diff mbox

[nft] netlink: meta: fix wrong type in attributes

Message ID 1392652085-8225-1-git-send-email-fw@strlen.de
State Accepted
Headers show

Commit Message

Florian Westphal Feb. 17, 2014, 3:48 p.m. UTC 
We segfault on 'list filter' when meta expr is used as _u8
returns invalid register 0.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/netlink_delinearize.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Patrick McHardy Feb. 17, 2014, 5:25 p.m. UTC | #1 
On Mon, Feb 17, 2014 at 04:48:05PM +0100, Florian Westphal wrote:
> We segfault on 'list filter' when meta expr is used as _u8
> returns invalid register 0.

This seems to only affect the master branch. Not sure how many people
are using that and if its worth doing a new release. I'd rather merge
the next-3.14 branch and have people use that.

On a side note: there's no reason to have our releases timed after
kernel releases. At this point I'd rather go for more frequent releases
of the current code instead of backporting fixes.

> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
>  src/netlink_delinearize.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
> index 6668308..b976d86 100644
> --- a/src/netlink_delinearize.c
> +++ b/src/netlink_delinearize.c
> @@ -346,9 +346,9 @@ static void netlink_parse_meta_sreg(struct netlink_parse_ctx *ctx,
>  	struct expr *expr;
>  
>  	expr = netlink_get_register(ctx, loc,
> -			nft_rule_expr_get_u8(nle, NFT_EXPR_META_SREG));
> +			nft_rule_expr_get_u32(nle, NFT_EXPR_META_SREG));
>  	stmt = meta_stmt_alloc(loc,
> -			       nft_rule_expr_get_u8(nle, NFT_EXPR_META_KEY),
> +			       nft_rule_expr_get_u32(nle, NFT_EXPR_META_KEY),
>  			       expr);
>  	expr_set_type(expr, stmt->meta.tmpl->dtype, stmt->meta.tmpl->byteorder);
>  
> -- 
> 1.8.1.5
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira Ayuso Feb. 17, 2014, 7:14 p.m. UTC | #2 
On Mon, Feb 17, 2014 at 05:25:59PM +0000, Patrick McHardy wrote:
> On Mon, Feb 17, 2014 at 04:48:05PM +0100, Florian Westphal wrote:
> > We segfault on 'list filter' when meta expr is used as _u8
> > returns invalid register 0.
> 
> This seems to only affect the master branch. Not sure how many people
> are using that and if its worth doing a new release. I'd rather merge
> the next-3.14 branch and have people use that.

Please, go ahead with that.

> On a side note: there's no reason to have our releases timed after
> kernel releases. At this point I'd rather go for more frequent releases
> of the current code instead of backporting fixes.

We can probably point to the nftables git snapshots from the website
and make the releases when we consider that there a good number of
relevant changes/fixes to make an announce.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Patrick McHardy Feb. 17, 2014, 7:40 p.m. UTC | #3 
On Mon, Feb 17, 2014 at 08:14:36PM +0100, Pablo Neira Ayuso wrote:
> On Mon, Feb 17, 2014 at 05:25:59PM +0000, Patrick McHardy wrote:
> > On Mon, Feb 17, 2014 at 04:48:05PM +0100, Florian Westphal wrote:
> > > We segfault on 'list filter' when meta expr is used as _u8
> > > returns invalid register 0.
> > 
> > This seems to only affect the master branch. Not sure how many people
> > are using that and if its worth doing a new release. I'd rather merge
> > the next-3.14 branch and have people use that.
> 
> Please, go ahead with that.

Done.

> > On a side note: there's no reason to have our releases timed after
> > kernel releases. At this point I'd rather go for more frequent releases
> > of the current code instead of backporting fixes.
> 
> We can probably point to the nftables git snapshots from the website
> and make the releases when we consider that there a good number of
> relevant changes/fixes to make an announce.

Yeah, we can switch to a different model once things have calmed down
a little. Probably still should aim for a new release by 3.14, maybe
earlier, so people can use the new stuff.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Florian Westphal Feb. 17, 2014, 9:03 p.m. UTC | #4 
Patrick McHardy <kaber@trash.net> wrote:
> On Mon, Feb 17, 2014 at 04:48:05PM +0100, Florian Westphal wrote:
> > We segfault on 'list filter' when meta expr is used as _u8
> > returns invalid register 0.
> 
> This seems to only affect the master branch. Not sure how many people
> are using that and if its worth doing a new release. I'd rather merge
> the next-3.14 branch and have people use that.

I am now on 0545e0c13b as head but I still get segfault:

$ nft add rule filter output meta  mark set 42
$ nft list table -> segv

.. and my patch should still apply afaics.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira Ayuso Feb. 17, 2014, 10:49 p.m. UTC | #5 
On Mon, Feb 17, 2014 at 10:03:01PM +0100, Florian Westphal wrote:
> Patrick McHardy <kaber@trash.net> wrote:
> > On Mon, Feb 17, 2014 at 04:48:05PM +0100, Florian Westphal wrote:
> > > We segfault on 'list filter' when meta expr is used as _u8
> > > returns invalid register 0.
> > 
> > This seems to only affect the master branch. Not sure how many people
> > are using that and if its worth doing a new release. I'd rather merge
> > the next-3.14 branch and have people use that.
> 
> I am now on 0545e0c13b as head but I still get segfault:
> 
> $ nft add rule filter output meta  mark set 42
> $ nft list table -> segv
> 
> .. and my patch should still apply afaics.

I'm going to apply your patch to master. Thanks Florian.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Patrick McHardy Feb. 18, 2014, 1:27 a.m. UTC | #6 
On Mon, Feb 17, 2014 at 10:03:01PM +0100, Florian Westphal wrote:
> Patrick McHardy <kaber@trash.net> wrote:
> > On Mon, Feb 17, 2014 at 04:48:05PM +0100, Florian Westphal wrote:
> > > We segfault on 'list filter' when meta expr is used as _u8
> > > returns invalid register 0.
> > 
> > This seems to only affect the master branch. Not sure how many people
> > are using that and if its worth doing a new release. I'd rather merge
> > the next-3.14 branch and have people use that.
> 
> I am now on 0545e0c13b as head but I still get segfault:
> 
> $ nft add rule filter output meta  mark set 42
> $ nft list table -> segv
> 
> .. and my patch should still apply afaics.

Right, we've fixed that for other types. Please push your patch to master.

We should probably add a big warning to libnftnl for these cases or
even an assert() since its misuse of the API that leads to hard to
debug problems.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira Ayuso Feb. 18, 2014, 10:02 a.m. UTC | #7 
On Tue, Feb 18, 2014 at 01:27:08AM +0000, Patrick McHardy wrote:
> On Mon, Feb 17, 2014 at 10:03:01PM +0100, Florian Westphal wrote:
> > Patrick McHardy <kaber@trash.net> wrote:
> > > On Mon, Feb 17, 2014 at 04:48:05PM +0100, Florian Westphal wrote:
> > > > We segfault on 'list filter' when meta expr is used as _u8
> > > > returns invalid register 0.
> > > 
> > > This seems to only affect the master branch. Not sure how many people
> > > are using that and if its worth doing a new release. I'd rather merge
> > > the next-3.14 branch and have people use that.
> > 
> > I am now on 0545e0c13b as head but I still get segfault:
> > 
> > $ nft add rule filter output meta  mark set 42
> > $ nft list table -> segv
> > 
> > .. and my patch should still apply afaics.
> 
> Right, we've fixed that for other types. Please push your patch to master.
> 
> We should probably add a big warning to libnftnl for these cases or
> even an assert() since its misuse of the API that leads to hard to
> debug problems.

Indeed. I started a patch for that here but failed to find time so far
to finish it, it should help to catch wrong API uses.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 6668308..b976d86 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -346,9 +346,9 @@  static void netlink_parse_meta_sreg(struct netlink_parse_ctx *ctx,
 	struct expr *expr;
 
 	expr = netlink_get_register(ctx, loc,
-			nft_rule_expr_get_u8(nle, NFT_EXPR_META_SREG));
+			nft_rule_expr_get_u32(nle, NFT_EXPR_META_SREG));
 	stmt = meta_stmt_alloc(loc,
-			       nft_rule_expr_get_u8(nle, NFT_EXPR_META_KEY),
+			       nft_rule_expr_get_u32(nle, NFT_EXPR_META_KEY),
 			       expr);
 	expr_set_type(expr, stmt->meta.tmpl->dtype, stmt->meta.tmpl->byteorder);