netfilter: nf_conncount: garbage collection is not skipped when jiffies wrap around

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

nf_conncount is supposed to skip garbage collection if it has already
run garbage collection in the same jiffy. Unfortunately, this is broken
when jiffies wrap around which this patch fixes.

The problem is that last_gc in the nf_conncount_list struct is an u32,
but jiffies is an unsigned long which is 8 bytes on my systems. When
those two are compared it only works until last_gc wraps around.

See bug report: https://bugzilla.netfilter.org/show_bug.cgi?id=1778
for more details.

Fixes: d265929930e2 ("netfilter: nf_conncount: reduce unnecessary GC")
Signed-off-by: Nicklas Bo Jensen <njensen@akamai.com>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Nicklas Bo Jensen and committed by

Pablo Neira Ayuso 1 year ago df08c94b 5cfe5612

+2 -2

1 changed file

expand all

net

netfilter

nf_conncount.c

+2 -2

net/netfilter/nf_conncount.c

··· 132 132 struct nf_conn *found_ct; 133 133 unsigned int collect = 0; 134 134 135 - if (time_is_after_eq_jiffies((unsigned long)list->last_gc)) 135 + if ((u32)jiffies == list->last_gc) 136 136 goto add_new_node; 137 137 138 138 /* check the saved connections */ ··· 234 234 bool ret = false; 235 235 236 236 /* don't bother if we just did GC */ 237 - if (time_is_after_eq_jiffies((unsigned long)READ_ONCE(list->last_gc))) 237 + if ((u32)jiffies == READ_ONCE(list->last_gc)) 238 238 return false; 239 239 240 240 /* don't bother if other cpu is already doing GC */