On Fri, May 30, 2014 at 06:50:44PM +0200, Pablo Neira Ayuso wrote:
> [ Upstream commit 5467a512216753d54f757314c73dbc60f659f9e6 ]
>
> This patch fixes a crash when trying to access the counters and the
> default chain policy from the non-base chain that we have reached
> via the goto chain. Fix this by falling back on the original base
> chain after returning from the custom chain.
>
> While fixing this, kill the inline function to account chain statistics
> to improve source code readability.
>
> Cc: <stable@xxxxxxxxxxxxxxx> # 3.14.x
> Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
> ---
> net/netfilter/nf_tables_core.c | 28 ++++++++++------------------
> 1 file changed, 10 insertions(+), 18 deletions(-)
>
> diff --git a/net/netfilter/nf_tables_core.c b/net/netfilter/nf_tables_core.c
> index 4368c58..7d83a49 100644
> --- a/net/netfilter/nf_tables_core.c
> +++ b/net/netfilter/nf_tables_core.c
> @@ -66,20 +66,6 @@ struct nft_jumpstack {
> int rulenum;
> };
>
> -static inline void
> -nft_chain_stats(const struct nft_chain *this, const struct nft_pktinfo *pkt,
> - struct nft_jumpstack *jumpstack, unsigned int stackptr)
> -{
> - struct nft_stats __percpu *stats;
> - const struct nft_chain *chain = stackptr ? jumpstack[0].chain : this;
> -
> - rcu_read_lock_bh();
> - stats = rcu_dereference(nft_base_chain(chain)->stats);
> - __this_cpu_inc(stats->pkts);
> - __this_cpu_add(stats->bytes, pkt->skb->len);
> - rcu_read_unlock_bh();
> -}
> -
> enum nft_trace {
> NFT_TRACE_RULE,
> NFT_TRACE_RETURN,
> @@ -117,12 +103,13 @@ static void nft_trace_packet(const struct nft_pktinfo *pkt,
> unsigned int
> nft_do_chain(struct nft_pktinfo *pkt, const struct nf_hook_ops *ops)
> {
> - const struct nft_chain *chain = ops->priv;
> + const struct nft_chain *chain = ops->priv, *basechain = chain;
> const struct nft_rule *rule;
> const struct nft_expr *expr, *last;
> struct nft_data data[NFT_REG_MAX + 1];
> unsigned int stackptr = 0;
> struct nft_jumpstack jumpstack[NFT_JUMP_STACK_SIZE];
> + struct nft_stats __percpu *stats;
> int rulenum;
> /*
> * Cache cursor to avoid problems in case that the cursor is updated
> @@ -209,12 +196,17 @@ next_rule:
> rulenum = jumpstack[stackptr].rulenum;
> goto next_rule;
> }
> - nft_chain_stats(chain, pkt, jumpstack, stackptr);
>
> if (unlikely(pkt->skb->nf_trace))
> - nft_trace_packet(pkt, chain, ++rulenum, NFT_TRACE_POLICY);
> + nft_trace_packet(pkt, basechain, ++rulenum, NFT_TRACE_POLICY);
> +
> + rcu_read_lock_bh();
> + stats = rcu_dereference(nft_base_chain(basechain)->stats);
> + __this_cpu_inc(stats->pkts);
> + __this_cpu_add(stats->bytes, pkt->skb->len);
> + rcu_read_unlock_bh();
>
> - return nft_base_chain(chain)->policy;
> + return nft_base_chain(basechain)->policy;
> }
> EXPORT_SYMBOL_GPL(nft_do_chain);
>
This patch doesn't apply to the 3.14-stable tree, can you provide a
backported version that does?
thanks,
greg k-h
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html