Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH nf] netfilter: flowtable: always init block_offload struct
@ 2020-02-03 12:06 Florian Westphal
  2020-02-07 11:20 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Florian Westphal @ 2020-02-03 12:06 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Florian Westphal

nftables test case
tests/shell/testcases/flowtable/0001flowtable_0

results in a crash. After the refactor, if we leave early via
nf_flowtable_hw_offload(), then "struct flow_block_offload" is left
in an uninitialized state, but later users assume its initialised.

Fixes: a7965d58ddab02 ("netfilter: flowtable: add nf_flow_table_offload_cmd()")
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 I can't test this with HW offload, but at least it gets rid of
 the crash for me.

 net/netfilter/nf_flow_table_offload.c | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index c8b70ffeef0c..f909938e8dc4 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -846,12 +846,6 @@ static int nf_flow_table_offload_cmd(struct flow_block_offload *bo,
 {
 	int err;
 
-	if (!nf_flowtable_hw_offload(flowtable))
-		return 0;
-
-	if (!dev->netdev_ops->ndo_setup_tc)
-		return -EOPNOTSUPP;
-
 	memset(bo, 0, sizeof(*bo));
 	bo->net		= dev_net(dev);
 	bo->block	= &flowtable->flow_block;
@@ -860,6 +854,12 @@ static int nf_flow_table_offload_cmd(struct flow_block_offload *bo,
 	bo->extack	= extack;
 	INIT_LIST_HEAD(&bo->cb_list);
 
+	if (!nf_flowtable_hw_offload(flowtable))
+		return 0;
+
+	if (!dev->netdev_ops->ndo_setup_tc)
+		return -EOPNOTSUPP;
+
 	err = dev->netdev_ops->ndo_setup_tc(dev, TC_SETUP_FT, bo);
 	if (err < 0)
 		return err;
-- 
2.24.1


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH nf] netfilter: flowtable: always init block_offload struct
  2020-02-03 12:06 [PATCH nf] netfilter: flowtable: always init block_offload struct Florian Westphal
@ 2020-02-07 11:20 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2020-02-07 11:20 UTC (permalink / raw)
  To: Florian Westphal; +Cc: netfilter-devel

[-- Attachment #1: Type: text/plain, Size: 429 bytes --]

On Mon, Feb 03, 2020 at 01:06:18PM +0100, Florian Westphal wrote:
> nftables test case
> tests/shell/testcases/flowtable/0001flowtable_0
> 
> results in a crash. After the refactor, if we leave early via
> nf_flowtable_hw_offload(), then "struct flow_block_offload" is left
> in an uninitialized state, but later users assume its initialised.

Thanks Florian.

I'll apply this variant of your patch, and sorry for this breakage.

[-- Attachment #2: 0001-netfilter-flowtable-skip-offload-setup-if-disabled.patch --]
[-- Type: text/x-diff, Size: 1512 bytes --]

From 4ad807945211c623235ad2e0cbcea97fcc305b2c Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Mon, 3 Feb 2020 13:06:18 +0100
Subject: [PATCH] netfilter: flowtable: skip offload setup if disabled

nftables test case
tests/shell/testcases/flowtable/0001flowtable_0

results in a crash. After the refactor, if we leave early via
nf_flowtable_hw_offload(), then "struct flow_block_offload" is left
in an uninitialized state, but later users assume its initialised.

Fixes: a7965d58ddab02 ("netfilter: flowtable: add nf_flow_table_offload_cmd()")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nf_flow_table_offload.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/netfilter/nf_flow_table_offload.c b/net/netfilter/nf_flow_table_offload.c
index 83e1db37c3b0..06f00cdc3891 100644
--- a/net/netfilter/nf_flow_table_offload.c
+++ b/net/netfilter/nf_flow_table_offload.c
@@ -847,9 +847,6 @@ static int nf_flow_table_offload_cmd(struct flow_block_offload *bo,
 {
 	int err;
 
-	if (!nf_flowtable_hw_offload(flowtable))
-		return 0;
-
 	if (!dev->netdev_ops->ndo_setup_tc)
 		return -EOPNOTSUPP;
 
@@ -876,6 +873,9 @@ int nf_flow_table_offload_setup(struct nf_flowtable *flowtable,
 	struct flow_block_offload bo;
 	int err;
 
+	if (!nf_flowtable_hw_offload(flowtable))
+		return 0;
+
 	err = nf_flow_table_offload_cmd(&bo, flowtable, dev, cmd, &extack);
 	if (err < 0)
 		return err;
-- 
2.11.0


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-03 12:06 [PATCH nf] netfilter: flowtable: always init block_offload struct Florian Westphal
2020-02-07 11:20 ` Pablo Neira Ayuso

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org
	public-inbox-index netfilter-devel

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git