mirror-linux

Linux kernel source tree

Go to file

Florian Westphal 56a6ea76dd netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure [ Upstream commit `087388278e` ] nft_rbtree_gc_elem() walks back and removes the end interval element that comes before the expired element. There is a small chance that we've cached this element as 'rbe_ge'. If this happens, we hold and test a pointer that has been queued for freeing. It also causes spurious insertion failures: $ cat test-testcases-sets-0044interval_overlap_0.1/testout.log Error: Could not process rule: File exists add element t s { 0 - 2 } ^^^^^^ Failed to insert 0 - 2 given: table ip t { set s { type inet_service flags interval,timeout timeout 2s gc-interval 2s } } The set (rbtree) is empty. The 'failure' doesn't happen on next attempt. Reason is that when we try to insert, the tree may hold an expired element that collides with the range we're adding. While we do evict/erase this element, we can trip over this check: if (rbe_ge && nft_rbtree_interval_end(rbe_ge) && nft_rbtree_interval_end(new)) return -ENOTEMPTY; rbe_ge was erased by the synchronous gc, we should not have done this check. Next attempt won't find it, so retry results in successful insertion. Restart in-kernel to avoid such spurious errors. Such restart are rare, unless userspace intentionally adds very large numbers of elements with very short timeouts while setting a huge gc interval. Even in this case, this cannot loop forever, on each retry an existing element has been removed. As the caller is holding the transaction mutex, its impossible for a second entity to add more expiring elements to the tree. After this it also becomes feasible to remove the async gc worker and perform all garbage collection from the commit path. Fixes: `c9e6978e27` ("netfilter: nft_set_rbtree: Switch to node list walk for overlap detection") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Sasha Levin <sashal@kernel.org>		2023-10-10 22:00:43 +02:00
Documentation	arm64: errata: Add Cortex-A520 speculative unprivileged load workaround	2023-10-10 22:00:39 +02:00
LICENSES	LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers	2021-12-16 14:33:10 +01:00
arch	perf/x86/amd: Do not WARN() on every IRQ	2023-10-10 22:00:41 +02:00
block	block: fix use-after-free of q->q_usage_counter	2023-10-10 22:00:37 +02:00
certs	certs: Fix build error when PKCS#11 URI contains semicolon	2023-02-09 11:28:11 +01:00
crypto	crypto: lrw,xts - Replace strlcpy with strscpy	2023-09-23 11:11:01 +02:00
drivers	ibmveth: Remove condition to recompute TCP header checksum.	2023-10-10 22:00:43 +02:00
fs	NFSv4: Fix a nfs4_state_manager() race	2023-10-10 22:00:41 +02:00
include	netfilter: handle the connecting collision properly in nf_conntrack_proto_sctp	2023-10-10 22:00:43 +02:00
init	sched/psi: Select KERNFS as needed	2023-09-13 09:42:28 +02:00
io_uring	io_uring/fs: remove sqe->rw_flags checking from LINKAT	2023-10-06 14:57:02 +02:00
ipc	ipc: fix memory leak in init_mqueue_fs()	2022-12-31 13:32:01 +01:00
kernel	ring-buffer: Fix bytes info in per_cpu buffer stats	2023-10-10 22:00:36 +02:00
lib	kobject: Add sanity check for kset->kobj.ktype in kset_register()	2023-09-23 11:11:07 +02:00
mm	mm: page_alloc: fix CMA and HIGHATOMIC landing on the wrong buddy list	2023-10-10 22:00:36 +02:00
net	netfilter: nf_tables: nft_set_rbtree: fix spurious insertion failure	2023-10-10 22:00:43 +02:00
rust	rust: allocator: Prevent mis-aligned allocation	2023-08-11 12:08:18 +02:00
samples	samples/hw_breakpoint: fix building without module unloading	2023-09-23 11:11:09 +02:00
scripts	modpost: add missing else to the "of" check	2023-10-10 22:00:41 +02:00
security	ima: rework CONFIG_IMA dependency block	2023-10-10 22:00:41 +02:00
sound	ASoC: tegra: Fix redundant PLLA and PLLA_OUT0 updates	2023-10-10 22:00:34 +02:00
tools	netfilter: nf_tables: Deduplicate nft_register_obj audit logs	2023-10-10 22:00:43 +02:00
usr	usr/gen_init_cpio.c: remove unnecessary -1 values from int file	2022-10-03 14:21:44 -07:00
virt	kvm/vfio: ensure kvg instance stays around in kvm_vfio_group_add()	2023-09-13 09:42:46 +02:00
.clang-format	inet: ping: use hlist_nulls rcu iterator during lookup	2022-12-01 12:42:46 +01:00
.cocciconfig	…
.get_maintainer.ignore	get_maintainer: add Alan to .get_maintainer.ignore	2022-08-20 15:17:44 -07:00
.gitattributes	.gitattributes: use 'dts' diff driver for dts files	2019-12-04 19:44:11 -08:00
.gitignore	Kbuild: add Rust support	2022-09-28 09:02:20 +02:00
.mailmap	9 hotfixes. 6 for MM, 3 for other areas. Four of these patches address	2022-12-10 17:10:52 -08:00
.rustfmt.toml	rust: add `.rustfmt.toml`	2022-09-28 09:02:20 +02:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	MAINTAINERS: Remove Michal Marek from Kbuild maintainers	2022-11-16 14:53:00 +09:00
Kbuild	Kbuild updates for v6.1	2022-10-10 12:00:45 -07:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	devlink: move code to a dedicated directory	2023-08-30 16:11:00 +02:00
Makefile	Linux 6.1.56	2023-10-06 14:57:07 +02:00
README	Drop all 00-INDEX files from Documentation/	2018-09-09 15:08:58 -06:00

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.