[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20220409094036.20051-1-mark.mielke@gmail.com>
Date: Sat, 9 Apr 2022 05:40:36 -0400
From: Mark Mielke <mark.mielke@...il.com>
To: netdev@...r.kernel.org, dev@...nvswitch.org
Cc: Pravin B Shelar <pshelar@....org>,
"David S. Miller" <davem@...emloft.net>,
Jakub Kicinski <kuba@...nel.org>,
Paolo Abeni <pabeni@...hat.com>,
Pablo Neira Ayuso <pablo@...filter.org>,
Florian Westphal <fw@...len.de>,
Mark Mielke <mark.mielke@...il.com>, stable@...r.kernel.org
Subject: [PATCH] openvswitch: Ensure nf_ct_put is not called with null pointer
A recent commit replaced calls to nf_conntrack_put() with calls
to nf_ct_put(). nf_conntrack_put() permitted the caller to pass
null without side effects, while nf_ct_put() performs WARN_ON()
and proceeds to try and de-reference the pointer. ovs-vswitchd
triggers the warning on startup:
[ 22.178881] WARNING: CPU: 69 PID: 2157 at include/net/netfilter/nf_conntrack.h:176 __ovs_ct_lookup+0x4e2/0x6a0 [openvswitch]
...
[ 22.213573] Call Trace:
[ 22.214318] <TASK>
[ 22.215064] ovs_ct_execute+0x49c/0x7f0 [openvswitch]
...
Cc: stable@...r.kernel.org
Fixes: 408bdcfce8df ("net: prefer nf_ct_put instead of nf_conntrack_put")
Signed-off-by: Mark Mielke <mark.mielke@...il.com>
---
net/openvswitch/conntrack.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 4a947c13c813..69972f037d21 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -970,7 +970,8 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key,
/* Associate skb with specified zone. */
if (tmpl) {
ct = nf_ct_get(skb, &ctinfo);
- nf_ct_put(ct);
+ if (ct)
+ nf_ct_put(ct);
nf_conntrack_get(&tmpl->ct_general);
nf_ct_set(skb, tmpl, IP_CT_NEW);
}
@@ -1339,8 +1340,8 @@ int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key)
struct nf_conn *ct;
ct = nf_ct_get(skb, &ctinfo);
-
- nf_ct_put(ct);
+ if (ct)
+ nf_ct_put(ct);
nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
ovs_ct_fill_key(skb, key, false);
--
2.35.1
Powered by blists - more mailing lists