[PATCH v3] netfilter: nf_tables: check if payload length is a power of 2

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH v3] netfilter: nf_tables: check if payload length is a power of 2
@ 2014-02-16 13:01 Nikolay Aleksandrov
  2014-02-16 16:09 ` Patrick McHardy
  0 siblings, 1 reply; 3+ messages in thread
From: Nikolay Aleksandrov @ 2014-02-16 13:01 UTC (permalink / raw)
  To: netfilter-devel; +Cc: pablo, kaber, Nikolay Aleksandrov

Add a check if payload's length is a power of 2 when selecting ops.
The fast ops were meant for well aligned loads, also this fixes a
small bug when using a length of 3 with some offsets which causes
only 1 byte to be loaded because the fast ops are chosen.

Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
---
v3: Check the length,  not the offset.
v2: use is_power_of_2, and adjust order of checks as per Patrick's comment

Sorry for the noise, I shouldn't hurry so much. This patch applies to
Dave's -net tree.

 net/netfilter/nft_payload.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index a2aeb31..85daa84 100644
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -135,7 +135,8 @@ nft_payload_select_ops(const struct nft_ctx *ctx,
 	if (len == 0 || len > FIELD_SIZEOF(struct nft_data, data))
 		return ERR_PTR(-EINVAL);
 
-	if (len <= 4 && IS_ALIGNED(offset, len) && base != NFT_PAYLOAD_LL_HEADER)
+	if (len <= 4 && is_power_of_2(len) && IS_ALIGNED(offset, len) &&
+	    base != NFT_PAYLOAD_LL_HEADER)
 		return &nft_payload_fast_ops;
 	else
 		return &nft_payload_ops;
-- 
1.8.4.2


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH v3] netfilter: nf_tables: check if payload length is a power of 2
  2014-02-16 13:01 [PATCH v3] netfilter: nf_tables: check if payload length is a power of 2 Nikolay Aleksandrov
@ 2014-02-16 16:09 ` Patrick McHardy
  2014-02-17 10:39   ` Pablo Neira Ayuso
  0 siblings, 1 reply; 3+ messages in thread
From: Patrick McHardy @ 2014-02-16 16:09 UTC (permalink / raw)
  To: Nikolay Aleksandrov; +Cc: netfilter-devel, pablo

On Sun, Feb 16, 2014 at 02:01:58PM +0100, Nikolay Aleksandrov wrote:
> Add a check if payload's length is a power of 2 when selecting ops.
> The fast ops were meant for well aligned loads, also this fixes a
> small bug when using a length of 3 with some offsets which causes
> only 1 byte to be loaded because the fast ops are chosen.
> 
> Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
> ---
> v3: Check the length,  not the offset.
> v2: use is_power_of_2, and adjust order of checks as per Patrick's comment
> 
> Sorry for the noise, I shouldn't hurry so much. This patch applies to
> Dave's -net tree.

Thanks!

Acked-by: Patrick McHardy <kaber@trash.net>

> 
>  net/netfilter/nft_payload.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
> index a2aeb31..85daa84 100644
> --- a/net/netfilter/nft_payload.c
> +++ b/net/netfilter/nft_payload.c
> @@ -135,7 +135,8 @@ nft_payload_select_ops(const struct nft_ctx *ctx,
>  	if (len == 0 || len > FIELD_SIZEOF(struct nft_data, data))
>  		return ERR_PTR(-EINVAL);
>  
> -	if (len <= 4 && IS_ALIGNED(offset, len) && base != NFT_PAYLOAD_LL_HEADER)
> +	if (len <= 4 && is_power_of_2(len) && IS_ALIGNED(offset, len) &&
> +	    base != NFT_PAYLOAD_LL_HEADER)
>  		return &nft_payload_fast_ops;
>  	else
>  		return &nft_payload_ops;
> -- 
> 1.8.4.2

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v3] netfilter: nf_tables: check if payload length is a power of 2
  2014-02-16 16:09 ` Patrick McHardy
@ 2014-02-17 10:39   ` Pablo Neira Ayuso
  0 siblings, 0 replies; 3+ messages in thread
From: Pablo Neira Ayuso @ 2014-02-17 10:39 UTC (permalink / raw)
  To: Patrick McHardy; +Cc: Nikolay Aleksandrov, netfilter-devel

On Sun, Feb 16, 2014 at 04:09:55PM +0000, Patrick McHardy wrote:
> On Sun, Feb 16, 2014 at 02:01:58PM +0100, Nikolay Aleksandrov wrote:
> > Add a check if payload's length is a power of 2 when selecting ops.
> > The fast ops were meant for well aligned loads, also this fixes a
> > small bug when using a length of 3 with some offsets which causes
> > only 1 byte to be loaded because the fast ops are chosen.
> > 
> > Signed-off-by: Nikolay Aleksandrov <nikolay@redhat.com>
> > ---
> > v3: Check the length,  not the offset.
> > v2: use is_power_of_2, and adjust order of checks as per Patrick's comment
> > 
> > Sorry for the noise, I shouldn't hurry so much. This patch applies to
> > Dave's -net tree.
> 
> Thanks!
> 
> Acked-by: Patrick McHardy <kaber@trash.net>

Applied, thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-02-17 10:39 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-02-16 13:01 [PATCH v3] netfilter: nf_tables: check if payload length is a power of 2 Nikolay Aleksandrov
2014-02-16 16:09 ` Patrick McHardy
2014-02-17 10:39   ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).