[PATCH nf] netfilter: flowtable: always init block_offload struct

[PATCH nf] netfilter: flowtable: always init block_offload struct

[Florian Westphal]

nftables test case
tests/shell/testcases/flowtable/0001flowtable_0

results in a crash. After the refactor, if we leave early via
nf_flowtable_hw_offload(), then "struct flow_block_offload" is left
in an uninitialized state, but later users assume its initialised.

Fixes: a7965d58ddab02 ("netfilter: flowtable: add nf_flow_table_offload_cmd()")
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 I can't test this with HW offload, but at least it gets rid of
 the crash for me.

 net/netfilter/nf_flow_table_offload.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index c8b70ffeef0c..f909938e8dc4 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -846,12 +846,6 @@ static int nf_flow_table_offload_cmd(struct flow_block_offload *bo,
 {
 	int err;
 
-	if (!nf_flowtable_hw_offload(flowtable))
-		return 0;
-
-	if (!dev->netdev_ops->ndo_setup_tc)
-		return -EOPNOTSUPP;
-
 	memset(bo, 0, sizeof(*bo));
 	bo->net		= dev_net(dev);
 	bo->block	= &flowtable->flow_block;
@@ -860,6 +854,12 @@ static int nf_flow_table_offload_cmd(struct flow_block_offload *bo,
 	bo->extack	= extack;
 	INIT_LIST_HEAD(&bo->cb_list);
 
+	if (!nf_flowtable_hw_offload(flowtable))
+		return 0;
+
+	if (!dev->netdev_ops->ndo_setup_tc)
+		return -EOPNOTSUPP;
+
 	err = dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_FT, bo);
 	if (err < 0)
 		return err;
-- 
2.24.1

Re: [PATCH nf] netfilter: flowtable: always init block_offload struct

[Pablo Neira Ayuso]

[-- Attachment #1: Type: text/plain, Size: 429 bytes --]

On Mon, Feb 03, 2020 at 01:06:18PM +0100, Florian Westphal wrote:
> nftables test case
> tests/shell/testcases/flowtable/0001flowtable_0
> 
> results in a crash. After the refactor, if we leave early via
> nf_flowtable_hw_offload(), then "struct flow_block_offload" is left
> in an uninitialized state, but later users assume its initialised.

Thanks Florian.

I'll apply this variant of your patch, and sorry for this breakage.

[-- Attachment #2: 0001-netfilter-flowtable-skip-offload-setup-if-disabled.patch --]
[-- Type: text/x-diff, Size: 1512 bytes --]

From 4ad807945211c623235ad2e0cbcea97fcc305b2c Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Mon, 3 Feb 2020 13:06:18 +0100
Subject: [PATCH] netfilter: flowtable: skip offload setup if disabled

nftables test case
tests/shell/testcases/flowtable/0001flowtable_0

results in a crash. After the refactor, if we leave early via
nf_flowtable_hw_offload(), then "struct flow_block_offload" is left
in an uninitialized state, but later users assume its initialised.

Fixes: a7965d58ddab02 ("netfilter: flowtable: add nf_flow_table_offload_cmd()")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_flow_table_offload.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index 83e1db37c3b0..06f00cdc3891 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -847,9 +847,6 @@ static int nf_flow_table_offload_cmd(struct flow_block_offload *bo,
 {
 	int err;
 
-	if (!nf_flowtable_hw_offload(flowtable))
-		return 0;
-
 	if (!dev->netdev_ops->ndo_setup_tc)
 		return -EOPNOTSUPP;
 
@@ -876,6 +873,9 @@ int nf_flow_table_offload_setup(struct nf_flowtable *flowtable,
 	struct flow_block_offload bo;
 	int err;
 
+	if (!nf_flowtable_hw_offload(flowtable))
+		return 0;
+
 	err = nf_flow_table_offload_cmd(&bo, flowtable, dev, cmd, &extack);
 	if (err < 0)
 		return err;
-- 
2.11.0