Message ID | 20200331080757.188294-1-jo@mein.io |
---|---|
State | Accepted |
Delegated to: | Jo-Philipp Wich |
Headers | show |
Series | [OpenWrt-Devel] target: drop 616-net_optimize_xfrm_calls.patch | expand |
On 31.03.20 10:07, Jo-Philipp Wich wrote: > The conditional check introduced by this patch may trigger a NULL pointer > dereference in case the result of dev_net() is NULL. > > Since the purpose of this patch is neither sufficiently explained and since > this patch apparently has never been submitted upstream despite it being in > the pending-* patch directory, I propose to drop it without replacement. > > If the performance implications of dropping this patch are found to be > significiant, it should be reintroduced with proper description and > benchmark results. > > Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2943 > Signed-off-by: Jo-Philipp Wich <jo@mein.io> Acked-by: John Crispin <john@phrozen.org> > --- > .../616-net_optimize_xfrm_calls.patch | 20 ------------------- > .../616-net_optimize_xfrm_calls.patch | 20 ------------------- > .../616-net_optimize_xfrm_calls.patch | 20 ------------------- > 3 files changed, 60 deletions(-) > delete mode 100644 target/linux/generic/pending-4.14/616-net_optimize_xfrm_calls.patch > delete mode 100644 target/linux/generic/pending-4.19/616-net_optimize_xfrm_calls.patch > delete mode 100644 target/linux/generic/pending-5.4/616-net_optimize_xfrm_calls.patch > > diff --git a/target/linux/generic/pending-4.14/616-net_optimize_xfrm_calls.patch b/target/linux/generic/pending-4.14/616-net_optimize_xfrm_calls.patch > deleted file mode 100644 > index c64694ea3c..0000000000 > --- a/target/linux/generic/pending-4.14/616-net_optimize_xfrm_calls.patch > +++ /dev/null > @@ -1,20 +0,0 @@ > -From: Felix Fietkau <nbd@nbd.name> > -Subject: kernel: add a small xfrm related performance optimization > - > -Signed-off-by: Felix Fietkau <nbd@nbd.name> > ---- > - net/netfilter/nf_nat_core.c | 3 +++ > - 1 file changed, 3 insertions(+) > - > ---- a/net/netfilter/nf_nat_core.c > -+++ b/net/netfilter/nf_nat_core.c > -@@ -90,6 +90,9 @@ int nf_xfrm_me_harder(struct net *net, s > - struct dst_entry *dst; > - int err; > - > -+ if (skb->dev && !dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT]) > -+ return 0; > -+ > - err = xfrm_decode_session(skb, &fl, family); > - if (err < 0) > - return err; > diff --git a/target/linux/generic/pending-4.19/616-net_optimize_xfrm_calls.patch b/target/linux/generic/pending-4.19/616-net_optimize_xfrm_calls.patch > deleted file mode 100644 > index 6a5801027c..0000000000 > --- a/target/linux/generic/pending-4.19/616-net_optimize_xfrm_calls.patch > +++ /dev/null > @@ -1,20 +0,0 @@ > -From: Felix Fietkau <nbd@nbd.name> > -Subject: kernel: add a small xfrm related performance optimization > - > -Signed-off-by: Felix Fietkau <nbd@nbd.name> > ---- > - net/netfilter/nf_nat_core.c | 3 +++ > - 1 file changed, 3 insertions(+) > - > ---- a/net/netfilter/nf_nat_core.c > -+++ b/net/netfilter/nf_nat_core.c > -@@ -110,6 +110,9 @@ int nf_xfrm_me_harder(struct net *net, s > - struct sock *sk = skb->sk; > - int err; > - > -+ if (skb->dev && !dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT]) > -+ return 0; > -+ > - err = xfrm_decode_session(skb, &fl, family); > - if (err < 0) > - return err; > diff --git a/target/linux/generic/pending-5.4/616-net_optimize_xfrm_calls.patch b/target/linux/generic/pending-5.4/616-net_optimize_xfrm_calls.patch > deleted file mode 100644 > index 952bf690d8..0000000000 > --- a/target/linux/generic/pending-5.4/616-net_optimize_xfrm_calls.patch > +++ /dev/null > @@ -1,20 +0,0 @@ > -From: Felix Fietkau <nbd@nbd.name> > -Subject: kernel: add a small xfrm related performance optimization > - > -Signed-off-by: Felix Fietkau <nbd@nbd.name> > ---- > - net/netfilter/nf_nat_core.c | 3 +++ > - 1 file changed, 3 insertions(+) > - > ---- a/net/netfilter/nf_nat_core.c > -+++ b/net/netfilter/nf_nat_core.c > -@@ -155,6 +155,9 @@ int nf_xfrm_me_harder(struct net *net, s > - struct sock *sk = skb->sk; > - int err; > - > -+ if (skb->dev && !dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT]) > -+ return 0; > -+ > - err = xfrm_decode_session(skb, &fl, family); > - if (err < 0) > - return err;
Hi, > -----Original Message----- > From: openwrt-devel [mailto:openwrt-devel-bounces@lists.openwrt.org] > On Behalf Of Jo-Philipp Wich > Sent: Dienstag, 31. März 2020 10:08 > To: openwrt-devel@lists.openwrt.org > Cc: Jo-Philipp Wich <jo@mein.io> > Subject: [OpenWrt-Devel] [PATCH] target: drop 616- > net_optimize_xfrm_calls.patch shouldn't the commit title prefix be "generic:" or "kernel:" or do I just understand something wrong here? Best Adrian > > The conditional check introduced by this patch may trigger a NULL pointer > dereference in case the result of dev_net() is NULL. > > Since the purpose of this patch is neither sufficiently explained and since this > patch apparently has never been submitted upstream despite it being in the > pending-* patch directory, I propose to drop it without replacement. > > If the performance implications of dropping this patch are found to be > significiant, it should be reintroduced with proper description and benchmark > results. > > Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2943 > Signed-off-by: Jo-Philipp Wich <jo@mein.io> > --- > .../616-net_optimize_xfrm_calls.patch | 20 ------------------- > .../616-net_optimize_xfrm_calls.patch | 20 ------------------- > .../616-net_optimize_xfrm_calls.patch | 20 ------------------- > 3 files changed, 60 deletions(-) > delete mode 100644 target/linux/generic/pending-4.14/616- > net_optimize_xfrm_calls.patch > delete mode 100644 target/linux/generic/pending-4.19/616- > net_optimize_xfrm_calls.patch > delete mode 100644 target/linux/generic/pending-5.4/616- > net_optimize_xfrm_calls.patch > > diff --git a/target/linux/generic/pending-4.14/616- > net_optimize_xfrm_calls.patch b/target/linux/generic/pending-4.14/616- > net_optimize_xfrm_calls.patch > deleted file mode 100644 > index c64694ea3c..0000000000 > --- a/target/linux/generic/pending-4.14/616-net_optimize_xfrm_calls.patch > +++ /dev/null > @@ -1,20 +0,0 @@ > -From: Felix Fietkau <nbd@nbd.name> > -Subject: kernel: add a small xfrm related performance optimization > - > -Signed-off-by: Felix Fietkau <nbd@nbd.name> > ---- > - net/netfilter/nf_nat_core.c | 3 +++ > - 1 file changed, 3 insertions(+) > - > ---- a/net/netfilter/nf_nat_core.c > -+++ b/net/netfilter/nf_nat_core.c > -@@ -90,6 +90,9 @@ int nf_xfrm_me_harder(struct net *net, s > - struct dst_entry *dst; > - int err; > - > -+ if (skb->dev && !dev_net(skb->dev)- > >xfrm.policy_count[XFRM_POLICY_OUT]) > -+ return 0; > -+ > - err = xfrm_decode_session(skb, &fl, family); > - if (err < 0) > - return err; > diff --git a/target/linux/generic/pending-4.19/616- > net_optimize_xfrm_calls.patch b/target/linux/generic/pending-4.19/616- > net_optimize_xfrm_calls.patch > deleted file mode 100644 > index 6a5801027c..0000000000 > --- a/target/linux/generic/pending-4.19/616-net_optimize_xfrm_calls.patch > +++ /dev/null > @@ -1,20 +0,0 @@ > -From: Felix Fietkau <nbd@nbd.name> > -Subject: kernel: add a small xfrm related performance optimization > - > -Signed-off-by: Felix Fietkau <nbd@nbd.name> > ---- > - net/netfilter/nf_nat_core.c | 3 +++ > - 1 file changed, 3 insertions(+) > - > ---- a/net/netfilter/nf_nat_core.c > -+++ b/net/netfilter/nf_nat_core.c > -@@ -110,6 +110,9 @@ int nf_xfrm_me_harder(struct net *net, s > - struct sock *sk = skb->sk; > - int err; > - > -+ if (skb->dev && !dev_net(skb->dev)- > >xfrm.policy_count[XFRM_POLICY_OUT]) > -+ return 0; > -+ > - err = xfrm_decode_session(skb, &fl, family); > - if (err < 0) > - return err; > diff --git a/target/linux/generic/pending-5.4/616- > net_optimize_xfrm_calls.patch b/target/linux/generic/pending-5.4/616- > net_optimize_xfrm_calls.patch > deleted file mode 100644 > index 952bf690d8..0000000000 > --- a/target/linux/generic/pending-5.4/616-net_optimize_xfrm_calls.patch > +++ /dev/null > @@ -1,20 +0,0 @@ > -From: Felix Fietkau <nbd@nbd.name> > -Subject: kernel: add a small xfrm related performance optimization > - > -Signed-off-by: Felix Fietkau <nbd@nbd.name> > ---- > - net/netfilter/nf_nat_core.c | 3 +++ > - 1 file changed, 3 insertions(+) > - > ---- a/net/netfilter/nf_nat_core.c > -+++ b/net/netfilter/nf_nat_core.c > -@@ -155,6 +155,9 @@ int nf_xfrm_me_harder(struct net *net, s > - struct sock *sk = skb->sk; > - int err; > - > -+ if (skb->dev && !dev_net(skb->dev)- > >xfrm.policy_count[XFRM_POLICY_OUT]) > -+ return 0; > -+ > - err = xfrm_decode_session(skb, &fl, family); > - if (err < 0) > - return err; > -- > 2.25.1 > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
diff --git a/target/linux/generic/pending-4.14/616-net_optimize_xfrm_calls.patch b/target/linux/generic/pending-4.14/616-net_optimize_xfrm_calls.patch deleted file mode 100644 index c64694ea3c..0000000000 --- a/target/linux/generic/pending-4.14/616-net_optimize_xfrm_calls.patch +++ /dev/null @@ -1,20 +0,0 @@ -From: Felix Fietkau <nbd@nbd.name> -Subject: kernel: add a small xfrm related performance optimization - -Signed-off-by: Felix Fietkau <nbd@nbd.name> ---- - net/netfilter/nf_nat_core.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/net/netfilter/nf_nat_core.c -+++ b/net/netfilter/nf_nat_core.c -@@ -90,6 +90,9 @@ int nf_xfrm_me_harder(struct net *net, s - struct dst_entry *dst; - int err; - -+ if (skb->dev && !dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT]) -+ return 0; -+ - err = xfrm_decode_session(skb, &fl, family); - if (err < 0) - return err; diff --git a/target/linux/generic/pending-4.19/616-net_optimize_xfrm_calls.patch b/target/linux/generic/pending-4.19/616-net_optimize_xfrm_calls.patch deleted file mode 100644 index 6a5801027c..0000000000 --- a/target/linux/generic/pending-4.19/616-net_optimize_xfrm_calls.patch +++ /dev/null @@ -1,20 +0,0 @@ -From: Felix Fietkau <nbd@nbd.name> -Subject: kernel: add a small xfrm related performance optimization - -Signed-off-by: Felix Fietkau <nbd@nbd.name> ---- - net/netfilter/nf_nat_core.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/net/netfilter/nf_nat_core.c -+++ b/net/netfilter/nf_nat_core.c -@@ -110,6 +110,9 @@ int nf_xfrm_me_harder(struct net *net, s - struct sock *sk = skb->sk; - int err; - -+ if (skb->dev && !dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT]) -+ return 0; -+ - err = xfrm_decode_session(skb, &fl, family); - if (err < 0) - return err; diff --git a/target/linux/generic/pending-5.4/616-net_optimize_xfrm_calls.patch b/target/linux/generic/pending-5.4/616-net_optimize_xfrm_calls.patch deleted file mode 100644 index 952bf690d8..0000000000 --- a/target/linux/generic/pending-5.4/616-net_optimize_xfrm_calls.patch +++ /dev/null @@ -1,20 +0,0 @@ -From: Felix Fietkau <nbd@nbd.name> -Subject: kernel: add a small xfrm related performance optimization - -Signed-off-by: Felix Fietkau <nbd@nbd.name> ---- - net/netfilter/nf_nat_core.c | 3 +++ - 1 file changed, 3 insertions(+) - ---- a/net/netfilter/nf_nat_core.c -+++ b/net/netfilter/nf_nat_core.c -@@ -155,6 +155,9 @@ int nf_xfrm_me_harder(struct net *net, s - struct sock *sk = skb->sk; - int err; - -+ if (skb->dev && !dev_net(skb->dev)->xfrm.policy_count[XFRM_POLICY_OUT]) -+ return 0; -+ - err = xfrm_decode_session(skb, &fl, family); - if (err < 0) - return err;
The conditional check introduced by this patch may trigger a NULL pointer dereference in case the result of dev_net() is NULL. Since the purpose of this patch is neither sufficiently explained and since this patch apparently has never been submitted upstream despite it being in the pending-* patch directory, I propose to drop it without replacement. If the performance implications of dropping this patch are found to be significiant, it should be reintroduced with proper description and benchmark results. Ref: https://bugs.openwrt.org/index.php?do=details&task_id=2943 Signed-off-by: Jo-Philipp Wich <jo@mein.io> --- .../616-net_optimize_xfrm_calls.patch | 20 ------------------- .../616-net_optimize_xfrm_calls.patch | 20 ------------------- .../616-net_optimize_xfrm_calls.patch | 20 ------------------- 3 files changed, 60 deletions(-) delete mode 100644 target/linux/generic/pending-4.14/616-net_optimize_xfrm_calls.patch delete mode 100644 target/linux/generic/pending-4.19/616-net_optimize_xfrm_calls.patch delete mode 100644 target/linux/generic/pending-5.4/616-net_optimize_xfrm_calls.patch