[PATCH nf] netfilter: nf_flow_table: fix missing err check for rhashtable_insert

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH nf] netfilter: nf_flow_table: fix missing err check for rhashtable_insert_fast
@ 2019-05-02 16:56 Taehee Yoo
  2019-05-05 22:30 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Taehee Yoo @ 2019-05-02 16:56 UTC (permalink / raw)
  To: pablo, netfilter-devel; +Cc: ap420073

rhashtable_insert_fast() could return err value when memory allocation
is failed. but flow_offload_add() do not check values and this always
returns success value.
This patch just adds error check code.

Fixes: ac2a66665e23 ("netfilter: add generic flow table infrastructure")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
---
 net/netfilter/nf_flow_table_core.c | 25 ++++++++++++++++++-------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 7aabfd4b1e50..a9e4f74b1ff6 100644
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -185,14 +185,25 @@ static const struct rhashtable_params nf_flow_offload_rhash_params = {
 
 int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow)
 {
-	flow->timeout = (u32)jiffies;
+	int err;
 
-	rhashtable_insert_fast(&flow_table->rhashtable,
-			       &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node,
-			       nf_flow_offload_rhash_params);
-	rhashtable_insert_fast(&flow_table->rhashtable,
-			       &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node,
-			       nf_flow_offload_rhash_params);
+	err = rhashtable_insert_fast(&flow_table->rhashtable,
+				     &flow->tuplehash[0].node,
+				     nf_flow_offload_rhash_params);
+	if (err < 0)
+		return err;
+
+	err = rhashtable_insert_fast(&flow_table->rhashtable,
+				     &flow->tuplehash[1].node,
+				     nf_flow_offload_rhash_params);
+	if (err < 0) {
+		rhashtable_remove_fast(&flow_table->rhashtable,
+				       &flow->tuplehash[0].node,
+				       nf_flow_offload_rhash_params);
+		return err;
+	}
+
+	flow->timeout = (u32)jiffies;
 	return 0;
 }
 EXPORT_SYMBOL_GPL(flow_offload_add);
-- 
2.17.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH nf] netfilter: nf_flow_table: fix missing err check for rhashtable_insert_fast
  2019-05-02 16:56 [PATCH nf] netfilter: nf_flow_table: fix missing err check for rhashtable_insert_fast Taehee Yoo
@ 2019-05-05 22:30 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2019-05-05 22:30 UTC (permalink / raw)
  To: Taehee Yoo; +Cc: netfilter-devel

On Fri, May 03, 2019 at 01:56:38AM +0900, Taehee Yoo wrote:
> rhashtable_insert_fast() could return err value when memory allocation
> is failed. but flow_offload_add() do not check values and this always
> returns success value.
> This patch just adds error check code.

Applied, thanks.

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-05-05 22:30 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-05-02 16:56 [PATCH nf] netfilter: nf_flow_table: fix missing err check for rhashtable_insert_fast Taehee Yoo
2019-05-05 22:30 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).