[bug report] net: ipv4: listified version of ip_rcv
Hello Edward Cree,
The patch 7da517a3bc52: "net: core: Another step of skb receive list
processing" from Jul 2, 2018, leads to the following static checker
warning:
net/core/dev.c:5001 netif_receive_skb_list_internal()
warn: 'skb' was already freed.
The patch 17266ee93984: "net: ipv4: listified version of ip_rcv" from
Jul 2, 2018, leads to the following static checker warning:
./include/linux/netfilter.h:301 NF_HOOK_LIST()
warn: 'skb' was already freed.
net/core/dev.c
4982 static void netif_receive_skb_list_internal(struct list_head *head)
4983 {
4984 struct bpf_prog *xdp_prog = NULL;
4985 struct sk_buff *skb, *next;
4986
4987 list_for_each_entry_safe(skb, next, head, list) {
4988 net_timestamp_check(netdev_tstamp_prequeue, skb);
4989 if (skb_defer_rx_timestamp(skb))
4990 /* Handled, remove from list */
4991 list_del(>list);
4992 }
4993
4994 if (static_branch_unlikely(_xdp_needed_key)) {
4995 preempt_disable();
4996 rcu_read_lock();
4997 list_for_each_entry_safe(skb, next, head, list) {
4998 xdp_prog = rcu_dereference(skb->dev->xdp_prog);
4999 if (do_xdp_generic(xdp_prog, skb) != XDP_PASS)
5000 /* Dropped, remove from list */
5001 list_del(>list);
do_xdp_generic() frees skb.
5002 }
5003 rcu_read_unlock();
5004 preempt_enable();
5005 }
./include/linux/netfilter.h
291 static inline void
292 NF_HOOK_LIST(uint8_t pf, unsigned int hook, struct net *net, struct
sock *sk,
293 struct list_head *head, struct net_device *in, struct
net_device *out,
294 int (*okfn)(struct net *, struct sock *, struct sk_buff *))
295 {
296 struct sk_buff *skb, *next;
297
298 list_for_each_entry_safe(skb, next, head, list) {
299 int ret = nf_hook(pf, hook, net, sk, skb, in, out,
okfn);
300 if (ret != 1)
301 list_del(>list);
For this one Smatch thinks that nf_hook() sometimes frees skb, but the
code is less clear to me than for the previous warning so I don't know.
302 }
303 }
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH nf-next v4] net: netfilter: nf_tables_api: Use id allocation.
Hi Varsha,
Thank you for the patch! Perhaps something to improve:
url:
https://github.com/0day-ci/linux/commits/Varsha-Rao/net-netfilter-nf_tables_api-Use-id-allocation/20180614-004233
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
New smatch warnings:
net/netfilter/nf_tables_api.c:2962 nf_tables_set_alloc_name() error:
uninitialized symbol 'id'.
Old smatch warnings:
net/netfilter/nf_tables_api.c:4314 nft_add_set_elem() error: uninitialized
symbol 'ext2'.
#
https://github.com/0day-ci/linux/commit/c19707b85d3d68e8c0fc2a91b2b401832676f224
git remote add linux-review https://github.com/0day-ci/linux
git remote update linux-review
git checkout c19707b85d3d68e8c0fc2a91b2b401832676f224
vim +/id +2962 net/netfilter/nf_tables_api.c
c19707b8 Varsha Rao2018-06-13 2923
20a69341 Patrick McHardy 2013-10-11 2924 static int
nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set,
20a69341 Patrick McHardy 2013-10-11 2925
const char *name)
20a69341 Patrick McHardy 2013-10-11 2926 {
20a69341 Patrick McHardy 2013-10-11 2927 const struct nft_set *i;
20a69341 Patrick McHardy 2013-10-11 2928 const char *p;
c19707b8 Varsha Rao2018-06-13 2929 int n = 0, id;
c19707b8 Varsha Rao2018-06-13 2930 DEFINE_IDA(inuse);
20a69341 Patrick McHardy 2013-10-11 2931
38745490 Phil Sutter 2017-07-27 2932 p = strchr(name, '%');
20a69341 Patrick McHardy 2013-10-11 2933 if (p != NULL) {
20a69341 Patrick McHardy 2013-10-11 2934 if (p[1] != 'd' ||
strchr(p + 2, '%'))
96518518 Patrick McHardy 2013-10-14 2935 return -EINVAL;
20a69341 Patrick McHardy 2013-10-11 2936
20a69341 Patrick McHardy 2013-10-11 2937 list_for_each_entry(i,
>table->sets, list) {
14662917 Daniel Borkmann 2013-12-31 2938 int tmp;
14662917 Daniel Borkmann 2013-12-31 2939
37a9cc52 Pablo Neira Ayuso 2016-06-12 2940 if
(!nft_is_active_next(ctx->net, set))
37a9cc52 Pablo Neira Ayuso 2016-06-12 2941 continue;
14662917 Daniel Borkmann 2013-12-31 2942 if (!sscanf(i->name,
name, ))
20a69341 Patrick McHardy 2013-10-11 2943 continue;
c19707b8 Varsha Rao2018-06-13 2944 if (tmp < 0 || tmp >=
NFT_SET_IDA_SIZE)
20a69341 Patrick McHardy 2013-10-11 2945 continue;
14662917 Daniel Borkmann 2013-12-31 2946
c19707b8 Varsha Rao2018-06-13 2947 n =
ida_get_new_above(, tmp, );
c19707b8 Varsha Rao2018-06-13 2948 if ((n < 0) && (n !=
-EAGAIN))
c19707b8 Varsha Rao2018-06-13 2949 return n;
20a69341 Patrick McHardy 2013-10-11 2950 }
c19707b8 Varsha Rao2018-06-13 2951 n = ida_get_new_above(,
0, );
Smatch is complaining that if n == -EAGAIN then id isn't initialized
which seems legit.
20a69341 Patrick McHardy 2013-10-11 2952
c19707b8 Varsha Rao2018-06-13 2953 if ((n < 0) && (n != -EAGAIN))
{
c19707b8 Varsha Rao2018-06-13 2954 if (n == -ENOSPC)
c19707b8 Varsha Rao2018-06-13 2955
ida_destroy();
c19707b8 Varsha Rao2018-06-13 2956 return n;
60eb1894 Patrick McHardy 2014-03-07 2957 }
c19707b8 Varsha Rao2018-06-13 2958
c19707b8 Varsha Rao2018-06-13 2959 ida_destroy();
20a69341 Patrick McHardy 2013-10-11 2960 }
20a69341 Patrick McHardy 2013-10-11 2961
c19707b8 Varsha Rao2018-06-13 @2962 set->name =
kasprintf(GFP_KERNEL, name, id);
38745490 Phil Sutter 2017-07-27 2963 if (!set->name)
38745490 Phil Sutter 2017-07-27 2964 return -ENOMEM;
38745490 Phil Sutter 2017-07-27 2965
20a69341 Patrick McHardy 2013-10-11 2966 list_for_each_entry(i,
>table->sets, list) {
37a9cc52 Pablo Neira Ayuso 2016-06-12 2967 if
(!nft_is_active_next(ctx->net, i))
37a9cc52 Pablo Neira Ayuso 2016-06-12 2968 continue;
e636 Arvind Yadav 2017-09-20 2969 if (!strcmp(set->name,
i->name)) {
e636 Arvind Yadav 2017-09-20 2970
kfree(set->name);
20a69341 Patrick McHardy 2013-10-11 2971 return -ENFILE;
20a69341 Patrick McHardy 2013-10-11 2972 }
e636 Arvind Yadav 2017-09-20 2973 }
96518518 Patrick McHardy 2013-10-14 2974 return 0;
96518518 Patrick McHardy 2013-10-14 2975 }
20a69341 Patrick McHardy 2013-10-11 2976
---
0-DAY kernel test infrastructureOpen Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at
[bug report] netfilter: add struct nf_nat_hook and use it
Hello Pablo Neira Ayuso,
This is a semi-automatic email about new static checker warnings.
The patch 2c205dd3981f: "netfilter: add struct nf_nat_hook and use
it" from May 23, 2018, leads to the following Smatch complaint:
net/netfilter/nf_conntrack_netlink.c:1449 ctnetlink_parse_nat_setup()
error: we previously assumed 'nat_hook' could be null (see line 1438)
net/netfilter/nf_conntrack_netlink.c
1437 nat_hook = rcu_dereference(nf_nat_hook);
1438 if (!nat_hook) {
1439 #ifdef CONFIG_MODULES
1440 rcu_read_unlock();
1441 nfnl_unlock(NFNL_SUBSYS_CTNETLINK);
1442 if (request_module("nf-nat") < 0) {
1443 nfnl_lock(NFNL_SUBSYS_CTNETLINK);
1444 rcu_read_lock();
1445 return -EOPNOTSUPP;
1446 }
1447 nfnl_lock(NFNL_SUBSYS_CTNETLINK);
1448 rcu_read_lock();
1449 if (nat_hook->parse_nat_setup)
1450 return -EAGAIN;
1451 #endif
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] netfilter: nf_queue: Replace conntrack entry
Hi Kristian,
Thank you for the patch! Perhaps something to improve:
[auto build test WARNING on nf-next/master]
[also build test WARNING on v4.17-rc3 next-20180504]
[if your patch is applied to the wrong git tree, please drop us a note to help
improve the system]
url:
https://github.com/0day-ci/linux/commits/Kristian-Evensen/netfilter-nf_queue-Replace-conntrack-entry/20180504-051218
base: https://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next.git master
smatch warnings:
net/netfilter/nfnetlink_queue.c:1141 nfqnl_recv_verdict_batch() warn: curly
braces intended?
#
https://github.com/0day-ci/linux/commit/8776e32a6c6e2ba0c6c8ce85e227672b81a1649d
git remote add linux-review https://github.com/0day-ci/linux
git remote update linux-review
git checkout 8776e32a6c6e2ba0c6c8ce85e227672b81a1649d
vim +1141 net/netfilter/nfnetlink_queue.c
8776e32a net/netfilter/nfnetlink_queue.c Kristian Evensen 2018-05-03
1093
7b8002a1 net/netfilter/nfnetlink_queue.c Pablo Neira Ayuso 2015-12-15
1094 static int nfqnl_recv_verdict_batch(struct net *net, struct sock *ctnl,
7b8002a1 net/netfilter/nfnetlink_queue.c Pablo Neira Ayuso 2015-12-15
1095struct sk_buff *skb,
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1096const struct nlmsghdr *nlh,
04ba724b net/netfilter/nfnetlink_queue.c Pablo Neira Ayuso 2017-06-19
1097const struct nlattr * const nfqa[],
04ba724b net/netfilter/nfnetlink_queue.c Pablo Neira Ayuso 2017-06-19
1098struct netlink_ext_ack *extack)
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1099 {
3da07c0c net/netfilter/nfnetlink_queue_core.c David S. Miller 2012-06-26
1100struct nfgenmsg *nfmsg = nlmsg_data(nlh);
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1101struct nf_queue_entry *entry, *tmp;
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1102unsigned int verdict, maxid;
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1103struct nfqnl_msg_verdict_hdr *vhdr;
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1104struct nfqnl_instance *queue;
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1105LIST_HEAD(batch_list);
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1106u16 queue_num = ntohs(nfmsg->res_id);
e8179610 net/netfilter/nfnetlink_queue_core.c Gao feng 2013-03-24
1107struct nfnl_queue_net *q = nfnl_queue_pernet(net);
8776e32a net/netfilter/nfnetlink_queue.c Kristian Evensen 2018-05-03
1108enum ip_conntrack_info ctinfo;
e8179610 net/netfilter/nfnetlink_queue_core.c Gao feng 2013-03-24
1109
e8179610 net/netfilter/nfnetlink_queue_core.c Gao feng 2013-03-24
1110queue = verdict_instance_lookup(q, queue_num,
e8179610 net/netfilter/nfnetlink_queue_core.c Gao feng 2013-03-24
NETLINK_CB(skb).portid);
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1112if (IS_ERR(queue))
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1113return PTR_ERR(queue);
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1114
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1115vhdr = verdicthdr_get(nfqa);
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1116if (!vhdr)
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1117return -EINVAL;
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1118
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1119verdict = ntohl(vhdr->verdict);
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1120maxid = ntohl(vhdr->id);
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1121
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1122spin_lock_bh(>lock);
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1123
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1124list_for_each_entry_safe(entry, tmp, >queue_list, list) {
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1125if (nfq_id_after(entry->id, maxid))
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1126break;
97d32cf9 net/netfilter/nfnetlink_queue.c Florian Westphal 2011-07-19
1127
Re: [PATCH 03/39] proc: introduce proc_create_seq_private
On Thu, Apr 19, 2018 at 02:41:04PM +0200, Christoph Hellwig wrote:
> diff --git a/drivers/s390/cio/blacklist.c b/drivers/s390/cio/blacklist.c
> index 2a3f874a21d5..ad35cddcf6af 100644
> --- a/drivers/s390/cio/blacklist.c
> +++ b/drivers/s390/cio/blacklist.c
> @@ -391,28 +391,15 @@ static const struct seq_operations
> cio_ignore_proc_seq_ops = {
> .show = cio_ignore_proc_seq_show,
> };
>
> -static int
> -cio_ignore_proc_open(struct inode *inode, struct file *file)
> -{
> - return seq_open_private(file, _ignore_proc_seq_ops,
> - sizeof(struct ccwdev_iter));
> -}
> -
> -static const struct file_operations cio_ignore_proc_fops = {
> - .open= cio_ignore_proc_open,
> - .read= seq_read,
> - .llseek = seq_lseek,
> - .release = seq_release_private,
> - .write = cio_ignore_write,
The cio_ignore_write() function isn't used any more so compilers will
complain.
> -};
> -
> static int
> cio_ignore_proc_init (void)
> {
> struct proc_dir_entry *entry;
>
> - entry = proc_create("cio_ignore", S_IFREG | S_IRUGO | S_IWUSR, NULL,
> - _ignore_proc_fops);
> + entry = proc_create_seq_private("cio_ignore",
> + S_IFREG | S_IRUGO | S_IWUSR, NULL,
> + _ignore_proc_seq_ops, sizeof(struct ccwdev_iter),
> + NULL);
> if (!entry)
> return -ENOENT;
> return 0;
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] netfilter: nf_tables: copy and paste bug in nf_tables_getflowtable()
We should be testing "flowtable" instead of "table".
Fixes: 3b49e2e94e6e ("netfilter: nf_tables: add flow table netlink frontend")
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
---
The bug hasn't hit net-next yet, it's still in the netfilter tree.
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 336b81689ac9..40594bb57012 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5420,7 +5420,7 @@ static int nf_tables_getflowtable(struct net *net, struct
sock *nlsk,
flowtable = nf_tables_flowtable_lookup(table, nla[NFTA_FLOWTABLE_NAME],
genmask);
- if (IS_ERR(table))
+ if (IS_ERR(flowtable))
return PTR_ERR(flowtable);
skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] netfilter: fix netfilter_net_init() return
We accidentally return an uninitialized variable.
Fixes: cf56c2f892a8 ("netfilter: remove old pre-netns era hook api")
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 368610dbc3c0..974cf2a3795a 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -344,7 +344,7 @@ EXPORT_SYMBOL(nf_nat_decode_session_hook);
static int __net_init netfilter_net_init(struct net *net)
{
- int i, h, ret;
+ int i, h;
for (i = 0; i < ARRAY_SIZE(net->nf.hooks); i++) {
for (h = 0; h < NF_MAX_HOOKS; h++)
@@ -362,7 +362,7 @@ static int __net_init netfilter_net_init(struct net *net)
}
#endif
- return ret;
+ return 0;
}
static void __net_exit netfilter_net_exit(struct net *net)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] netfilter: x_tables: unlock on error in xt_find_table_lock()
According to my static checker we should unlock here before the return.
That seems reasonable to me as well.
Fixes" b9e69e127397 ("netfilter: xtables: don't hook tables by default")
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index e58ecff638b3..8876b7da6884 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -1041,8 +1041,10 @@ struct xt_table *xt_find_table_lock(struct net *net,
u_int8_t af,
list_for_each_entry(t, _net.xt.tables[af], list) {
if (strcmp(t->name, name))
continue;
- if (!try_module_get(t->me))
+ if (!try_module_get(t->me)) {
+ mutex_unlock([af].mutex);
return NULL;
+ }
mutex_unlock([af].mutex);
if (t->table_init(net) != 0) {
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[bug report] netfilter: nft_ct: add zone id set support
Hello Florian Westphal,
The patch edee4f1e9245: "netfilter: nft_ct: add zone id set support"
from Feb 3, 2017, leads to the following static checker warning:
net/netfilter/nft_ct.c:549 nft_ct_set_init()
error: uninitialized symbol 'len'.
net/netfilter/nft_ct.c
498 static int nft_ct_set_init(const struct nft_ctx *ctx,
499 const struct nft_expr *expr,
500 const struct nlattr * const tb[])
501 {
502 struct nft_ct *priv = nft_expr_priv(expr);
503 unsigned int len;
504 int err;
505
506 priv->dir = IP_CT_DIR_MAX;
507 priv->key = ntohl(nla_get_be32(tb[NFTA_CT_KEY]));
508 switch (priv->key) {
509 #ifdef CONFIG_NF_CONNTRACK_MARK
510 case NFT_CT_MARK:
511 if (tb[NFTA_CT_DIRECTION])
512 return -EINVAL;
513 len = FIELD_SIZEOF(struct nf_conn, mark);
514 break;
515 #endif
516 #ifdef CONFIG_NF_CONNTRACK_LABELS
517 case NFT_CT_LABELS:
518 if (tb[NFTA_CT_DIRECTION])
519 return -EINVAL;
520 len = NF_CT_LABELS_MAX_SIZE;
521 err = nf_connlabels_get(ctx->net, (len * BITS_PER_BYTE)
- 1);
522 if (err)
523 return err;
524 break;
525 #endif
526 #ifdef CONFIG_NF_CONNTRACK_ZONES
527 case NFT_CT_ZONE:
"len" not set for this case statement.
528 if (!nft_ct_tmpl_alloc_pcpu())
529 return -ENOMEM;
530 nft_ct_pcpu_template_refcnt++;
531 break;
532 #endif
533 default:
534 return -EOPNOTSUPP;
535 }
536
537 if (tb[NFTA_CT_DIRECTION]) {
538 priv->dir = nla_get_u8(tb[NFTA_CT_DIRECTION]);
539 switch (priv->dir) {
540 case IP_CT_DIR_ORIGINAL:
541 case IP_CT_DIR_REPLY:
542 break;
543 default:
544 return -EINVAL;
545 }
546 }
547
548 priv->sreg = nft_parse_register(tb[NFTA_CT_SREG]);
549 err = nft_validate_register_load(priv->sreg, len);
^^^
Which seems probably bad.
550 if (err < 0)
551 goto err1;
552
553 err = nft_ct_netns_get(ctx->net, ctx->afi->family);
554 if (err < 0)
555 goto err1;
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[bug report] netfilter: convert while loops to for loops
Hello Aaron Conole, This is a semi-automatic email about new static checker warnings. The patch 66cfc1dd07c7: "netfilter: convert while loops to for loops" from Nov 15, 2016, leads to the following Smatch complaint: net/bridge/br_netfilter_hooks.c:1016 br_nf_hook_thresh() warn: variable dereferenced before check 'elem' (see line 1012) net/bridge/br_netfilter_hooks.c 1011 for (elem = rcu_dereference(net->nf.hooks[NFPROTO_BRIDGE][hook]); 1012 nf_hook_entry_priority(elem) <= NF_BR_PRI_BRNF; Dereference inside function. 1013 elem = rcu_dereference(elem->next)) 1014 ; 1015 1016 if (!elem) This can't be reached without already dereferencing "elem". 1017 return okfn(net, sk, skb); 1018 regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [bug report] netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields
On Tue, Dec 06, 2016 at 01:16:08PM +0100, Pablo Neira Ayuso wrote: > On Tue, Dec 06, 2016 at 02:57:34PM +0300, Dan Carpenter wrote: > > Hello Pablo Neira Ayuso, > > > > The patch 556c291b3a1b: "netfilter: nft_payload: layer 4 checksum > > adjustment for pseudoheader fields" from Nov 24, 2016, leads to the > > following static checker warning: > > > > net/netfilter/nft_payload.c:301 nft_payload_set_eval() > > error: uninitialized symbol 'fsum'. > > This should restrict this case you're reporting here: > > http://git.kernel.org/cgit/linux/kernel/git/pablo/nf-next.git/commit/?id=a3c91a548b9b9f05f81e7bfe7fec3544a376269a > > Otherwise let me know, thanks. That works... Seems like it would have been easier to just move it under the if statement though... regards, dan carpenter -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[bug report] netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields
Hello Pablo Neira Ayuso,
The patch 556c291b3a1b: "netfilter: nft_payload: layer 4 checksum
adjustment for pseudoheader fields" from Nov 24, 2016, leads to the
following static checker warning:
net/netfilter/nft_payload.c:301 nft_payload_set_eval()
error: uninitialized symbol 'fsum'.
net/netfilter/nft_payload.c
253 static void nft_payload_set_eval(const struct nft_expr *expr,
254 struct nft_regs *regs,
255 const struct nft_pktinfo *pkt)
256 {
257 const struct nft_payload_set *priv = nft_expr_priv(expr);
258 struct sk_buff *skb = pkt->skb;
259 const u32 *src = >data[priv->sreg];
260 int offset, csum_offset;
261 __wsum fsum, tsum;
262 __sum16 sum;
263
264 switch (priv->base) {
265 case NFT_PAYLOAD_LL_HEADER:
266 if (!skb_mac_header_was_set(skb))
267 goto err;
268 offset = skb_mac_header(skb) - skb->data;
269 break;
270 case NFT_PAYLOAD_NETWORK_HEADER:
271 offset = skb_network_offset(skb);
272 break;
273 case NFT_PAYLOAD_TRANSPORT_HEADER:
274 if (!pkt->tprot_set)
275 goto err;
276 offset = pkt->xt.thoff;
277 break;
278 default:
279 BUG();
280 }
281
282 csum_offset = offset + priv->csum_offset;
283 offset += priv->offset;
284
285 if (priv->csum_type == NFT_PAYLOAD_CSUM_INET &&
286 (priv->base != NFT_PAYLOAD_TRANSPORT_HEADER ||
287 skb->ip_summed != CHECKSUM_PARTIAL)) {
288 if (skb_copy_bits(skb, csum_offset, , sizeof(sum))
< 0)
289 goto err;
290
291 fsum = skb_checksum(skb, offset, priv->len, 0);
fsum is only set inside this if statement.
292 tsum = csum_partial(src, priv->len, 0);
293 nft_csum_replace(, fsum, tsum);
294
295 if (!skb_make_writable(skb, csum_offset + sizeof(sum))
||
296 skb_store_bits(skb, csum_offset, , sizeof(sum))
< 0)
297 goto err;
298 }
299
300 if (priv->csum_flags &&
301 nft_payload_l4csum_update(pkt, skb, fsum, tsum) < 0)
but we use it here. I don't know for sure this is a bug...
302 goto err;
303
304 if (!skb_make_writable(skb, max(offset + priv->len, 0)) ||
305 skb_store_bits(skb, offset, src, priv->len) < 0)
306 goto err;
307
308 return;
309 err:
310 regs->verdict.code = NFT_BREAK;
311 }
regards,
dan carpenter
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch v2] netfilter: nf_tables: underflow in nft_parse_u32_check()
We don't want to allow negatives here.
Fixes: 36b701fae12a ('netfilter: nf_tables: validate maximum value of u32
netlink attributes')
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
---
v2: cosmetic change
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index b70d3ea..dd55187 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4423,7 +4423,7 @@ static int nf_tables_check_loops(const struct nft_ctx
*ctx,
*/
unsigned int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest)
{
- int val;
+ u32 val;
val = ntohl(nla_get_be32(attr));
if (val > max)
--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch] netfilter: nf_tables: underflow in nft_parse_u32_check()
We don't want to allow negatives here.
Fixes: 36b701fae12a ('netfilter: nf_tables: validate maximum value of u32
netlink attributes')
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index b70d3ea..dd55187 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4423,7 +4423,7 @@ static int nf_tables_check_loops(const struct nft_ctx
*ctx,
*/
unsigned int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest)
{
- int val;
+ uint val;
val = ntohl(nla_get_be32(attr));
if (val > max)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
[patch] netfilter: nft_exthdr: fix error handling in nft_exthdr_init()
"err" needs to be signed for the error handling to work.
Fixes: 36b701fae12a ('netfilter: nf_tables: validate maximum value of u32
netlink attributes')
Signed-off-by: Dan Carpenter <dan.carpen...@oracle.com>
diff --git a/net/netfilter/nft_exthdr.c b/net/netfilter/nft_exthdr.c
index a84cf3d..47beb3a 100644
--- a/net/netfilter/nft_exthdr.c
+++ b/net/netfilter/nft_exthdr.c
@@ -59,7 +59,8 @@ static int nft_exthdr_init(const struct nft_ctx *ctx,
const struct nlattr * const tb[])
{
struct nft_exthdr *priv = nft_expr_priv(expr);
- u32 offset, len, err;
+ u32 offset, len;
+ int err;
if (tb[NFTA_EXTHDR_DREG] == NULL ||
tb[NFTA_EXTHDR_TYPE] == NULL ||
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
