git.baikalelectronics.ru Git - kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 14 Mar 2022 17:23:01 +0000 (18:23 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sat, 19 Mar 2022 23:29:46 +0000 (00:29 +0100)
commit	48ec024c6c46f2562a06b5e2928695044e3ff11d
tree	e503061ed757389083f3a868ec6d1b87e77456cd	tree \| snapshot
parent	1cb7f4d021dbf2e7994dcc5cf7e99d2ff45cd58f	commit \| diff

netfilter: nf_tables: cancel tracking for clobbered destination registers

Output of expressions might be larger than one single register, this might
clobber existing data. Reset tracking for all destination registers that
required to store the expression output.

This patch adds three new helper functions:

- nft_reg_track_update: cancel previous register tracking and update it.
- nft_reg_track_cancel: cancel any previous register tracking info.
- __nft_reg_track_cancel: cancel only one single register tracking info.

Partial register clobbering detection is also supported by checking the
.num_reg field which describes the number of register that are used.

This patch updates the following expressions:

- meta_bridge
- bitwise
- byteorder
- meta
- payload

to use these helper functions.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables.h		diff \| blob \| history
include/net/netfilter/nft_meta.h		diff \| blob \| history
net/bridge/netfilter/nft_meta_bridge.c		diff \| blob \| history
net/netfilter/nf_tables_api.c		diff \| blob \| history
net/netfilter/nft_bitwise.c		diff \| blob \| history
net/netfilter/nft_byteorder.c		diff \| blob \| history
net/netfilter/nft_meta.c		diff \| blob \| history
net/netfilter/nft_payload.c		diff \| blob \| history