lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sat, 7 Dec 2019 17:41:11 +0100
From:   Pablo Neira Ayuso <pablo@...filter.org>
To:     Geert Uytterhoeven <geert@...ux-m68k.org>
Cc:     Stephen Rothwell <sfr@...b.auug.org.au>,
        David Miller <davem@...emloft.net>,
        Networking <netdev@...r.kernel.org>,
        Linux Next Mailing List <linux-next@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        NetFilter <netfilter-devel@...r.kernel.org>,
        Jiri Pirko <jiri@...lanox.com>,
        Jozsef Kadlecsik <kadlec@...filter.org>,
        Florian Westphal <fw@...len.de>
Subject: Re: nf_flow on big-endian (was: Re: linux-next: build warning after
 merge of the net-next tree)

Hi Geert,

On Tue, Nov 26, 2019 at 12:06:03PM +0100, Geert Uytterhoeven wrote:
> On Thu, Nov 21, 2019 at 8:36 AM Stephen Rothwell <sfr@...b.auug.org.au> wrote:
> > After merging the net-next tree, today's linux-next build (powerpc
> > allyesconfig) produced this warning:
> >
> > net/netfilter/nf_flow_table_offload.c: In function 'nf_flow_rule_match':
> > net/netfilter/nf_flow_table_offload.c:80:21: warning: unsigned conversion from 'int' to '__be16' {aka 'short unsigned int'} changes value from '327680' to '0' [-Woverflow]
> >    80 |   mask->tcp.flags = TCP_FLAG_RST | TCP_FLAG_FIN;
> >       |                     ^~~~~~~~~~~~
> >
> > Introduced by commit
> >
> >   c29f74e0df7a ("netfilter: nf_flow_table: hardware offload support")
> 
> This is now upstream, and must be completely broken on big-endian
> platforms.
> 
> The other user of the flags field looks buggy, too
> (net/core/flow_dissector.c:__skb_flow_dissect_tcp()[*]):
> 
>      key_tcp->flags = (*(__be16 *) &tcp_flag_word(th) & htons(0x0FFF));
> 
> Disclaimer: I'm not familiar with the code or protocol, so below are just
> my gut feelings.
> 
>      struct flow_dissector_key_tcp {
>             __be16 flags;
>     };
> 
> Does this have to be __be16, i.e. does it go over the wire?
> If not, this should probably be __u16, and set using
> "be32_to_cpu(flags) >> 16"?
> If yes, "cpu_to_be16(be32_to_cpu(flags) >> 16)"?
> (Ugh, needs convenience macros)
> 
> [*] ac4bb5de27010e41 ("net: flow_dissector: add support for dissection
> of tcp flags")

I'm attaching a tentative patch, please let me know this is fixing up
this issue there.

Thanks.

View attachment "x.patch" of type "text/x-diff" (1675 bytes)

Powered by blists - more mailing lists