diff options
| author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-02-25 17:35:36 +0100 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-02-25 17:35:36 +0100 |
| commit | f177402a9d93beb7bbe3dbb09b75f0e14ad2297c (patch) | |
| tree | 133c0ff94ae8263001bbe796602c9caf576450e3 | |
| parent | 0723a1b8ac88cda93c04f1ae91e083df1ebbb539 (diff) | |
| download | stable-queue-f177402a9d93beb7bbe3dbb09b75f0e14ad2297c.tar.gz | |
3.18-stable patches
added patches:
netfilter-nf_tables-fix-flush-after-rule-deletion-in-the-same-batch.patch
netlink-trim-skb-to-alloc-size-to-avoid-msg_trunc.patch
3 files changed, 145 insertions, 0 deletions
diff --git a/queue-3.18/netfilter-nf_tables-fix-flush-after-rule-deletion-in-the-same-batch.patch b/queue-3.18/netfilter-nf_tables-fix-flush-after-rule-deletion-in-the-same-batch.patch new file mode 100644 index 0000000000..db7cb6c2dc --- /dev/null +++ b/queue-3.18/netfilter-nf_tables-fix-flush-after-rule-deletion-in-the-same-batch.patch @@ -0,0 +1,35 @@ +From 23b7ca4f745f21c2b9cfcb67fdd33733b3ae7e66 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso <pablo@netfilter.org> +Date: Fri, 15 Feb 2019 12:50:24 +0100 +Subject: netfilter: nf_tables: fix flush after rule deletion in the same batch + +From: Pablo Neira Ayuso <pablo@netfilter.org> + +commit 23b7ca4f745f21c2b9cfcb67fdd33733b3ae7e66 upstream. + +Flush after rule deletion bogusly hits -ENOENT. Skip rules that have +been already from nft_delrule_by_chain() which is always called from the +flush path. + +Fixes: cf9dc09d0949 ("netfilter: nf_tables: fix missing rules flushing per table") +Reported-by: Phil Sutter <phil@nwl.cc> +Acked-by: Phil Sutter <phil@nwl.cc> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> + +--- + net/netfilter/nf_tables_api.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/net/netfilter/nf_tables_api.c ++++ b/net/netfilter/nf_tables_api.c +@@ -281,6 +281,9 @@ static int nft_delrule_by_chain(struct n + int err; + + list_for_each_entry(rule, &ctx->chain->rules, list) { ++ if (!nft_is_active_next(ctx->net, rule)) ++ continue; ++ + err = nft_delrule(ctx, rule); + if (err < 0) + return err; diff --git a/queue-3.18/netlink-trim-skb-to-alloc-size-to-avoid-msg_trunc.patch b/queue-3.18/netlink-trim-skb-to-alloc-size-to-avoid-msg_trunc.patch new file mode 100644 index 0000000000..fa2c94fecc --- /dev/null +++ b/queue-3.18/netlink-trim-skb-to-alloc-size-to-avoid-msg_trunc.patch @@ -0,0 +1,108 @@ +From db65a3aaf29ecce2e34271d52e8d2336b97bd9fe Mon Sep 17 00:00:00 2001 +From: "Arad, Ronen" <ronen.arad@intel.com> +Date: Thu, 15 Oct 2015 01:55:17 -0700 +Subject: netlink: Trim skb to alloc size to avoid MSG_TRUNC + +From: Arad, Ronen <ronen.arad@intel.com> + +commit db65a3aaf29ecce2e34271d52e8d2336b97bd9fe upstream. + +netlink_dump() allocates skb based on the calculated min_dump_alloc or +a per socket max_recvmsg_len. +min_alloc_size is maximum space required for any single netdev +attributes as calculated by rtnl_calcit(). +max_recvmsg_len tracks the user provided buffer to netlink_recvmsg. +It is capped at 16KiB. +The intention is to avoid small allocations and to minimize the number +of calls required to obtain dump information for all net devices. + +netlink_dump packs as many small messages as could fit within an skb +that was sized for the largest single netdev information. The actual +space available within an skb is larger than what is requested. It could +be much larger and up to near 2x with align to next power of 2 approach. + +Allowing netlink_dump to use all the space available within the +allocated skb increases the buffer size a user has to provide to avoid +truncaion (i.e. MSG_TRUNG flag set). + +It was observed that with many VLANs configured on at least one netdev, +a larger buffer of near 64KiB was necessary to avoid "Message truncated" +error in "ip link" or "bridge [-c[ompressvlans]] vlan show" when +min_alloc_size was only little over 32KiB. + +This patch trims skb to allocated size in order to allow the user to +avoid truncation with more reasonable buffer size. + +Signed-off-by: Ronen Arad <ronen.arad@intel.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> +Signed-off-by: Mark Salyzyn <salyzyn@android.com> + +--- + net/netlink/af_netlink.c | 34 ++++++++++++++++++++++------------ + 1 file changed, 22 insertions(+), 12 deletions(-) + +--- a/net/netlink/af_netlink.c ++++ b/net/netlink/af_netlink.c +@@ -1977,6 +1977,7 @@ static int netlink_dump(struct sock *sk) + struct nlmsghdr *nlh; + struct module *module; + int err = -ENOBUFS; ++ int alloc_min_size; + int alloc_size; + + mutex_lock(nlk->cb_mutex); +@@ -1985,9 +1986,6 @@ static int netlink_dump(struct sock *sk) + goto errout_skb; + } + +- cb = &nlk->cb; +- alloc_size = max_t(int, cb->min_dump_alloc, NLMSG_GOODSIZE); +- + if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) + goto errout_skb; + +@@ -1996,22 +1994,34 @@ static int netlink_dump(struct sock *sk) + * to reduce number of system calls on dump operations, if user + * ever provided a big enough buffer. + */ +- if (alloc_size < nlk->max_recvmsg_len) { +- skb = netlink_alloc_skb(sk, +- nlk->max_recvmsg_len, +- nlk->portid, ++ cb = &nlk->cb; ++ alloc_min_size = max_t(int, cb->min_dump_alloc, NLMSG_GOODSIZE); ++ ++ if (alloc_min_size < nlk->max_recvmsg_len) { ++ alloc_size = nlk->max_recvmsg_len; ++ skb = netlink_alloc_skb(sk, alloc_size, nlk->portid, + (GFP_KERNEL & ~__GFP_WAIT) | + __GFP_NOWARN | __GFP_NORETRY); +- /* available room should be exact amount to avoid MSG_TRUNC */ +- if (skb) +- skb_reserve(skb, skb_tailroom(skb) - +- nlk->max_recvmsg_len); + } +- if (!skb) ++ if (!skb) { ++ alloc_size = alloc_min_size; + skb = netlink_alloc_skb(sk, alloc_size, nlk->portid, + (GFP_KERNEL & ~__GFP_WAIT)); ++ } + if (!skb) + goto errout_skb; ++ ++ /* Trim skb to allocated size. User is expected to provide buffer as ++ * large as max(min_dump_alloc, 16KiB (mac_recvmsg_len capped at ++ * netlink_recvmsg())). dump will pack as many smaller messages as ++ * could fit within the allocated skb. skb is typically allocated ++ * with larger space than required (could be as much as near 2x the ++ * requested size with align to next power of 2 approach). Allowing ++ * dump to use the excess space makes it difficult for a user to have a ++ * reasonable static buffer based on the expected largest dump of a ++ * single netdev. The outcome is MSG_TRUNC error. ++ */ ++ skb_reserve(skb, skb_tailroom(skb) - alloc_size); + netlink_skb_set_owner_r(skb, sk); + + if (nlk->dump_done_errno > 0) diff --git a/queue-3.18/series b/queue-3.18/series index 30567a96b7..6275ad2ade 100644 --- a/queue-3.18/series +++ b/queue-3.18/series @@ -21,3 +21,5 @@ batman-adv-fix-uninit-value-in-batadv_interface_tx.patch net-packet-fix-4gb-buffer-limit-due-to-overflow-check.patch team-avoid-complex-list-operations-in-team_nl_cmd_options_set.patch sit-check-if-ipv6-enabled-before-calling-ip6_err_gen_icmpv6_unreach.patch +netlink-trim-skb-to-alloc-size-to-avoid-msg_trunc.patch +netfilter-nf_tables-fix-flush-after-rule-deletion-in-the-same-batch.patch |