[bug report] net: ipv4: listified version of ip_rcv
Hello Edward Cree, The patch 7da517a3bc52: "net: core: Another step of skb receive list processing" from Jul 2, 2018, leads to the following static checker warning: net/core/dev.c:5001 netif_receive_skb_list_internal() warn: 'skb' was already freed. The patch 17266ee93984: "net: ipv4: listified version of ip_rcv" from Jul 2, 2018, leads to the following static checker warning: ./include/linux/netfilter.h:301 NF_HOOK_LIST() warn: 'skb' was already freed. net/core/dev.c 4982 static void netif_receive_skb_list_internal(struct list_head *head) 4983 { 4984 struct bpf_prog *xdp_prog = NULL; 4985 struct sk_buff *skb, *next; 4986 4987 list_for_each_entry_safe(skb, next, head, list) { 4988 net_timestamp_check(netdev_tstamp_prequeue, skb); 4989 if (skb_defer_rx_timestamp(skb)) 4990 /* Handled, remove from list */ 4991 list_del(>list); 4992 } 4993 4994 if (static_branch_unlikely(_xdp_needed_key)) { 4995 preempt_disable(); 4996 rcu_read_lock(); 4997 list_for_each_entry_safe(skb, next, head, list) { 4998 xdp_prog = rcu_dereference(skb->dev->xdp_prog); 4999 if (do_xdp_generic(xdp_prog, skb) != XDP_PASS) 5000 /* Dropped, remove from list */ 5001 list_del(>list); do_xdp_generic() frees skb. 5002 } 5003 rcu_read_unlock(); 5004 preempt_enable(); 5005 } ./include/linux/netfilter.h 291 static inline void 292 NF_HOOK_LIST(uint8_t pf, unsigned int hook, struct net *net, struct sock *sk, 293 struct list_head *head, struct net_device *in, struct net_device *out, 294 int (*okfn)(struct net *, struct sock *, struct sk_buff *)) 295 { 296 struct sk_buff *skb, *next; 297 298 list_for_each_entry_safe(skb, next, head, list) { 299 int ret = nf_hook(pf, hook, net, sk, skb, in, out, okfn); 300 if (ret != 1) 301 list_del(>list); For this one Smatch thinks that nf_hook() sometimes frees skb, but the code is less clear to me than for the previous warning so I don't know. 302 } 303 } regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next v4] net: netfilter: nf_tables_api: Use id allocation.
Hi Varsha, Thank you for the patch! Perhaps something to improve: url: https://github.com/0day-ci/linux/commits/Varsha-Rao/net-netfilter-nf_tables_api-Use-id-allocation/20180614-004233 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master New smatch warnings: net/netfilter/nf_tables_api.c:2962 nf_tables_set_alloc_name() error: uninitialized symbol 'id'. Old smatch warnings: net/netfilter/nf_tables_api.c:4314 nft_add_set_elem() error: uninitialized symbol 'ext2'. # https://github.com/0day-ci/linux/commit/c19707b85d3d68e8c0fc2a91b2b401832676f224 git remote add linux-review https://github.com/0day-ci/linux git remote update linux-review git checkout c19707b85d3d68e8c0fc2a91b2b401832676f224 vim +/id +2962 net/netfilter/nf_tables_api.c c19707b8 Varsha Rao2018-06-13 2923 20a69341 Patrick McHardy 2013-10-11 2924 static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set, 20a69341 Patrick McHardy 2013-10-11 2925 const char *name) 20a69341 Patrick McHardy 2013-10-11 2926 { 20a69341 Patrick McHardy 2013-10-11 2927 const struct nft_set *i; 20a69341 Patrick McHardy 2013-10-11 2928 const char *p; c19707b8 Varsha Rao2018-06-13 2929 int n = 0, id; c19707b8 Varsha Rao2018-06-13 2930 DEFINE_IDA(inuse); 20a69341 Patrick McHardy 2013-10-11 2931 38745490 Phil Sutter 2017-07-27 2932 p = strchr(name, '%'); 20a69341 Patrick McHardy 2013-10-11 2933 if (p != NULL) { 20a69341 Patrick McHardy 2013-10-11 2934 if (p[1] != 'd' || strchr(p + 2, '%')) 96518518 Patrick McHardy 2013-10-14 2935 return -EINVAL; 20a69341 Patrick McHardy 2013-10-11 2936 20a69341 Patrick McHardy 2013-10-11 2937 list_for_each_entry(i, >table->sets, list) { 14662917 Daniel Borkmann 2013-12-31 2938 int tmp; 14662917 Daniel Borkmann 2013-12-31 2939 37a9cc52 Pablo Neira Ayuso 2016-06-12 2940 if (!nft_is_active_next(ctx->net, set)) 37a9cc52 Pablo Neira Ayuso 2016-06-12 2941 continue; 14662917 Daniel Borkmann 2013-12-31 2942 if (!sscanf(i->name, name, )) 20a69341 Patrick McHardy 2013-10-11 2943 continue; c19707b8 Varsha Rao2018-06-13 2944 if (tmp < 0 || tmp >= NFT_SET_IDA_SIZE) 20a69341 Patrick McHardy 2013-10-11 2945 continue; 14662917 Daniel Borkmann 2013-12-31 2946 c19707b8 Varsha Rao2018-06-13 2947 n = ida_get_new_above(, tmp, ); c19707b8 Varsha Rao2018-06-13 2948 if ((n < 0) && (n != -EAGAIN)) c19707b8 Varsha Rao2018-06-13 2949 return n; 20a69341 Patrick McHardy 2013-10-11 2950 } c19707b8 Varsha Rao2018-06-13 2951 n = ida_get_new_above(, 0, ); Smatch is complaining that if n == -EAGAIN then id isn't initialized which seems legit. 20a69341 Patrick McHardy 2013-10-11 2952 c19707b8 Varsha Rao2018-06-13 2953 if ((n < 0) && (n != -EAGAIN)) { c19707b8 Varsha Rao2018-06-13 2954 if (n == -ENOSPC) c19707b8 Varsha Rao2018-06-13 2955 ida_destroy(); c19707b8 Varsha Rao2018-06-13 2956 return n; 60eb1894 Patrick McHardy 2014-03-07 2957 } c19707b8 Varsha Rao2018-06-13 2958 c19707b8 Varsha Rao2018-06-13 2959 ida_destroy(); 20a69341 Patrick McHardy 2013-10-11 2960 } 20a69341 Patrick McHardy 2013-10-11 2961 c19707b8 Varsha Rao2018-06-13 @2962 set->name = kasprintf(GFP_KERNEL, name, id); 38745490 Phil Sutter 2017-07-27 2963 if (!set->name) 38745490 Phil Sutter 2017-07-27 2964 return -ENOMEM; 38745490 Phil Sutter 2017-07-27 2965 20a69341 Patrick McHardy 2013-10-11 2966 list_for_each_entry(i, >table->sets, list) { 37a9cc52 Pablo Neira Ayuso 2016-06-12 2967 if (!nft_is_active_next(ctx->net, i)) 37a9cc52 Pablo Neira Ayuso 2016-06-12 2968 continue; e636 Arvind Yadav 2017-09-20 2969 if (!strcmp(set->name, i->name)) { e636 Arvind Yadav 2017-09-20 2970 kfree(set->name); 20a69341 Patrick McHardy 2013-10-11 2971 return -ENFILE; 20a69341 Patrick McHardy 2013-10-11 2972 } e636 Arvind Yadav 2017-09-20 2973 } 96518518 Patrick McHardy 2013-10-14 2974 return 0; 96518518 Patrick McHardy 2013-10-14 2975 } 20a69341 Patrick McHardy 2013-10-11 2976 --- 0-DAY kernel test infrastructureOpen Source Technology Center https://lists.01.org/pipermail/kbuild-all Intel Corporation -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at
[bug report] netfilter: add struct nf_nat_hook and use it
Hello Pablo Neira Ayuso, This is a semi-automatic email about new static checker warnings. The patch 2c205dd3981f: "netfilter: add struct nf_nat_hook and use it" from May 23, 2018, leads to the following Smatch complaint: net/netfilter/nf_conntrack_netlink.c:1449 ctnetlink_parse_nat_setup() error: we previously assumed 'nat_hook' could be null (see line 1438) net/netfilter/nf_conntrack_netlink.c 1437 nat_hook = rcu_dereference(nf_nat_hook); 1438 if (!nat_hook) { 1439 #ifdef CONFIG_MODULES 1440 rcu_read_unlock(); 1441 nfnl_unlock(NFNL_SUBSYS_CTNETLINK); 1442 if (request_module("nf-nat") < 0) { 1443 nfnl_lock(NFNL_SUBSYS_CTNETLINK); 1444 rcu_read_lock(); 1445 return -EOPNOTSUPP; 1446 } 1447 nfnl_lock(NFNL_SUBSYS_CTNETLINK); 1448 rcu_read_lock(); 1449 if (nat_hook->parse_nat_setup) 1450 return -EAGAIN; 1451 #endif regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] netfilter: nf_queue: Replace conntrack entry
Hi Kristian, Thank you for the patch! Perhaps something to improve: [auto build test WARNING on nf-next/master] [also build test WARNING on v4.17-rc3 next-20180504] [if your patch is applied to the wrong git tree, please drop us a note to help improve the system] url: https://github.com/0day-ci/linux/commits/Kristian-Evensen/netfilter-nf_queue-Replace-conntrack-entry/20180504-051218 base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master smatch warnings: net/netfilter/nfnetlink_queue.c:1141 nfqnl_recv_verdict_batch() warn: curly braces intended? # https://github.com/0day-ci/linux/commit/8776e32a6c6e2ba0c6c8ce85e227672b81a1649d git remote add linux-review https://github.com/0day-ci/linux git remote update linux-review git checkout 8776e32a6c6e2ba0c6c8ce85e227672b81a1649d vim +1141 net/netfilter/nfnetlink_queue.c 8776e32a net/netfilter/nfnetlink_queue.c Kristian Evensen 2018-05-03 1093 7b8002a1 net/netfilter/nfnetlink_queue.c Pablo Neira Ayuso 2015-12-15 1094 static int nfqnl_recv_verdict_batch(struct net *net, struct sock *ctnl, 7b8002a1 net/netfilter/nfnetlink_queue.c Pablo Neira Ayuso 2015-12-15 1095struct sk_buff *skb, 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1096const struct nlmsghdr *nlh, 04ba724b net/netfilter/nfnetlink_queue.c Pablo Neira Ayuso 2017-06-19 1097const struct nlattr * const nfqa[], 04ba724b net/netfilter/nfnetlink_queue.c Pablo Neira Ayuso 2017-06-19 1098struct netlink_ext_ack *extack) 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1099 { 3da07c0c net/netfilter/nfnetlink_queue_core.c David S. Miller 2012-06-26 1100struct nfgenmsg *nfmsg = nlmsg_data(nlh); 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1101struct nf_queue_entry *entry, *tmp; 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1102unsigned int verdict, maxid; 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1103struct nfqnl_msg_verdict_hdr *vhdr; 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1104struct nfqnl_instance *queue; 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1105LIST_HEAD(batch_list); 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1106u16 queue_num = ntohs(nfmsg->res_id); e8179610 net/netfilter/nfnetlink_queue_core.c Gao feng 2013-03-24 1107struct nfnl_queue_net *q = nfnl_queue_pernet(net); 8776e32a net/netfilter/nfnetlink_queue.c Kristian Evensen 2018-05-03 1108enum ip_conntrack_info ctinfo; e8179610 net/netfilter/nfnetlink_queue_core.c Gao feng 2013-03-24 1109 e8179610 net/netfilter/nfnetlink_queue_core.c Gao feng 2013-03-24 1110queue = verdict_instance_lookup(q, queue_num, e8179610 net/netfilter/nfnetlink_queue_core.c Gao feng 2013-03-24 NETLINK_CB(skb).portid); 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1112if (IS_ERR(queue)) 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1113return PTR_ERR(queue); 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1114 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1115vhdr = verdicthdr_get(nfqa); 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1116if (!vhdr) 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1117return -EINVAL; 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1118 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1119verdict = ntohl(vhdr->verdict); 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1120maxid = ntohl(vhdr->id); 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1121 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1122spin_lock_bh(>lock); 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1123 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1124list_for_each_entry_safe(entry, tmp, >queue_list, list) { 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1125if (nfq_id_after(entry->id, maxid)) 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1126break; 97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19 1127
Re: [PATCH 03/39] proc: introduce proc_create_seq_private
On Thu, Apr 19, 2018 at 02:41:04PM +0200, Christoph Hellwig wrote: > diff --git a/drivers/s390/cio/blacklist.c b/drivers/s390/cio/blacklist.c > index 2a3f874a21d5..ad35cddcf6af 100644 > --- a/drivers/s390/cio/blacklist.c > +++ b/drivers/s390/cio/blacklist.c > @@ -391,28 +391,15 @@ static const struct seq_operations > cio_ignore_proc_seq_ops = { > .show = cio_ignore_proc_seq_show, > }; > > -static int > -cio_ignore_proc_open(struct inode *inode, struct file *file) > -{ > - return seq_open_private(file, _ignore_proc_seq_ops, > - sizeof(struct ccwdev_iter)); > -} > - > -static const struct file_operations cio_ignore_proc_fops = { > - .open= cio_ignore_proc_open, > - .read= seq_read, > - .llseek = seq_lseek, > - .release = seq_release_private, > - .write = cio_ignore_write, The cio_ignore_write() function isn't used any more so compilers will complain. > -}; > - > static int > cio_ignore_proc_init (void) > { > struct proc_dir_entry *entry; > > - entry = proc_create("cio_ignore", S_IFREG | S_IRUGO | S_IWUSR, NULL, > - _ignore_proc_fops); > + entry = proc_create_seq_private("cio_ignore", > + S_IFREG | S_IRUGO | S_IWUSR, NULL, > + _ignore_proc_seq_ops, sizeof(struct ccwdev_iter), > + NULL); > if (!entry) > return -ENOENT; > return 0; regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] netfilter: nf_tables: copy and paste bug in nf_tables_getflowtable()
We should be testing "flowtable" instead of "table". Fixes: 3b49e2e94e6e ("netfilter: nf_tables: add flow table netlink frontend") Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com> --- The bug hasn't hit net-next yet, it's still in the netfilter tree. diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 336b81689ac9..40594bb57012 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -5420,7 +5420,7 @@ static int nf_tables_getflowtable(struct net *net, struct sock *nlsk, flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME], genmask); - if (IS_ERR(table)) + if (IS_ERR(flowtable)) return PTR_ERR(flowtable); skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL); -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] netfilter: fix netfilter_net_init() return
We accidentally return an uninitialized variable. Fixes: cf56c2f892a8 ("netfilter: remove old pre-netns era hook api") Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com> diff --git a/net/netfilter/core.c b/net/netfilter/core.c index 368610dbc3c0..974cf2a3795a 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c @@ -344,7 +344,7 @@ EXPORT_SYMBOL(nf_nat_decode_session_hook); static int __net_init netfilter_net_init(struct net *net) { - int i, h, ret; + int i, h; for (i = 0; i < ARRAY_SIZE(net->nf.hooks); i++) { for (h = 0; h < NF_MAX_HOOKS; h++) @@ -362,7 +362,7 @@ static int __net_init netfilter_net_init(struct net *net) } #endif - return ret; + return 0; } static void __net_exit netfilter_net_exit(struct net *net) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] netfilter: x_tables: unlock on error in xt_find_table_lock()
According to my static checker we should unlock here before the return. That seems reasonable to me as well. Fixes" b9e69e127397 ("netfilter: xtables: don't hook tables by default") Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com> diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index e58ecff638b3..8876b7da6884 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c @@ -1041,8 +1041,10 @@ struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af, list_for_each_entry(t, _net.xt.tables[af], list) { if (strcmp(t->name, name)) continue; - if (!try_module_get(t->me)) + if (!try_module_get(t->me)) { + mutex_unlock([af].mutex); return NULL; + } mutex_unlock([af].mutex); if (t->table_init(net) != 0) { -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[bug report] netfilter: nft_ct: add zone id set support
Hello Florian Westphal, The patch edee4f1e9245: "netfilter: nft_ct: add zone id set support" from Feb 3, 2017, leads to the following static checker warning: net/netfilter/nft_ct.c:549 nft_ct_set_init() error: uninitialized symbol 'len'. net/netfilter/nft_ct.c 498 static int nft_ct_set_init(const struct nft_ctx *ctx, 499 const struct nft_expr *expr, 500 const struct nlattr * const tb[]) 501 { 502 struct nft_ct *priv = nft_expr_priv(expr); 503 unsigned int len; 504 int err; 505 506 priv->dir = IP_CT_DIR_MAX; 507 priv->key = ntohl(nla_get_be32(tb[NFTA_CT_KEY])); 508 switch (priv->key) { 509 #ifdef CONFIG_NF_CONNTRACK_MARK 510 case NFT_CT_MARK: 511 if (tb[NFTA_CT_DIRECTION]) 512 return -EINVAL; 513 len = FIELD_SIZEOF(struct nf_conn, mark); 514 break; 515 #endif 516 #ifdef CONFIG_NF_CONNTRACK_LABELS 517 case NFT_CT_LABELS: 518 if (tb[NFTA_CT_DIRECTION]) 519 return -EINVAL; 520 len = NF_CT_LABELS_MAX_SIZE; 521 err = nf_connlabels_get(ctx->net, (len * BITS_PER_BYTE) - 1); 522 if (err) 523 return err; 524 break; 525 #endif 526 #ifdef CONFIG_NF_CONNTRACK_ZONES 527 case NFT_CT_ZONE: "len" not set for this case statement. 528 if (!nft_ct_tmpl_alloc_pcpu()) 529 return -ENOMEM; 530 nft_ct_pcpu_template_refcnt++; 531 break; 532 #endif 533 default: 534 return -EOPNOTSUPP; 535 } 536 537 if (tb[NFTA_CT_DIRECTION]) { 538 priv->dir = nla_get_u8(tb[NFTA_CT_DIRECTION]); 539 switch (priv->dir) { 540 case IP_CT_DIR_ORIGINAL: 541 case IP_CT_DIR_REPLY: 542 break; 543 default: 544 return -EINVAL; 545 } 546 } 547 548 priv->sreg = nft_parse_register(tb[NFTA_CT_SREG]); 549 err = nft_validate_register_load(priv->sreg, len); ^^^ Which seems probably bad. 550 if (err < 0) 551 goto err1; 552 553 err = nft_ct_netns_get(ctx->net, ctx->afi->family); 554 if (err < 0) 555 goto err1; regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[bug report] netfilter: convert while loops to for loops
Hello Aaron Conole, This is a semi-automatic email about new static checker warnings. The patch 66cfc1dd07c7: "netfilter: convert while loops to for loops" from Nov 15, 2016, leads to the following Smatch complaint: net/bridge/br_netfilter_hooks.c:1016 br_nf_hook_thresh() warn: variable dereferenced before check 'elem' (see line 1012) net/bridge/br_netfilter_hooks.c 1011 for (elem = rcu_dereference(net->nf.hooks[NFPROTO_BRIDGE][hook]); 1012 nf_hook_entry_priority(elem) <= NF_BR_PRI_BRNF; Dereference inside function. 1013 elem = rcu_dereference(elem->next)) 1014 ; 1015 1016 if (!elem) This can't be reached without already dereferencing "elem". 1017 return okfn(net, sk, skb); 1018 regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [bug report] netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields
On Tue, Dec 06, 2016 at 01:16:08PM +0100, Pablo Neira Ayuso wrote: > On Tue, Dec 06, 2016 at 02:57:34PM +0300, Dan Carpenter wrote: > > Hello Pablo Neira Ayuso, > > > > The patch 556c291b3a1b: "netfilter: nft_payload: layer 4 checksum > > adjustment for pseudoheader fields" from Nov 24, 2016, leads to the > > following static checker warning: > > > > net/netfilter/nft_payload.c:301 nft_payload_set_eval() > > error: uninitialized symbol 'fsum'. > > This should restrict this case you're reporting here: > > http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=a3c91a548b9b9f05f81e7bfe7fec3544a376269a > > Otherwise let me know, thanks. That works... Seems like it would have been easier to just move it under the if statement though... regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[bug report] netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields
Hello Pablo Neira Ayuso, The patch 556c291b3a1b: "netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields" from Nov 24, 2016, leads to the following static checker warning: net/netfilter/nft_payload.c:301 nft_payload_set_eval() error: uninitialized symbol 'fsum'. net/netfilter/nft_payload.c 253 static void nft_payload_set_eval(const struct nft_expr *expr, 254 struct nft_regs *regs, 255 const struct nft_pktinfo *pkt) 256 { 257 const struct nft_payload_set *priv = nft_expr_priv(expr); 258 struct sk_buff *skb = pkt->skb; 259 const u32 *src = >data[priv->sreg]; 260 int offset, csum_offset; 261 __wsum fsum, tsum; 262 __sum16 sum; 263 264 switch (priv->base) { 265 case NFT_PAYLOAD_LL_HEADER: 266 if (!skb_mac_header_was_set(skb)) 267 goto err; 268 offset = skb_mac_header(skb) - skb->data; 269 break; 270 case NFT_PAYLOAD_NETWORK_HEADER: 271 offset = skb_network_offset(skb); 272 break; 273 case NFT_PAYLOAD_TRANSPORT_HEADER: 274 if (!pkt->tprot_set) 275 goto err; 276 offset = pkt->xt.thoff; 277 break; 278 default: 279 BUG(); 280 } 281 282 csum_offset = offset + priv->csum_offset; 283 offset += priv->offset; 284 285 if (priv->csum_type == NFT_PAYLOAD_CSUM_INET && 286 (priv->base != NFT_PAYLOAD_TRANSPORT_HEADER || 287 skb->ip_summed != CHECKSUM_PARTIAL)) { 288 if (skb_copy_bits(skb, csum_offset, , sizeof(sum)) < 0) 289 goto err; 290 291 fsum = skb_checksum(skb, offset, priv->len, 0); fsum is only set inside this if statement. 292 tsum = csum_partial(src, priv->len, 0); 293 nft_csum_replace(, fsum, tsum); 294 295 if (!skb_make_writable(skb, csum_offset + sizeof(sum)) || 296 skb_store_bits(skb, csum_offset, , sizeof(sum)) < 0) 297 goto err; 298 } 299 300 if (priv->csum_flags && 301 nft_payload_l4csum_update(pkt, skb, fsum, tsum) < 0) but we use it here. I don't know for sure this is a bug... 302 goto err; 303 304 if (!skb_make_writable(skb, max(offset + priv->len, 0)) || 305 skb_store_bits(skb, offset, src, priv->len) < 0) 306 goto err; 307 308 return; 309 err: 310 regs->verdict.code = NFT_BREAK; 311 } regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch v2] netfilter: nf_tables: underflow in nft_parse_u32_check()
We don't want to allow negatives here. Fixes: 36b701fae12a ('netfilter: nf_tables: validate maximum value of u32 netlink attributes') Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com> --- v2: cosmetic change diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index b70d3ea..dd55187 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -4423,7 +4423,7 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx, */ unsigned int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest) { - int val; + u32 val; val = ntohl(nla_get_be32(attr)); if (val > max) -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch] netfilter: nf_tables: underflow in nft_parse_u32_check()
We don't want to allow negatives here. Fixes: 36b701fae12a ('netfilter: nf_tables: validate maximum value of u32 netlink attributes') Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index b70d3ea..dd55187 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -4423,7 +4423,7 @@ static int nf_tables_check_loops(const struct nft_ctx *ctx, */ unsigned int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest) { - int val; + uint val; val = ntohl(nla_get_be32(attr)); if (val > max) -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch] netfilter: nft_exthdr: fix error handling in nft_exthdr_init()
"err" needs to be signed for the error handling to work. Fixes: 36b701fae12a ('netfilter: nf_tables: validate maximum value of u32 netlink attributes') Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com> diff --git a/net/netfilter/nft_exthdr.c b/net/netfilter/nft_exthdr.c index a84cf3d..47beb3a 100644 --- a/net/netfilter/nft_exthdr.c +++ b/net/netfilter/nft_exthdr.c @@ -59,7 +59,8 @@ static int nft_exthdr_init(const struct nft_ctx *ctx, const struct nlattr * const tb[]) { struct nft_exthdr *priv = nft_expr_priv(expr); - u32 offset, len, err; + u32 offset, len; + int err; if (tb[NFTA_EXTHDR_DREG] == NULL || tb[NFTA_EXTHDR_TYPE] == NULL || -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html