Re: RCU callback crashes

On Tue, Dec 19, 2017 at 10:34 PM, Jakub Kicinski wrote: > Ah, no object debug but KASAN on produces this: > I bet it is an ingress qdisc which is being freed? > [ 39.268209] BUG: KASAN: use-after-free in cpu_needs_another_gp+0x246/0x2b0 > [ 39.275965] Read of size 8 at

Re: [Patch net-next] net_sched: properly check for empty skb array on error path

On Mon, Dec 18, 2017 at 7:58 PM, John Fastabend <john.fastab...@gmail.com> wrote: > On 12/18/2017 06:20 PM, Cong Wang wrote: >> On Mon, Dec 18, 2017 at 5:25 PM, John Fastabend >> <john.fastab...@gmail.com> wrote: >>> On 12/18/2017 02:34 PM, Cong Wang wrote:

Re: [Patch net-next] net_sched: properly check for empty skb array on error path

On Mon, Dec 18, 2017 at 5:25 PM, John Fastabend <john.fastab...@gmail.com> wrote: > On 12/18/2017 02:34 PM, Cong Wang wrote: >> First, the check of >ring.queue against NULL is wrong, it >> is always false. We should check the value rather than the address. >> >

[Patch net-next] net_sched: properly check for empty skb array on error path

ed: pfifo_fast use skb_array") Reported-by: syzbot <syzkal...@googlegroups.com> Cc: John Fastabend <john.fastab...@gmail.com> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/sched/sch_generic.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff

Re: [PATCH v7 2/3] sock: Move the socket inuse to namespace.

On Mon, Dec 18, 2017 at 11:30 AM, David Miller wrote: > From: Tonghao Zhang > Date: Thu, 14 Dec 2017 05:51:58 -0800 > >> In some case, we want to know how many sockets are in use in >> different _net_ namespaces. It's a key resource metric. > >

Re: [patch net 2/2] net: sched: fix static key imbalance in case of ingress/clsact_init error

e ingress/clsact_init fails. > > Fixes: 6529eaba33f0 ("net: sched: introduce tcf block infractructure") > Signed-off-by: Jiri Pirko <j...@mellanox.com> Acked-by: Cong Wang <xiyou.wangc...@gmail.com>

Re: [patch net 1/2] net: sched: fix clsact init error path

trying to put already freed block. > > Fixes: 6e40cf2d4dee ("net: sched: use extended variants of block_get/put in > ingress and clsact qdiscs") > Signed-off-by: Jiri Pirko <j...@mellanox.com> Acked-by: Cong Wang <xiyou.wangc...@gmail.com>

Re: KASAN: use-after-free Read in refcount_inc_not_zero

On Thu, Dec 14, 2017 at 10:23 AM, syzbot wrote: > syzkaller has found reproducer for the following crash on > 82bcf1def3b5f1251177ad47c44f7e17af039b4b > git://git.cmpxchg.org/linux-mmots.git/master > compiler: gcc (GCC) 7.1.1

Re: [net-next PATCH 14/14] net: sched: pfifo_fast use skb_array

On Thu, Dec 7, 2017 at 9:58 AM, John Fastabend wrote: > This converts the pfifo_fast qdisc to use the skb_array data structure > and set the lockless qdisc bit. pfifo_fast is the first qdisc to support > the lockless bit that can be a child of a qdisc requiring locking.

Re: [PATCH] veth: Optionally pad packets to minimum Ethernet length

On Tue, Dec 12, 2017 at 8:13 AM, Ed Swierk wrote: > Most physical Ethernet devices pad short packets to the minimum length > of 64 bytes (including FCS) on transmit. It can be useful to simulate > this behavior when debugging a problem that results from it (such as >

Re: [PATCH v6 2/3] sock: Move the socket inuse to namespace.

On Sun, Dec 10, 2017 at 7:12 AM, Tonghao Zhang wrote: > diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c > index b797832..6c191fb 100644 > --- a/net/core/net_namespace.c > +++ b/net/core/net_namespace.c > @@ -363,6 +363,13 @@ static struct net

[Patch net-next] net_sched: switch to exit_batch for action pernet ops

Since we now hold RTNL lock in tc_action_net_exit(), it is good to batch them to speedup tc action dismantle. Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- include/net/act_api.h | 13

Re: [PATCH v5 2/2] sock: Move the socket inuse to namespace.

On Fri, Dec 8, 2017 at 9:27 PM, Tonghao Zhang <xiangxia.m@gmail.com> wrote: > On Sat, Dec 9, 2017 at 6:09 AM, Cong Wang <xiyou.wangc...@gmail.com> wrote: >> On Thu, Dec 7, 2017 at 9:28 PM, Tonghao Zhang <xiangxia.m@gmail.com> >> wrote: >>> >

Re: kernel BUG at net/core/skbuff.c:LINE! (2)

On Fri, Dec 8, 2017 at 12:45 AM, Xin Long wrote: > This isn't a sctp problem, but mld's, seems when lo's mtu became 0, > it allocs a skb without enough space in add_grec(): Shouldn't we just set its min_mtu to ETH_MIN_MTU?

Re: [PATCH v5 2/2] sock: Move the socket inuse to namespace.

On Thu, Dec 7, 2017 at 9:28 PM, Tonghao Zhang wrote: > > Release the netlink sock created in kernel(not hold the _net_ namespace): > You can avoid counting kernel sock by testing 'kern' in sk_alloc() and testing 'sk->sk_net_refcnt' in __sk_free().

Re: BUG: KASAN: use-after-free in tcf_block_put_ext+0x5cf/0x5e0

On Thu, Dec 7, 2017 at 8:59 PM, Jakub Kicinski wrote: > On Thu, 7 Dec 2017 20:51:27 -0800, Jakub Kicinski wrote: >> Running the netdevsim test after a week and a bit of not trying it: >> >> $ make -C tools/testing/selftests/bpf/ CLANG=clang LLC=llc >> #

Re: [PATCH v5 2/2] sock: Move the socket inuse to namespace.

On Thu, Dec 7, 2017 at 9:20 AM, Eric Dumazet wrote: > On Thu, 2017-12-07 at 08:45 -0800, Tonghao Zhang wrote: >> In some case, we want to know how many sockets are in use in >> different _net_ namespaces. It's a key resource metric. >> > > ... > >> +static void

[Patch net-next 1/2] netlink: make netlink tap per netns

nlmon device is not supposed to capture netlink events from other netns, so instead of filtering events, we can simply make netlink tap itself per netns. Cc: Daniel Borkmann <dan...@iogearbox.net> Cc: Kevin Cernekee <cerne...@chromium.org> Signed-off-by: Cong Wang <xiyou.wan

[Patch net-next 2/2] netlink: convert netlink tap spinlock to mutex

dan...@iogearbox.net> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/netlink/af_netlink.c | 12 ++-- 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index de5324cc98d4..f6e6d2278fa9 100644 --- a

[Patch net-next 0/2] netlink: improve netlink tap code

Cong Wang (2): netlink: make netlink tap per netns netlink: convert netlink tap spinlock to mutex net/netlink/af_netlink.c | 66 +++- 1 file changed, 49 insertions(+), 17 deletions(-) -- 2.13.0

Re: [PATCH net-next 0/6] net: sched: sch: introduce extack support

ries based on patches by David Ahren which gave me some > hints how to deal with extack support. > > Cc: David Ahern <dsah...@gmail.com> Acked-by: Cong Wang <xiyou.wangc...@gmail.com>

Re: [PATCH v3] net: sched: crash on blocks with goto chain action

On Tue, Dec 5, 2017 at 8:22 AM, David Miller wrote: > > This doesn't apply cleanly to 'net'. Dave, you already applied v2: commit a60b3f515d30d0fe8537c64671926879a3548103 Author: Roman Kapl Date: Fri Nov 24 12:27:58 2017 +0100 net: sched: crash on

[Patch net-next v2] act_mirred: get rid of mirred_list_lock spinlock

TC actions are no longer freed in RCU callbacks and we should always have RTNL lock, so this spinlock is no longer needed. Cc: Eric Dumazet <eric.duma...@gmail.com> Cc: Jiri Pirko <j...@mellanox.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> Signed-off-by: Cong Wang <xiy

[Patch net-next v2] act_mirred: get rid of tcfm_ifindex from struct tcf_mirred

is gone we just dump 0 as ifindex. Cc: Jiri Pirko <j...@mellanox.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- drivers/net/ethernet/broadcom/bnxt/bnxt_tc.c | 6 ++ drivers/net/ethernet/chelsio/cxgb4/cxgb4

[Patch net-next] net_sched: remove unused parameter from act cleanup ops

No one actually uses it. Cc: Jiri Pirko <j...@mellanox.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- include/net/act_api.h | 2 +- net/sched/act_api.c| 2 +- net/sched/act_bpf.c| 2 +- net/sched/act

Re: [PATCH net-next 2/2] veth: allow configuring GSO maximums

On Fri, Dec 1, 2017 at 12:11 PM, Stephen Hemminger wrote: > Veth's can be used in environments (like Azure) where the underlying > network device is impacted by large GSO packets. This patch allows > gso maximum values to be passed in when creating the device via >

Re: [Patch net v2] tipc: fix a null pointer deref on error path

On Mon, Dec 4, 2017 at 12:32 PM, Jon Maloy wrote: > >> You are right. The right solution is to just call conn_put() twice here. >> I already have a patch ready for this, but it is part of a series that needs >> more >> review. >> I should probably post it separately... >

Re: [Patch net v2] tipc: fix a null pointer deref on error path

On Mon, Dec 4, 2017 at 11:23 AM, Cong Wang <xiyou.wangc...@gmail.com> wrote: > On Mon, Dec 4, 2017 at 10:57 AM, David Miller <da...@davemloft.net> wrote: >> >> It looks like tipc_accept_from_sock() has a similar problem? The >> tipc_close_conn() will get invoked

Re: [Patch net v2] tipc: fix a null pointer deref on error path

On Mon, Dec 4, 2017 at 10:57 AM, David Miller <da...@davemloft.net> wrote: > From: Cong Wang <xiyou.wangc...@gmail.com> > Date: Mon, 4 Dec 2017 10:31:43 -0800 > >> In tipc_topsrv_kern_subscr() when s->tipc_conn_new() fails >> we call tipc_close_conn() to c

[Patch net-next v2] net_sched: get rid of rcu_barrier() in tcf_block_put_ext()

atatu.com> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- include/net/sch_generic.h | 1 - net/sched/cls_api.c | 30 +- 2 files changed, 9 insertions(+), 22 deletions(-) diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h index 65d

[Patch net v2] tipc: fix a null pointer deref on error path

e <ying@windriver.com> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/tipc/server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/tipc/server.c b/net/tipc/server.c index acaef80fb88c..2710101ba4c1 100644 --- a/net/tipc/server.c +++ b/net/t

Re: [Patch net] tipc: fix a null pointer deref on error path

On Mon, Dec 4, 2017 at 4:43 AM, Ying Xue <ying@windriver.com> wrote: > On 12/04/2017 11:54 AM, Cong Wang wrote: >> In tipc_topsrv_kern_subscr() when s->tipc_conn_new() fails >> we call tipc_close_conn() to clean up, but in this case >> con->usr_data is N

[Patch net] tipc: fix a null pointer deref on error path

ockopt net/socket.c:1851 [inline] SyS_setsockopt+0x189/0x360 net/socket.c:1830 entry_SYSCALL_64_fastpath+0x1f/0x96 Reported-by: syzbot <syzkal...@googlegroups.com> Cc: Jon Maloy <jon.ma...@ericsson.com> Cc: Ying Xue <ying@windriver.com> Signed-off-by: Cong Wang <xiyou.w

Re: general protection fault in __lock_acquire (2)

On Sun, Dec 3, 2017 at 4:33 PM, syzbot wrote: > syzkaller has found reproducer for the following crash on > fb7516d42478ebc8e2f00efb76ef96f7b68fd8d3 > git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/master >

Re: [Patch net-next] net_sched: get rid of rcu_barrier() in tcf_block_put_ext()

On Sat, Dec 2, 2017 at 1:21 AM, Jiri Pirko wrote: > Sat, Dec 02, 2017 at 01:18:04AM CET, xiyou.wangc...@gmail.com wrote: >>Both Eric and Paolo noticed the rcu_barrier() we use in >>tcf_block_put_ext() could be a performance bottleneck when >>we have lots of filters. > > The

Re: [Patch net-next] act_mirred: use tcfm_dev in tcf_mirred_get_dev()

On Sat, Dec 2, 2017 at 11:47 AM, Cong Wang <xiyou.wangc...@gmail.com> wrote: > On Sat, Dec 2, 2017 at 12:57 AM, Jiri Pirko <j...@resnulli.us> wrote: >> Good. Please also use m->tcfm_dev->ifindex in tcf_mirred_dump and >> tcf_mirred_ifindex. Then you can remove tc

Re: [Patch net-next] act_mirred: use tcfm_dev in tcf_mirred_get_dev()

On Sat, Dec 2, 2017 at 12:57 AM, Jiri Pirko wrote: > Good. Please also use m->tcfm_dev->ifindex in tcf_mirred_dump and > tcf_mirred_ifindex. Then you can remove tcfm_ifindex completely. Sounds good. Will send v2.

[Patch net-next] net_sched: get rid of rcu_barrier() in tcf_block_put_ext()

atatu.com> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- include/net/sch_generic.h | 2 +- net/sched/cls_api.c | 31 +-- 2 files changed, 10 insertions(+), 23 deletions(-) diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h index 65d

Re: [RFC PATCH] net_sched: bulk free tcf_block

On Fri, Dec 1, 2017 at 3:05 AM, Paolo Abeni wrote: > > Thank you for the feedback. > > I tested your patch and in the above scenario I measure: > > real0m0.017s > user0m0.000s > sys 0m0.017s > > so it apparently works well for this case. Thanks a lot for testing

Re: [Patch net-next] act_mirred: use tcfm_dev in tcf_mirred_get_dev()

On Fri, Dec 1, 2017 at 9:56 AM, Jiri Pirko wrote: > > Isn't this here so user may specify a ifindex of netdev which is not yet > present on the system (not sure how much sense that would make though...) How is this even possible? If an ifindex is not present, we return ENODEV:

Re: [RFC PATCH] net_sched: bulk free tcf_block

On Wed, Nov 29, 2017 at 6:25 AM, Paolo Abeni wrote: > Currently deleting qdisc with a large number of children and filters > can take a lot of time: > > tc qdisc add dev lo root htb > for I in `seq 1 1000`; do > tc class add dev lo parent 1: classid 1:$I htb rate

Re: [Patch net-next] act_mirred: get rid of mirred_list_lock spinlock

On Thu, Nov 30, 2017 at 3:12 PM, Eric Dumazet <eric.duma...@gmail.com> wrote: > On Thu, 2017-11-30 at 14:53 -0800, Cong Wang wrote: >> @@ -55,13 +54,10 @@ static void tcf_mirred_release(struct tc_action >> *a, int bind) >> struct tcf_mirred *m = to_mirred(a); >

[Patch net-next] act_mirred: get rid of mirred_list_lock spinlock

TC actions are no longer freed in RCU callbacks and we should always have RTNL lock, so this spinlock is no longer needed. Cc: Jiri Pirko <j...@mellanox.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/sched/act_mirred

[Patch net-next] act_mirred: use tcfm_dev in tcf_mirred_get_dev()

atatu.com> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- include/net/tc_act/tc_mirred.h | 1 - net/sched/act_mirred.c | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/include/net/tc_act/tc_mirred.h b/include/net/tc_act/tc_mirred.h index 21d253c9a8c6..b

[Patch net v2] act_sample: get rid of tcf_sample_cleanup_rcu()

respected at filter layer. Fixes: 5c5670fae430 ("net/sched: Introduce sample tc action") Reported-by: Eric Dumazet <eric.duma...@gmail.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Cc: Yotam Gigi <yot...@mellanox.com> Signed

Re: KASAN: use-after-free Read in sock_release

(Cc'ing fs people...) On Wed, Nov 29, 2017 at 12:33 AM, syzbot wrote: > Hello, > > syzkaller hit the following crash on > 1d3b78bbc6e983fabb3fbf91b76339bf66e4a12c >

Re: [Patch net] act_sample: get rid of tcf_sample_cleanup_rcu()

On Wed, Nov 29, 2017 at 10:32 AM, Cong Wang <xiyou.wangc...@gmail.com> wrote: > Similar to commit d7fb60b9cafb ("net_sched: get rid of tcfa_rcu"), > TC actions don't need to respect RCU grace period, because it > is either just detached from tc filter (standalone case) or

[Patch net] act_sample: get rid of tcf_sample_cleanup_rcu()

respected at filter layer. Fixes: 5c5670fae430 ("net/sched: Introduce sample tc action") Reported-by: Eric Dumazet <eric.duma...@gmail.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Cc: Yotam Gigi <yot...@mellanox.com> Signed

Re: [BUG] net/sched: use after free

On Wed, Nov 29, 2017 at 9:32 AM, Eric Dumazet wrote: > Hi > > Running the following script twice gave me a KASAN splat on net tree, > (this is on commit f6454f80e8a965fca203dab28723f68ec78db608 ) > > > ETH=eth0 > > tc qdisc del dev $ETH ingress 2>/dev/null > tc qdisc add

Re: [PATCH net] cls_bpf: don't decrement net's refcount when offload fails

es: aae2c35ec892 ("cls_bpf: use tcf_exts_get_net() before call_rcu()") > Signed-off-by: Jakub Kicinski <jakub.kicin...@netronome.com> > Reviewed-by: Simon Horman <simon.hor...@netronome.com> Acked-by: Cong Wang <xiyou.wangc...@gmail.com> Thanks.

Re: [PATCH net] sch_sfq: fix null pointer dereference at timer expiration

ck tries to > dereference a NULL pointer, and the kernel does oops. > > Fix it initializing such field at qdisc creation time. > > Fixes: cdeabbb88134 ("net: sched: Convert timers to use timer_setup()") > Signed-off-by: Paolo Abeni <pab...@redhat.com> Acked-by: Cong Wang <xiyou.wangc...@gmail.com>

Re: [PATCH v2] net: sched: crash on blocks with goto chain action

On Fri, Nov 24, 2017 at 3:27 AM, Roman Kapl wrote: > > Fixes: 822e86d997 ("net_sched: remove tcf_block_put_deferred()") You blame a wrong commit here. Commit 822e86d997 was correct at that time, it is the patchset which includes commit e4b95c41df36befcfd11721 makes it buggy

[Patch net] xfrm: check id proto in validate_tmpl()

teffen.klass...@secunet.com> Cc: Herbert Xu <herb...@gondor.apana.org.au> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/xfrm/xfrm_user.c | 15 +++ 1 file changed, 15 insertions(+) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 983b0233767b..c2

Re: WARNING in xfrm_state_fini

On Mon, Nov 27, 2017 at 3:55 AM, Steffen Klassert <steffen.klass...@secunet.com> wrote: > On Tue, Nov 21, 2017 at 06:44:04PM -0800, Cong Wang wrote: >> User-space uses proto==0 as a wildcard, but xfrm_id_proto_match() >> doesn't consider it as a match with IPSEC_PR

Re: [PATCH] net: sched: crash on blocks with goto chain action

On Tue, Nov 21, 2017 at 12:02 PM, Roman Kapl wrote: > > But maybe the "hold all chains" approach from 822e86d997 (net_sched: remove > tcf_block_put_deferred()) is simpler to understand? > Yes, it is much easier to understand for me, probably for others too.

Re: WARNING in xfrm_state_fini

On Tue, Nov 21, 2017 at 2:00 AM, syzbot wrote: > Hello, > > syzkaller hit the following crash on > c8a0739b185d11d6e2ca7ad9f5835841d1cfc765 > git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master > compiler:

Re: [PATCH] net: sched: crash on blocks with goto chain action

On Mon, Nov 20, 2017 at 1:41 PM, Roman Kapl <c...@rkapl.cz> wrote: > On 11/20/2017 06:54 PM, Cong Wang wrote: >> >> On Sun, Nov 19, 2017 at 8:17 AM, Roman Kapl <c...@rkapl.cz> wrote: >>> >>> tcf_block_put_ext has assumed that all filters (and thus

Re: [PATCH v2] net: sched: fix crash when deleting secondary chains

flushing"), > but unless you have KAsan or luck, you won't notice it until > commit 0dadc117ac8b ("cls_flower: use tcf_exts_get_net() before call_rcu()") > > Fixes: f93e1cdcf42c ("net/sched: fix filter flushing") > Acked-by: Jiri Pirko <j...@mellanox.com> > Signed-off-by: Roman Kapl <c...@rkapl.cz> Acked-by: Cong Wang <xiyou.wangc...@gmail.com>

Re: [PATCH] net: sched: crash on blocks with goto chain action

On Sun, Nov 19, 2017 at 8:17 AM, Roman Kapl wrote: > tcf_block_put_ext has assumed that all filters (and thus their goto > actions) are destroyed in RCU callback and thus can not race with our > list iteration. However, that is not true during netns cleanup (see > tcf_exts_get_net

Re: [PATCH v3 2/2] sock: Move the socket inuse to namespace.

On Wed, Nov 15, 2017 at 7:36 AM, Tonghao Zhang wrote: > diff --git a/net/core/sock.c b/net/core/sock.c > index b899d8669388..f01ed0b41bde 100644 > --- a/net/core/sock.c > +++ b/net/core/sock.c > @@ -145,6 +145,10 @@ > static DEFINE_MUTEX(proto_list_mutex); > static

Re: [patch net-next v2 00/10] net: sched: allow qdiscs to share filter block instances

On Sun, Nov 12, 2017 at 7:55 AM, Jiri Pirko wrote: > From: Jiri Pirko > > Currently the filters added to qdiscs are independent. So for example if you > have 2 netdevices and you create ingress qdisc on both and you want to add > identical filter rules both,

Re: [patch net] net: forbid netdev used by mirred tc act from being moved to another netns

On Mon, Nov 13, 2017 at 10:35 PM, Jiri Pirko wrote: > > Okay. What about my question? Should we allow adding an action mirred > pointing to a netdev in another netns? I think it would make sense in > case we consider movement of mirred device legit. I don't think it is possible

Re: [PATCH] net: Convert net_mutex into rw_semaphore and down read it on net->init/->exit

On Tue, Nov 14, 2017 at 5:53 AM, Kirill Tkhai wrote: > @@ -406,7 +406,7 @@ struct net *copy_net_ns(unsigned long flags, > > get_user_ns(user_ns); > > - rv = mutex_lock_killable(_mutex); > + rv = down_read_killable(_sem); > if (rv < 0) { >

Re: [PATCH v2 net-next] socket: Move the socket inuse to namespace.

On Tue, Nov 14, 2017 at 3:17 AM, Tonghao Zhang wrote: > Hi cong, we increase the socket inuse in sk_allock ? How about sock_init_data()? Or at least you can replace get_net() with read_pnet()?

Re: [PATCH v2 net-next] socket: Move the socket inuse to namespace.

On Mon, Nov 13, 2017 at 7:23 PM, 张军伟(基础平台部) <zhangjunweimar...@didichuxing.com> wrote: > >> On 14 Nov 2017, at 10:09, Cong Wang <xiyou.wangc...@gmail.com> wrote: >> >> On Mon, Nov 13, 2017 at 4:36 AM, Tonghao Zhang <xiangxia.m@gmail.com> >&g

Re: [patch net] net: forbid netdev used by mirred tc act from being moved to another netns

On Mon, Nov 13, 2017 at 9:17 PM, Jiri Pirko wrote: > Mon, Nov 13, 2017 at 08:53:57PM CET, xiyou.wangc...@gmail.com wrote: >>On Mon, Nov 13, 2017 at 6:05 AM, Jiri Pirko wrote: >>> From: Jiri Pirko >>> >>> Currently, user may choose to move

Re: [PATCH v2 net-next] socket: Move the socket inuse to namespace.

On Mon, Nov 13, 2017 at 4:36 AM, Tonghao Zhang wrote: > From: Tonghao Zhang > > This patch add a member in struct netns_core. and this is > a counter for socket_inuse in the _net_ namespace. The patch > will add/sub counter in the sock_alloc or

Re: [patch net] net: forbid netdev used by mirred tc act from being moved to another netns

On Mon, Nov 13, 2017 at 6:05 AM, Jiri Pirko wrote: > From: Jiri Pirko > > Currently, user may choose to move device that is used by mirred action > to another network namespace. That is wrong as the action still remains > in the original namespace and

Re: KASAN: use-after-free Read in worker_thread (2)

On Wed, Nov 8, 2017 at 5:00 AM, Dmitry Vyukov wrote: > On Wed, Nov 8, 2017 at 1:58 PM, syzbot > > wrote: >> Hello, >> >> syzkaller hit the following crash on >> 7dfaa7bc99498da1c6c4a48bee8d2d5265161a8c >>

Re: linux-next: manual merge of the net-next tree with Linus' tree

On Thu, Nov 9, 2017 at 3:31 PM, Stephen Rothwell wrote: > I fixed it up (I think - see below) and can carry the fix as necessary. > This is now fixed as far as linux-next is concerned, but any non trivial > conflicts should be mentioned to your upstream maintainer when your

[Patch net] vlan: fix a use-after-free in vlan_device_event()

ds <torva...@linux-foundation.org> Cc: Girish Moodalbail <girish.moodalb...@oracle.com> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/8021q/vlan.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c index 9

Re: [vlan_device_event] BUG: unable to handle kernel paging request at 6b6b6ccf

On Thu, Nov 9, 2017 at 7:51 AM, Girish Moodalbail wrote: > > Upon receiving NETDEV_DOWN event, we are calling > > vlan_vid_del(dev, htons(ETH_P_8021Q), 0); > > which in turn calls call_rcu() to queue vlan_info_free_rcu() to be called at > some point. This

Re: [Patch net 05/13] cls_cgroup: use tcf_exts_get_net() before call_rcu()

On Thu, Nov 9, 2017 at 2:31 PM, Roman Mashak <m...@mojatatu.com> wrote: > Cong Wang <xiyou.wangc...@gmail.com> writes: >> @@ -124,8 +130,10 @@ static int cls_cgroup_change(struct net *net, struct >> sk_buff *in_skb, >> goto errout; >> &g

Re: [vlan_device_event] BUG: unable to handle kernel paging request at 6b6b6ccf

On Wed, Nov 8, 2017 at 7:12 PM, Fengguang Wu wrote: > Hi Alex, > >> So looking over the trace the panic seems to be happening after a >> decnet interface is getting deleted. Is there any chance we could try >> compiling the kernel without decnet support to see if that is

Re: [Patch net 00/13] net_sched: close the race between call_rcu() and cleanup_net()

On Wed, Nov 8, 2017 at 6:26 PM, David Miller <da...@davemloft.net> wrote: > From: Cong Wang <xiyou.wangc...@gmail.com> > Date: Mon, 6 Nov 2017 13:47:17 -0800 > >> This patchset tries to fix the race between call_rcu() and >> cleanup_net() again.

[Patch net 03/13] cls_basic: use tcf_exts_get_net() before call_rcu()

Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/sched/cls_basic.c | 20 +++- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/net/sched/cls_basic.c b/net/sched/cls

[Patch net 01/13] Revert "net_sched: hold netns refcnt for each action"

luc...@mojatatu.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- include/net/act_api.h | 4 +--- net/sched/act_api.c| 2 -- net/sched/act_bpf.c| 2 +- net/sched/act_connmark.c | 2

[Patch net 04/13] cls_bpf: use tcf_exts_get_net() before call_rcu()

Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/sched/cls_bpf.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/sched/cls_bpf.c b/net/sched/cls_bpf.c index 037a3a

[Patch net 06/13] cls_flow: use tcf_exts_get_net() before call_rcu()

Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/sched/cls_flow.c | 24 ++-- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/net/sched/cls_flow.c b/net/sched/cl

[Patch net 07/13] cls_flower: use tcf_exts_get_net() before call_rcu()

Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/sched/cls_flower.c | 16 +--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/net/sched/cls_flower.c b/net/sched/cls_

[Patch net 09/13] cls_matchall: use tcf_exts_get_net() before call_rcu()

Hold netns refcnt before call_rcu() and release it after the tcf_exts_destroy() is done. Cc: Lucas Bates <luc...@mojatatu.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/s

[Patch net 11/13] cls_rsvp: use tcf_exts_get_net() before call_rcu()

Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/sched/cls_rsvp.h | 15 --- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/net/sched/cls_rsvp.h b/net/sched/cl

[Patch net 13/13] cls_u32: use tcf_exts_get_net() before call_rcu()

Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/sched/cls_u32.c | 8 +++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/net/sched/cls_u32.c b/net/sched/cls_u32.c index dadd1b

[Patch net 12/13] cls_tcindex: use tcf_exts_get_net() before call_rcu()

Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/sched/cls_tcindex.c | 33 ++--- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/net/sched/cls_tcindex.

[Patch net 08/13] cls_fw: use tcf_exts_get_net() before call_rcu()

Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/sched/cls_fw.c | 17 ++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/net/sched/cls_fw.c b/net/sched/cls_fw.c index

[Patch net 02/13] net_sched: introduce tcf_exts_get_net() and tcf_exts_put_net()

u.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- include/net/pkt_cls.h | 24 net/sched/cls_api.c | 1 + 2 files changed, 25 insertions(+) diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h index 70c

[Patch net 10/13] cls_route: use tcf_exts_get_net() before call_rcu()

Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/sched/cls_route.c | 17 ++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/net/sched/cls_route.c b/net/sched/cls

[Patch net 00/13] net_sched: close the race between call_rcu() and cleanup_net()

Cc: Lucas Bates <luc...@mojatatu.com> Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> Cong Wang (13): Revert "net_sched: hold netns refcnt for each action" net_sched: introduce tcf_exts

[Patch net 05/13] cls_cgroup: use tcf_exts_get_net() before call_rcu()

Cc: Jamal Hadi Salim <j...@mojatatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/sched/cls_cgroup.c | 24 ++-- 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/net/sched/cls_cgroup.c b/n

Re: [PATCH] reduce the spinlock conflict during massive connect

On Sun, Nov 5, 2017 at 6:28 PM, Liu Yu wrote: > - spin_lock_bh(>lock); > + ret = spin_trylock(>lock); Clearly you want spin_trylock_bh() instead.

Re: [Patch net 2/2] net_sched: hold netns refcnt for each action

On Wed, Nov 1, 2017 at 10:23 AM, Cong Wang <xiyou.wangc...@gmail.com> wrote: > TC actions have been destroyed asynchronously for a long time, > previously in a RCU callback and now in a workqueue. If we > don't hold a refcnt for its netns, we could use the per netns > data

[Patch net-next] net_sched: check NULL in tcf_block_put()

Taht <dave.t...@gmail.com> Cc: Jiri Pirko <j...@mellanox.com> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- net/sched/cls_api.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c index a26c690b48ac..ad35

Re: Oops with HTB on net-next

On Thu, Nov 2, 2017 at 4:34 PM, Dave Taht <dave.t...@gmail.com> wrote: > On Thu, Nov 2, 2017 at 11:09 AM, Cong Wang <xiyou.wangc...@gmail.com> wrote: >> On Wed, Nov 1, 2017 at 1:17 PM, Dave Taht <dave.t...@gmail.com> wrote: >>> >>> That is not in net-

Re: suspicious RCU usage at ./include/linux/inetdevice.h:LINE

On Thu, Nov 2, 2017 at 12:06 PM, Florian Westphal <f...@strlen.de> wrote: > Cong Wang <xiyou.wangc...@gmail.com> wrote: >> > CPU: 0 PID: 23859 Comm: syz-executor2 Not tainted 4.14.0-rc5+ #140 >> > Hardware name: Google Google Compute Engine/Google Compute En

Re: KASAN: use-after-free Read in tipc_send_group_bcast

#syz fix: tipc: fix a dangling pointer

Re: suspicious RCU usage at ./include/linux/inetdevice.h:LINE

On Thu, Nov 2, 2017 at 3:53 AM, syzbot wrote: > Hello, > > syzkaller hit the following crash on > ce43f4fd6f103681c7485c2b1967179647e73555 > git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/master > compiler:

Re: Oops with HTB on net-next

On Wed, Nov 1, 2017 at 1:17 PM, Dave Taht wrote: > > That is not in net-next, and the "net" version of that one patch does > not apply to net-next. The relevant thread says "... another fun merge > into net-next". > > Please let me know when the fun is done, and I'll retest.

Re: net-next MERGE

On Wed, Nov 1, 2017 at 11:51 PM, David Miller wrote: > > Cong, I just did another net --> net-next merge. > > Please look at how I resolved the cls_api.c conflict. > > Thank you. Looks good to me. Thanks for solving the pain! ;)

[Patch net 2/2] net_sched: hold netns refcnt for each action

lt;j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- include/net/act_api.h | 4 +++- net/sched/act_api.c| 2 ++ net/sched/act_bpf.c| 2 +- net/sched/act_connmark.c | 2 +- net/sched/act_csum.c | 2 +- net/sched/act_gact.c | 2 +- net/

[Patch net 1/2] net_sched: acquire RTNL in tc_action_net_exit()

atatu.com> Cc: Jiri Pirko <j...@resnulli.us> Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> --- include/net/act_api.h | 2 ++ net/sched/act_api.c | 2 ++ 2 files changed, 4 insertions(+) diff --git a/include/net/act_api.h b/include/net/act_api.h index b944e0eb93be..5072446d5f06 100644 --

<    1   2   3   4   5   6   7   8   9   10   >