpu_qstats)); + tcf_action_inc_drop_qstats(&p->common); action = TC_ACT_SHOT; goto out; } diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c index 02d4491991b5e..2fbb7d08007dd 100644 --- a/net/sched/act_ct.c +++ b/net/sched/act_ct.c @@ -486,7 +486,7 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, return retval; drop: - qstats_drop_inc(this_cpu_ptr(a->cpu_qstats)); + tcf_action_inc_drop_qstats(&c->common); return TC_ACT_SHOT; } diff --git a/net/sched/act_gact.c b/net/sched/act_gact.c index faf68a44b8451..c80b8220845e5 100644 --- a/net/sched/act_gact.c +++ b/net/sched/act_gact.c @@ -161,7 +161,7 @@ static int tcf_gact_act(struct sk_buff *skb, const struct tc_action *a, #endif bstats_cpu_update(this_cpu_ptr(gact->common.cpu_bstats), skb); if (action == TC_ACT_SHOT) - qstats_drop_inc(this_cpu_ptr(gact->common.cpu_qstats)); + tcf_action_inc_drop_qstats(&gact->common); tcf_lastuse_update(&gact->tcf_tm); diff --git a/net/sched/act_mirred.c b/net/sched/act_mirred.c index bfed9b6ebe32d..88018b4ad57ba 100644 --- a/net/sched/act_mirred.c +++ b/net/sched/act_mirred.c @@ -324,7 +324,7 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, err = tcf_mirred_forward(want_ingress, skb2); if (err) { out: - qstats_overlimit_inc(this_cpu_ptr(m->common.cpu_qstats)); + tcf_action_inc_overlimit_qstats(&m->common); if (tcf_mirred_is_act_redirect(m_eaction)) retval = TC_ACT_SHOT; } diff --git a/net/sched/act_vlan.c b/net/sched/act_vlan.c index 7dc76c68ec52d..65cbc1a2738e7 100644 --- a/net/sched/act_vlan.c +++ b/net/sched/act_vlan.c @@ -88,7 +88,7 @@ static int tcf_vlan_act(struct sk_buff *skb, const struct tc_action *a, return action; drop: - qstats_drop_inc(this_cpu_ptr(v->common.cpu_qstats)); + tcf_action_inc_drop_qstats(&v->common); return TC_ACT_SHOT; }