Received: by 10.223.176.5 with SMTP id f5csp3412804wra;
        Mon, 29 Jan 2018 12:49:08 -0800 (PST)
X-Google-Smtp-Source: AH8x225NbBX2i+/RE+9GLBXs82QckiSlIp1C3nW9DpPwMlAtCNFV6KoAJqrgGU7Ds7lh+UM9g2Io
X-Received: by 10.101.77.146 with SMTP id p18mr21720767pgq.75.1517258948510;
        Mon, 29 Jan 2018 12:49:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517258948; cv=none;
        d=google.com; s=arc-20160816;
        b=dMUzXHAM3PdH1IfyITak4i/mmwlbcWnOIxyzq4s9FdhAIcaMS60TfjbIm5M7ef3MCb
         d30T2wqXi9z6sjQ5pDMPEZmDssWOnOf6zq4evk8tUBq+3tNjxrHusdjs1WqBkH7JpOWT
         jLY+Ca/ChGJYpRk+41LlkdisyByRQWO/h+C79eAff+0YSzN0KFaapa5C/SfUAmBNrMdo
         lEkt10Mrzib693LI8UNkBeyfGzN2CmMly0rftp9jiY/X0bHiG1CkkXJN2mlmC+0mdlTv
         uf9q8xNQeTcmjGyBZxFlYACsMWwk8BZZTk0CmDkz5YvLjY6OIYnvZxjBR7mq8DIhYTJ9
         CLLQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=5qihOiqBfWx9+TTCOhG/pHZZYxoMxOOyW+ZEmHS2qME=;
        b=T9a/wxyAD50pokpjYOsKLXbEUm+nAc1pb05xaupgkZJIaPe936if1aLRgxu9Dq/A2e
         pGpKJN6AGJt9zSJU5SZW4aPlf47GWxHg5U2lCRxkisnjVpnfKEbQIh1k2h1Hz3Ta1KoZ
         fyZvAsWIQMgLBh0VQfiXyquYgcbH+Uc1rPy0IFcwVYRMmuOoo96G7l1AP68mcwge+mTL
         2kBJWA2qh8wZuS2F+hBjtVMXV0wIaamJNxYKjYXf9YRBcW06PNy5/9pfDo0CEVx39auj
         NOVmXqbsYSkbGbc5KDKewi4gjdbnSOhv2V8bwqBiXf0ehxH9q3vSJ5+79AEhwJNcuSvb
         ThWA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b20si8000158pgn.655.2018.01.29.12.48.54;
        Mon, 29 Jan 2018 12:49:08 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1753749AbeA2ULi (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Mon, 29 Jan 2018 15:11:38 -0500
Received: from mail.linuxfoundation.org ([140.211.169.12]:60930 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1753684AbeA2ULg (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 29 Jan 2018 15:11:36 -0500
Received: from localhost (LFbn-1-12258-90.w90-92.abo.wanadoo.fr [90.92.71.90])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 42DA42F0B;
        Mon, 29 Jan 2018 13:02:07 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Pablo Neira Ayuso <pablo@netfilter.org>,
        Michal Kubecek <mkubecek@suse.cz>
Subject: [PATCH 4.4 38/74] netfilter: fix IS_ERR_VALUE usage
Date:   Mon, 29 Jan 2018 13:56:43 +0100
Message-Id: <20180129123849.304970272@linuxfoundation.org>
X-Mailer: git-send-email 2.16.1
In-Reply-To: <20180129123847.507563674@linuxfoundation.org>
References: <20180129123847.507563674@linuxfoundation.org>
User-Agent: quilt/0.65
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Pablo Neira Ayuso <pablo@netfilter.org>

commit 92b4423e3a0bc5d43ecde4bcad871f8b5ba04efd upstream.

This is a forward-port of the original patch from Andrzej Hajda,
he said:

"IS_ERR_VALUE should be used only with unsigned long type.
Otherwise it can work incorrectly. To achieve this function
xt_percpu_counter_alloc is modified to return unsigned long,
and its result is assigned to temporary variable to perform
error checking, before assigning to .pcnt field.

The patch follows conclusion from discussion on LKML [1][2].

[1]: http://permalink.gmane.org/gmane.linux.kernel/2120927
[2]: http://permalink.gmane.org/gmane.linux.kernel/2150581"

Original patch from Andrzej is here:

http://patchwork.ozlabs.org/patch/582970/

This patch has clashed with input validation fixes for x_tables.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Acked-by: Michal Kubecek <mkubecek@suse.cz>

---
 include/linux/netfilter/x_tables.h |    6 +++---
 net/ipv4/netfilter/arp_tables.c    |    6 ++++--
 net/ipv4/netfilter/ip_tables.c     |    6 ++++--
 net/ipv6/netfilter/ip6_tables.c    |    6 ++++--
 4 files changed, 15 insertions(+), 9 deletions(-)

--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -381,16 +381,16 @@ static inline unsigned long ifname_compa
  * allows us to return 0 for single core systems without forcing
  * callers to deal with SMP vs. NONSMP issues.
  */
-static inline u64 xt_percpu_counter_alloc(void)
+static inline unsigned long xt_percpu_counter_alloc(void)
 {
 	if (nr_cpu_ids > 1) {
 		void __percpu *res = __alloc_percpu(sizeof(struct xt_counters),
 						    sizeof(struct xt_counters));
 
 		if (res == NULL)
-			return (u64) -ENOMEM;
+			return -ENOMEM;
 
-		return (u64) (__force unsigned long) res;
+		return (__force unsigned long) res;
 	}
 
 	return 0;
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -511,11 +511,13 @@ find_check_entry(struct arpt_entry *e, c
 {
 	struct xt_entry_target *t;
 	struct xt_target *target;
+	unsigned long pcnt;
 	int ret;
 
-	e->counters.pcnt = xt_percpu_counter_alloc();
-	if (IS_ERR_VALUE(e->counters.pcnt))
+	pcnt = xt_percpu_counter_alloc();
+	if (IS_ERR_VALUE(pcnt))
 		return -ENOMEM;
+	e->counters.pcnt = pcnt;
 
 	t = arpt_get_target(e);
 	target = xt_request_find_target(NFPROTO_ARP, t->u.user.name,
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -653,10 +653,12 @@ find_check_entry(struct ipt_entry *e, st
 	unsigned int j;
 	struct xt_mtchk_param mtpar;
 	struct xt_entry_match *ematch;
+	unsigned long pcnt;
 
-	e->counters.pcnt = xt_percpu_counter_alloc();
-	if (IS_ERR_VALUE(e->counters.pcnt))
+	pcnt = xt_percpu_counter_alloc();
+	if (IS_ERR_VALUE(pcnt))
 		return -ENOMEM;
+	e->counters.pcnt = pcnt;
 
 	j = 0;
 	mtpar.net	= net;
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -666,10 +666,12 @@ find_check_entry(struct ip6t_entry *e, s
 	unsigned int j;
 	struct xt_mtchk_param mtpar;
 	struct xt_entry_match *ematch;
+	unsigned long pcnt;
 
-	e->counters.pcnt = xt_percpu_counter_alloc();
-	if (IS_ERR_VALUE(e->counters.pcnt))
+	pcnt = xt_percpu_counter_alloc();
+	if (IS_ERR_VALUE(pcnt))
 		return -ENOMEM;
+	e->counters.pcnt = pcnt;
 
 	j = 0;
 	mtpar.net	= net;