Commit dc75a43c authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge tag 'nf-25-05-08' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 

Pablo Neira Ayuso says:

====================
Netfilter/IPVS fixes for net

The following patchset contain Netfilter/IPVS fixes for net:

1) Fix KMSAN uninit-value in do_output_route4, reported by syzbot.
   Patch from Julian Anastasov.

2) ipset hashtable set type breaks up the hashtable into regions of
   2^10 buckets. Fix the macro that determines the hashtable lock
   region to protect concurrent updates. From Jozsef Kadlecsik.

* tag 'nf-25-05-08' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: ipset: fix region locking in hash types
  ipvs: fix uninit-value for saddr in do_output_route4
====================

Link: https://patch.msgid.link/20250507221952.86505-1-pablo@netfilter.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 6beb6835 8478a729

net/netfilter/ipset/ip_set_hash_gen.h

+1 −1
Original line number Diff line number Diff line
@@ -64,7 +64,7 @@ struct hbucket { 
#define ahash_sizeof_regions(htable_bits)		\

	(ahash_numof_locks(htable_bits) * sizeof(struct ip_set_region))

#define ahash_region(n, htable_bits)		\

	((n) % ahash_numof_locks(htable_bits))

	((n) / jhash_size(HTABLE_REGION_BITS))

#define ahash_bucket_start(h,  htable_bits)	\

	((htable_bits) < HTABLE_REGION_BITS ? 0	\

		: (h) * jhash_size(HTABLE_REGION_BITS))

net/netfilter/ipvs/ip_vs_xmit.c

+8 −19
Original line number Diff line number Diff line
@@ -119,13 +119,12 @@ __mtu_check_toobig_v6(const struct sk_buff *skb, u32 mtu) 
	return false;

}



/* Get route to daddr, update *saddr, optionally bind route to saddr */

/* Get route to daddr, optionally bind route to saddr */

static struct rtable *do_output_route4(struct net *net, __be32 daddr,

				       int rt_mode, __be32 *saddr)

				       int rt_mode, __be32 *ret_saddr)

{

	struct flowi4 fl4;

	struct rtable *rt;

	bool loop = false;



	memset(&fl4, 0, sizeof(fl4));

	fl4.daddr = daddr;
@@ -135,23 +134,17 @@ static struct rtable *do_output_route4(struct net *net, __be32 daddr, 
retry:

	rt = ip_route_output_key(net, &fl4);

	if (IS_ERR(rt)) {

		/* Invalid saddr ? */

		if (PTR_ERR(rt) == -EINVAL && *saddr &&

		    rt_mode & IP_VS_RT_MODE_CONNECT && !loop) {

			*saddr = 0;

			flowi4_update_output(&fl4, 0, daddr, 0);

			goto retry;

		}

		IP_VS_DBG_RL("ip_route_output error, dest: %pI4\n", &daddr);

		return NULL;

	} else if (!*saddr && rt_mode & IP_VS_RT_MODE_CONNECT && fl4.saddr) {

	}

	if (rt_mode & IP_VS_RT_MODE_CONNECT && fl4.saddr) {

		ip_rt_put(rt);

		*saddr = fl4.saddr;

		flowi4_update_output(&fl4, 0, daddr, fl4.saddr);

		loop = true;

		rt_mode = 0;

		goto retry;

	}

	*saddr = fl4.saddr;

	if (ret_saddr)

		*ret_saddr = fl4.saddr;

	return rt;

}
@@ -344,19 +337,15 @@ __ip_vs_get_out_rt(struct netns_ipvs *ipvs, int skb_af, struct sk_buff *skb, 
		if (ret_saddr)

			*ret_saddr = dest_dst->dst_saddr.ip;

	} else {

		__be32 saddr = htonl(INADDR_ANY);



		noref = 0;



		/* For such unconfigured boxes avoid many route lookups

		 * for performance reasons because we do not remember saddr

		 */

		rt_mode &= ~IP_VS_RT_MODE_CONNECT;

		rt = do_output_route4(net, daddr, rt_mode, &saddr);

		rt = do_output_route4(net, daddr, rt_mode, ret_saddr);

		if (!rt)

			goto err_unreach;

		if (ret_saddr)

			*ret_saddr = saddr;

	}



	local = (rt->rt_flags & RTCF_LOCAL) ? 1 : 0;