tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: nf_conntrack: padding breaks conntrack hash on ARM

commit 0794935e "[NETFILTER]: nf_conntrack: optimize hash_conntrack()"
results in ARM platforms hashing uninitialised padding. This padding
doesn't exist on other architectures.

Fix this by replacing NF_CT_TUPLE_U_BLANK() with memset() to ensure
everything is initialised. There were only 4 bytes that
NF_CT_TUPLE_U_BLANK() wasn't clearing anyway (or 12 bytes on ARM).

Signed-off-by: Philip Craig <philipc@snapgear.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Philip Craig and committed by
David S. Miller 443a70d5 0010e465

+3 -13
-10
include/net/netfilter/nf_conntrack_tuple.h
··· 107 107 } src; 108 108 }; 109 109 110 - /* This is optimized opposed to a memset of the whole structure. Everything we 111 - * really care about is the source/destination unions */ 112 - #define NF_CT_TUPLE_U_BLANK(tuple) \ 113 - do { \ 114 - (tuple)->src.u.all = 0; \ 115 - (tuple)->dst.u.all = 0; \ 116 - memset(&(tuple)->src.u3, 0, sizeof((tuple)->src.u3)); \ 117 - memset(&(tuple)->dst.u3, 0, sizeof((tuple)->dst.u3)); \ 118 - } while (0) 119 - 120 110 #ifdef __KERNEL__ 121 111 122 112 static inline void nf_ct_dump_tuple_ip(const struct nf_conntrack_tuple *t)
+1 -1
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
··· 303 303 const struct nf_conntrack_tuple_hash *h; 304 304 struct nf_conntrack_tuple tuple; 305 305 306 - NF_CT_TUPLE_U_BLANK(&tuple); 306 + memset(&tuple, 0, sizeof(tuple)); 307 307 tuple.src.u3.ip = inet->rcv_saddr; 308 308 tuple.src.u.tcp.port = inet->sport; 309 309 tuple.dst.u3.ip = inet->daddr;
+2 -2
net/netfilter/nf_conntrack_core.c
··· 104 104 const struct nf_conntrack_l3proto *l3proto, 105 105 const struct nf_conntrack_l4proto *l4proto) 106 106 { 107 - NF_CT_TUPLE_U_BLANK(tuple); 107 + memset(tuple, 0, sizeof(*tuple)); 108 108 109 109 tuple->src.l3num = l3num; 110 110 if (l3proto->pkt_to_tuple(skb, nhoff, tuple) == 0) ··· 151 151 const struct nf_conntrack_l3proto *l3proto, 152 152 const struct nf_conntrack_l4proto *l4proto) 153 153 { 154 - NF_CT_TUPLE_U_BLANK(inverse); 154 + memset(inverse, 0, sizeof(*inverse)); 155 155 156 156 inverse->src.l3num = orig->src.l3num; 157 157 if (l3proto->invert_tuple(inverse, orig) == 0)