From patchwork Wed Jul 7 14:00:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bodong Wang X-Patchwork-Id: 1501756 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GKh020GN8z9sWc; Thu, 8 Jul 2021 00:00:32 +1000 (AEST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1m186E-0005Wn-DU; Wed, 07 Jul 2021 14:00:26 +0000 Received: from mail-il-dmz.mellanox.com ([193.47.165.129] helo=mellanox.co.il) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1m186B-0005Wh-Tp for kernel-team@lists.ubuntu.com; Wed, 07 Jul 2021 14:00:24 +0000 Received: from Internal Mail-Server by MTLPINE1 (envelope-from bodong@nvidia.com) with SMTP; 7 Jul 2021 17:00:22 +0300 Received: from sw-mtx-016.mtx.labs.mlnx. (sw-mtx-016.mtx.labs.mlnx [10.9.150.102]) by labmailer.mlnx (8.13.8/8.13.8) with ESMTP id 167E0JkQ024429; Wed, 7 Jul 2021 17:00:20 +0300 From: Bodong Wang To: kernel-team@lists.ubuntu.com Subject: [SRU][F:linux-bluefield][PATCH v2] net/sched: act_ct: fix err check for nf_conntrack_confirm Date: Wed, 7 Jul 2021 09:00:19 -0500 Message-Id: <1625666419-28751-1-git-send-email-bodong@nvidia.com> X-Mailer: git-send-email 1.8.3.1 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: ozsh@nvidia.com, lariel@nvidia.com, paulb@nvidia.com, vlad@nvidia.com, danielj@nvidia.com, bodong@nvidia.com, maord@nvidia.com MIME-Version: 1.0 Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" From: wenxu BugLink: https://bugs.launchpad.net/bugs/1934819 The confirm operation should be checked. If there are any failed, the packet should be dropped like in ovs and netfilter. Fixes: b57dc7c13ea9 ("net/sched: Introduce action ct") Signed-off-by: wenxu Signed-off-by: David S. Miller (cherry picked from commit 8955b90c3cdad199137809aac8ccbbb585355913 linux-next) https://patchwork.kernel.org/project/netdevbpf/patch/1625196871-2780-1-git-send-email-wenxu@ucloud.cn/ Signed-off-by: Bodong Wang Acked-by: Tim Gardner Acked-by: Kleber Sacilotto de Souza Acked-by: Tim Gardner --- net/sched/act_ct.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/sched/act_ct.c b/net/sched/act_ct.c index 43c5b3f..6299214 100644 --- a/net/sched/act_ct.c +++ b/net/sched/act_ct.c @@ -1004,7 +1004,8 @@ static int tcf_ct_act(struct sk_buff *skb, const struct tc_action *a, /* This will take care of sending queued events * even if the connection is already confirmed. */ - nf_conntrack_confirm(skb); + if (nf_conntrack_confirm(skb) != NF_ACCEPT) + goto drop; } if (!skip_add)