diff options
Diffstat (limited to 'main/linux-grsec/net-handle-different-key-sizes-between-address-families-in-flow-cache.patch')
| -rw-r--r-- | main/linux-grsec/net-handle-different-key-sizes-between-address-families-in-flow-cache.patch | 140 |
1 files changed, 140 insertions, 0 deletions
diff --git a/main/linux-grsec/net-handle-different-key-sizes-between-address-families-in-flow-cache.patch b/main/linux-grsec/net-handle-different-key-sizes-between-address-families-in-flow-cache.patch new file mode 100644 index 0000000000..9fe93a1a6b --- /dev/null +++ b/main/linux-grsec/net-handle-different-key-sizes-between-address-families-in-flow-cache.patch @@ -0,0 +1,140 @@ +From aa1c366e4febc7f5c2b84958a2dd7cd70e28f9d0 Mon Sep 17 00:00:00 2001 +From: dpward <david.ward@ll.mit.edu> +Date: Mon, 5 Sep 2011 16:47:24 +0000 +Subject: net: Handle different key sizes between address families in flow cache + +From: dpward <david.ward@ll.mit.edu> + +commit aa1c366e4febc7f5c2b84958a2dd7cd70e28f9d0 upstream. + +With the conversion of struct flowi to a union of AF-specific structs, some +operations on the flow cache need to account for the exact size of the key. + +Signed-off-by: David Ward <david.ward@ll.mit.edu> +Signed-off-by: David S. Miller <davem@davemloft.net> +Cc: Kim Phillips <kim.phillips@freescale.com> +Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> + +--- + include/net/flow.h | 19 +++++++++++++++++++ + net/core/flow.c | 31 +++++++++++++++++-------------- + 2 files changed, 36 insertions(+), 14 deletions(-) + +--- a/include/net/flow.h ++++ b/include/net/flow.h +@@ -7,6 +7,7 @@ + #ifndef _NET_FLOW_H + #define _NET_FLOW_H + ++#include <linux/socket.h> + #include <linux/in6.h> + #include <asm/atomic.h> + +@@ -161,6 +162,24 @@ static inline struct flowi *flowidn_to_f + return container_of(fldn, struct flowi, u.dn); + } + ++typedef unsigned long flow_compare_t; ++ ++static inline size_t flow_key_size(u16 family) ++{ ++ switch (family) { ++ case AF_INET: ++ BUILD_BUG_ON(sizeof(struct flowi4) % sizeof(flow_compare_t)); ++ return sizeof(struct flowi4) / sizeof(flow_compare_t); ++ case AF_INET6: ++ BUILD_BUG_ON(sizeof(struct flowi6) % sizeof(flow_compare_t)); ++ return sizeof(struct flowi6) / sizeof(flow_compare_t); ++ case AF_DECnet: ++ BUILD_BUG_ON(sizeof(struct flowidn) % sizeof(flow_compare_t)); ++ return sizeof(struct flowidn) / sizeof(flow_compare_t); ++ } ++ return 0; ++} ++ + #define FLOW_DIR_IN 0 + #define FLOW_DIR_OUT 1 + #define FLOW_DIR_FWD 2 +--- a/net/core/flow.c ++++ b/net/core/flow.c +@@ -172,29 +172,26 @@ static void flow_new_hash_rnd(struct flo + + static u32 flow_hash_code(struct flow_cache *fc, + struct flow_cache_percpu *fcp, +- const struct flowi *key) ++ const struct flowi *key, ++ size_t keysize) + { + const u32 *k = (const u32 *) key; ++ const u32 length = keysize * sizeof(flow_compare_t) / sizeof(u32); + +- return jhash2(k, (sizeof(*key) / sizeof(u32)), fcp->hash_rnd) ++ return jhash2(k, length, fcp->hash_rnd) + & (flow_cache_hash_size(fc) - 1); + } + +-typedef unsigned long flow_compare_t; +- + /* I hear what you're saying, use memcmp. But memcmp cannot make +- * important assumptions that we can here, such as alignment and +- * constant size. ++ * important assumptions that we can here, such as alignment. + */ +-static int flow_key_compare(const struct flowi *key1, const struct flowi *key2) ++static int flow_key_compare(const struct flowi *key1, const struct flowi *key2, ++ size_t keysize) + { + const flow_compare_t *k1, *k1_lim, *k2; +- const int n_elem = sizeof(struct flowi) / sizeof(flow_compare_t); +- +- BUILD_BUG_ON(sizeof(struct flowi) % sizeof(flow_compare_t)); + + k1 = (const flow_compare_t *) key1; +- k1_lim = k1 + n_elem; ++ k1_lim = k1 + keysize; + + k2 = (const flow_compare_t *) key2; + +@@ -215,6 +212,7 @@ flow_cache_lookup(struct net *net, const + struct flow_cache_entry *fle, *tfle; + struct hlist_node *entry; + struct flow_cache_object *flo; ++ size_t keysize; + unsigned int hash; + + local_bh_disable(); +@@ -222,6 +220,11 @@ flow_cache_lookup(struct net *net, const + + fle = NULL; + flo = NULL; ++ ++ keysize = flow_key_size(family); ++ if (!keysize) ++ goto nocache; ++ + /* Packet really early in init? Making flow_cache_init a + * pre-smp initcall would solve this. --RR */ + if (!fcp->hash_table) +@@ -230,11 +233,11 @@ flow_cache_lookup(struct net *net, const + if (fcp->hash_rnd_recalc) + flow_new_hash_rnd(fc, fcp); + +- hash = flow_hash_code(fc, fcp, key); ++ hash = flow_hash_code(fc, fcp, key, keysize); + hlist_for_each_entry(tfle, entry, &fcp->hash_table[hash], u.hlist) { + if (tfle->family == family && + tfle->dir == dir && +- flow_key_compare(key, &tfle->key) == 0) { ++ flow_key_compare(key, &tfle->key, keysize) == 0) { + fle = tfle; + break; + } +@@ -248,7 +251,7 @@ flow_cache_lookup(struct net *net, const + if (fle) { + fle->family = family; + fle->dir = dir; +- memcpy(&fle->key, key, sizeof(*key)); ++ memcpy(&fle->key, key, keysize * sizeof(flow_compare_t)); + fle->object = NULL; + hlist_add_head(&fle->u.hlist, &fcp->hash_table[hash]); + fcp->hash_count++; |