From patchwork Sat Oct 22 10:51:24 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Liping Zhang X-Patchwork-Id: 685394 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3t1KBC1vfwz9svs for ; Sat, 22 Oct 2016 21:52:19 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=163.com header.i=@163.com header.b=opHvIso1; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S938442AbcJVKwO (ORCPT ); Sat, 22 Oct 2016 06:52:14 -0400 Received: from m12-16.163.com ([220.181.12.16]:33168 "EHLO m12-16.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S937312AbcJVKwM (ORCPT ); Sat, 22 Oct 2016 06:52:12 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=psUU/rvLyGk56FARcJ 9/yqv4v21PLShni12kLB44Ots=; b=opHvIso1Y5x/RPoItYM4/0nkhDXsrJVrJt A390QeltamgNF2EgzgHKjzjDOs9iXnFB8ZrtDkWXPpa1UefbvFxqecauzVzsIzAW LAYa/uX/YAYQ4oBwjKRnB2LXikmrMMzyTE8bYA8qR0Q7p0owtk0pXyRxtxk5dYC2 mif+xUsaA= Received: from MiWiFi-R2D-srv.localdomain (unknown [180.170.252.41]) by smtp12 (Coremail) with SMTP id EMCowAA3JdrERAtY2tqXBA--.34506S3; Sat, 22 Oct 2016 18:52:01 +0800 (CST) From: Liping Zhang To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org, Liping Zhang Subject: [PATCH nf 1/3] netfilter: nft_dynset: fix panic if NFT_SET_HASH is not enabled Date: Sat, 22 Oct 2016 18:51:24 +0800 Message-Id: <1477133486-60686-2-git-send-email-zlpnobody@163.com> X-Mailer: git-send-email 2.5.5 In-Reply-To: <1477133486-60686-1-git-send-email-zlpnobody@163.com> References: <1477133486-60686-1-git-send-email-zlpnobody@163.com> X-CM-TRANSID: EMCowAA3JdrERAtY2tqXBA--.34506S3 X-Coremail-Antispam: 1Uf129KBjvJXoW7AFy3CF1xArW3Cw1UtFy7Jrb_yoW8AF1xpr 45W342kr4Sgr4YqayktryfXFWjqr4Dta48Cr95Aa4rA3WUGw4Uta1fKrW3Xr98WF45AFWx JFn0yw4UWFy5JrJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07jO3kZUUUUU= X-Originating-IP: [180.170.252.41] X-CM-SenderInfo: x2os00perg5qqrwthudrp/1tbiDhILl1XlhJaG8wAAsX Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: Liping Zhang When CONFIG_NFT_SET_HASH is not enabled and I input the following rule: "nft add rule filter output flow table test {ip daddr counter }", kernel panic happened on my system: BUG: unable to handle kernel NULL pointer dereference at (null) IP: [< (null)>] (null) [...] Call Trace: [] ? nft_dynset_eval+0x56/0x100 [nf_tables] [] nft_do_chain+0xfb/0x4e0 [nf_tables] [] ? nf_conntrack_tuple_taken+0x61/0x210 [nf_conntrack] [] ? get_unique_tuple+0x136/0x560 [nf_nat] [] ? __nf_ct_ext_add_length+0x111/0x130 [nf_conntrack] [] ? nf_nat_setup_info+0x87/0x3b0 [nf_nat] [] ? ipt_do_table+0x327/0x610 [] ? __nf_nat_alloc_null_binding+0x57/0x80 [nf_nat] [] nft_ipv4_output+0xaf/0xd0 [nf_tables_ipv4] [] nf_iterate+0x55/0x60 [] nf_hook_slow+0x73/0xd0 Because in rbtree type set, ops->update is not implemented. So just keep it simple, in such case, report -EOPNOTSUPP to the user space. Signed-off-by: Liping Zhang --- net/netfilter/nft_dynset.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c index e3b83c3..6a631cb 100644 --- a/net/netfilter/nft_dynset.c +++ b/net/netfilter/nft_dynset.c @@ -139,6 +139,9 @@ static int nft_dynset_init(const struct nft_ctx *ctx, return PTR_ERR(set); } + if (set->ops->update == NULL) + return -EOPNOTSUPP; + if (set->flags & NFT_SET_CONSTANT) return -EBUSY;