tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
netfilter endian regressions
no real bugs, just misannotations cropping up
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
authored by
Al Viro
and committed by
Linus Torvalds
a34c4589
e0e5de00
+23
-20
+2
-2
include/linux/netfilter/xt_connlimit.h
+2
-2
include/linux/netfilter/xt_connlimit.h
+2
-2
include/net/netfilter/nf_conntrack_tuple.h
+2
-2
include/net/netfilter/nf_conntrack_tuple.h
···
35
35
union nf_conntrack_man_proto
36
36
{
37
37
/* Add other protocols here. */
38
-
u_int16_t all;
38
+
__be16 all;
39
39
40
40
struct {
41
41
__be16 port;
···
73
73
union nf_conntrack_address u3;
74
74
union {
75
75
/* Add other protocols here. */
76
-
u_int16_t all;
76
+
__be16 all;
77
77
78
78
struct {
79
79
__be16 port;
+2
-1
net/ipv4/netfilter/nf_nat_core.c
+2
-1
net/ipv4/netfilter/nf_nat_core.c
···
77
77
hash_by_src(const struct nf_conntrack_tuple *tuple)
78
78
{
79
79
/* Original src, to ensure we map it consistently if poss. */
80
-
return jhash_3words((__force u32)tuple->src.u3.ip, tuple->src.u.all,
80
+
return jhash_3words((__force u32)tuple->src.u3.ip,
81
+
(__force u32)tuple->src.u.all,
81
82
tuple->dst.protonum, 0) % nf_nat_htable_size;
82
83
}
83
84
+1
-1
net/ipv4/netfilter/nf_nat_rule.c
+1
-1
net/ipv4/netfilter/nf_nat_rule.c
···
192
192
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
193
193
? ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip
194
194
: ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip);
195
-
u_int16_t all
195
+
__be16 all
196
196
= (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
197
197
? ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u.all
198
198
: ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u.all);
+2
-1
net/netfilter/nf_conntrack_core.c
+2
-1
net/netfilter/nf_conntrack_core.c
···
79
79
a = jhash2(tuple->src.u3.all, ARRAY_SIZE(tuple->src.u3.all),
80
80
(tuple->src.l3num << 16) | tuple->dst.protonum);
81
81
b = jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all),
82
-
(tuple->src.u.all << 16) | tuple->dst.u.all);
82
+
((__force __u16)tuple->src.u.all << 16) |
83
+
(__force __u16)tuple->dst.u.all);
83
84
84
85
return jhash_2words(a, b, rnd) % size;
85
86
}
+4
-4
net/netfilter/nf_conntrack_expect.c
+4
-4
net/netfilter/nf_conntrack_expect.c
···
80
80
81
81
return jhash2(tuple->dst.u3.all, ARRAY_SIZE(tuple->dst.u3.all),
82
82
(((tuple->dst.protonum ^ tuple->src.l3num) << 16) |
83
-
tuple->dst.u.all) ^ nf_ct_expect_hash_rnd) %
83
+
(__force __u16)tuple->dst.u.all) ^ nf_ct_expect_hash_rnd) %
84
84
nf_ct_expect_hsize;
85
85
}
86
86
···
259
259
}
260
260
261
261
if (src) {
262
-
exp->tuple.src.u.all = (__force u16)*src;
263
-
exp->mask.src.u.all = 0xFFFF;
262
+
exp->tuple.src.u.all = *src;
263
+
exp->mask.src.u.all = htons(0xFFFF);
264
264
} else {
265
265
exp->tuple.src.u.all = 0;
266
266
exp->mask.src.u.all = 0;
···
272
272
memset((void *)&exp->tuple.dst.u3 + len, 0x00,
273
273
sizeof(exp->tuple.dst.u3) - len);
274
274
275
-
exp->tuple.dst.u.all = (__force u16)*dst;
275
+
exp->tuple.dst.u.all = *dst;
276
276
}
277
277
EXPORT_SYMBOL_GPL(nf_ct_expect_init);
278
278
+1
-1
net/netfilter/nf_conntrack_helper.c
+1
-1
net/netfilter/nf_conntrack_helper.c
···
39
39
static unsigned int helper_hash(const struct nf_conntrack_tuple *tuple)
40
40
{
41
41
return (((tuple->src.l3num << 8) | tuple->dst.protonum) ^
42
-
tuple->src.u.all) % nf_ct_helper_hsize;
42
+
(__force __u16)tuple->src.u.all) % nf_ct_helper_hsize;
43
43
}
44
44
45
45
struct nf_conntrack_helper *
+3
-3
net/netfilter/xt_connlimit.c
+3
-3
net/netfilter/xt_connlimit.c
···
42
42
static u_int32_t connlimit_rnd;
43
43
static bool connlimit_rnd_inited;
44
44
45
-
static inline unsigned int connlimit_iphash(u_int32_t addr)
45
+
static inline unsigned int connlimit_iphash(__be32 addr)
46
46
{
47
47
if (unlikely(!connlimit_rnd_inited)) {
48
48
get_random_bytes(&connlimit_rnd, sizeof(connlimit_rnd));
49
49
connlimit_rnd_inited = true;
50
50
}
51
-
return jhash_1word(addr, connlimit_rnd) & 0xFF;
51
+
return jhash_1word((__force __u32)addr, connlimit_rnd) & 0xFF;
52
52
}
53
53
54
54
static inline unsigned int
···
66
66
for (i = 0; i < ARRAY_SIZE(addr->ip6); ++i)
67
67
res.ip6[i] = addr->ip6[i] & mask->ip6[i];
68
68
69
-
return jhash2(res.ip6, ARRAY_SIZE(res.ip6), connlimit_rnd) & 0xFF;
69
+
return jhash2((u32 *)res.ip6, ARRAY_SIZE(res.ip6), connlimit_rnd) & 0xFF;
70
70
}
71
71
72
72
static inline bool already_closed(const struct nf_conn *conn)
+6
-5
net/netfilter/xt_u32.c
+6
-5
net/netfilter/xt_u32.c
···
21
21
unsigned int nnums;
22
22
unsigned int nvals;
23
23
unsigned int i;
24
+
__be32 n;
24
25
u_int32_t pos;
25
26
u_int32_t val;
26
27
u_int32_t at;
···
39
38
if (skb->len < 4 || pos > skb->len - 4);
40
39
return false;
41
40
42
-
ret = skb_copy_bits(skb, pos, &val, sizeof(val));
41
+
ret = skb_copy_bits(skb, pos, &n, sizeof(n));
43
42
BUG_ON(ret < 0);
44
-
val = ntohl(val);
43
+
val = ntohl(n);
45
44
nnums = ct->nnums;
46
45
47
46
/* Inner loop runs over "&", "<<", ">>" and "@" operands */
···
66
65
pos > skb->len - at - 4)
67
66
return false;
68
67
69
-
ret = skb_copy_bits(skb, at + pos, &val,
70
-
sizeof(val));
68
+
ret = skb_copy_bits(skb, at + pos, &n,
69
+
sizeof(n));
71
70
BUG_ON(ret < 0);
72
-
val = ntohl(val);
71
+
val = ntohl(n);
73
72
break;
74
73
}
75
74
}