You've already forked linux-rockchip
mirror of
https://github.com/armbian/linux-rockchip.git
synced 2026-01-06 11:08:10 -08:00
netfilter: nf_tables: report use refcount overflow
commit 1689f25924ada8fe14a4a82c38925d04994c7142 upstream.
Overflow use refcount checks are not complete.
Add helper function to deal with object reference counter tracking.
Report -EMFILE in case UINT_MAX is reached.
nft_use_dec() splats in case that reference counter underflows,
which should not ever happen.
Add nft_use_inc_restore() and nft_use_dec_restore() which are used
to restore reference counter from error and abort paths.
Use u32 in nft_flowtable and nft_object since helper functions cannot
work on bitfields.
Remove the few early incomplete checks now that the helper functions
are in place and used to check for refcount overflow.
Fixes: 96518518cc ("netfilter: add nftables")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Pablo Neira Ayuso
committed by
Greg Kroah-Hartman
Greg Kroah-Hartman
parent
93b3195d37
commit
039ce5eb6b
@@ -1073,6 +1073,29 @@ int __nft_release_basechain(struct nft_ctx *ctx);
|
||||
|
||||
unsigned int nft_do_chain(struct nft_pktinfo *pkt, void *priv);
|
||||
|
||||
static inline bool nft_use_inc(u32 *use)
|
||||
{
|
||||
if (*use == UINT_MAX)
|
||||
return false;
|
||||
|
||||
(*use)++;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
static inline void nft_use_dec(u32 *use)
|
||||
{
|
||||
WARN_ON_ONCE((*use)-- == 0);
|
||||
}
|
||||
|
||||
/* For error and abort path: restore use counter to previous state. */
|
||||
static inline void nft_use_inc_restore(u32 *use)
|
||||
{
|
||||
WARN_ON_ONCE(!nft_use_inc(use));
|
||||
}
|
||||
|
||||
#define nft_use_dec_restore nft_use_dec
|
||||
|
||||
/**
|
||||
* struct nft_table - nf_tables table
|
||||
*
|
||||
@@ -1150,8 +1173,8 @@ struct nft_object {
|
||||
struct list_head list;
|
||||
struct rhlist_head rhlhead;
|
||||
struct nft_object_hash_key key;
|
||||
u32 genmask:2,
|
||||
use:30;
|
||||
u32 genmask:2;
|
||||
u32 use;
|
||||
u64 handle;
|
||||
u16 udlen;
|
||||
u8 *udata;
|
||||
@@ -1253,8 +1276,8 @@ struct nft_flowtable {
|
||||
char *name;
|
||||
int hooknum;
|
||||
int ops_len;
|
||||
u32 genmask:2,
|
||||
use:30;
|
||||
u32 genmask:2;
|
||||
u32 use;
|
||||
u64 handle;
|
||||
/* runtime data below here */
|
||||
struct list_head hook_list ____cacheline_aligned;
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -174,8 +174,10 @@ static int nft_flow_offload_init(const struct nft_ctx *ctx,
|
||||
if (IS_ERR(flowtable))
|
||||
return PTR_ERR(flowtable);
|
||||
|
||||
if (!nft_use_inc(&flowtable->use))
|
||||
return -EMFILE;
|
||||
|
||||
priv->flowtable = flowtable;
|
||||
flowtable->use++;
|
||||
|
||||
return nf_ct_netns_get(ctx->net, ctx->family);
|
||||
}
|
||||
@@ -194,7 +196,7 @@ static void nft_flow_offload_activate(const struct nft_ctx *ctx,
|
||||
{
|
||||
struct nft_flow_offload *priv = nft_expr_priv(expr);
|
||||
|
||||
priv->flowtable->use++;
|
||||
nft_use_inc_restore(&priv->flowtable->use);
|
||||
}
|
||||
|
||||
static void nft_flow_offload_destroy(const struct nft_ctx *ctx,
|
||||
|
||||
@@ -168,7 +168,7 @@ static void nft_immediate_deactivate(const struct nft_ctx *ctx,
|
||||
nft_immediate_chain_deactivate(ctx, chain, phase);
|
||||
nft_chain_del(chain);
|
||||
chain->bound = false;
|
||||
chain->table->use--;
|
||||
nft_use_dec(&chain->table->use);
|
||||
break;
|
||||
}
|
||||
break;
|
||||
@@ -207,7 +207,7 @@ static void nft_immediate_destroy(const struct nft_ctx *ctx,
|
||||
* let the transaction records release this chain and its rules.
|
||||
*/
|
||||
if (chain->bound) {
|
||||
chain->use--;
|
||||
nft_use_dec(&chain->use);
|
||||
break;
|
||||
}
|
||||
|
||||
@@ -215,9 +215,9 @@ static void nft_immediate_destroy(const struct nft_ctx *ctx,
|
||||
chain_ctx = *ctx;
|
||||
chain_ctx.chain = chain;
|
||||
|
||||
chain->use--;
|
||||
nft_use_dec(&chain->use);
|
||||
list_for_each_entry_safe(rule, n, &chain->rules, list) {
|
||||
chain->use--;
|
||||
nft_use_dec(&chain->use);
|
||||
list_del(&rule->list);
|
||||
nf_tables_rule_destroy(&chain_ctx, rule);
|
||||
}
|
||||
|
||||
@@ -41,8 +41,10 @@ static int nft_objref_init(const struct nft_ctx *ctx,
|
||||
if (IS_ERR(obj))
|
||||
return -ENOENT;
|
||||
|
||||
if (!nft_use_inc(&obj->use))
|
||||
return -EMFILE;
|
||||
|
||||
nft_objref_priv(expr) = obj;
|
||||
obj->use++;
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -71,7 +73,7 @@ static void nft_objref_deactivate(const struct nft_ctx *ctx,
|
||||
if (phase == NFT_TRANS_COMMIT)
|
||||
return;
|
||||
|
||||
obj->use--;
|
||||
nft_use_dec(&obj->use);
|
||||
}
|
||||
|
||||
static void nft_objref_activate(const struct nft_ctx *ctx,
|
||||
@@ -79,7 +81,7 @@ static void nft_objref_activate(const struct nft_ctx *ctx,
|
||||
{
|
||||
struct nft_object *obj = nft_objref_priv(expr);
|
||||
|
||||
obj->use++;
|
||||
nft_use_inc_restore(&obj->use);
|
||||
}
|
||||
|
||||
static struct nft_expr_type nft_objref_type;
|
||||
|
||||
Reference in New Issue
Block a user