Skip to content

L
linux
Switch branch/tag
  1. 29 Oct, 2019 8 commits
  3. 28 Oct, 2019 21 commits
  5. 27 Oct, 2019 1 commit
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next · 5b7fe93d
      David S. Miller authored 
      Daniel Borkmann says:

====================
pull-request: bpf-next 2019-10-27

The following pull-request contains BPF updates for your *net-next* tree.

We've added 52 non-merge commits during the last 11 day(s) which contain
a total of 65 files changed, 2604 insertions(+), 1100 deletions(-).

The main changes are:

 1) Revolutionize BPF tracing by using in-kernel BTF to type check BPF
    assembly code. The work here teaches BPF verifier to recognize
    kfree_skb()'s first argument as 'struct sk_buff *' in tracepoints
    such that verifier allows direct use of bpf_skb_event_output() helper
    used in tc BPF et al (w/o probing memory access) that dumps skb data
    into perf ring buffer. Also add direct loads to probe memory in order
    to speed up/replace bpf_probe_read() calls, from Alexei Starovoitov.

 2) Big batch of changes to improve libbpf and BPF kselftests. Besides
    others: generalization of libbpf's CO-RE relocation support to now
    also include field existence relocations, revamp the BPF kselftest
    Makefile to add test runner concept allowing to exercise various
    ways to build BPF programs, and teach bpf_object__open() and friends
    to automatically derive BPF program type/expected attach type from
    section names to ease their use, from Andrii Nakryiko.

 3) Fix deadlock in stackmap's build-id lookup on rq_lock(), from Song Liu.

 4) Allow to read BTF as raw data from bpftool. Most notable use case
    is to dump /sys/kernel/btf/vmlinux through this, from Jiri Olsa.

 5) Use bpf_redirect_map() helper in libbpf's AF_XDP helper prog which
    manages to improve "rx_drop" performance by ~4%., from Björn Töpel.

 6) Fix to restore the flow dissector after reattach BPF test and also
    fix error handling in bpf_helper_defs.h generation, from Jakub Sitnicki.

 7) Improve verifier's BTF ctx access for use outside of raw_tp, from
    Martin KaFai Lau.

 8) Improve documentation for AF_XDP with new sections and to reflect
    latest features, from Magnus Karlsson.

 9) Add back 'version' section parsing to libbpf for old kernels, from
    John Fastabend.

10) Fix strncat bounds error in libbpf's libbpf_prog_type_by_name(),
    from KP Singh.

11) Turn on -mattr=+alu32 in LLVM by default for BPF kselftests in order
    to improve insn coverage for built BPF progs, from Yonghong Song.

12) Misc minor cleanups and fixes, from various others.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5b7fe93d
  7. 26 Oct, 2019 10 commits
    • Roman Mashak's avatar
      tc-testing: list required kernel options for act_ct action · b9512485
      Roman Mashak authored 
      Updated config with required kernel options for conntrac TC action,
so that tdc can run the tests.
Signed-off-by: default avatarRoman Mashak <mrv@mojatatu.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      b9512485
    • David S. Miller's avatar
      Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next · 4b1f5dda
      David S. Miller authored 
      Pablo Neira Ayuso says:

====================
Netfilter/IPVS updates for net-next

The following patchset contains Netfilter/IPVS updates for net-next,
more specifically:

* Updates for ipset:

1) Coding style fix for ipset comment extension, from Jeremy Sowden.

2) De-inline many functions in ipset, from Jeremy Sowden.

3) Move ipset function definition from header to source file.

4) Move ip_set_put_flags() to source, export it as a symbol, remove
   inline.

5) Move range_to_mask() to the source file where this is used.

6) Move ip_set_get_ip_port() to the source file where this is used.

* IPVS selftests and netns improvements:

7) Two patches to speedup ipvs netns dismantle, from Haishuang Yan.

8) Three patches to add selftest script for ipvs, also from
   Haishuang Yan.

* Conntrack updates and new nf_hook_slow_list() function:

9) Document ct ecache extension, from Florian Westphal.

10) Skip ct extensions from ctnetlink dump, from Florian.

11) Free ct extension immediately, from Florian.

12) Skip access to ecache extension from nf_ct_deliver_cached_events()
    this is not correct as reported by Syzbot.

13) Add and use nf_hook_slow_list(), from Florian.

* Flowtable infrastructure updates:

14) Move priority to nf_flowtable definition.

15) Dynamic allocation of per-device hooks in flowtables.

16) Allow to include netdevice only once in flowtable definitions.

17) Rise maximum number of devices per flowtable.

* Netfilter hardware offload infrastructure updates:

18) Add nft_flow_block_chain() helper function.

19) Pass callback list to nft_setup_cb_call().

20) Add nft_flow_cls_offload_setup() helper function.

21) Remove rules for the unregistered device via netdevice event.

22) Support for multiple devices in a basechain definition at the
    ingress hook.

22) Add nft_chain_offload_cmd() helper function.

23) Add nft_flow_block_offload_init() helper function.

24) Rewind in case of failing to bind multiple devices to hook.

25) Typo in IPv6 tproxy module description, from Norman Rasmussen.
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      4b1f5dda
    • David S. Miller's avatar
      Merge branch 'net-aquantia-ptp-followup-fixes' · 64fe8e97
      David S. Miller authored 
      Igor Russkikh says:

====================
net: aquantia: ptp followup fixes

Here are two sparse warnings, third patch is a fix for
scaled_ppm_to_ppb missing. Eventually I reworked this
to exclude ptp module from build. Please consider it instead
of this patch: https://patchwork.ozlabs.org/patch/1184171/
====================
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      64fe8e97
    • Igor Russkikh's avatar
      net: aquantia: disable ptp object build if no config · 7873ee26
      Igor Russkikh authored 
      We do disable aq_ptp module build using inline
stubs when CONFIG_PTP_1588_CLOCK is not declared.

This reduces module size and removes unnecessary code.
Reported-by: default avatarYueHaibing <yuehaibing@huawei.com>
Signed-off-by: default avatarIgor Russkikh <igor.russkikh@aquantia.com>
Acked-by: default avatarRichard Cochran <richardcochran@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7873ee26
    • Igor Russkikh's avatar
      net: aquantia: fix warnings on endianness · 5eeb6c3c
      Igor Russkikh authored 
      fixes to remove sparse warnings:
sparse: sparse: cast to restricted __be64

Fixes: 04a18399 ("net: aquantia: implement data PTP datapath")
Reported-by: default avatarkbuild test robot <lkp@intel.com>
Signed-off-by: default avatarIgor Russkikh <igor.russkikh@aquantia.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      5eeb6c3c
    • Igor Russkikh's avatar
      net: aquantia: fix var initialization warning · bb1eded1
      Igor Russkikh authored 
      found by sparse, simply useless local initialization with zero.

Fixes: 94ad9455 ("net: aquantia: add PTP rings infrastructure")
Reported-by: default avatarkbuild test robot <lkp@intel.com>
Signed-off-by: default avatarIgor Russkikh <igor.russkikh@aquantia.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      bb1eded1
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables_offload: unbind if multi-device binding fails · 671312e1
      Pablo Neira Ayuso authored 
      nft_flow_block_chain() needs to unbind in case of error when performing
the multi-device binding.

Fixes: d54725cd ("netfilter: nf_tables: support for multiple devices per netdev hook")
Reported-by: default avatarwenxu <wenxu@ucloud.cn>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      671312e1
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables_offload: add nft_flow_block_offload_init() · 75ceaf86
      Pablo Neira Ayuso authored 
      This patch adds the nft_flow_block_offload_init() helper function to
initialize the flow_block_offload object.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      75ceaf86
    • Pablo Neira Ayuso's avatar
      netfilter: nf_tables_offload: add nft_chain_offload_cmd() · 6df5490f
      Pablo Neira Ayuso authored 
      This patch adds the nft_chain_offload_cmd() helper function.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      6df5490f
    • Florian Westphal's avatar
      netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks · ad88b7a6
      Florian Westphal authored 
      syzbot reported following splat:
BUG: KASAN: use-after-free in __nf_ct_ext_exist
include/net/netfilter/nf_conntrack_extend.h:53 [inline]
BUG: KASAN: use-after-free in nf_ct_deliver_cached_events+0x5c3/0x6d0
net/netfilter/nf_conntrack_ecache.c:205
nf_conntrack_confirm include/net/netfilter/nf_conntrack_core.h:65 [inline]
nf_confirm+0x3d8/0x4d0 net/netfilter/nf_conntrack_proto.c:154
[..]

While there is no reproducer yet, the syzbot report contains one
interesting bit of information:

Freed by task 27585:
[..]
 kfree+0x10a/0x2c0 mm/slab.c:3757
 nf_ct_ext_destroy+0x2ab/0x2e0 net/netfilter/nf_conntrack_extend.c:38
 nf_conntrack_free+0x8f/0xe0 net/netfilter/nf_conntrack_core.c:1418
 destroy_conntrack+0x1a2/0x270 net/netfilter/nf_conntrack_core.c:626
 nf_conntrack_put include/linux/netfilter/nf_conntrack_common.h:31 [inline]
 nf_ct_resolve_clash net/netfilter/nf_conntrack_core.c:915 [inline]
 ^^^^^^^^^^^^^^^^^^^
 __nf_conntrack_confirm+0x21ca/0x2830 net/netfilter/nf_conntrack_core.c:1038
 nf_conntrack_confirm include/net/netfilter/nf_conntrack_core.h:63 [inline]
 nf_confirm+0x3e7/0x4d0 net/netfilter/nf_conntrack_proto.c:154

This is whats happening:

1. a conntrack entry is about to be confirmed (added to hash table).
2. a clash with existing entry is detected.
3. nf_ct_resolve_clash() puts skb->nfct (the "losing" entry).
4. this entry now has a refcount of 0 and is freed to SLAB_TYPESAFE_BY_RCU
   kmem cache.

skb->nfct has been replaced by the one found in the hash.
Problem is that nf_conntrack_confirm() uses the old ct:

static inline int nf_conntrack_confirm(struct sk_buff *skb)
{
 struct nf_conn *ct = (struct nf_conn *)skb_nfct(skb);
 int ret = NF_ACCEPT;

  if (ct) {
    if (!nf_ct_is_confirmed(ct))
       ret = __nf_conntrack_confirm(skb);
    if (likely(ret == NF_ACCEPT))
	nf_ct_deliver_cached_events(ct); /* This ct has refcount 0! */
  }
  return ret;
}

As of "netfilter: conntrack: free extension area immediately", we can't
access conntrack extensions in this case.

To fix this, make sure we check the dying bit presence before attempting
to get the eache extension.

Reported-by: syzbot+c7aabc9fe93e7f3637ba@syzkaller.appspotmail.com
Fixes: 2ad9d774 ("netfilter: conntrack: free extension area immediately")
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      ad88b7a6
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7