|
 |
ad45ff |
From ae89c5b2865f77ac5e3f8e6c74c9b07296a1acdf Mon Sep 17 00:00:00 2001
|
|
|
ad45ff |
From: Phil Sutter <psutter@redhat.com>
|
|
|
ad45ff |
Date: Thu, 14 Dec 2017 14:17:27 +0100
|
|
|
ad45ff |
Subject: [PATCH] src: fix protocol context update on big-endian systems
|
|
|
ad45ff |
|
|
|
ad45ff |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1523016
|
|
|
ad45ff |
Upstream Status: nftables commit a2c55e04d5a11
|
|
|
ad45ff |
|
|
|
ad45ff |
commit a2c55e04d5a1187914cba2c02810db94de499ace
|
|
|
ad45ff |
Author: Phil Sutter <phil@nwl.cc>
|
|
|
ad45ff |
Date: Sat Dec 9 16:52:29 2017 +0100
|
|
|
ad45ff |
|
|
|
ad45ff |
src: fix protocol context update on big-endian systems
|
|
|
ad45ff |
|
|
|
ad45ff |
There is an obscure bug on big-endian systems when trying to list a rule
|
|
|
ad45ff |
containing the expression 'ct helper tftp' which triggers the assert()
|
|
|
ad45ff |
call in mpz_get_type().
|
|
|
ad45ff |
|
|
|
ad45ff |
Florian identified the cause: ct_expr_pctx_update() is called for the
|
|
|
ad45ff |
relational expression which calls mpz_get_uint32() to get RHS value
|
|
|
ad45ff |
(assuming it is a protocol number). On big-endian systems, the
|
|
|
ad45ff |
misinterpreted value exceeds UINT_MAX.
|
|
|
ad45ff |
|
|
|
ad45ff |
Expressions' pctx_update() callback should only be called for protocol
|
|
|
ad45ff |
matches, so ct_meta_common_postprocess() lacked a check for 'left->flags
|
|
|
ad45ff |
& EXPR_F_PROTOCOL' like the one already present in
|
|
|
ad45ff |
payload_expr_pctx_update().
|
|
|
ad45ff |
|
|
|
ad45ff |
In order to fix this in a clean way, this patch introduces a wrapper
|
|
|
ad45ff |
relational_expr_pctx_update() to be used instead of directly calling
|
|
|
ad45ff |
LHS's pctx_update() callback which unifies the necessary checks (and
|
|
|
ad45ff |
adds one more assert):
|
|
|
ad45ff |
|
|
|
ad45ff |
- assert(expr->ops->type == EXPR_RELATIONAL)
|
|
|
ad45ff |
-> This is new, just to ensure the wrapper is called properly.
|
|
|
ad45ff |
- assert(expr->op == OP_EQ)
|
|
|
ad45ff |
-> This was moved from {ct,meta,payload}_expr_pctx_update().
|
|
|
ad45ff |
- left->ops->pctx_update != NULL
|
|
|
ad45ff |
-> This was taken from expr_evaluate_relational(), a necessary
|
|
|
ad45ff |
requirement for the introduced wrapper to function at all.
|
|
|
ad45ff |
- (left->flags & EXPR_F_PROTOCOL) != 0
|
|
|
ad45ff |
-> The crucial missing check which led to the problem.
|
|
|
ad45ff |
|
|
|
ad45ff |
Suggested-by: Florian Westphal <fw@strlen.de>
|
|
|
ad45ff |
Signed-off-by: Phil Sutter <phil@nwl.cc>
|
|
|
ad45ff |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
ad45ff |
---
|
|
|
ad45ff |
include/expression.h | 3 +++
|
|
|
ad45ff |
src/ct.c | 2 --
|
|
|
ad45ff |
src/evaluate.c | 6 ++----
|
|
|
ad45ff |
src/expression.c | 13 +++++++++++++
|
|
|
ad45ff |
src/meta.c | 2 --
|
|
|
ad45ff |
src/netlink.c | 2 +-
|
|
|
ad45ff |
src/netlink_delinearize.c | 4 ++--
|
|
|
ad45ff |
src/payload.c | 7 +------
|
|
|
ad45ff |
8 files changed, 22 insertions(+), 17 deletions(-)
|
|
|
ad45ff |
|
|
|
ad45ff |
diff --git a/include/expression.h b/include/expression.h
|
|
|
ad45ff |
index 215cbc9..915ce0b 100644
|
|
|
ad45ff |
--- a/include/expression.h
|
|
|
ad45ff |
+++ b/include/expression.h
|
|
|
ad45ff |
@@ -369,6 +369,9 @@ extern struct expr *binop_expr_alloc(const struct location *loc, enum ops op,
|
|
|
ad45ff |
extern struct expr *relational_expr_alloc(const struct location *loc, enum ops op,
|
|
|
ad45ff |
struct expr *left, struct expr *right);
|
|
|
ad45ff |
|
|
|
ad45ff |
+extern void relational_expr_pctx_update(struct proto_ctx *ctx,
|
|
|
ad45ff |
+ const struct expr *expr);
|
|
|
ad45ff |
+
|
|
|
ad45ff |
extern struct expr *verdict_expr_alloc(const struct location *loc,
|
|
|
ad45ff |
int verdict, const char *chain);
|
|
|
ad45ff |
|
|
|
ad45ff |
diff --git a/src/ct.c b/src/ct.c
|
|
|
ad45ff |
index 58b873e..8ab32e9 100644
|
|
|
ad45ff |
--- a/src/ct.c
|
|
|
ad45ff |
+++ b/src/ct.c
|
|
|
ad45ff |
@@ -327,8 +327,6 @@ static void ct_expr_pctx_update(struct proto_ctx *ctx, const struct expr *expr)
|
|
|
ad45ff |
const struct proto_desc *base = NULL, *desc;
|
|
|
ad45ff |
uint32_t nhproto;
|
|
|
ad45ff |
|
|
|
ad45ff |
- assert(expr->op == OP_EQ);
|
|
|
ad45ff |
-
|
|
|
ad45ff |
nhproto = mpz_get_uint32(right->value);
|
|
|
ad45ff |
|
|
|
ad45ff |
base = ctx->protocol[left->ct.base].desc;
|
|
|
ad45ff |
diff --git a/src/evaluate.c b/src/evaluate.c
|
|
|
ad45ff |
index 618e188..f16bb33 100644
|
|
|
ad45ff |
--- a/src/evaluate.c
|
|
|
ad45ff |
+++ b/src/evaluate.c
|
|
|
ad45ff |
@@ -743,7 +743,7 @@ static int ct_gen_nh_dependency(struct eval_ctx *ctx, struct expr *ct)
|
|
|
ad45ff |
constant_data_ptr(ct->ct.nfproto, left->len));
|
|
|
ad45ff |
dep = relational_expr_alloc(&ct->location, OP_EQ, left, right);
|
|
|
ad45ff |
|
|
|
ad45ff |
- left->ops->pctx_update(&ctx->pctx, dep);
|
|
|
ad45ff |
+ relational_expr_pctx_update(&ctx->pctx, dep);
|
|
|
ad45ff |
|
|
|
ad45ff |
nstmt = expr_stmt_alloc(&dep->location, dep);
|
|
|
ad45ff |
|
|
|
ad45ff |
@@ -1632,9 +1632,7 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr)
|
|
|
ad45ff |
* Update protocol context for payload and meta iiftype
|
|
|
ad45ff |
* equality expressions.
|
|
|
ad45ff |
*/
|
|
|
ad45ff |
- if (left->flags & EXPR_F_PROTOCOL &&
|
|
|
ad45ff |
- left->ops->pctx_update)
|
|
|
ad45ff |
- left->ops->pctx_update(&ctx->pctx, rel);
|
|
|
ad45ff |
+ relational_expr_pctx_update(&ctx->pctx, rel);
|
|
|
ad45ff |
|
|
|
ad45ff |
if (left->ops->type == EXPR_CONCAT)
|
|
|
ad45ff |
return 0;
|
|
|
ad45ff |
diff --git a/src/expression.c b/src/expression.c
|
|
|
ad45ff |
index fc1097a..f8b560c 100644
|
|
|
ad45ff |
--- a/src/expression.c
|
|
|
ad45ff |
+++ b/src/expression.c
|
|
|
ad45ff |
@@ -600,6 +600,19 @@ struct expr *relational_expr_alloc(const struct location *loc, enum ops op,
|
|
|
ad45ff |
return expr;
|
|
|
ad45ff |
}
|
|
|
ad45ff |
|
|
|
ad45ff |
+void relational_expr_pctx_update(struct proto_ctx *ctx,
|
|
|
ad45ff |
+ const struct expr *expr)
|
|
|
ad45ff |
+{
|
|
|
ad45ff |
+ const struct expr *left = expr->left;
|
|
|
ad45ff |
+
|
|
|
ad45ff |
+ assert(expr->ops->type == EXPR_RELATIONAL);
|
|
|
ad45ff |
+ assert(expr->op == OP_EQ);
|
|
|
ad45ff |
+
|
|
|
ad45ff |
+ if (left->ops->pctx_update &&
|
|
|
ad45ff |
+ (left->flags & EXPR_F_PROTOCOL))
|
|
|
ad45ff |
+ left->ops->pctx_update(ctx, expr);
|
|
|
ad45ff |
+}
|
|
|
ad45ff |
+
|
|
|
ad45ff |
static void range_expr_print(const struct expr *expr, struct output_ctx *octx)
|
|
|
ad45ff |
{
|
|
|
ad45ff |
octx->numeric += NUMERIC_ALL + 1;
|
|
|
ad45ff |
diff --git a/src/meta.c b/src/meta.c
|
|
|
ad45ff |
index 56b9e29..3c31174 100644
|
|
|
ad45ff |
--- a/src/meta.c
|
|
|
ad45ff |
+++ b/src/meta.c
|
|
|
ad45ff |
@@ -482,8 +482,6 @@ static void meta_expr_pctx_update(struct proto_ctx *ctx,
|
|
|
ad45ff |
const struct proto_desc *desc;
|
|
|
ad45ff |
uint8_t protonum;
|
|
|
ad45ff |
|
|
|
ad45ff |
- assert(expr->op == OP_EQ);
|
|
|
ad45ff |
-
|
|
|
ad45ff |
switch (left->meta.key) {
|
|
|
ad45ff |
case NFT_META_IIFTYPE:
|
|
|
ad45ff |
if (h->base < PROTO_BASE_NETWORK_HDR &&
|
|
|
ad45ff |
diff --git a/src/netlink.c b/src/netlink.c
|
|
|
ad45ff |
index d5d410a..5d6f5ce 100644
|
|
|
ad45ff |
--- a/src/netlink.c
|
|
|
ad45ff |
+++ b/src/netlink.c
|
|
|
ad45ff |
@@ -2729,7 +2729,7 @@ restart:
|
|
|
ad45ff |
list_add_tail(&stmt->list, &unordered);
|
|
|
ad45ff |
|
|
|
ad45ff |
desc = ctx->protocol[base].desc;
|
|
|
ad45ff |
- lhs->ops->pctx_update(ctx, rel);
|
|
|
ad45ff |
+ relational_expr_pctx_update(ctx, rel);
|
|
|
ad45ff |
}
|
|
|
ad45ff |
|
|
|
ad45ff |
expr_free(rhs);
|
|
|
ad45ff |
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
|
|
|
ad45ff |
index 4432887..11fd330 100644
|
|
|
ad45ff |
--- a/src/netlink_delinearize.c
|
|
|
ad45ff |
+++ b/src/netlink_delinearize.c
|
|
|
ad45ff |
@@ -1329,7 +1329,7 @@ static void payload_match_expand(struct rule_pp_ctx *ctx,
|
|
|
ad45ff |
nexpr = relational_expr_alloc(&expr->location, expr->op,
|
|
|
ad45ff |
left, tmp);
|
|
|
ad45ff |
if (expr->op == OP_EQ)
|
|
|
ad45ff |
- left->ops->pctx_update(&ctx->pctx, nexpr);
|
|
|
ad45ff |
+ relational_expr_pctx_update(&ctx->pctx, nexpr);
|
|
|
ad45ff |
|
|
|
ad45ff |
nstmt = expr_stmt_alloc(&ctx->stmt->location, nexpr);
|
|
|
ad45ff |
list_add_tail(&nstmt->list, &ctx->stmt->list);
|
|
|
ad45ff |
@@ -1397,7 +1397,7 @@ static void ct_meta_common_postprocess(struct rule_pp_ctx *ctx,
|
|
|
ad45ff |
if (expr->right->ops->type == EXPR_RANGE)
|
|
|
ad45ff |
break;
|
|
|
ad45ff |
|
|
|
ad45ff |
- expr->left->ops->pctx_update(&ctx->pctx, expr);
|
|
|
ad45ff |
+ relational_expr_pctx_update(&ctx->pctx, expr);
|
|
|
ad45ff |
|
|
|
ad45ff |
if (ctx->pdctx.pbase == PROTO_BASE_INVALID &&
|
|
|
ad45ff |
left->flags & EXPR_F_PROTOCOL) {
|
|
|
ad45ff |
diff --git a/src/payload.c b/src/payload.c
|
|
|
ad45ff |
index aa8a95a..60090ac 100644
|
|
|
ad45ff |
--- a/src/payload.c
|
|
|
ad45ff |
+++ b/src/payload.c
|
|
|
ad45ff |
@@ -84,11 +84,6 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
|
|
|
ad45ff |
const struct proto_desc *base, *desc;
|
|
|
ad45ff |
unsigned int proto = 0;
|
|
|
ad45ff |
|
|
|
ad45ff |
- if (!(left->flags & EXPR_F_PROTOCOL))
|
|
|
ad45ff |
- return;
|
|
|
ad45ff |
-
|
|
|
ad45ff |
- assert(expr->op == OP_EQ);
|
|
|
ad45ff |
-
|
|
|
ad45ff |
/* Export the data in the correct byte order */
|
|
|
ad45ff |
assert(right->len / BITS_PER_BYTE <= sizeof(proto));
|
|
|
ad45ff |
mpz_export_data(constant_data_ptr(proto, right->len), right->value,
|
|
|
ad45ff |
@@ -240,7 +235,7 @@ static int payload_add_dependency(struct eval_ctx *ctx,
|
|
|
ad45ff |
return expr_error(ctx->msgs, expr,
|
|
|
ad45ff |
"dependency statement is invalid");
|
|
|
ad45ff |
}
|
|
|
ad45ff |
- left->ops->pctx_update(&ctx->pctx, dep);
|
|
|
ad45ff |
+ relational_expr_pctx_update(&ctx->pctx, dep);
|
|
|
ad45ff |
*res = stmt;
|
|
|
ad45ff |
return 0;
|
|
|
ad45ff |
}
|
|
|
ad45ff |
--
|
|
|
ad45ff |
1.8.3.1
|
|
|
ad45ff |
|