git.baikalelectronics.ru Git - kernel.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 14 Mar 2022 17:23:01 +0000 (18:23 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Sat, 19 Mar 2022 23:29:46 +0000 (00:29 +0100)
commit	b68f5906cf16cc29f0979e7f77b14dc9f319a150
tree	e503061ed757389083f3a868ec6d1b87e77456cd	tree \| snapshot
parent	cdba27802fee8e52b2c293984002cc4cb359483a	commit \| diff

netfilter: nf_tables: cancel tracking for clobbered destination registers

Output of expressions might be larger than one single register, this might
clobber existing data. Reset tracking for all destination registers that
required to store the expression output.

This patch adds three new helper functions:

- nft_reg_track_update: cancel previous register tracking and update it.
- nft_reg_track_cancel: cancel any previous register tracking info.
- __nft_reg_track_cancel: cancel only one single register tracking info.

Partial register clobbering detection is also supported by checking the
.num_reg field which describes the number of register that are used.

This patch updates the following expressions:

- meta_bridge
- bitwise
- byteorder
- meta
- payload

to use these helper functions.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/nf_tables.h		diff \| blob \| history
include/net/netfilter/nft_meta.h		diff \| blob \| history
net/bridge/netfilter/nft_meta_bridge.c		diff \| blob \| history
net/netfilter/nf_tables_api.c		diff \| blob \| history
net/netfilter/nft_bitwise.c		diff \| blob \| history
net/netfilter/nft_byteorder.c		diff \| blob \| history
net/netfilter/nft_meta.c		diff \| blob \| history
net/netfilter/nft_payload.c		diff \| blob \| history