Re: [PATCH 00/14] Modify action API for implementing lockless actions

On Fri, May 25, 2018 at 1:39 PM, Vlad Buslov <vla...@mellanox.com> wrote: > > On Thu 24 May 2018 at 23:34, Cong Wang <xiyou.wangc...@gmail.com> wrote: >> On Mon, May 14, 2018 at 7:27 AM, Vlad Buslov <vla...@mellanox.com> wrote: >>> Currently, all netli

Re: [PATCH 00/14] Modify action API for implementing lockless actions

On Mon, May 14, 2018 at 7:27 AM, Vlad Buslov wrote: > Currently, all netlink protocol handlers for updating rules, actions and > qdiscs are protected with single global rtnl lock which removes any > possibility for parallelism. This patch set is a first step to remove > rtnl

[Patch nf] ipvs: initialize tbl->entries in ip_vs_lblc_init_svc()

ov <j...@ssi.bg> Cc: Pablo Neira Ayuso <pa...@netfilter.org> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/netfilter/ipvs/ip_vs_lblc.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/ipvs/ip_vs_lblc.c b/net/netfilter/ipvs/ip_vs_lblc.c index 3057e453bf

[Patch nf] ipvs: initialize tbl->entries after allocation

@ssi.bg> Cc: Pablo Neira Ayuso <pa...@netfilter.org> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/netfilter/ipvs/ip_vs_lblcr.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/ipvs/ip_vs_lblcr.c b/net/netfilter/ipvs/ip_vs_lblcr.c index 92adc04557ed..bc2bc5

Re: linux-next: build failure after merge of the netfilter tree

On Mon, Apr 16, 2018 at 4:28 PM, Stephen Rothwell wrote: > Hi all, > > After merging the netfilter tree, today's linux-next build (powerpc > ppc64_defconfig) failed like this: > > net/netfilter/nf_conntrack_extend.c: In function 'nf_ct_ext_ > add': >

[Patch nf] nf_conntrack_extend: silent a memory leak warning

<pa...@netfilter.org> Cc: Jozsef Kadlecsik <kad...@blackhole.kfki.hu> Cc: Florian Westphal <f...@strlen.de> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/netfilter/nf_conntrack_extend.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/

Re: WARNING in __proc_create

On Fri, Mar 9, 2018 at 3:21 PM, Eric Dumazet <eric.duma...@gmail.com> wrote: > > > On 03/09/2018 03:05 PM, Cong Wang wrote: >> >> >> BTW, the warning itself is all about empty names, so perhaps >> it's better to fix them separately. > > > Huh ? Yo

Re: WARNING in __proc_create

On Fri, Mar 9, 2018 at 2:58 PM, Eric Dumazet wrote: > > > On 03/09/2018 02:56 PM, Eric Dumazet wrote: > >> >> I sent a patch a while back, but Pablo/Florian wanted more than that >> simple fix. >> >> We also need to filter special characters like '/' proc_create_data()

Re: WARNING in __proc_create

On Fri, Mar 9, 2018 at 1:59 PM, syzbot wrote: > Hello, > > syzbot hit the following crash on net-next commit > 617aebe6a97efa539cc4b8a52adccd89596e6be0 (Sun Feb 4 00:25:42 2018 +) > Merge tag 'usercopy-v4.16-rc1' of >

[Patch nf-next] netfilter: make xt_rateest hash table per net

As suggested by Eric, we need to make the xt_rateest hash table and its lock per netns to reduce lock contentions. Cc: Florian Westphal <f...@strlen.de> Cc: Eric Dumazet <eduma...@google.com> Cc: Pablo Neira Ayuso <pa...@netfilter.org> Signed-off-by: Cong Wang <xiy

[Patch net v2] ipt_CLUSTERIP: fix a refcount bug in clusterip_config_find_get()

xes: d73f33b16883 ("netfilter: CLUSTERIP: RCU conversion") Cc: Eric Dumazet <eric.duma...@gmail.com> Cc: Pablo Neira Ayuso <pa...@netfilter.org> Cc: Florian Westphal <f...@strlen.de> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/ipv4/netfilter/ipt_CLUSTE

Re: [Patch net] ipt_CLUSTERIP: fix a refcount bug in clusterip_config_find_get()

On Thu, Feb 8, 2018 at 12:01 AM, Florian Westphal <f...@strlen.de> wrote: > Cong Wang <xiyou.wangc...@gmail.com> wrote: >> In clusterip_config_find_get() we hold RCU read lock so it could >> run concurrently with clusterip_config_entry_put(), as a result, >> the

[Patch net] ipt_CLUSTERIP: fix a race condition of proc file creation

t; Cc: Pablo Neira Ayuso <pa...@netfilter.org> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/ipv4/netfilter/ipt_CLUSTERIP.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c

Re: WARNING: proc registration bug in clusterip_tg_check

On Tue, Feb 6, 2018 at 6:27 AM, syzbot wrote: > Hello, > > syzbot hit the following crash on net-next commit > 617aebe6a97efa539cc4b8a52adccd89596e6be0 (Sun Feb 4 00:25:42 2018 +) > Merge tag 'usercopy-v4.16-rc1' of >

[Patch net v2] xt_RATEEST: acquire xt_rateest_mutex for hash insert

bot+5cb189720978275e4...@syzkaller.appspotmail.com> Fixes: 5859034d7eb8 ("[NETFILTER]: x_tables: add RATEEST target") Cc: Pablo Neira Ayuso <pa...@netfilter.org> Cc: Eric Dumazet <eric.duma...@gmail.com> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --

Re: [Patch net] xt_RATEEST: acquire xt_rateest_mutex for hash insert

On Wed, Jan 31, 2018 at 5:44 PM, Eric Dumazet <eric.duma...@gmail.com> wrote: > On Wed, 2018-01-31 at 16:26 -0800, Cong Wang wrote: >> rateest_hash is supposed to be protected by xt_rateest_mutex. >> >> Reported-by: <syzbot+5cb189720978275e4...@syzkaller.appspotma

[Patch net] xt_RATEEST: acquire xt_rateest_mutex for hash insert

rateest_hash is supposed to be protected by xt_rateest_mutex. Reported-by: <syzbot+5cb189720978275e4...@syzkaller.appspotmail.com> Fixes: 5859034d7eb8 ("[NETFILTER]: x_tables: add RATEEST target") Cc: Pablo Neira Ayuso <pa...@netfilter.org> Signed-off-by: Cong Wang <

[Patch net] xt_cgroup: initialize info->priv in cgroup_mt_check_v1()

blo Neira Ayuso <pa...@netfilter.org> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/netfilter/xt_cgroup.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/netfilter/xt_cgroup.c b/net/netfilter/xt_cgroup.c index 1db1ce59079f..891f4e7e8ea7 100644 --- a/net/netfilter/xt_cgroup.c

Re: Memory leaks in conntrack

On Wed, Sep 13, 2017 at 9:45 AM, Cong Wang <xiyou.wangc...@gmail.com> wrote: > On Wed, Sep 13, 2017 at 1:05 AM, Florian Westphal <f...@strlen.de> wrote: >> Cong Wang <xiyou.wangc...@gmail.com> wrote: >>> While testing my TC filter patches (so not related to

Re: Memory leaks in conntrack

On Wed, Sep 13, 2017 at 1:05 AM, Florian Westphal <f...@strlen.de> wrote: > Cong Wang <xiyou.wangc...@gmail.com> wrote: >> While testing my TC filter patches (so not related to conntrack), the >> following memory leaks are shown up: >> >> unreferen

Memory leaks in conntrack

Hello, While testing my TC filter patches (so not related to conntrack), the following memory leaks are shown up: unreferenced object 0x9b19ba551228 (size 128): comm "chronyd", pid 338, jiffies 4294910829 (age 53.188s) hex dump (first 32 bytes): 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b

Re: [PATCH net] net: sched: fix NULL pointer dereference when action calls some targets

On Wed, Aug 16, 2017 at 1:39 AM, Xin Long <lucien@gmail.com> wrote: > On Wed, Aug 9, 2017 at 7:33 AM, Cong Wang <xiyou.wangc...@gmail.com> wrote: >> On Mon, Aug 7, 2017 at 7:33 PM, Xin Long <lucien@gmail.com> wrote: >>> On Tue, Aug 8, 2017 at 9:15 AM,

Re: [PATCH net] net: sched: fix NULL pointer dereference when action calls some targets

On Mon, Aug 7, 2017 at 7:33 PM, Xin Long <lucien@gmail.com> wrote: > On Tue, Aug 8, 2017 at 9:15 AM, Cong Wang <xiyou.wangc...@gmail.com> wrote: >> This looks like a completely API burden? > netfilter xt targets are not really compatible with netsched action. >

Re: net-next STATUS page

On Tue, Jul 11, 2017 at 7:24 AM, David Miller wrote: > > It has gotten to the point that even casually walking around > Faro, Portugal last week, random German tourists would stop > me in the street and ask if net-next was open or not. > > Therefore, in order to avoid any and

Re: [PATCH nf-next] netns: add and use net_ns_barrier

On Tue, Jun 13, 2017 at 11:07 AM, Florian Westphal wrote: > Historically it wasn't needed because we just clear out the helper area > in the affected conntracks (i.e, future packets are not inspected by > the helper anymore). > > When conntracks were made per-netns this problem

Re: [PATCH nf-next] netns: add and use net_ns_barrier

On Mon, Jun 12, 2017 at 11:16 PM, Florian Westphal <f...@strlen.de> wrote: > Cong Wang <xiyou.wangc...@gmail.com> wrote: >> On Thu, Jun 1, 2017 at 1:52 AM, Florian Westphal <f...@strlen.de> wrote: >> > Joe described it nicely, problem is that after unload we

Re: [PATCH nf-next] netns: add and use net_ns_barrier

On Thu, Jun 1, 2017 at 1:52 AM, Florian Westphal wrote: > Joe described it nicely, problem is that after unload we may have > conntracks that still have a nf_conn_help extension attached that > has a pointer to a structure that resided in the (unloaded) module. Why not hold a

Re: net: possible deadlock in skb_queue_tail

On Mon, Feb 20, 2017 at 5:29 AM, Andrey Konovalov wrote: > other info that might help us debug this: > > Possible unsafe locking scenario: > >CPU0CPU1 > > lock(&(>lock)->rlock); >

Re: net: suspicious RCU usage in nf_hook

On Wed, Feb 1, 2017 at 1:16 PM, Eric Dumazet <eric.duma...@gmail.com> wrote: > On Wed, 2017-02-01 at 12:51 -0800, Cong Wang wrote: >> On Tue, Jan 31, 2017 at 7:44 AM, Eric Dumazet <eric.duma...@gmail.com> wrote: >> > On Mon, 2017-01-30 at 22:19 -0800, Cong Wang wrote

Re: net: suspicious RCU usage in nf_hook

On Tue, Jan 31, 2017 at 7:44 AM, Eric Dumazet <eric.duma...@gmail.com> wrote: > On Mon, 2017-01-30 at 22:19 -0800, Cong Wang wrote: > >> >> The context is process context (TX path before hitting qdisc), and >> BH is not disabled, so in_interrupt() doesn't catch it.

Re: net: suspicious RCU usage in nf_hook

On Fri, Jan 27, 2017 at 5:31 PM, Eric Dumazet <eric.duma...@gmail.com> wrote: > On Fri, 2017-01-27 at 17:00 -0800, Cong Wang wrote: >> On Fri, Jan 27, 2017 at 3:35 PM, Eric Dumazet <eric.duma...@gmail.com> wrote: >> > Oh well, I forgot to submit the official patch I t

Re: net: suspicious RCU usage in nf_hook

On Fri, Jan 27, 2017 at 3:35 PM, Eric Dumazet wrote: > Oh well, I forgot to submit the official patch I think, Jan 9th. > > https://groups.google.com/forum/#!topic/syzkaller/BhyN5OFd7sQ > Hmm, but why only fragments need skb_orphan()? It seems like any kfree_skb() inside

Re: net: suspicious RCU usage in nf_hook

On Fri, Jan 27, 2017 at 1:15 PM, Dmitry Vyukov wrote: > stack backtrace: > CPU: 2 PID: 23111 Comm: syz-executor14 Not tainted 4.10.0-rc5+ #192 > Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011 > Call Trace: > __dump_stack lib/dump_stack.c:15

[Patch net] ipvs: use IPVS_CMD_ATTR_MAX for family.maxattr

family.maxattr is the max index for policy[], the size of ops[] is determined with ARRAY_SIZE(). Reported-by: Andrey Konovalov <andreyk...@google.com> Tested-by: Andrey Konovalov <andreyk...@google.com> Cc: Pablo Neira Ayuso <pa...@netfilter.org> Signed-off-by: Cong Wang <xiy