diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-29650/0001-netfilter-x_tables-Use-correct-memory-barriers.patch')
-rw-r--r-- | meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-29650/0001-netfilter-x_tables-Use-correct-memory-barriers.patch | 58 |
1 files changed, 58 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-29650/0001-netfilter-x_tables-Use-correct-memory-barriers.patch b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-29650/0001-netfilter-x_tables-Use-correct-memory-barriers.patch new file mode 100644 index 000000000..b0232e56d --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-kernel/linux/linux-aspeed/CVE-2021-29650/0001-netfilter-x_tables-Use-correct-memory-barriers.patch @@ -0,0 +1,58 @@ +From add3b2ec508d24c739ad1842dc1590fd0ca026f9 Mon Sep 17 00:00:00 2001 +From: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz> +Date: Mon, 8 Mar 2021 14:24:13 +1300 +Subject: [PATCH] netfilter: x_tables: Use correct memory barriers. + +When a new table value was assigned, it was followed by a write memory +barrier. This ensured that all writes before this point would complete +before any writes after this point. However, to determine whether the +rules are unused, the sequence counter is read. To ensure that all +writes have been done before these reads, a full memory barrier is +needed, not just a write memory barrier. The same argument applies when +incrementing the counter, before the rules are read. + +Changing to using smp_mb() instead of smp_wmb() fixes the kernel panic +reported in cc00bcaa5899 (which is still present), while still +maintaining the same speed of replacing tables. + +The smb_mb() barriers potentially slow the packet path, however testing +has shown no measurable change in performance on a 4-core MIPS64 +platform. + +Fixes: 7f5c6d4f665b ("netfilter: get rid of atomic ops in fast path") +Signed-off-by: Mark Tomlinson <mark.tomlinson@alliedtelesis.co.nz> +Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> +--- + include/linux/netfilter/x_tables.h | 2 +- + net/netfilter/x_tables.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h +index 1b261c51b3a3..04e7f5630509 100644 +--- a/include/linux/netfilter/x_tables.h ++++ b/include/linux/netfilter/x_tables.h +@@ -376,7 +376,7 @@ static inline unsigned int xt_write_recseq_begin(void) + * since addend is most likely 1 + */ + __this_cpu_add(xt_recseq.sequence, addend); +- smp_wmb(); ++ smp_mb(); + + return addend; + } +diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c +index 44f971f31992..e1a5a32605a4 100644 +--- a/net/netfilter/x_tables.c ++++ b/net/netfilter/x_tables.c +@@ -1387,7 +1387,7 @@ xt_replace_table(struct xt_table *table, + table->private = newinfo; + + /* make sure all cpus see new ->private value */ +- smp_wmb(); ++ smp_mb(); + + /* + * Even though table entries have now been swapped, other CPU's +-- +2.17.1 + |