mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-04 04:06:26 +00:00
netfilter pull request 24-08-22
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEEN9lkrMBJgcdVAPub1V2XiooUIOQFAmbHEBcACgkQ1V2XiooU IORLYhAAokOmQRxYoSgjbZASfhss57XGI1GzstYCr10kxKPI0AthP26sGk4RoiuP 22+6sDIk7Qo8SGJSPdvHuwHcsqo4wRXxyItuWYJ875cDXErkyhrWNQhbp+5SNcgN t8f9S5FGmw1+iY/YyBh5v69u5+ycwgiFdUAUogxr7W/bsB0QcOSAI27hnrynj5K7 yTn1ys17pAICnMsrX11xtS41lWrXE8bBr91tW+Ko1CRzEc2/zWgaSN8oEadJfV05 jmNFYPgXWlmhB3KDoTdE/lWvjphUqxe6Jv0ILLNsH15ETgjP9JFbq2J7memAQIjr 1FLFsEX1ErrdrV7OCNI0n4QE8nuDs3eBKpsalg3ey6k9do+bLRCxZbHR86zkJGp2 b1M4Qa5dV0D3mRrKP3RQQt4k7LyAN7C11al4FMj6FU5FdV4CiDwjPazjqhkHYp30 VZmZJOmlJhGiiWDNHV921oMGa7uEb7Eo4CHLAoAsUTojzTZ+XWtkRDsGjPgbdsIZ 6On/Or6LvW/B+XgHdf3LVvGdTve6dLSO2bpU9vTj9lVp6iGxQ08taUlfZcC5P1kp FeE7jnhiZdNk6SJ1np83zx38un5ckHWqH8O/jr06fDii7RWn/RhKJgmLYaBsV7U7 85CETA9G0OtVEC15f3Gxsvme4aMRXCdoMtK7HI8fTCe8F4IDNko= =Vnhf -----END PGP SIGNATURE----- Merge tag 'nf-24-08-22' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf Pablo Neira Ayuso says: ==================== Netfilter fixes for net The following patchset contains Netfilter fixes for net: Patch #1 disable BH when collecting stats via hardware offload to ensure concurrent updates from packet path do not result in losing stats. From Sebastian Andrzej Siewior. Patch #2 uses write seqcount to reset counters serialize against reader. Also from Sebastian Andrzej Siewior. Patch #3 ensures vlan header is in place before accessing its fields, according to KMSAN splat triggered by syzbot. * tag 'nf-24-08-22' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf: netfilter: flowtable: validate vlan header netfilter: nft_counter: Synchronize nft_counter_reset() against reader. netfilter: nft_counter: Disable BH in nft_counter_offload_stats(). ==================== Link: https://patch.msgid.link/20240822101842.4234-1-pablo@netfilter.org Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
commit
3ddbf7b696
@ -17,6 +17,9 @@ nf_flow_offload_inet_hook(void *priv, struct sk_buff *skb,
|
||||
|
||||
switch (skb->protocol) {
|
||||
case htons(ETH_P_8021Q):
|
||||
if (!pskb_may_pull(skb, skb_mac_offset(skb) + sizeof(*veth)))
|
||||
return NF_ACCEPT;
|
||||
|
||||
veth = (struct vlan_ethhdr *)skb_mac_header(skb);
|
||||
proto = veth->h_vlan_encapsulated_proto;
|
||||
break;
|
||||
|
@ -281,6 +281,9 @@ static bool nf_flow_skb_encap_protocol(struct sk_buff *skb, __be16 proto,
|
||||
|
||||
switch (skb->protocol) {
|
||||
case htons(ETH_P_8021Q):
|
||||
if (!pskb_may_pull(skb, skb_mac_offset(skb) + sizeof(*veth)))
|
||||
return false;
|
||||
|
||||
veth = (struct vlan_ethhdr *)skb_mac_header(skb);
|
||||
if (veth->h_vlan_encapsulated_proto == proto) {
|
||||
*offset += VLAN_HLEN;
|
||||
|
@ -107,11 +107,16 @@ static void nft_counter_reset(struct nft_counter_percpu_priv *priv,
|
||||
struct nft_counter *total)
|
||||
{
|
||||
struct nft_counter *this_cpu;
|
||||
seqcount_t *myseq;
|
||||
|
||||
local_bh_disable();
|
||||
this_cpu = this_cpu_ptr(priv->counter);
|
||||
myseq = this_cpu_ptr(&nft_counter_seq);
|
||||
|
||||
write_seqcount_begin(myseq);
|
||||
this_cpu->packets -= total->packets;
|
||||
this_cpu->bytes -= total->bytes;
|
||||
write_seqcount_end(myseq);
|
||||
local_bh_enable();
|
||||
}
|
||||
|
||||
@ -265,7 +270,7 @@ static void nft_counter_offload_stats(struct nft_expr *expr,
|
||||
struct nft_counter *this_cpu;
|
||||
seqcount_t *myseq;
|
||||
|
||||
preempt_disable();
|
||||
local_bh_disable();
|
||||
this_cpu = this_cpu_ptr(priv->counter);
|
||||
myseq = this_cpu_ptr(&nft_counter_seq);
|
||||
|
||||
@ -273,7 +278,7 @@ static void nft_counter_offload_stats(struct nft_expr *expr,
|
||||
this_cpu->packets += stats->pkts;
|
||||
this_cpu->bytes += stats->bytes;
|
||||
write_seqcount_end(myseq);
|
||||
preempt_enable();
|
||||
local_bh_enable();
|
||||
}
|
||||
|
||||
void nft_counter_init_seqcount(void)
|
||||
|
Loading…
Reference in New Issue
Block a user