Commit 9808dd0a authored by Paul Blakey's avatar Paul Blakey Committed by Saeed Mahameed

net/mlx5e: CT: Use rhashtable's ct entries instead of a separate list

Fixes CT entries list corruption.

After allowing parallel insertion/removals in upper nf flow table
layer, unprotected ct entries list can be corrupted by parallel add/del
on the same flow table.

CT entries list is only used while freeing a ct zone flow table to
go over all the ct entries offloaded on that zone/table, and flush
the table.

As rhashtable already provides an api to go over all the inserted entries,
fix the race by using the rhashtable iteration instead, and remove the list.

Fixes: 7da182a9 ("netfilter: flowtable: Use work entry per offload command")
Reviewed-by: default avatarOz Shlomo <ozsh@mellanox.com>
Signed-off-by: default avatarPaul Blakey <paulb@mellanox.com>
Signed-off-by: default avatarSaeed Mahameed <saeedm@mellanox.com>
parent 230a1bc2
...@@ -67,11 +67,9 @@ struct mlx5_ct_ft { ...@@ -67,11 +67,9 @@ struct mlx5_ct_ft {
struct nf_flowtable *nf_ft; struct nf_flowtable *nf_ft;
struct mlx5_tc_ct_priv *ct_priv; struct mlx5_tc_ct_priv *ct_priv;
struct rhashtable ct_entries_ht; struct rhashtable ct_entries_ht;
struct list_head ct_entries_list;
}; };
struct mlx5_ct_entry { struct mlx5_ct_entry {
struct list_head list;
u16 zone; u16 zone;
struct rhash_head node; struct rhash_head node;
struct flow_rule *flow_rule; struct flow_rule *flow_rule;
...@@ -617,8 +615,6 @@ mlx5_tc_ct_block_flow_offload_add(struct mlx5_ct_ft *ft, ...@@ -617,8 +615,6 @@ mlx5_tc_ct_block_flow_offload_add(struct mlx5_ct_ft *ft,
if (err) if (err)
goto err_insert; goto err_insert;
list_add(&entry->list, &ft->ct_entries_list);
return 0; return 0;
err_insert: err_insert:
...@@ -646,7 +642,6 @@ mlx5_tc_ct_block_flow_offload_del(struct mlx5_ct_ft *ft, ...@@ -646,7 +642,6 @@ mlx5_tc_ct_block_flow_offload_del(struct mlx5_ct_ft *ft,
WARN_ON(rhashtable_remove_fast(&ft->ct_entries_ht, WARN_ON(rhashtable_remove_fast(&ft->ct_entries_ht,
&entry->node, &entry->node,
cts_ht_params)); cts_ht_params));
list_del(&entry->list);
kfree(entry); kfree(entry);
return 0; return 0;
...@@ -818,7 +813,6 @@ mlx5_tc_ct_add_ft_cb(struct mlx5_tc_ct_priv *ct_priv, u16 zone, ...@@ -818,7 +813,6 @@ mlx5_tc_ct_add_ft_cb(struct mlx5_tc_ct_priv *ct_priv, u16 zone,
ft->zone = zone; ft->zone = zone;
ft->nf_ft = nf_ft; ft->nf_ft = nf_ft;
ft->ct_priv = ct_priv; ft->ct_priv = ct_priv;
INIT_LIST_HEAD(&ft->ct_entries_list);
refcount_set(&ft->refcount, 1); refcount_set(&ft->refcount, 1);
err = rhashtable_init(&ft->ct_entries_ht, &cts_ht_params); err = rhashtable_init(&ft->ct_entries_ht, &cts_ht_params);
...@@ -847,12 +841,12 @@ mlx5_tc_ct_add_ft_cb(struct mlx5_tc_ct_priv *ct_priv, u16 zone, ...@@ -847,12 +841,12 @@ mlx5_tc_ct_add_ft_cb(struct mlx5_tc_ct_priv *ct_priv, u16 zone,
} }
static void static void
mlx5_tc_ct_flush_ft(struct mlx5_tc_ct_priv *ct_priv, struct mlx5_ct_ft *ft) mlx5_tc_ct_flush_ft_entry(void *ptr, void *arg)
{ {
struct mlx5_ct_entry *entry; struct mlx5_tc_ct_priv *ct_priv = arg;
struct mlx5_ct_entry *entry = ptr;
list_for_each_entry(entry, &ft->ct_entries_list, list) mlx5_tc_ct_entry_del_rules(ct_priv, entry);
mlx5_tc_ct_entry_del_rules(ft->ct_priv, entry);
} }
static void static void
...@@ -863,9 +857,10 @@ mlx5_tc_ct_del_ft_cb(struct mlx5_tc_ct_priv *ct_priv, struct mlx5_ct_ft *ft) ...@@ -863,9 +857,10 @@ mlx5_tc_ct_del_ft_cb(struct mlx5_tc_ct_priv *ct_priv, struct mlx5_ct_ft *ft)
nf_flow_table_offload_del_cb(ft->nf_ft, nf_flow_table_offload_del_cb(ft->nf_ft,
mlx5_tc_ct_block_flow_offload, ft); mlx5_tc_ct_block_flow_offload, ft);
mlx5_tc_ct_flush_ft(ct_priv, ft);
rhashtable_remove_fast(&ct_priv->zone_ht, &ft->node, zone_params); rhashtable_remove_fast(&ct_priv->zone_ht, &ft->node, zone_params);
rhashtable_destroy(&ft->ct_entries_ht); rhashtable_free_and_destroy(&ft->ct_entries_ht,
mlx5_tc_ct_flush_ft_entry,
ct_priv);
kfree(ft); kfree(ft);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment