From patchwork Fri Jan 24 06:07:37 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 13948965 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f177.google.com (mail-pl1-f177.google.com [209.85.214.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8541F1D88D0 for ; Fri, 24 Jan 2025 06:07:53 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.177 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737698875; cv=none; b=VCXDyhGxKM69sT29Q+gxd0LP9TxJUUyHF+5WJPjXgfKJgt2MQvADQnUq+biJI/7bLRP0RjWWlLl7KMV8OF92vZq0hQx1T4wcRfMnqvYlpC9+fYo1Cqw5FkUksLFkgl34UjG978p7gaaBL5Sb7Vb2Xyos5qimnNdUQU1/hzKPcCY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737698875; c=relaxed/simple; bh=kKExknpKUSpHOQXmjE6PHW0uDzcJddoE+bLc3C1eGXE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=pEUcYJ+HmqG8WneDSOhdHXnYj6RJnsq5UbFt/WYDPdUMMPbP9SV09vDMgRVLt8OytzjDV82T9g+QitH2Kee6yiym9xGKz69yN6czelhi3v89tRC3aCKWsfbDaXTPh+h9hUSFdnQNg0iCW89LLxrIBW3J9HDkCIDMQCzTrR7ZObo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=OPNEeFl1; arc=none smtp.client-ip=209.85.214.177 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="OPNEeFl1" Received: by mail-pl1-f177.google.com with SMTP id d9443c01a7336-216728b1836so28280645ad.0 for ; Thu, 23 Jan 2025 22:07:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1737698872; x=1738303672; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=2mW9dlWOXLHMk8cSa/H+tTbb9VUo0G58kgm/102TLrE=; b=OPNEeFl1o5ua019a/rPqt7k7OxwiCE5znz9QXYQtYT1hNi3dzONXYgH9qlfoWvebUu 20spgOEXPwX92s4D+6uY47Qa47tMduRlF2X/NQwRIYEbr50tePyrT9U9HhD8sbBRiwx8 DBMyufoG5e+UHAgopYVUEaFs15VoLOUm40ccoLJiGsyjPmmuE3ai2wxrTVUzvt4iB7HT 9B+Sx6NhdRLZudtms27PSAPdMEQgIzoclMM2bveR7GTkw/08GAzkqTQJCvooYTS/nUj9 w25iK4xNwjqnoLOOTwAewhGTjGYFV18sY83noZOWzDDzCpEEiIC0VSydJSdoyNR9eKJK AoLQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737698872; x=1738303672; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=2mW9dlWOXLHMk8cSa/H+tTbb9VUo0G58kgm/102TLrE=; b=NsHK1p9HBy0JD/+R8/LoBpvyXTcmW1/4LdbK2FUHI4nSm9aEGKCcdnkr/qo5XIMkYD rBYqzIfjnhm1Gh8hDvw0zWE9aZ6lwyogKfYL1RI7dvZoyw1ByAgmXmluU+3dwKH0E834 kLS3WRJKYibAArwUe4LMjnohSGjOBHg/8dsYScHRE5ZNWduyW9a3LSc8gVQdL11AF6FL it2cUSrvso4QD91xWxeyg4TNYgVkEfnCC6rkJ9tDVrPlIfH1cr8dGhUqcILNmOegRE+t /O1Q+wcmecMKi6qg1d+Xc6DppBSbN+vPH4d2+mei2BQK1sbECc9pVdpfYzOnAUTnC2pd ZMDg== X-Gm-Message-State: AOJu0YwBgA6X6yCgu/WSRd4EzAM6NKdOH7X1FEjgkXzyKAdc7PQ99OHo +jjyxQNczLPSrZdnmrK/vJ75QbphRv52V/MlZ0VrLS2BvVc+l2WiugZf8A== X-Gm-Gg: ASbGncu3KfGHzkX1hDcIWeOUtmEhlCCwZy5qB/FhDZje/LC8x59RBZn6cjCeyHtz91D WM8y4oBJ4Zj4X8K9swOaCDik4GUK4kFA6vK3h2dIag06M933TbcDLt8/oAHMr5H9a7lzNH2N/EC Bm3rX0VSIrtLLqvdfEJ6seUOOmDg5sM9BfIYxgQO06nqwhAnIOWk51lU5TgoqPy8GH9Ic7M+8Ht +8EAY+ffw5ky4IOXr1c7Vg5EUw+Y5pIiVgDCuOqyrvs6cNfShLQbZa40iDy1bVObNz41moBt0NM uRzWhMk1lHFIke66AXK14rPEPDiaUL0Z X-Google-Smtp-Source: AGHT+IETd+i2sYsqqcrnfwxai1cD7wjy+xVzl5Pc++YUpGn12UfM+c5uOF52ArOI2ucNcEYTwITi/Q== X-Received: by 2002:a17:902:cf0a:b0:216:393b:23e0 with SMTP id d9443c01a7336-21c355b70d7mr472062385ad.36.1737698872338; Thu, 23 Jan 2025 22:07:52 -0800 (PST) Received: from pop-os.hsd1.ca.comcast.net ([2601:647:6881:9060:2d85:604b:726:74b9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da3ea55dasm8696095ad.101.2025.01.23.22.07.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Jan 2025 22:07:51 -0800 (PST) From: Cong Wang To: netdev@vger.kernel.org Cc: jhs@mojatatu.com, jiri@resnulli.us, quanglex97@gmail.com, mincho@theori.io, Cong Wang Subject: [Patch net 1/4] pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Date: Thu, 23 Jan 2025 22:07:37 -0800 Message-Id: <20250124060740.356527-2-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124060740.356527-1-xiyou.wangcong@gmail.com> References: <20250124060740.356527-1-xiyou.wangcong@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Quang Le Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one. Then, pfifo_tail_enqueue() enqueue new packet and increase scheduler's qlen by one. Finally, pfifo_tail_enqueue() return `NET_XMIT_CN` status code. Weird behaviour: In case we set `sch->limit == 0` and trigger pfifo_tail_enqueue() on a scheduler that has no packet, the 'drop a packet' step will do nothing. This means the scheduler's qlen still has value equal 0. Then, we continue to enqueue new packet and increase scheduler's qlen by one. In summary, we can leverage pfifo_tail_enqueue() to increase qlen by one and return `NET_XMIT_CN` status code. The problem is: Let's say we have two qdiscs: Qdisc_A and Qdisc_B. - Qdisc_A's type must have '->graft()' function to create parent/child relationship. Let's say Qdisc_A's type is `hfsc`. Enqueue packet to this qdisc will trigger `hfsc_enqueue`. - Qdisc_B's type is pfifo_head_drop. Enqueue packet to this qdisc will trigger `pfifo_tail_enqueue`. - Qdisc_B is configured to have `sch->limit == 0`. - Qdisc_A is configured to route the enqueued's packet to Qdisc_B. Enqueue packet through Qdisc_A will lead to: - hfsc_enqueue(Qdisc_A) -> pfifo_tail_enqueue(Qdisc_B) - Qdisc_B->q.qlen += 1 - pfifo_tail_enqueue() return `NET_XMIT_CN` - hfsc_enqueue() check for `NET_XMIT_SUCCESS` and see `NET_XMIT_CN` => hfsc_enqueue() don't increase qlen of Qdisc_A. The whole process lead to a situation where Qdisc_A->q.qlen == 0 and Qdisc_B->q.qlen == 1. Replace 'hfsc' with other type (for example: 'drr') still lead to the same problem. This violate the design where parent's qlen should equal to the sum of its childrens'qlen. Bug impact: This issue can be used for user->kernel privilege escalation when it is reachable. Reported-by: Quang Le Signed-off-by: Quang Le Signed-off-by: Cong Wang --- net/sched/sch_fifo.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/sched/sch_fifo.c b/net/sched/sch_fifo.c index b50b2c2cc09b..e6bfd39ff339 100644 --- a/net/sched/sch_fifo.c +++ b/net/sched/sch_fifo.c @@ -40,6 +40,9 @@ static int pfifo_tail_enqueue(struct sk_buff *skb, struct Qdisc *sch, { unsigned int prev_backlog; + if (unlikely(READ_ONCE(sch->limit) == 0)) + return qdisc_drop(skb, sch, to_free); + if (likely(sch->q.qlen < READ_ONCE(sch->limit))) return qdisc_enqueue_tail(skb, sch); From patchwork Fri Jan 24 06:07:38 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 13948967 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f172.google.com (mail-pl1-f172.google.com [209.85.214.172]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8EB51D88D0 for ; Fri, 24 Jan 2025 06:07:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.172 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737698878; cv=none; b=EztVhGjZg54u/qzWO68kAIy4CzfIVnTJ9IFrB3JBOiQgEnMCbnx4D8wxGhXiir1kiRTGYrvhRaONCEHVnR0NX2ydnPzv7ta7u2GhEnopDt5KXBrdj6Tpg7Hm6VaMjCPos+L/eglyGLYh4c11XYAGXEUU5fzqJYaqvnxRI7aGQqY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737698878; c=relaxed/simple; bh=s09RJo1RT+XRG8IJUOSGZgPHnEjHIZWDwG1VTYBb0tw=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=OqUj4mIiygIcXoFXGK64vpe2l1YfXdOWTPuGcIieDXf6jkdxIbzJStC64hAI01TlJPIvmKo70XbTSh4XrtKSfgKqcKoEnVOf55IzF7HC/7mi/713zy/362K51/apgm8I/cbAvJQOxDWWOsbtAohP9abg2oVz+sVfhOJ213wZiH0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=YqE0D/X8; arc=none smtp.client-ip=209.85.214.172 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="YqE0D/X8" Received: by mail-pl1-f172.google.com with SMTP id d9443c01a7336-2165cb60719so29785815ad.0 for ; Thu, 23 Jan 2025 22:07:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1737698875; x=1738303675; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FoUzGSYmiYSloM+1el6iuUFqrJByiFgt+WfH0LvnyYQ=; b=YqE0D/X8xMfmFtPFdAGKCzk/IE7vai8LgfsM4YoQRwdWTveyXmmhqs0gBEgKaveu8T psn+J2E7xV80NR1By0IV0+oTQ9ciMCeQWgm/FQmqMsc4DuEzDTCfLiAGcVjhcQM/bMty jL6WthKCcL7WR1LPsrhRT5047kVTrqQYTy+829KiyVSrE5jONDWiIVVj5A4dYcz9aebo 9G1oYq7qt44OaZvsoCvDB/xzr26KLMOl1qgqBvv5ad649he64p0+Ouao113zlK74258L x/FGehbFJC/tZ7LQcKnErnAtNxUwMlItrITiXMpuOy6+i+WsyBt3JjvcJ2kVsNg2Evl9 3RMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737698875; x=1738303675; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FoUzGSYmiYSloM+1el6iuUFqrJByiFgt+WfH0LvnyYQ=; b=TvY+NkkK7E1v1Bn9Sya5EV5ripekugU13UL5Ld4QPGU0KeUGXcMpK3CtwvneJp7yNT AmnRQKQJCCsUnl9T93GwMrduWYhrgflhEycjNgOWF5/CyT3vkfhklPM/1OUNMYVCVoxc J3KpIpSF/9foLgUoD6aY6TTPVlemGghiWzM6qgg6tgIflNXsC/OkF/HTx789d+hSpbpS +/pKpSrrLVdDf8UYu5ONZW1P4z0KWLy2Tw2OZPIbI0WPPrZ4iynLFeQ7HhqVKjb6T4RA RdlaOf5D7SdDc7FMi/dsOWdjCuBSYFlN5CxnnFMWPjv/XNpaSiMEsM2A10J1T7/3Ablq yaew== X-Gm-Message-State: AOJu0YxEHYZfNLCEvKZNDSlVVpa2+zrW0DriuOqVDup9LqKFW/QnLQSz hz9PHp1up86U2AvGrvTSVUBjyr7l446G0DfmEWnFyOKfgNLj3MnC4CsJtg== X-Gm-Gg: ASbGncvIq7JNXttUdZZazZlTD1bEeZIUZcSYBeKxI7z+wU31dHoLDt085dHK6IzkdyF I7/9AOYWU7A6F8R0CA6ZWhzqzmJJXCfobR3vLyc5390lZdfvXrFfIoSjNEXhMZr3Gt1I0ze+klr myK5lUZibAk8AQ7i2+Z5qw8+TI5O90vaXXJI4nL09Gahx7rlCQ8HtWazgyud8sxrSebas0KZh0/ 09yXgs0/aKpGpnvMWrLR+CCaVBALOwC4lR7+GXqDKyj5HM0YZ7C136vzxql+d7gJLib1hPNDFfd s64LiV4Yj37sBHaq2zAkVQE7uZOIIWnm X-Google-Smtp-Source: AGHT+IEJfqeJWBP9YscXCjoTwvtRfgyJV0ErH6T8I/bpKT5QFstZPW9C8rY3HDbtMv9y5EQoKfIYvQ== X-Received: by 2002:a17:903:988:b0:216:7ee9:220b with SMTP id d9443c01a7336-21c35530048mr492643395ad.22.1737698873794; Thu, 23 Jan 2025 22:07:53 -0800 (PST) Received: from pop-os.hsd1.ca.comcast.net ([2601:647:6881:9060:2d85:604b:726:74b9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da3ea55dasm8696095ad.101.2025.01.23.22.07.52 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Jan 2025 22:07:53 -0800 (PST) From: Cong Wang To: netdev@vger.kernel.org Cc: jhs@mojatatu.com, jiri@resnulli.us, quanglex97@gmail.com, mincho@theori.io, Cong Wang Subject: [Patch net 2/4] Add test case to check for pfifo_tail_enqueue() behaviour when limit == 0 Date: Thu, 23 Jan 2025 22:07:38 -0800 Message-Id: <20250124060740.356527-3-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124060740.356527-1-xiyou.wangcong@gmail.com> References: <20250124060740.356527-1-xiyou.wangcong@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Quang Le When limit == 0, pfifo_tail_enqueue() must drop new packet and increase dropped packets count of scheduler. Signed-off-by: Quang Le Signed-off-by: Cong Wang --- .../tc-testing/tc-tests/qdiscs/fifo.json | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/tools/testing/selftests/tc-testing/tc-tests/qdiscs/fifo.json b/tools/testing/selftests/tc-testing/tc-tests/qdiscs/fifo.json index ae3d286a32b2..f5e08ae9bb7d 100644 --- a/tools/testing/selftests/tc-testing/tc-tests/qdiscs/fifo.json +++ b/tools/testing/selftests/tc-testing/tc-tests/qdiscs/fifo.json @@ -313,6 +313,31 @@ "matchPattern": "qdisc bfifo 1: root", "matchCount": "0", "teardown": [ + ] + }, + { + "id": "d774", + "name": "Check pfifo_head_drop qdisc enqueue behaviour when limit == 0", + "category": [ + "qdisc", + "pfifo_head_drop" + ], + "plugins": { + "requires": "nsPlugin" + }, + "setup": [ + "$IP link add dev dummy2 mtu 1279 type dummy || true", + "$IP addr add 10.10.10.10/24 dev dummy2 || true", + "$TC qdisc add dev dummy2 root handle 1: pfifo_head_drop limit 0", + "$IP link set dev dummy2 up || true" + ], + "cmdUnderTest": "ping -c10 -W0.01 -I dummy2 10.10.10.1", + "expExitCode": "1", + "verifyCmd": "$TC -s qdisc show dev dummy2", + "matchPattern": "dropped 10", + "matchCount": "1", + "teardown": [ + "$IP link del dev dummy2" ] } ] From patchwork Fri Jan 24 06:07:39 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 13948966 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f176.google.com (mail-pl1-f176.google.com [209.85.214.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5BF571D9A5D for ; Fri, 24 Jan 2025 06:07:56 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.176 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737698877; cv=none; b=nzNXXl1t4apyVFf64tbuoAPB6OH+Sh4+mXi0Bgg6rqNVwCk4WzBV+RVZXaOkTDxV6qfM8ikApN9Y337O2/Julkxdmlf16LF3HjzCzxZeEhLugRGpf6Id6szMhwA7f/buh2Apsv874Y4QcXr22kpk7UFLN3g2EhsQF2R1ckgOkII= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737698877; c=relaxed/simple; bh=dKBbo/zOKaY/725VVR3ZaE2PLTItUmhVxhmz9H33944=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=fVpLKr5OdNvGkIbup254B973OiV9JXjbvgoZYMI8W7JU8iZ9QtdRf2fuUH4bEULFMR8pxByXjNntEk4AABzIlFKNC6NrbxI2CE26y3NruHQZ05bjj0UO5gezaWQwYARUeKPyDvPy1DAYVnS4u0fBIhv53HshkQl5MxmCJDWCqMs= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=bVKaELpI; arc=none smtp.client-ip=209.85.214.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="bVKaELpI" Received: by mail-pl1-f176.google.com with SMTP id d9443c01a7336-2163dc5155fso31000985ad.0 for ; Thu, 23 Jan 2025 22:07:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1737698875; x=1738303675; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1lFN3IzbSH6trKyBzTVcJyUt+VsO7adS97MfPgoyp6s=; b=bVKaELpIiPj8yNbkfH4UjAgqDHPk5j0ThbD5sihOBdlfRX+YLwFV1ALKrMdLE7kbKW BqvKtcukST5bi14Ekvo6/YI/PWdFXHyRxHONFP+1Dgjp4uLgqUQ5DThKP2ggSkGKuN8B SV7lGfn2dfsXcGpfkvWbUKAhe0t5U8GTjzIW6D2i8znEKqpD6ijCaNmybjSycwvVAxpS NtZx+yFF+BkwU9QTj2AVaqb6UhdAPE429458MQwVv32KzBAV3b4wV42O4nmPuE9cMSs+ wW6wPhEZuBIOnCwVhJkcTRSy8kT7+likJCLVdfDDeFn8nEUT3YVXyMp236ioeQiYOgqf bXYg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737698875; x=1738303675; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1lFN3IzbSH6trKyBzTVcJyUt+VsO7adS97MfPgoyp6s=; b=E1t4+roD7tMVnFEKpLEsDhYv47q53SB+AS9wsju7gZRJ8nkhtUPpQ6WbJ86a1Nmszs 3z6wDvi/wSMzClmITO7uCGBYtsJ9p1y37iKk+y8N3rYMiyP8bWKhvS1rUUxCE/pxPZN7 JhKenSGTk740QHaidwxdvzS0u0KwYCulrQ6jWnOS+00OOAyahZ8p1A3sO+jz//3qMOW7 GKXugyFVoja4K1ywweivsGiiTeFwjHHjKVZ2SeD1u41Gh9lnIVI+H9skNsEatqlM/YeI pEe9vV53iQpsweKEj6+YCeeDKdymfvzCZmS9boi4qb8vgnLYZJA1NWgRrmUWj5f0/7AC Hb3g== X-Gm-Message-State: AOJu0Yw2CU4+UaZKnlFioR80Ukxecq5Xy9fd2D3ZQ7tKjBtymzX/FLD1 X3cps4hHyXvf1mKz8DWI6L8YPcn+lkZbO7d262F5FmWzKZk1Z65GI+TiSw== X-Gm-Gg: ASbGncvdsb5A883JQ4FiQZeY+DAf8TFIpnmq4PBmjilcPrsIKtKy1bXu4/Mzoe0C3UA 06+xE4lx4OTAAL4+zXtJOoirfKrcFq3AFCUFkzjh3l+KFWxh+LqMznxOLiLNjwR7trCbrBBz2RU tY6Eg5bTOhxBxTX7ApwCbJir1VdOHadapzHapB2FaPmg2lB/P30ka76FnrToqgAqrLeT7JvVuNp kcfEcZVP4p7HcFxkog+Nv5J9dJWFCFP2mpW9K7sUN7ydB0Yn50azTe1hfq7e6RoUaFRHOcXj27Z o+nnPKydd8R+GkEHkG7/RknC03n3fG/C X-Google-Smtp-Source: AGHT+IHWXVLE7PZM0QOqy0Y9hdORHlMhNKyqwnGqNIx8V6mjOTutnv8JdyJZEldQZ/n8097Bd6ot7A== X-Received: by 2002:a17:902:f70a:b0:215:a7e4:8475 with SMTP id d9443c01a7336-21c35557a0bmr504337475ad.24.1737698875140; Thu, 23 Jan 2025 22:07:55 -0800 (PST) Received: from pop-os.hsd1.ca.comcast.net ([2601:647:6881:9060:2d85:604b:726:74b9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da3ea55dasm8696095ad.101.2025.01.23.22.07.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Jan 2025 22:07:54 -0800 (PST) From: Cong Wang To: netdev@vger.kernel.org Cc: jhs@mojatatu.com, jiri@resnulli.us, quanglex97@gmail.com, mincho@theori.io, Cong Wang , Martin Ottens Subject: [Patch net 3/4] netem: update sch->q.qlen before qdisc_tree_reduce_backlog() Date: Thu, 23 Jan 2025 22:07:39 -0800 Message-Id: <20250124060740.356527-4-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124060740.356527-1-xiyou.wangcong@gmail.com> References: <20250124060740.356527-1-xiyou.wangcong@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Cong Wang qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc before calling it. Otherwise it would become a nop and result in UAF in DRR case (which is integrated in the following patch). Fixes: f8d4bc455047 ("net/sched: netem: account for backlog updates from child qdisc") Cc: Martin Ottens Reported-by: Mingi Cho Signed-off-by: Cong Wang --- net/sched/sch_netem.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/sched/sch_netem.c b/net/sched/sch_netem.c index 71ec9986ed37..fdd79d3ccd8c 100644 --- a/net/sched/sch_netem.c +++ b/net/sched/sch_netem.c @@ -749,9 +749,9 @@ static struct sk_buff *netem_dequeue(struct Qdisc *sch) if (err != NET_XMIT_SUCCESS) { if (net_xmit_drop_count(err)) qdisc_qstats_drop(sch); - qdisc_tree_reduce_backlog(sch, 1, pkt_len); sch->qstats.backlog -= pkt_len; sch->q.qlen--; + qdisc_tree_reduce_backlog(sch, 1, pkt_len); } goto tfifo_dequeue; } From patchwork Fri Jan 24 06:07:40 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Cong Wang X-Patchwork-Id: 13948968 X-Patchwork-Delegate: kuba@kernel.org Received: from mail-pl1-f175.google.com (mail-pl1-f175.google.com [209.85.214.175]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DF34D1D968E for ; Fri, 24 Jan 2025 06:07:57 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.175 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737698879; cv=none; b=MoWk/6rdHXa22dcdpbTNS6iJBqQ5/dxOtoCMbHtzcIuTey87gkiuHfxRGEfMogrFx/n86TquioLE8IPhWYg94UJkPIZqW48H/p+H42MEMKHhI/H53YvZOTczzLNNhi6c2CwJOlGZSRiIpIcI5URs/yxdXYJVuJonYLvaA5V5lck= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1737698879; c=relaxed/simple; bh=NGQZyMvtGPJctqp/u7KirqF8TEL0GrjtH6RmqQFvBZc=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=cH5fWwYAfykJkmqTiFR6B2ccIS+3ZDLInwIjocsGlJCniFCzU0vZ9BQcKjr3uopN4AE/GRE/dn+o1l+XL6MmqYHgOIkuW1DJ+n4uEQdzrP1t50j5MlZp3ZbBx1j7w9tsjhTgCto3X2kTjaR2oB02pUzc3cUeBwLWIMVBGnS/nvg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=UDRxKT1D; arc=none smtp.client-ip=209.85.214.175 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="UDRxKT1D" Received: by mail-pl1-f175.google.com with SMTP id d9443c01a7336-21649a7bcdcso29954415ad.1 for ; Thu, 23 Jan 2025 22:07:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1737698877; x=1738303677; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=XT1ci9/QE3bV2zcCOvz/9PZR+oE9y+h4s0OlCPGky18=; b=UDRxKT1DqM1dN5+/FPKm7sHKG3ntwmeFN+zWAMe7t13/BSshnHafhw9Eqq0wJJPfYl KtnCE81gS+o0PZnFhf61ApNve8APqRr6XkkBOQEQ1yzrRWraQHSiNyAzQ/6wcsJgjo/6 xSnCSn1eaLXJ/4bzqeCgyubVNEN9koJNMD5VfA5EKtbkCc04ePle5P6BOhtNnPiirCoW 1IWFHvzeLRXN53O8atduDVhd9JqN0Hz0WLottujo4q03sz72gEc/EL+knYuCMmHOTXwa /ERqiTyUcNKJXKhGLQTrkfL2tcPzX7jziTt4bjttPX2NpBMK2xYYu+sOYubIakgeqzIl 7xBw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737698877; x=1738303677; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=XT1ci9/QE3bV2zcCOvz/9PZR+oE9y+h4s0OlCPGky18=; b=mF47RGSJeR/3qdI52KqchBZV/HwEAEx9ZXlH7rUr307Kx1JjjW/J95y1OeJk3xdwIp rqFmE6g1pV+DwNqSJadOqP6CI1UYm7Yh+gEcP0YKV8GOndPJsYXqA5AELeT8tRgBSYKF 9vmjkww+DzwCd+Fh+K7FlU0kJQaZUbkmI9TGDjeMSZC4g8qjOywjr0LjcY4ISB3sff+8 8zB/sLXmUKaPUS8Gvl2y8IMh0kXji9yUa16XvFYL5v6KcBJ4Z0xnZo1GXvG7LblCV13J 6T2KWLCoO7w4jk0YnYvw8hpnZyegmeFFm1M44NZcKxIsr3RrJ3uVA6GYWV1KSszqCGte Q+4w== X-Gm-Message-State: AOJu0Yz/d7moTBtnNuf/SBFGuWCJRrVATFvwYV1GoOsWUqOLymxFlVY/ ZRcrV9mKQkEilq7vUHy5JRH8R0h6d6iOG4Jzw7LpxvUEovGabtpzkGDXfQ== X-Gm-Gg: ASbGncukUHWGbq0AM2JPtJSjAWcC+oquXZIfRA+fSIhAasKZ8KICwYEjwwhm/9bIMdy a4O279esbydfMEPqxc60zWRagLcBpWJTMuYbfbGik0B54gSHp2iD+x7QHqx8sMlDxnuIJv1TPCE JmbGqQYJO+Lp0S2rgNCHX+4b9UV5jX77aOB5JR0n4+8FVbJWYA2aBhOaWO8rBgbakyBxHPrKrgl UwXdntVmaeX5V2QYw4glgZwbYhaXOCTnc1njBhRBGuTY8fUNQMl6t55It/uvSbXPeoywgfMWPc3 sT9HQwHvNdvfsKO3Oh0kIR7LzAM0Vonc X-Google-Smtp-Source: AGHT+IGw8X4zaq91BiGxL9cCMFCn3Ys7WOY0DuoYkH0F/Y2tfMRivH3rsnN0PtVHTVqd/S/n0UYG/w== X-Received: by 2002:a17:902:f689:b0:215:5935:7eef with SMTP id d9443c01a7336-21c35549f0fmr413151565ad.22.1737698876734; Thu, 23 Jan 2025 22:07:56 -0800 (PST) Received: from pop-os.hsd1.ca.comcast.net ([2601:647:6881:9060:2d85:604b:726:74b9]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-21da3ea55dasm8696095ad.101.2025.01.23.22.07.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 23 Jan 2025 22:07:55 -0800 (PST) From: Cong Wang To: netdev@vger.kernel.org Cc: jhs@mojatatu.com, jiri@resnulli.us, quanglex97@gmail.com, mincho@theori.io, Cong Wang Subject: [Patch net 4/4] selftests/tc-testing: add tests for qdisc_tree_reduce_backlog Date: Thu, 23 Jan 2025 22:07:40 -0800 Message-Id: <20250124060740.356527-5-xiyou.wangcong@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <20250124060740.356527-1-xiyou.wangcong@gmail.com> References: <20250124060740.356527-1-xiyou.wangcong@gmail.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Patchwork-Delegate: kuba@kernel.org From: Cong Wang Integrate the test case provided by Mingi Cho into TDC. All test results: 1..4 ok 1 ca5e - Check class delete notification for ffff: ok 2 e4b7 - Check class delete notification for root ffff: ok 3 33a9 - Check ingress is not searchable on backlog update ok 4 a4b9 - Check class qlen notification Cc: Mingi Cho Signed-off-by: Cong Wang --- .../tc-testing/tc-tests/infra/qdiscs.json | 34 ++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/tools/testing/selftests/tc-testing/tc-tests/infra/qdiscs.json b/tools/testing/selftests/tc-testing/tc-tests/infra/qdiscs.json index d3dd65b05b5f..5810869a0636 100644 --- a/tools/testing/selftests/tc-testing/tc-tests/infra/qdiscs.json +++ b/tools/testing/selftests/tc-testing/tc-tests/infra/qdiscs.json @@ -94,5 +94,37 @@ "$TC qdisc del dev $DUMMY ingress", "$IP addr del 10.10.10.10/24 dev $DUMMY" ] - } + }, + { + "id": "a4b9", + "name": "Check class qlen notification", + "category": [ + "qdisc" + ], + "plugins": { + "requires": "nsPlugin" + }, + "setup": [ + "$IP link set dev $DUMMY up || true", + "$IP addr add 10.10.10.10/24 dev $DUMMY || true", + "$TC qdisc add dev $DUMMY root handle 1: drr", + "$TC filter add dev $DUMMY parent 1: basic classid 1:1", + "$TC class add dev $DUMMY parent 1: classid 1:1 drr", + "$TC qdisc add dev $DUMMY parent 1:1 handle 2: netem", + "$TC qdisc add dev $DUMMY parent 2: handle 3: drr", + "$TC filter add dev $DUMMY parent 3: basic action drop", + "$TC class add dev $DUMMY parent 3: classid 3:1 drr", + "$TC class del dev $DUMMY classid 1:1", + "$TC class add dev $DUMMY parent 1: classid 1:1 drr" + ], + "cmdUnderTest": "ping -c1 -W0.01 -I $DUMMY 10.10.10.1", + "expExitCode": "1", + "verifyCmd": "$TC qdisc ls dev $DUMMY", + "matchPattern": "drr 1: root", + "matchCount": "1", + "teardown": [ + "$TC qdisc del dev $DUMMY root handle 1: drr", + "$IP addr del 10.10.10.10/24 dev $DUMMY" + ] + } ]