From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Stefano Brivio <sbrivio@redhat.com>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Sasha Levin <sashal@kernel.org>,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 5.8 06/53] netfilter: nft_set_rbtree: Detect partial overlap with start endpoint match
Date: Mon, 7 Sep 2020 12:31:32 -0400 [thread overview]
Message-ID: <20200907163220.1280412-6-sashal@kernel.org> (raw)
In-Reply-To: <20200907163220.1280412-1-sashal@kernel.org>
From: Stefano Brivio <sbrivio@redhat.com>
[ Upstream commit 0726763043dc10dd4c12481f050b1a5ef8f15410 ]
Getting creative with nft and omitting the interval_overlap()
check from the set_overlap() function, without omitting
set_overlap() altogether, led to the observation of a partial
overlap that wasn't detected, and would actually result in
replacement of the end element of an existing interval.
This is due to the fact that we'll return -EEXIST on a matching,
pre-existing start element, instead of -ENOTEMPTY, and the error
is cleared by API if NLM_F_EXCL is not given. At this point, we
can insert a matching start, and duplicate the end element as long
as we don't end up into other intervals.
For instance, inserting interval 0 - 2 with an existing 0 - 3
interval would result in a single 0 - 2 interval, and a dangling
'3' end element. This is because nft will proceed after inserting
the '0' start element as no error is reported, and no further
conflicting intervals are detected on insertion of the end element.
This needs a different approach as it's a local condition that can
be detected by looking for duplicate ends coming from left and
right, separately. Track those and directly report -ENOTEMPTY on
duplicated end elements for a matching start.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/netfilter/nft_set_rbtree.c | 34 +++++++++++++++++++++++++++++++++-
1 file changed, 33 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
index b85ce6f0c0a6f..f317ad80cd6bc 100644
--- a/net/netfilter/nft_set_rbtree.c
+++ b/net/netfilter/nft_set_rbtree.c
@@ -218,11 +218,11 @@ static int __nft_rbtree_insert(const struct net *net, const struct nft_set *set,
struct nft_rbtree_elem *new,
struct nft_set_ext **ext)
{
+ bool overlap = false, dup_end_left = false, dup_end_right = false;
struct nft_rbtree *priv = nft_set_priv(set);
u8 genmask = nft_genmask_next(net);
struct nft_rbtree_elem *rbe;
struct rb_node *parent, **p;
- bool overlap = false;
int d;
/* Detect overlaps as we descend the tree. Set the flag in these cases:
@@ -262,6 +262,20 @@ static int __nft_rbtree_insert(const struct net *net, const struct nft_set *set,
*
* which always happen as last step and imply that no further
* overlapping is possible.
+ *
+ * Another special case comes from the fact that start elements matching
+ * an already existing start element are allowed: insertion is not
+ * performed but we return -EEXIST in that case, and the error will be
+ * cleared by the caller if NLM_F_EXCL is not present in the request.
+ * This way, request for insertion of an exact overlap isn't reported as
+ * error to userspace if not desired.
+ *
+ * However, if the existing start matches a pre-existing start, but the
+ * end element doesn't match the corresponding pre-existing end element,
+ * we need to report a partial overlap. This is a local condition that
+ * can be noticed without need for a tracking flag, by checking for a
+ * local duplicated end for a corresponding start, from left and right,
+ * separately.
*/
parent = NULL;
@@ -281,19 +295,35 @@ static int __nft_rbtree_insert(const struct net *net, const struct nft_set *set,
!nft_set_elem_expired(&rbe->ext) && !*p)
overlap = false;
} else {
+ if (dup_end_left && !*p)
+ return -ENOTEMPTY;
+
overlap = nft_rbtree_interval_end(rbe) &&
nft_set_elem_active(&rbe->ext,
genmask) &&
!nft_set_elem_expired(&rbe->ext);
+
+ if (overlap) {
+ dup_end_right = true;
+ continue;
+ }
}
} else if (d > 0) {
p = &parent->rb_right;
if (nft_rbtree_interval_end(new)) {
+ if (dup_end_right && !*p)
+ return -ENOTEMPTY;
+
overlap = nft_rbtree_interval_end(rbe) &&
nft_set_elem_active(&rbe->ext,
genmask) &&
!nft_set_elem_expired(&rbe->ext);
+
+ if (overlap) {
+ dup_end_left = true;
+ continue;
+ }
} else if (nft_set_elem_active(&rbe->ext, genmask) &&
!nft_set_elem_expired(&rbe->ext)) {
overlap = nft_rbtree_interval_end(rbe);
@@ -321,6 +351,8 @@ static int __nft_rbtree_insert(const struct net *net, const struct nft_set *set,
p = &parent->rb_left;
}
}
+
+ dup_end_left = dup_end_right = false;
}
if (overlap)
--
2.25.1
next prev parent reply other threads:[~2020-09-07 17:13 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-07 16:31 [PATCH AUTOSEL 5.8 01/53] ARC: HSDK: wireup perf irq Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 02/53] dmaengine: acpi: Put the CSRT table after using it Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 03/53] MIPS: Loongson64: Do not override watch and ejtag feature Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 04/53] netfilter: conntrack: allow sctp hearbeat after connection re-use Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 05/53] rxrpc: Keep the ACK serial in a var in rxrpc_input_ack() Sasha Levin
2020-09-07 16:31 ` Sasha Levin [this message]
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 07/53] drivers/net/wan/lapbether: Added needed_tailroom Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 08/53] NFC: st95hf: Fix memleak in st95hf_in_send_cmd Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 09/53] firestream: Fix memleak in fs_open Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 10/53] scsi: qedf: Fix null ptr reference in qedf_stag_change_work Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 11/53] ALSA: hda: Fix 2 channel swapping for Tegra Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 12/53] ALSA: hda/tegra: Program WAKEEN register " Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 13/53] drivers/dma/dma-jz4780: Fix race condition between probe and irq handler Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 14/53] ibmvnic fix NULL tx_pools and rx_tools issue at do_reset Sasha Levin
2020-09-07 21:10 ` Jakub Kicinski
2020-09-07 22:24 ` Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 15/53] net: hns3: Fix for geneve tx checksum bug Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 16/53] xfs: fix off-by-one in inode alloc block reservation calculation Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 17/53] drivers/net/wan/lapbether: Set network_header before transmitting Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 18/53] wireless: fix wrong 160/80+80 MHz setting Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 19/53] cfg80211: regulatory: reject invalid hints Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 20/53] mac80211: reduce packet loss event false positives Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 21/53] cfg80211: Adjust 6 GHz frequency to channel conversion Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 22/53] net: usb: Fix uninit-was-stored issue in asix_read_phy_addr() Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 23/53] xfs: initialize the shortform attr header padding entry Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 24/53] ARC: show_regs: fix r12 printing and simplify Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 25/53] irqchip/eznps: Fix build error for !ARC700 builds Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 26/53] media: gpio-ir-tx: spinlock is not needed to disable interrupts Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 27/53] nvmet-tcp: Fix NULL dereference when a connect data comes in h2cdata pdu Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 28/53] nvme-fabrics: don't check state NVME_CTRL_NEW for request acceptance Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 29/53] nvme: have nvme_wait_freeze_timeout return if it timed out Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 30/53] nvme-tcp: serialize controller teardown sequences Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 31/53] nvme-tcp: fix timeout handler Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 32/53] nvme-tcp: fix reset hang if controller died in the middle of a reset Sasha Levin
2020-09-07 16:31 ` [PATCH AUTOSEL 5.8 33/53] nvme-rdma: serialize controller teardown sequences Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 34/53] nvme-rdma: fix timeout handler Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 35/53] nvme-rdma: fix reset hang if controller died in the middle of a reset Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 36/53] nvme-pci: cancel nvme device request before disabling Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 37/53] HID: quirks: Set INCREMENT_USAGE_ON_DUPLICATE for all Saitek X52 devices Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 38/53] HID: microsoft: Add rumble support for the 8bitdo SN30 Pro+ controller Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 39/53] drivers/net/wan/hdlc_cisco: Add hard_header_len Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 40/53] HID: elan: Fix memleak in elan_input_configured Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 41/53] ARC: [plat-hsdk]: Switch ethernet phy-mode to rgmii-id Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 42/53] cpufreq: intel_pstate: Refuse to turn off with HWP enabled Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 43/53] cpufreq: intel_pstate: Fix intel_pstate_get_hwp_max() for turbo disabled Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 44/53] net: usb: dm9601: Add USB ID of Keenetic Plus DSL Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 45/53] arm64/module: set trampoline section flags regardless of CONFIG_DYNAMIC_FTRACE Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 46/53] ALSA: hda: hdmi - add Rocketlake support Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 47/53] ALSA: hda: fix a runtime pm issue in SOF when integrated GPU is disabled Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 48/53] ALSA: hda: use consistent HDAudio spelling in comments/docs Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 49/53] drivers/net/wan/hdlc: Change the default of hard_header_len to 0 Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 50/53] drm/amdgpu: Fix bug in reporting voltage for CIK Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 51/53] iommu/amd: Do not force direct mapping when SME is active Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 52/53] iommu/amd: Do not use IOMMUv2 functionality " Sasha Levin
2020-09-07 16:32 ` [PATCH AUTOSEL 5.8 53/53] gcov: Disable gcov build with GCC 10 Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200907163220.1280412-6-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=coreteam@netfilter.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=sbrivio@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).