From patchwork Mon Feb  6 23:24:25 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bodong Wang <bodong@nvidia.com>
X-Patchwork-Id: 1738522
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=91.189.94.19; helo=huckleberry.canonical.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=<UNKNOWN>)
Authentication-Results: legolas.ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
 unprotected) header.d=Nvidia.com header.i=@Nvidia.com header.a=rsa-sha256
 header.s=selector2 header.b=p8ynqFW2;
	dkim-atps=neutral
Received: from huckleberry.canonical.com (huckleberry.canonical.com
 [91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4P9j5z2Q4Yz23r8
	for <incoming@patchwork.ozlabs.org>; Tue,  7 Feb 2023 10:24:55 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1pPAqu-0005Um-JG; Mon, 06 Feb 2023 23:24:48 +0000
Received: from mail-mw2nam12on2061.outbound.protection.outlook.com
 ([40.107.244.61] helo=NAM12-MW2-obe.outbound.protection.outlook.com)
 by huckleberry.canonical.com with esmtps
 (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2)
 (envelope-from <bodong@nvidia.com>) id 1pPAqr-0005SE-Hc
 for kernel-team@lists.ubuntu.com; Mon, 06 Feb 2023 23:24:45 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=kvQmDr7LPUNG75TtYbgldC/FaAfDPKY9nDgVhD1KIGVgZKGq4NnglDHP8swYwFA+2HOSSZQH5tQUBdG032oII5n1MXNoiFOS7ZaJLhWYrUQI98r7pLosl6QwmGMB4MQvzxwAxaz2TDUqfzIG53uYtmq2dw09+o4b+NTYr3UVyCRJ+nPwR6u5lhLQnNp6JmkOlAiln1D2xG/P/7+BJRFME4LZX89QrXSoSPdO5w5Jsp7Fj1d/SOjAA8FHG/PmrspO4FpYKpXsqEyzHub05CRtOe46yFn1KYrcpr4lwby1q6F05J9ZFiLVirHPV5XiY6hcjsXvI3Xe6l+AGyaQADDhIg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=kwBilTHTY/jiMCduzfBgB9IvLgUv36QST+Mcht3LbKY=;
 b=M7TaCFH6bDk/J2TrmqX5GMj2R3HHnv60U4eEHB7L2g5/t+dx5cVwZ+2+2cxPIb32AJQVgGvGUaoU2YXHN1mPlK893Z+g0FQGYXQgKNmc4fQT9H6oUTxf9v4m2lU0U9LW1k/8178PniBJ4HE7pfIH8OZxgHEkNj3ENUI+nBObechbL7vVANw9lIOmlgfubCa89EjXZYpHrQTw5cxAJE7r7sm23eanczB66YXoJyjzrkzyHfyQ6Yzg/FTs9NMmLKMgEeqmqx1ATgoBbsvSRgNEID5Xqva/+PV3HooK4qz1ts20olB44mAnoWK6DBEWGa9f7JRAstkPLwG/MI5vkbUCJA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.160) smtp.rcpttodomain=lists.ubuntu.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com;
 s=selector2;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
 bh=kwBilTHTY/jiMCduzfBgB9IvLgUv36QST+Mcht3LbKY=;
 b=p8ynqFW2rN88X41m1B0x3aeMrl0tQW/bhAp+l9ZwIXZxXdV2nBcViHiMBK5hUTw9XHVZA5m4YmcFKaWJd7w682mk3q5f0JfWvvj5h+P3G18jNUGBeNPmXnfCMPhoxDaEFUCUbm5XJdtuFfCTX0y+V82IRN4HBn+wKXzP2t4vVEYeAKeV/uefU9C9tFNCMG83kZ9Eedy3EuKrzVHiBZxc967goxVmUx0BsGiNjq1XntO4SUyBeBh8uAKRmJ6NUKrb56acX0KlT6gvDmc9zAs/K0PRdbhS+7nbONZVXVDkxevOG6lKAPLUaGa67qDvIHC9NwxRNPBii4pbKvM+2KUvOA==
Received: from BN9PR03CA0512.namprd03.prod.outlook.com (2603:10b6:408:131::7)
 by DM4PR12MB7744.namprd12.prod.outlook.com (2603:10b6:8:100::14) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.34; Mon, 6 Feb
 2023 23:24:43 +0000
Received: from BN8NAM11FT097.eop-nam11.prod.protection.outlook.com
 (2603:10b6:408:131:cafe::1c) by BN9PR03CA0512.outlook.office365.com
 (2603:10b6:408:131::7) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.35 via Frontend
 Transport; Mon, 6 Feb 2023 23:24:43 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.160)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.160 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.160; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.117.160) by
 BN8NAM11FT097.mail.protection.outlook.com (10.13.176.147) with Microsoft SMTP
 Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.6064.34 via Frontend Transport; Mon, 6 Feb 2023 23:24:42 +0000
Received: from rnnvmail202.nvidia.com (10.129.68.7) by mail.nvidia.com
 (10.129.200.66) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.36; Mon, 6 Feb 2023
 15:24:33 -0800
Received: from rnnvmail204.nvidia.com (10.129.68.6) by rnnvmail202.nvidia.com
 (10.129.68.7) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.36; Mon, 6 Feb 2023
 15:24:32 -0800
Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com
 (10.129.68.6) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.36 via Frontend
 Transport; Mon, 6 Feb 2023 15:24:32 -0800
Received: from sw-mtx-016.mtx.labs.mlnx. (sw-mtx-016.mtx.labs.mlnx
 [10.9.150.102])
 by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 316NOQwt003953;
 Tue, 7 Feb 2023 01:24:30 +0200
From: Bodong Wang <bodong@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][F:linux-bluefield][PATCH 3/3] netfilter: nf_tables: do not
 update stateful expressions if lookup is inverted
Date: Mon, 6 Feb 2023 17:24:25 -0600
Message-ID: <1675725865-3724-4-git-send-email-bodong@nvidia.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1675725865-3724-1-git-send-email-bodong@nvidia.com>
References: <1675725865-3724-1-git-send-email-bodong@nvidia.com>
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8NAM11FT097:EE_|DM4PR12MB7744:EE_
X-MS-Office365-Filtering-Correlation-Id: 7cdb3b2e-578a-4fe2-cf77-08db089953b4
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 XqtVCDujgD+UAXqTq/AmlZVmGMPbcGtBKOeYSM40lzllAGwu6Jr3xBqlFhA+wwxNSnOWdaSlAe+oYfje4VVLf99VztKywlwRyPduQxe6Z0YzTJxoxVY/E7+a6S0dCH2al24/WcNUFxXRNanIUy5179no0B78wXZ0T75jqNDfFIwXJQ3z+sMDbwn/QWaIXKHiH96ir3Q8tf4B536ulusC7Aypt+5iJ/dvJcOPbVwfWRFNB/x3e/8XZm3pavUx8HX76MTygR7aUgCwdC+7ZUnHiSLD0G9+5ai2h6xRz/zFZejs6l7Per23ermAOwgja5cLbviMtnDwKTY+7FaVSVGsFMWT4nAeYFMPZADccfhz8PA4cQHTdHEwlKgtVb2LaDzcGNHTNRTzfG7nxgMAP9R0kPNudQ3xbb9OEzWKl4C2/nubZ5xhdxp91JgVlIOSmXV4+Sl4hhgSipp9ouZwz26Zv4hy6H7iuyzFphzK/nfO1BtmGF0FcWQkMn7z2gk7Z4secU0tdXB/MO1fy/bHtcD22VayS0U/JHhxBUGprN5QwOhAyD/sl+njnEZfqxkUtiZrVuQHZGB1bCPqJXzuzcv43VCpE28K0TXH96mF6o1ZVzBIqcsaeS6XmTCAbHt9zxcRvTNkWX2G+x+E6J0AwfIjCqvqbLPcnXSxL0NqG0/sUNnBqLF6znkRUukfOEiwUp8ZUWYEKujrIFMlsz0phYnxEegZHddQeph9NAS7JjMtrfc4/q8bqresVUL2jnf36ZZCJpIQH99PuZR4E2Fx5NhKynM43VoOqJ8d+w/iRtHhN2w=
X-Forefront-Antispam-Report: CIP:216.228.117.160; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge1.nvidia.com; CAT:NONE;
 SFS:(13230025)(4636009)(396003)(376002)(136003)(39860400002)(346002)(451199018)(40470700004)(36840700001)(46966006)(36756003)(2906002)(15650500001)(7636003)(82740400003)(356005)(336012)(6666004)(47076005)(83380400001)(40460700003)(2616005)(8676002)(4326008)(70206006)(54906003)(70586007)(8936002)(316002)(5660300002)(6916009)(86362001)(41300700001)(186003)(26005)(478600001)(966005)(107886003)(40480700001)(36860700001)(82310400005);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Feb 2023 23:24:42.8403 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 7cdb3b2e-578a-4fe2-cf77-08db089953b4
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.160];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 BN8NAM11FT097.eop-nam11.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB7744
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: vlad@nvidia.com, bodong@nvidia.com, witu@nvidia.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Pablo Neira Ayuso <pablo@netfilter.org>

BugLink: https://bugs.launchpad.net/bugs/2006397

Initialize set lookup matching element to NULL. Otherwise, the
NFT_LOOKUP_F_INV flag reverses the matching logic and it leads to
deference an uninitialized pointer to the matching element. Make sure
element data area and stateful expression are accessed if there is a
matching set element.

This patch undoes 24791b9aa1ab ("netfilter: nft_set_bitmap: initialize set
element extension in lookups") which is not required anymore.

Fixes: 339706bc21c1 ("netfilter: nft_lookup: update element stateful expression")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
(cherry picked from commit a26c1e49c8e97922edc8d7e23683384729d09f77)
Signed-off-by: Bodong Wang <bodong@nvidia.com>
---
 include/net/netfilter/nf_tables.h |  2 +-
 net/netfilter/nft_lookup.c        | 12 +++++++-----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 0fc1db6..9453e69 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -904,7 +904,7 @@ static inline void nft_set_elem_update_expr(const struct nft_set_ext *ext,
 {
 	struct nft_expr *expr;
 
-	if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPR)) {
+	if (__nft_set_ext_exists(ext, NFT_SET_EXT_EXPR)) {
 		expr = nft_set_ext_expr(ext);
 		expr->ops->eval(expr, regs, pkt);
 	}
diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
index 1e70359..f1363b8 100644
--- a/net/netfilter/nft_lookup.c
+++ b/net/netfilter/nft_lookup.c
@@ -29,7 +29,7 @@ void nft_lookup_eval(const struct nft_expr *expr,
 {
 	const struct nft_lookup *priv = nft_expr_priv(expr);
 	const struct nft_set *set = priv->set;
-	const struct nft_set_ext *ext;
+	const struct nft_set_ext *ext = NULL;
 	bool found;
 
 	found = set->ops->lookup(nft_net(pkt), set, &regs->data[priv->sreg],
@@ -39,11 +39,13 @@ void nft_lookup_eval(const struct nft_expr *expr,
 		return;
 	}
 
-	if (set->flags & NFT_SET_MAP)
-		nft_data_copy(&regs->data[priv->dreg],
-			      nft_set_ext_data(ext), set->dlen);
+	if (ext) {
+		if (set->flags & NFT_SET_MAP)
+			nft_data_copy(&regs->data[priv->dreg],
+				      nft_set_ext_data(ext), set->dlen);
 
-	nft_set_elem_update_expr(ext, regs, pkt);
+		nft_set_elem_update_expr(ext, regs, pkt);
+	}
 }
 
 static const struct nla_policy nft_lookup_policy[NFTA_LOOKUP_MAX + 1] = {