diff mbox series

[nf-next] netfilter: nf_tables: fix jump evaluation

Message ID 20180529123413.16906-1-fw@strlen.de
State Accepted
Delegated to: Pablo Neira
Headers show
Series [nf-next] netfilter: nf_tables: fix jump evaluation | expand

Commit Message

Florian Westphal May 29, 2018, 12:34 p.m. UTC 
without this followup fix to recent commit jumps are evaluated
like gotos due to bogus restore of rule head.
We need to store not the rule, but the next rule location in the
current-generation rules array.

Fixes: 5f861203063fd ("netfilter: nf_tables: remove synchronize_rcu in commit phase")
Signed-off-by: Florian Westphal <fw@strlen.de>

Please consider squashing this.
---
 net/netfilter/nf_tables_core.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

Comments

Pablo Neira Ayuso May 29, 2018, 12:51 p.m. UTC | #1 
On Tue, May 29, 2018 at 02:34:13PM +0200, Florian Westphal wrote:
> without this followup fix to recent commit jumps are evaluated
> like gotos due to bogus restore of rule head.
> We need to store not the rule, but the next rule location in the
> current-generation rules array.
> 
> Fixes: 5f861203063fd ("netfilter: nf_tables: remove synchronize_rcu in commit phase")
> Signed-off-by: Florian Westphal <fw@strlen.de>
> 
> Please consider squashing this.

Squashed to ("netfilter: nf_tables: remove synchronize_rcu in commit
phase").

Thanks !
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox series

Patch

diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
index c3315aa855f8..03dce8ff6f0d 100644
--- a/net/netfilter/nf_tables_core.c
+++ b/net/netfilter/nf_tables_core.c
@@ -133,7 +133,7 @@  static noinline void nft_update_chain_stats(const struct nft_chain *chain,
 
 struct nft_jumpstack {
 	const struct nft_chain	*chain;
-	const struct nft_rule	*rule;
+	struct nft_rule	*const *rules;
 };
 
 unsigned int
@@ -141,7 +141,7 @@  nft_do_chain(struct nft_pktinfo *pkt, void *priv)
 {
 	const struct nft_chain *chain = priv, *basechain = chain;
 	const struct net *net = nft_net(pkt);
-	struct nft_rule **rules;
+	struct nft_rule *const *rules;
 	const struct nft_rule *rule;
 	const struct nft_expr *expr, *last;
 	struct nft_regs regs;
@@ -159,8 +159,8 @@  nft_do_chain(struct nft_pktinfo *pkt, void *priv)
 	else
 		rules = rcu_dereference(chain->rules_gen_0);
 
-	rule = *rules;
 next_rule:
+	rule = *rules;
 	regs.verdict.code = NFT_CONTINUE;
 	for (; *rules ; rules++) {
 		rule = *rules;
@@ -201,7 +201,7 @@  nft_do_chain(struct nft_pktinfo *pkt, void *priv)
 	case NFT_JUMP:
 		BUG_ON(stackptr >= NFT_JUMP_STACK_SIZE);
 		jumpstack[stackptr].chain = chain;
-		jumpstack[stackptr].rule  = rule;
+		jumpstack[stackptr].rules = rules + 1;
 		stackptr++;
 		/* fall through */
 	case NFT_GOTO:
@@ -223,7 +223,7 @@  nft_do_chain(struct nft_pktinfo *pkt, void *priv)
 	if (stackptr > 0) {
 		stackptr--;
 		chain = jumpstack[stackptr].chain;
-		rule  = jumpstack[stackptr].rule;
+		rules = jumpstack[stackptr].rules;
 		goto next_rule;
 	}