From patchwork Tue Nov 8 13:28:18 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 101570 Delivered-To: patch@linaro.org Received: by 10.140.97.165 with SMTP id m34csp1547974qge; Tue, 8 Nov 2016 05:30:03 -0800 (PST) X-Received: by 10.98.22.196 with SMTP id 187mr19073718pfw.34.1478611803251; Tue, 08 Nov 2016 05:30:03 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 128si36984927pgc.326.2016.11.08.05.30.01; Tue, 08 Nov 2016 05:30:03 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751918AbcKHN36 (ORCPT + 27 others); Tue, 8 Nov 2016 08:29:58 -0500 Received: from mout.kundenserver.de ([212.227.126.135]:62184 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751710AbcKHN34 (ORCPT ); Tue, 8 Nov 2016 08:29:56 -0500 Received: from wuerfel.lan. ([78.43.20.153]) by mrelayeu.kundenserver.de (mreue005) with ESMTPA (Nemesis) id 0LhRY4-1cYmVL3Qky-00mfBT; Tue, 08 Nov 2016 14:29:27 +0100 From: Arnd Bergmann To: "David S. Miller" Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org, Pablo Neira Ayuso , netdev@vger.kernel.org, Arnd Bergmann , Alexey Kuznetsov , James Morris , Hideaki YOSHIFUJI , Patrick McHardy , Eric Dumazet , linux-kernel@vger.kernel.org Subject: [PATCH 1/2] [net-next] udp: provide udp{4, 6}_lib_lookup for nf_socket_ipv{4, 6} Date: Tue, 8 Nov 2016 14:28:18 +0100 Message-Id: <20161108132914.1495283-1-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 X-Provags-ID: V03:K0:/TAE2O4raToqyoP1yM2Hy6RiykM9pu0bseEmhhlyRiujLS5xM6H 3QbVafL7M33fGtozTbh4dKDRk9OmVMHZlpG1v+HWOyuypLHr47NqlUirdie5A17W8m3xe9M FfDPevGH5vbAniBxVr1Xwrtfo6fMQU1e84zb05bhBCh2Tm1N9rLyPGcidcjF1qu9eHB8Awg EHbz02eXZ90Ude4x0VM7g== X-UI-Out-Filterresults: notjunk:1; V01:K0:iGASO/1ZEZk=:EizLRQEmF5TD6rrP4dqk9u njUH93o5T1xVs//ccl7LH4L+bogBQBHN2wXJ65kBWN8cKifQ1dEIYojGEpF8j9desmUfrClk8 h9REsClfSuGlxwW7zipeEQGT70Y7Mpo5Q0SI6BdN0SmQR71N/sYaHCFNQrP+ACYE6L+Pbzy+P JTAJ+IGHhuWVOzqBGJhj8RezMsGtZQal0EEDFasamW00YYIE3f1J7OWqv6Dfb/PseNVld/ftJ OB2B+adFX/dT8WdjISpB/FovIDG4oSV+AndvQvVXwl4uoB4y/QEsmOKm3ccHuquPVZcgSxcVw PxCkqAq7TQAsHiOB2jsX0Bom1AorcYsreDY6BfXBpCWP9h1ateZrOFZOz4gMStQSfJm98Irdr syJeQm/YWBmXjtt5wogP3zFCzDuYgmi8yxXCdNVpvTj1kY0DalMSzRUiRRXyBipsBHq6OwIpL LMGh7QSW06vsglxFEXmDtDrbpC9gckoDcYQWctfzb3dE7CT948QK7ppEXq41nSiNdKE/O3InY qLIAzs8ggLGow7kBsBIwq/YUAC6OlUDlCbnNV9PeVoQ71Ih9HUIhWcElmm8iuVCcyeE+s3doY 1jqBY6i4MfK2n7FCzquVibWKVUpzCp0otfYJahJU3fHUTa36TOqGv0duvxR2lGIVKpfXHrbaU EiM2y2o5aYNjfFgtwJwVtGWjw4k7J3MfXV4p/hZDaVh6A1yPDLFTzzE/TDaF8o+gZ+j8= Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Since commit ca065d0cf80f ("udp: no longer use SLAB_DESTROY_BY_RCU") the udp6_lib_lookup and udp4_lib_lookup functions are only provided when it is actually possible to call them. However, moving the callers now caused a link error: net/built-in.o: In function `nf_sk_lookup_slow_v6': (.text+0x131a39): undefined reference to `udp6_lib_lookup' net/ipv4/netfilter/nf_socket_ipv4.o: In function `nf_sk_lookup_slow_v4': nf_socket_ipv4.c:(.text.nf_sk_lookup_slow_v4+0x114): undefined reference to `udp4_lib_lookup' This extends the #ifdef so we also provide the functions when CONFIG_NF_SOCKET_IPV4 or CONFIG_NF_SOCKET_IPV6, respectively are set. Fixes: 8db4c5be88f6 ("netfilter: move socket lookup infrastructure to nf_socket_ipv{4,6}.c") Signed-off-by: Arnd Bergmann --- The build failure came from the netfilter tree but is now present in net-next, so if the solution is correct, this patch can be applied there. --- net/ipv4/udp.c | 3 ++- net/ipv6/udp.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) -- 2.9.0 diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 097b70628631..c827e4ea509e 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -580,7 +580,8 @@ EXPORT_SYMBOL_GPL(udp4_lib_lookup_skb); * Does increment socket refcount. */ #if IS_ENABLED(CONFIG_NETFILTER_XT_MATCH_SOCKET) || \ - IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TPROXY) + IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TPROXY) || \ + IS_ENABLED(CONFIG_NF_SOCKET_IPV4) struct sock *udp4_lib_lookup(struct net *net, __be32 saddr, __be16 sport, __be32 daddr, __be16 dport, int dif) { diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c index 5313818b7485..86a8cacd333b 100644 --- a/net/ipv6/udp.c +++ b/net/ipv6/udp.c @@ -302,7 +302,8 @@ EXPORT_SYMBOL_GPL(udp6_lib_lookup_skb); * Does increment socket refcount. */ #if IS_ENABLED(CONFIG_NETFILTER_XT_MATCH_SOCKET) || \ - IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TPROXY) + IS_ENABLED(CONFIG_NETFILTER_XT_TARGET_TPROXY) || \ + IS_ENABLED(CONFIG_NF_SOCKET_IPV6) struct sock *udp6_lib_lookup(struct net *net, const struct in6_addr *saddr, __be16 sport, const struct in6_addr *daddr, __be16 dport, int dif) { From patchwork Tue Nov 8 13:28:19 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnd Bergmann X-Patchwork-Id: 101569 Delivered-To: patch@linaro.org Received: by 10.140.97.165 with SMTP id m34csp1548959qge; Tue, 8 Nov 2016 05:31:56 -0800 (PST) X-Received: by 10.98.97.71 with SMTP id v68mr23459363pfb.133.1478611916210; Tue, 08 Nov 2016 05:31:56 -0800 (PST) Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r12si37012404pfg.7.2016.11.08.05.31.55; Tue, 08 Nov 2016 05:31:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752427AbcKHNby (ORCPT + 27 others); Tue, 8 Nov 2016 08:31:54 -0500 Received: from mout.kundenserver.de ([212.227.126.133]:56014 "EHLO mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751998AbcKHNaW (ORCPT ); Tue, 8 Nov 2016 08:30:22 -0500 Received: from wuerfel.lan. ([78.43.20.153]) by mrelayeu.kundenserver.de (mreue005) with ESMTPA (Nemesis) id 0LmgTP-1cdR5b2LDP-00aEyu; Tue, 08 Nov 2016 14:29:48 +0100 From: Arnd Bergmann To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org, coreteam@netfilter.org, netdev@vger.kernel.org, Arnd Bergmann , Patrick McHardy , Jozsef Kadlecsik , "David S. Miller" , Florian Westphal , Eric Dumazet , linux-kernel@vger.kernel.org Subject: [PATCH 2/2] [nf-next] netfilter: fix NF_REPEAT handling Date: Tue, 8 Nov 2016 14:28:19 +0100 Message-Id: <20161108132914.1495283-2-arnd@arndb.de> X-Mailer: git-send-email 2.9.0 In-Reply-To: <20161108132914.1495283-1-arnd@arndb.de> References: <20161108132914.1495283-1-arnd@arndb.de> X-Provags-ID: V03:K0:SSv4rdBKurxA8emHWUeLBEygEowDCz6tm392r555szC/ceZihCB 5XEg9KFfbEn9YndFLHRTMZYGYgG+hujCvXuTIQt/9NFKY3msylzRX2j6iPSn/3Q7hUbdBS0 9UGQD1j5XtO4bxwGjAyvKpf4oOTMzvKPcu1a+Z2fxg3d/m56nWhVTMMpdtzX5A48r8ts7y1 1wh9uiBiiNnYl/bCCIHjQ== X-UI-Out-Filterresults: notjunk:1; V01:K0:q4Xae1HuDiw=:+vf4n/rxELMvC6n/RZRoSp EhaYR0x5Md/cOyjjQjBnUlLEv4CVqqg+2a+xwUrBVzxL1RLNvE1OIqb31xC364ZbfU0Klv16x ffshNk2qHPB5n2le5T/8+uzvKqqr4mrpDhcT0dYSJbsbHhUA73yDPtMasBNMViLnHJVD0csSP nx8nY620MhdUUuv8aXkxDcMs+DBmPsfvhi/hj1CIpGsvpwvHFf+qF9fYVzbeHq7T9kS3My0KU xBACxxTLWJaLuwEJ+6Kaofq/opo/HxFbV158OfmRCX7VbN8q5vtPew/NIKU0Rx6+WnoaUF/Fi uHnZPsGP7sE+03a/zHUf/f2tpqY/XOcQxMyczCDP1HDsUUanbNpLV0GoYSqTlM2Xlks2jF4L3 A5Env3aOBDCLJxcPdYyMGWb8apDfvyq1zD64rVfoMEeJnTU8WGPRFfuIISUpZIi4tcXxeAQ9T l8sbKBxGphAAdKEYGu1q8aDfOhKrF/ot3UeTmAgcbqxhz1ws+LQ4GjYFH6ldTz+5Q8F7zGQXH sn9TkOLff3S+h4nmyCF2jHA8i3O76w0cELe6mYDpR+lj42WiRk3CqnI0GdaFako8L/Ki1ykiz 3CHF5I2LLSYKmk4+y1uN99ufjXUBzXhw5Uuvqh2qChdDJo/6qkFTualeoKT6pXvsM+hI2PASD fQMwrlLB/WGwqRGkwR6VSLb6CBIjOWyBXNyimMe2sDE+OF+QHC5bwVur6/GVxUgattwI= Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org gcc correctly identified a theoretical uninitialized variable use: net/netfilter/nf_conntrack_core.c: In function 'nf_conntrack_in': net/netfilter/nf_conntrack_core.c:1125:14: error: 'l4proto' may be used uninitialized in this function [-Werror=maybe-uninitialized] This could only happen when we 'goto out' before looking up l4proto, and then enter the retry, implying that l3proto->get_l4proto() returned NF_REPEAT. This does not currently get returned in any code path and probably won't ever happen, but is not good to rely on. Moving the repeat handling up a little should have the same behavior as today but avoids the warning by making that case impossible to enter. Fixes: 08733a0cb7de ("netfilter: handle NF_REPEAT from nf_conntrack_in()") Signed-off-by: Arnd Bergmann --- The patch causing this is currently only in nf-next, and not yet in net-next. --- net/netfilter/nf_conntrack_core.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) -- 2.9.0 diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c index de4b8a75f30b..610c9de0ce18 100644 --- a/net/netfilter/nf_conntrack_core.c +++ b/net/netfilter/nf_conntrack_core.c @@ -1337,6 +1337,8 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum, NF_CT_STAT_INC_ATOMIC(net, invalid); if (ret == -NF_DROP) NF_CT_STAT_INC_ATOMIC(net, drop); + if (ret == -NF_REPEAT && tmpl) + goto repeat; ret = -ret; goto out; } @@ -1349,10 +1351,7 @@ nf_conntrack_in(struct net *net, u_int8_t pf, unsigned int hooknum, * closed/aborted connection. We have to go back and create a * fresh conntrack. */ - if (ret == NF_REPEAT) - goto repeat; - else - nf_ct_put(tmpl); + nf_ct_put(tmpl); } return ret;