netfilter: nft_immediate: cancel register tracking for data destination register

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The immediate expression might clobber existing data on the registers,
cancel register tracking for the destination register.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Pablo Neira Ayuso 4 years ago 71ef842d 5da03b56

+12

1 changed file

expand all

net

netfilter

nft_immediate.c

+12

net/netfilter/nft_immediate.c

··· 223 223 return false; 224 224 } 225 225 226 + static bool nft_immediate_reduce(struct nft_regs_track *track, 227 + const struct nft_expr *expr) 228 + { 229 + const struct nft_immediate_expr *priv = nft_expr_priv(expr); 230 + 231 + if (priv->dreg != NFT_REG_VERDICT) 232 + nft_reg_track_cancel(track, priv->dreg, priv->dlen); 233 + 234 + return false; 235 + } 236 + 226 237 static const struct nft_expr_ops nft_imm_ops = { 227 238 .type = &nft_imm_type, 228 239 .size = NFT_EXPR_SIZE(sizeof(struct nft_immediate_expr)), ··· 244 233 .destroy = nft_immediate_destroy, 245 234 .dump = nft_immediate_dump, 246 235 .validate = nft_immediate_validate, 236 + .reduce = nft_immediate_reduce, 247 237 .offload = nft_immediate_offload, 248 238 .offload_action = nft_immediate_offload_action, 249 239 };