Commit 443a70d5 authored by Philip Craig's avatar Philip Craig Committed by David S. Miller

netfilter: nf_conntrack: padding breaks conntrack hash on ARM

commit 0794935e "[NETFILTER]: nf_conntrack: optimize hash_conntrack()"
results in ARM platforms hashing uninitialised padding.  This padding
doesn't exist on other architectures.

Fix this by replacing NF_CT_TUPLE_U_BLANK() with memset() to ensure
everything is initialised.  There were only 4 bytes that
NF_CT_TUPLE_U_BLANK() wasn't clearing anyway (or 12 bytes on ARM).
Signed-off-by: default avatarPhilip Craig <philipc@snapgear.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 0010e465
...@@ -107,16 +107,6 @@ struct nf_conntrack_tuple_mask ...@@ -107,16 +107,6 @@ struct nf_conntrack_tuple_mask
} src; } src;
}; };
/* This is optimized opposed to a memset of the whole structure. Everything we
* really care about is the source/destination unions */
#define NF_CT_TUPLE_U_BLANK(tuple) \
do { \
(tuple)->src.u.all = 0; \
(tuple)->dst.u.all = 0; \
memset(&(tuple)->src.u3, 0, sizeof((tuple)->src.u3)); \
memset(&(tuple)->dst.u3, 0, sizeof((tuple)->dst.u3)); \
} while (0)
#ifdef __KERNEL__ #ifdef __KERNEL__
static inline void nf_ct_dump_tuple_ip(const struct nf_conntrack_tuple *t) static inline void nf_ct_dump_tuple_ip(const struct nf_conntrack_tuple *t)
......
...@@ -303,7 +303,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len) ...@@ -303,7 +303,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len)
const struct nf_conntrack_tuple_hash *h; const struct nf_conntrack_tuple_hash *h;
struct nf_conntrack_tuple tuple; struct nf_conntrack_tuple tuple;
NF_CT_TUPLE_U_BLANK(&tuple); memset(&tuple, 0, sizeof(tuple));
tuple.src.u3.ip = inet->rcv_saddr; tuple.src.u3.ip = inet->rcv_saddr;
tuple.src.u.tcp.port = inet->sport; tuple.src.u.tcp.port = inet->sport;
tuple.dst.u3.ip = inet->daddr; tuple.dst.u3.ip = inet->daddr;
......
...@@ -104,7 +104,7 @@ nf_ct_get_tuple(const struct sk_buff *skb, ...@@ -104,7 +104,7 @@ nf_ct_get_tuple(const struct sk_buff *skb,
const struct nf_conntrack_l3proto *l3proto, const struct nf_conntrack_l3proto *l3proto,
const struct nf_conntrack_l4proto *l4proto) const struct nf_conntrack_l4proto *l4proto)
{ {
NF_CT_TUPLE_U_BLANK(tuple); memset(tuple, 0, sizeof(*tuple));
tuple->src.l3num = l3num; tuple->src.l3num = l3num;
if (l3proto->pkt_to_tuple(skb, nhoff, tuple) == 0) if (l3proto->pkt_to_tuple(skb, nhoff, tuple) == 0)
...@@ -151,7 +151,7 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse, ...@@ -151,7 +151,7 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,
const struct nf_conntrack_l3proto *l3proto, const struct nf_conntrack_l3proto *l3proto,
const struct nf_conntrack_l4proto *l4proto) const struct nf_conntrack_l4proto *l4proto)
{ {
NF_CT_TUPLE_U_BLANK(inverse); memset(inverse, 0, sizeof(*inverse));
inverse->src.l3num = orig->src.l3num; inverse->src.l3num = orig->src.l3num;
if (l3proto->invert_tuple(inverse, orig) == 0) if (l3proto->invert_tuple(inverse, orig) == 0)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment