Message ID | 20210411081334.1994938-1-roid@nvidia.com (mailing list archive) |
---|---|
State | Awaiting Upstream |
Delegated to: | Netdev Maintainers |
Headers | show |
Series | [net-next,1/1] netfilter: flowtable: Make sure dst_cache is valid before using it | expand |
Context | Check | Description |
---|---|---|
netdev/cover_letter | success | Link |
netdev/fixes_present | success | Link |
netdev/patch_count | success | Link |
netdev/tree_selection | success | Clearly marked for net-next |
netdev/subject_prefix | success | Link |
netdev/cc_maintainers | warning | 6 maintainers not CCed: kadlec@netfilter.org coreteam@netfilter.org fw@strlen.de davem@davemloft.net netfilter-devel@vger.kernel.org kuba@kernel.org |
netdev/source_inline | success | Was 0 now: 0 |
netdev/verify_signedoff | success | Link |
netdev/module_param | success | Was 0 now: 0 |
netdev/build_32bit | success | Errors and warnings before: 0 this patch: 0 |
netdev/kdoc | success | Errors and warnings before: 0 this patch: 0 |
netdev/verify_fixes | success | Link |
netdev/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 8 lines checked |
netdev/build_allmodconfig_warn | success | Errors and warnings before: 0 this patch: 0 |
netdev/header_inline | success | Link |
Hi Roi, On Sun, Apr 11, 2021 at 11:13:34AM +0300, Roi Dayan wrote: > It could be dst_cache was not set so check it's not null before using > it. Could you give a try to this fix? net/sched/act_ct.c leaves the xmit_type as FLOW_OFFLOAD_XMIT_UNSPEC since it does not cache a route. Thanks. > Fixes: 8b9229d15877 ("netfilter: flowtable: dst_check() from garbage collector path") > Signed-off-by: Roi Dayan <roid@nvidia.com> > --- > net/netfilter/nf_flow_table_core.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c > index 76573bae6664..e426077aaed1 100644 > --- a/net/netfilter/nf_flow_table_core.c > +++ b/net/netfilter/nf_flow_table_core.c > @@ -410,6 +410,8 @@ static bool flow_offload_stale_dst(struct flow_offload_tuple *tuple) > if (tuple->xmit_type == FLOW_OFFLOAD_XMIT_NEIGH || > tuple->xmit_type == FLOW_OFFLOAD_XMIT_XFRM) { > dst = tuple->dst_cache; > + if (!dst) > + return false; > if (!dst_check(dst, tuple->dst_cookie)) > return true; > } > -- > 2.26.2 >
On 2021-04-11 1:58 PM, Pablo Neira Ayuso wrote: > Hi Roi, > > On Sun, Apr 11, 2021 at 11:13:34AM +0300, Roi Dayan wrote: >> It could be dst_cache was not set so check it's not null before using >> it. > > Could you give a try to this fix? > > net/sched/act_ct.c leaves the xmit_type as FLOW_OFFLOAD_XMIT_UNSPEC > since it does not cache a route. > > Thanks. > what do you mean? FLOW_OFFLOAD_XMIT_UNSPEC doesn't exists so default 0 is set. do you suggest adding that enum option as 0? this is the current xmit_type enum enum flow_offload_xmit_type { FLOW_OFFLOAD_XMIT_NEIGH = 0, FLOW_OFFLOAD_XMIT_XFRM, FLOW_OFFLOAD_XMIT_DIRECT, }; >> Fixes: 8b9229d15877 ("netfilter: flowtable: dst_check() from garbage collector path") >> Signed-off-by: Roi Dayan <roid@nvidia.com> >> --- >> net/netfilter/nf_flow_table_core.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c >> index 76573bae6664..e426077aaed1 100644 >> --- a/net/netfilter/nf_flow_table_core.c >> +++ b/net/netfilter/nf_flow_table_core.c >> @@ -410,6 +410,8 @@ static bool flow_offload_stale_dst(struct flow_offload_tuple *tuple) >> if (tuple->xmit_type == FLOW_OFFLOAD_XMIT_NEIGH || >> tuple->xmit_type == FLOW_OFFLOAD_XMIT_XFRM) { >> dst = tuple->dst_cache; >> + if (!dst) >> + return false; >> if (!dst_check(dst, tuple->dst_cookie)) >> return true; >> } >> -- >> 2.26.2 >>
On Mon, Apr 12, 2021 at 11:26:35AM +0300, Roi Dayan wrote: > > > On 2021-04-11 1:58 PM, Pablo Neira Ayuso wrote: > > Hi Roi, > > > > On Sun, Apr 11, 2021 at 11:13:34AM +0300, Roi Dayan wrote: > > > It could be dst_cache was not set so check it's not null before using > > > it. > > > > Could you give a try to this fix? > > > > net/sched/act_ct.c leaves the xmit_type as FLOW_OFFLOAD_XMIT_UNSPEC > > since it does not cache a route. > > > > Thanks. > > > > what do you mean? FLOW_OFFLOAD_XMIT_UNSPEC doesn't exists so default 0 > is set. > > do you suggest adding that enum option as 0? Yes. This could be FLOW_OFFLOAD_XMIT_TC instead if you prefer. enum flow_offload_xmit_type { FLOW_OFFLOAD_XMIT_TC = 0, FLOW_OFFLOAD_XMIT_NEIGH, FLOW_OFFLOAD_XMIT_XFRM, FLOW_OFFLOAD_XMIT_DIRECT, }; so there is no need to check for no route in the FLOW_OFFLOAD_XMIT_NEIGH case (it's assumed this type always has a route).
On 2021-04-12 2:42 PM, Pablo Neira Ayuso wrote: > On Mon, Apr 12, 2021 at 11:26:35AM +0300, Roi Dayan wrote: >> >> >> On 2021-04-11 1:58 PM, Pablo Neira Ayuso wrote: >>> Hi Roi, >>> >>> On Sun, Apr 11, 2021 at 11:13:34AM +0300, Roi Dayan wrote: >>>> It could be dst_cache was not set so check it's not null before using >>>> it. >>> >>> Could you give a try to this fix? >>> >>> net/sched/act_ct.c leaves the xmit_type as FLOW_OFFLOAD_XMIT_UNSPEC >>> since it does not cache a route. >>> >>> Thanks. >>> >> >> what do you mean? FLOW_OFFLOAD_XMIT_UNSPEC doesn't exists so default 0 >> is set. >> >> do you suggest adding that enum option as 0? > > Yes. This could be FLOW_OFFLOAD_XMIT_TC instead if you prefer. > > enum flow_offload_xmit_type { > FLOW_OFFLOAD_XMIT_TC = 0, > FLOW_OFFLOAD_XMIT_NEIGH, > FLOW_OFFLOAD_XMIT_XFRM, > FLOW_OFFLOAD_XMIT_DIRECT, > }; > > so there is no need to check for no route in the > FLOW_OFFLOAD_XMIT_NEIGH case (it's assumed this type always has a > route). > thanks Pablo. were not sure I wanted to touch the enum. I prefer unspec actually as you suggested initially. it works fine by adding the enum. i'll submit v2 with this suggestion.
diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c index 76573bae6664..e426077aaed1 100644 --- a/net/netfilter/nf_flow_table_core.c +++ b/net/netfilter/nf_flow_table_core.c @@ -410,6 +410,8 @@ static bool flow_offload_stale_dst(struct flow_offload_tuple *tuple) if (tuple->xmit_type == FLOW_OFFLOAD_XMIT_NEIGH || tuple->xmit_type == FLOW_OFFLOAD_XMIT_XFRM) { dst = tuple->dst_cache; + if (!dst) + return false; if (!dst_check(dst, tuple->dst_cookie)) return true; }
It could be dst_cache was not set so check it's not null before using it. Fixes: 8b9229d15877 ("netfilter: flowtable: dst_check() from garbage collector path") Signed-off-by: Roi Dayan <roid@nvidia.com> --- net/netfilter/nf_flow_table_core.c | 2 ++ 1 file changed, 2 insertions(+)