Received: by 2002:a05:6358:5282:b0:b5:90e7:25cb with SMTP id g2csp3390732rwa; Tue, 23 Aug 2022 04:07:27 -0700 (PDT) X-Google-Smtp-Source: AA6agR45c5uX3sh8jc2gjekqhD7ElVUHaM9gFSoc2vxdf1Y/sfGNr2SsygsiP0+W3hGOzI6do9VL X-Received: by 2002:a17:90b:4d81:b0:1fb:5e0c:6800 with SMTP id oj1-20020a17090b4d8100b001fb5e0c6800mr2829733pjb.171.1661252846778; Tue, 23 Aug 2022 04:07:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1661252846; cv=none; d=google.com; s=arc-20160816; b=Lb800ELoGQgVS8S5vFTqBETrIhwMt3uekLdtJDA9VXNKQrDdzq0Sa5uGe6v2JwodGo MpbRQMW6hNRh+4IUQqqrtvDF3Qu33Gj6KP2HYTwzOzYuyNPdzUmavVe1+YAdT8kLRmG0 vSlz1HE9bREG16Oz7xTohO9jPJBWeviFkw00ddHndiKYnGagJ68+tXR0Om40aiE31yrG 64fYdWH/NhIoQZ6J4+ulM+8ke90KYto/tPupFkqb76UtkBmTznJMhEBMnv9Qq9SNg5wo J1JdrRAQDUrLYv9wDqmk8lfhiqIsmi0VidZ/ky8h17Y+mr9YnHiI0WCrPloUjB5PWF8t 86tg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=HIz/2Cbn3PINytHSym91TYBdFsvxOTyQcYGSLzSAVMg=; b=Oma4LzZjSyOhvSgOVhhIife+Uw8FYDAtzmmmwgjkyLdnCtNZhTP+0WYuBZXLbYHIjb 3FJyZvdQUS0nYlhtzxSdF7eeJqVXFVwOfAFM6mtRs370L2QrZgG24wYmxuLHgTzIcJbc y5pEPU29G2X8tw82eqTXi0OAMVFZ7kgtfiW8jEEGg1tmm4pFWilVllBRj7oOlLsvCnM3 sdHAVgo6qRKfg7rWe0BhOiQlD5FgHAHjz3cg33fwg/vMy/swD2EvRgICEeNGC1X0GK8Z 7M3cf18viHIDFnlV14Cb5FW2SHkBKYLVxgxmk8EDY29pDvP2jaO8x+jMBrCt5gPbCuld bhJA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ok5X8Ovz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id u185-20020a6385c2000000b00429a2aad7a6si8848190pgd.167.2022.08.23.04.07.13; Tue, 23 Aug 2022 04:07:26 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=ok5X8Ovz; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241404AbiHWI6F (ORCPT + 99 others); Tue, 23 Aug 2022 04:58:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34778 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241913AbiHWI53 (ORCPT ); Tue, 23 Aug 2022 04:57:29 -0400 Received: from ams.source.kernel.org (ams.source.kernel.org [145.40.68.75]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8A49A273D; Tue, 23 Aug 2022 01:25:43 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ams.source.kernel.org (Postfix) with ESMTPS id 41C30B81C35; Tue, 23 Aug 2022 08:19:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 60102C433D6; Tue, 23 Aug 2022 08:19:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1661242765; bh=3i6GooLD+noA1xpLFKw3PE5BYzonfRGzFl/PfYbHbik=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=ok5X8OvzScKMd8PymB31gRcDzWB+P9HLgE+q6lyreXFIACGENn5EDTygOVauMvJVS A6lHWFZ1nthDN2Nt300gkG44kwAcC5ZU1TOFd5T6PNUcu+C+foDwxImvEbFflGKOl/ kd3IgsJGzrHxD5XoAfurpnAAsPHXY+6H3vE/dFzQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Florian Westphal , Pablo Neira Ayuso Subject: [PATCH 5.19 192/365] netfilter: nf_ct_sane: remove pseudo skb linearization Date: Tue, 23 Aug 2022 10:01:33 +0200 Message-Id: <20220823080126.246929890@linuxfoundation.org> X-Mailer: git-send-email 2.37.2 In-Reply-To: <20220823080118.128342613@linuxfoundation.org> References: <20220823080118.128342613@linuxfoundation.org> User-Agent: quilt/0.67 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-7.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Florian Westphal commit a664375da76c6da8f83dc7997e43c568e1eb9a6a upstream. For historical reason this code performs pseudo linearization of skbs via skb_header_pointer and a global 64k buffer. With arrival of BIG TCP, packets generated by TCP stack can exceed 64kb. Rewrite this to only extract the needed header data. This also allows to get rid of the locking. Fixes: 7c4e983c4f3c ("net: allow gso_max_size to exceed 65536") Fixes: 0fe79f28bfaf ("net: allow gro_max_size to exceed 65536") Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- net/netfilter/nf_conntrack_sane.c | 68 ++++++++++++++++---------------------- 1 file changed, 30 insertions(+), 38 deletions(-) --- a/net/netfilter/nf_conntrack_sane.c +++ b/net/netfilter/nf_conntrack_sane.c @@ -34,10 +34,6 @@ MODULE_AUTHOR("Michal Schmidt len - dataoff; - - spin_lock_bh(&nf_sane_lock); - sb_ptr = skb_header_pointer(skb, dataoff, datalen, sane_buffer); - if (!sb_ptr) { - spin_unlock_bh(&nf_sane_lock); - return NF_ACCEPT; - } - if (dir == IP_CT_DIR_ORIGINAL) { + const struct sane_request *req; + if (datalen != sizeof(struct sane_request)) - goto out; + return NF_ACCEPT; + + req = skb_header_pointer(skb, dataoff, datalen, &buf.req); + if (!req) + return NF_ACCEPT; - req = sb_ptr; if (req->RPC_code != htonl(SANE_NET_START)) { /* Not an interesting command */ - ct_sane_info->state = SANE_STATE_NORMAL; - goto out; + WRITE_ONCE(ct_sane_info->state, SANE_STATE_NORMAL); + return NF_ACCEPT; } /* We're interested in the next reply */ - ct_sane_info->state = SANE_STATE_START_REQUESTED; - goto out; + WRITE_ONCE(ct_sane_info->state, SANE_STATE_START_REQUESTED); + return NF_ACCEPT; } + /* IP_CT_DIR_REPLY */ + /* Is it a reply to an uninteresting command? */ - if (ct_sane_info->state != SANE_STATE_START_REQUESTED) - goto out; + if (READ_ONCE(ct_sane_info->state) != SANE_STATE_START_REQUESTED) + return NF_ACCEPT; /* It's a reply to SANE_NET_START. */ - ct_sane_info->state = SANE_STATE_NORMAL; + WRITE_ONCE(ct_sane_info->state, SANE_STATE_NORMAL); if (datalen < sizeof(struct sane_reply_net_start)) { pr_debug("NET_START reply too short\n"); - goto out; + return NF_ACCEPT; } - reply = sb_ptr; + datalen = sizeof(struct sane_reply_net_start); + + reply = skb_header_pointer(skb, dataoff, datalen, &buf.repl); + if (!reply) + return NF_ACCEPT; + if (reply->status != htonl(SANE_STATUS_SUCCESS)) { /* saned refused the command */ pr_debug("unsuccessful SANE_STATUS = %u\n", ntohl(reply->status)); - goto out; + return NF_ACCEPT; } /* Invalid saned reply? Ignore it. */ if (reply->zero != 0) - goto out; + return NF_ACCEPT; exp = nf_ct_expect_alloc(ct); if (exp == NULL) { nf_ct_helper_log(skb, ct, "cannot alloc expectation"); - ret = NF_DROP; - goto out; + return NF_DROP; } tuple = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple; @@ -162,9 +163,6 @@ static int help(struct sk_buff *skb, } nf_ct_expect_put(exp); - -out: - spin_unlock_bh(&nf_sane_lock); return ret; } @@ -178,7 +176,6 @@ static const struct nf_conntrack_expect_ static void __exit nf_conntrack_sane_fini(void) { nf_conntrack_helpers_unregister(sane, ports_c * 2); - kfree(sane_buffer); } static int __init nf_conntrack_sane_init(void) @@ -187,10 +184,6 @@ static int __init nf_conntrack_sane_init NF_CT_HELPER_BUILD_BUG_ON(sizeof(struct nf_ct_sane_master)); - sane_buffer = kmalloc(65536, GFP_KERNEL); - if (!sane_buffer) - return -ENOMEM; - if (ports_c == 0) ports[ports_c++] = SANE_PORT; @@ -210,7 +203,6 @@ static int __init nf_conntrack_sane_init ret = nf_conntrack_helpers_register(sane, ports_c * 2); if (ret < 0) { pr_err("failed to register helpers\n"); - kfree(sane_buffer); return ret; }