Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 443a70d5 authored by Philip Craig's avatar Philip Craig Committed by David S. Miller
Browse files

netfilter: nf_conntrack: padding breaks conntrack hash on ARM 



commit 0794935e "[NETFILTER]: nf_conntrack: optimize hash_conntrack()"
results in ARM platforms hashing uninitialised padding.  This padding
doesn't exist on other architectures.

Fix this by replacing NF_CT_TUPLE_U_BLANK() with memset() to ensure
everything is initialised.  There were only 4 bytes that
NF_CT_TUPLE_U_BLANK() wasn't clearing anyway (or 12 bytes on ARM).

Signed-off-by: default avatarPhilip Craig <philipc@snapgear.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0010e465

include/net/netfilter/nf_conntrack_tuple.h

+0 −10
Original line number Diff line number Diff line
@@ -107,16 +107,6 @@ struct nf_conntrack_tuple_mask 
	} src;

};



/* This is optimized opposed to a memset of the whole structure.  Everything we

 * really care about is the  source/destination unions */

#define NF_CT_TUPLE_U_BLANK(tuple)                              	\

        do {                                                    	\

                (tuple)->src.u.all = 0;                         	\

                (tuple)->dst.u.all = 0;                         	\

		memset(&(tuple)->src.u3, 0, sizeof((tuple)->src.u3));	\

		memset(&(tuple)->dst.u3, 0, sizeof((tuple)->dst.u3));	\

        } while (0)



#ifdef __KERNEL__



static inline void nf_ct_dump_tuple_ip(const struct nf_conntrack_tuple *t)

net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c

+1 −1
Original line number Diff line number Diff line
@@ -303,7 +303,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len) 
	const struct nf_conntrack_tuple_hash *h;

	struct nf_conntrack_tuple tuple;



	NF_CT_TUPLE_U_BLANK(&tuple);

	memset(&tuple, 0, sizeof(tuple));

	tuple.src.u3.ip = inet->rcv_saddr;

	tuple.src.u.tcp.port = inet->sport;

	tuple.dst.u3.ip = inet->daddr;

net/netfilter/nf_conntrack_core.c

+2 −2
Original line number Diff line number Diff line
@@ -104,7 +104,7 @@ nf_ct_get_tuple(const struct sk_buff *skb, 
		const struct nf_conntrack_l3proto *l3proto,

		const struct nf_conntrack_l4proto *l4proto)

{

	NF_CT_TUPLE_U_BLANK(tuple);

	memset(tuple, 0, sizeof(*tuple));



	tuple->src.l3num = l3num;

	if (l3proto->pkt_to_tuple(skb, nhoff, tuple) == 0)
@@ -151,7 +151,7 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, 
		   const struct nf_conntrack_l3proto *l3proto,

		   const struct nf_conntrack_l4proto *l4proto)

{

	NF_CT_TUPLE_U_BLANK(inverse);

	memset(inverse, 0, sizeof(*inverse));



	inverse->src.l3num = orig->src.l3num;

	if (l3proto->invert_tuple(inverse, orig) == 0)