From: Sasha Levin Date: Fri, 28 Aug 2020 17:05:11 +0000 (-0400) Subject: Fixes for 5.8 X-Git-Tag: v4.4.235~65 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4eaaa83a0ee90ab68ae84efc0533c6e8a281ba09;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for 5.8 Signed-off-by: Sasha Levin --- diff --git a/queue-5.8/net-openvswitch-introduce-common-code-for-flushing-f.patch b/queue-5.8/net-openvswitch-introduce-common-code-for-flushing-f.patch new file mode 100644 index 00000000000..6c2e9b69a1d --- /dev/null +++ b/queue-5.8/net-openvswitch-introduce-common-code-for-flushing-f.patch @@ -0,0 +1,147 @@ +From e17bfe98426f91c817c5d0afe6e2f1ad4e528dd6 Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Thu, 27 Aug 2020 14:19:52 +0800 +Subject: net: openvswitch: introduce common code for flushing flows +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Tonghao Zhang + +[ Upstream commit 1f3a090b9033f69de380c03db3ea1a1015c850cf ] + +To avoid some issues, for example RCU usage warning and double free, +we should flush the flows under ovs_lock. This patch refactors +table_instance_destroy and introduces table_instance_flow_flush +which can be invoked by __dp_destroy or ovs_flow_tbl_flush. + +Fixes: 50b0e61b32ee ("net: openvswitch: fix possible memleak on destroy flow-table") +Reported-by: Johan Knöös +Reported-at: https://mail.openvswitch.org/pipermail/ovs-discuss/2020-August/050489.html +Signed-off-by: Tonghao Zhang +Reviewed-by: Cong Wang +Signed-off-by: David S. Miller +Signed-off-by: Sasha Levin +--- + net/openvswitch/datapath.c | 10 +++++++++- + net/openvswitch/flow_table.c | 35 +++++++++++++++-------------------- + net/openvswitch/flow_table.h | 3 +++ + 3 files changed, 27 insertions(+), 21 deletions(-) + +diff --git a/net/openvswitch/datapath.c b/net/openvswitch/datapath.c +index 94b024534987a..03b81aa99975b 100644 +--- a/net/openvswitch/datapath.c ++++ b/net/openvswitch/datapath.c +@@ -1736,6 +1736,7 @@ static int ovs_dp_cmd_new(struct sk_buff *skb, struct genl_info *info) + /* Called with ovs_mutex. */ + static void __dp_destroy(struct datapath *dp) + { ++ struct flow_table *table = &dp->table; + int i; + + for (i = 0; i < DP_VPORT_HASH_BUCKETS; i++) { +@@ -1754,7 +1755,14 @@ static void __dp_destroy(struct datapath *dp) + */ + ovs_dp_detach_port(ovs_vport_ovsl(dp, OVSP_LOCAL)); + +- /* RCU destroy the flow table */ ++ /* Flush sw_flow in the tables. RCU cb only releases resource ++ * such as dp, ports and tables. That may avoid some issues ++ * such as RCU usage warning. ++ */ ++ table_instance_flow_flush(table, ovsl_dereference(table->ti), ++ ovsl_dereference(table->ufid_ti)); ++ ++ /* RCU destroy the ports, meters and flow tables. */ + call_rcu(&dp->rcu, destroy_dp_rcu); + } + +diff --git a/net/openvswitch/flow_table.c b/net/openvswitch/flow_table.c +index 2398d72383005..f198bbb0c517a 100644 +--- a/net/openvswitch/flow_table.c ++++ b/net/openvswitch/flow_table.c +@@ -345,19 +345,15 @@ static void table_instance_flow_free(struct flow_table *table, + flow_mask_remove(table, flow->mask); + } + +-static void table_instance_destroy(struct flow_table *table, +- struct table_instance *ti, +- struct table_instance *ufid_ti, +- bool deferred) ++/* Must be called with OVS mutex held. */ ++void table_instance_flow_flush(struct flow_table *table, ++ struct table_instance *ti, ++ struct table_instance *ufid_ti) + { + int i; + +- if (!ti) +- return; +- +- BUG_ON(!ufid_ti); + if (ti->keep_flows) +- goto skip_flows; ++ return; + + for (i = 0; i < ti->n_buckets; i++) { + struct sw_flow *flow; +@@ -369,18 +365,16 @@ static void table_instance_destroy(struct flow_table *table, + + table_instance_flow_free(table, ti, ufid_ti, + flow, false); +- ovs_flow_free(flow, deferred); ++ ovs_flow_free(flow, true); + } + } ++} + +-skip_flows: +- if (deferred) { +- call_rcu(&ti->rcu, flow_tbl_destroy_rcu_cb); +- call_rcu(&ufid_ti->rcu, flow_tbl_destroy_rcu_cb); +- } else { +- __table_instance_destroy(ti); +- __table_instance_destroy(ufid_ti); +- } ++static void table_instance_destroy(struct table_instance *ti, ++ struct table_instance *ufid_ti) ++{ ++ call_rcu(&ti->rcu, flow_tbl_destroy_rcu_cb); ++ call_rcu(&ufid_ti->rcu, flow_tbl_destroy_rcu_cb); + } + + /* No need for locking this function is called from RCU callback or +@@ -393,7 +387,7 @@ void ovs_flow_tbl_destroy(struct flow_table *table) + + free_percpu(table->mask_cache); + kfree_rcu(rcu_dereference_raw(table->mask_array), rcu); +- table_instance_destroy(table, ti, ufid_ti, false); ++ table_instance_destroy(ti, ufid_ti); + } + + struct sw_flow *ovs_flow_tbl_dump_next(struct table_instance *ti, +@@ -511,7 +505,8 @@ int ovs_flow_tbl_flush(struct flow_table *flow_table) + flow_table->count = 0; + flow_table->ufid_count = 0; + +- table_instance_destroy(flow_table, old_ti, old_ufid_ti, true); ++ table_instance_flow_flush(flow_table, old_ti, old_ufid_ti); ++ table_instance_destroy(old_ti, old_ufid_ti); + return 0; + + err_free_ti: +diff --git a/net/openvswitch/flow_table.h b/net/openvswitch/flow_table.h +index 8a5cea6ae1116..8ea8fc9573776 100644 +--- a/net/openvswitch/flow_table.h ++++ b/net/openvswitch/flow_table.h +@@ -86,4 +86,7 @@ bool ovs_flow_cmp(const struct sw_flow *, const struct sw_flow_match *); + + void ovs_flow_mask_key(struct sw_flow_key *dst, const struct sw_flow_key *src, + bool full, const struct sw_flow_mask *mask); ++void table_instance_flow_flush(struct flow_table *table, ++ struct table_instance *ti, ++ struct table_instance *ufid_ti); + #endif /* flow_table.h */ +-- +2.25.1 + diff --git a/queue-5.8/series b/queue-5.8/series index de75e03f852..8d166334b52 100644 --- a/queue-5.8/series +++ b/queue-5.8/series @@ -75,3 +75,4 @@ pinctrl-mediatek-avoid-virtual-gpio-trying-to-set-re.patch pinctrl-mediatek-fix-build-for-tristate-changes.patch efi-provide-empty-efi_enter_virtual_mode-implementat.patch arm64-fix-__cpu_logical_map-undefined-issue.patch +net-openvswitch-introduce-common-code-for-flushing-f.patch