[patch 19/37] nf_conntrack: padding breaks conntrack hash on ARM

From: Greg KH
Date: Tue May 13 2008 - 16:19:53 EST

Next message: Greg KH: "[patch 20/37] {nfnetlink, ip, ip6}_queue: fix skb_over_panic whenenlarging packets"
Previous message: Greg KH: "[patch 18/37] x86: use defconfigs from x86/configs/*"
In reply to: Greg KH: "[patch 18/37] x86: use defconfigs from x86/configs/*"
Next in thread: Greg KH: "[patch 20/37] {nfnetlink, ip, ip6}_queue: fix skb_over_panic whenenlarging packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2.6.25-stable review patch. If anyone has any objections, please let us
know.

------------------
From: Philip Craig <philipc@xxxxxxxxxxxx>

[NETFILTER]: nf_conntrack: padding breaks conntrack hash on ARM

Upstream commit 443a70d50:

commit 0794935e "[NETFILTER]: nf_conntrack: optimize hash_conntrack()"
results in ARM platforms hashing uninitialised padding. This padding
doesn't exist on other architectures.

Fix this by replacing NF_CT_TUPLE_U_BLANK() with memset() to ensure
everything is initialised. There were only 4 bytes that
NF_CT_TUPLE_U_BLANK() wasn't clearing anyway (or 12 bytes on ARM).

Signed-off-by: Philip Craig <philipc@xxxxxxxxxxxx>
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
include/net/netfilter/nf_conntrack_tuple.h | 10 ----------
net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c | 2 +-
net/netfilter/nf_conntrack_core.c | 4 ++--
3 files changed, 3 insertions(+), 13 deletions(-)

--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -101,16 +101,6 @@ struct nf_conntrack_tuple_mask
} src;
};

-/* This is optimized opposed to a memset of the whole structure. Everything we
- * really care about is the source/destination unions */
-#define NF_CT_TUPLE_U_BLANK(tuple) \
- do { \
- (tuple)->src.u.all = 0; \
- (tuple)->dst.u.all = 0; \
- memset(&(tuple)->src.u3, 0, sizeof((tuple)->src.u3)); \
- memset(&(tuple)->dst.u3, 0, sizeof((tuple)->dst.u3)); \
- } while (0)
-
#ifdef __KERNEL__

#define NF_CT_DUMP_TUPLE(tp) \
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -305,7 +305,7 @@ getorigdst(struct sock *sk, int optval,
const struct nf_conntrack_tuple_hash *h;
struct nf_conntrack_tuple tuple;

- NF_CT_TUPLE_U_BLANK(&tuple);
+ memset(&tuple, 0, sizeof(tuple));
tuple.src.u3.ip = inet->rcv_saddr;
tuple.src.u.tcp.port = inet->sport;
tuple.dst.u3.ip = inet->daddr;
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -104,7 +104,7 @@ nf_ct_get_tuple(const struct sk_buff *sk
const struct nf_conntrack_l3proto *l3proto,
const struct nf_conntrack_l4proto *l4proto)
{
- NF_CT_TUPLE_U_BLANK(tuple);
+ memset(tuple, 0, sizeof(*tuple));

tuple->src.l3num = l3num;
if (l3proto->pkt_to_tuple(skb, nhoff, tuple) == 0)
@@ -153,7 +153,7 @@ nf_ct_invert_tuple(struct nf_conntrack_t
const struct nf_conntrack_l3proto *l3proto,
const struct nf_conntrack_l4proto *l4proto)
{
- NF_CT_TUPLE_U_BLANK(inverse);
+ memset(inverse, 0, sizeof(*inverse));

inverse->src.l3num = orig->src.l3num;
if (l3proto->invert_tuple(inverse, orig) == 0)

--
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "[patch 20/37] {nfnetlink, ip, ip6}_queue: fix skb_over_panic whenenlarging packets"
Previous message: Greg KH: "[patch 18/37] x86: use defconfigs from x86/configs/*"
In reply to: Greg KH: "[patch 18/37] x86: use defconfigs from x86/configs/*"
Next in thread: Greg KH: "[patch 20/37] {nfnetlink, ip, ip6}_queue: fix skb_over_panic whenenlarging packets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]