]>
Commit | Line | Data |
---|---|---|
77348cdf GKH |
1 | From d824548dae220820bdf69b2d1561b7c4b072783f Mon Sep 17 00:00:00 2001 |
2 | From: Florian Westphal <fw@strlen.de> | |
3 | Date: Tue, 19 Feb 2019 00:37:21 +0100 | |
4 | Subject: netfilter: ebtables: remove BUGPRINT messages | |
5 | ||
6 | From: Florian Westphal <fw@strlen.de> | |
7 | ||
8 | commit d824548dae220820bdf69b2d1561b7c4b072783f upstream. | |
9 | ||
10 | They are however frequently triggered by syzkaller, so remove them. | |
11 | ||
12 | ebtables userspace should never trigger any of these, so there is little | |
13 | value in making them pr_debug (or ratelimited). | |
14 | ||
15 | Signed-off-by: Florian Westphal <fw@strlen.de> | |
16 | Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> | |
17 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
18 | ||
19 | --- | |
20 | net/bridge/netfilter/ebtables.c | 131 +++++++++++----------------------------- | |
21 | 1 file changed, 39 insertions(+), 92 deletions(-) | |
22 | ||
23 | --- a/net/bridge/netfilter/ebtables.c | |
24 | +++ b/net/bridge/netfilter/ebtables.c | |
25 | @@ -31,10 +31,6 @@ | |
26 | /* needed for logical [in,out]-dev filtering */ | |
27 | #include "../br_private.h" | |
28 | ||
29 | -#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\ | |
30 | - "report to author: "format, ## args) | |
31 | -/* #define BUGPRINT(format, args...) */ | |
32 | - | |
33 | /* Each cpu has its own set of counters, so there is no need for write_lock in | |
34 | * the softirq | |
35 | * For reading or updating the counters, the user context needs to | |
36 | @@ -466,8 +462,6 @@ static int ebt_verify_pointers(const str | |
37 | /* we make userspace set this right, | |
38 | * so there is no misunderstanding | |
39 | */ | |
40 | - BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set " | |
41 | - "in distinguisher\n"); | |
42 | return -EINVAL; | |
43 | } | |
44 | if (i != NF_BR_NUMHOOKS) | |
45 | @@ -485,18 +479,14 @@ static int ebt_verify_pointers(const str | |
46 | offset += e->next_offset; | |
47 | } | |
48 | } | |
49 | - if (offset != limit) { | |
50 | - BUGPRINT("entries_size too small\n"); | |
51 | + if (offset != limit) | |
52 | return -EINVAL; | |
53 | - } | |
54 | ||
55 | /* check if all valid hooks have a chain */ | |
56 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { | |
57 | if (!newinfo->hook_entry[i] && | |
58 | - (valid_hooks & (1 << i))) { | |
59 | - BUGPRINT("Valid hook without chain\n"); | |
60 | + (valid_hooks & (1 << i))) | |
61 | return -EINVAL; | |
62 | - } | |
63 | } | |
64 | return 0; | |
65 | } | |
66 | @@ -523,26 +513,20 @@ ebt_check_entry_size_and_hooks(const str | |
67 | /* this checks if the previous chain has as many entries | |
68 | * as it said it has | |
69 | */ | |
70 | - if (*n != *cnt) { | |
71 | - BUGPRINT("nentries does not equal the nr of entries " | |
72 | - "in the chain\n"); | |
73 | + if (*n != *cnt) | |
74 | return -EINVAL; | |
75 | - } | |
76 | + | |
77 | if (((struct ebt_entries *)e)->policy != EBT_DROP && | |
78 | ((struct ebt_entries *)e)->policy != EBT_ACCEPT) { | |
79 | /* only RETURN from udc */ | |
80 | if (i != NF_BR_NUMHOOKS || | |
81 | - ((struct ebt_entries *)e)->policy != EBT_RETURN) { | |
82 | - BUGPRINT("bad policy\n"); | |
83 | + ((struct ebt_entries *)e)->policy != EBT_RETURN) | |
84 | return -EINVAL; | |
85 | - } | |
86 | } | |
87 | if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */ | |
88 | (*udc_cnt)++; | |
89 | - if (((struct ebt_entries *)e)->counter_offset != *totalcnt) { | |
90 | - BUGPRINT("counter_offset != totalcnt"); | |
91 | + if (((struct ebt_entries *)e)->counter_offset != *totalcnt) | |
92 | return -EINVAL; | |
93 | - } | |
94 | *n = ((struct ebt_entries *)e)->nentries; | |
95 | *cnt = 0; | |
96 | return 0; | |
97 | @@ -550,15 +534,13 @@ ebt_check_entry_size_and_hooks(const str | |
98 | /* a plain old entry, heh */ | |
99 | if (sizeof(struct ebt_entry) > e->watchers_offset || | |
100 | e->watchers_offset > e->target_offset || | |
101 | - e->target_offset >= e->next_offset) { | |
102 | - BUGPRINT("entry offsets not in right order\n"); | |
103 | + e->target_offset >= e->next_offset) | |
104 | return -EINVAL; | |
105 | - } | |
106 | + | |
107 | /* this is not checked anywhere else */ | |
108 | - if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) { | |
109 | - BUGPRINT("target size too small\n"); | |
110 | + if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) | |
111 | return -EINVAL; | |
112 | - } | |
113 | + | |
114 | (*cnt)++; | |
115 | (*totalcnt)++; | |
116 | return 0; | |
117 | @@ -678,18 +660,15 @@ ebt_check_entry(struct ebt_entry *e, str | |
118 | if (e->bitmask == 0) | |
119 | return 0; | |
120 | ||
121 | - if (e->bitmask & ~EBT_F_MASK) { | |
122 | - BUGPRINT("Unknown flag for bitmask\n"); | |
123 | + if (e->bitmask & ~EBT_F_MASK) | |
124 | return -EINVAL; | |
125 | - } | |
126 | - if (e->invflags & ~EBT_INV_MASK) { | |
127 | - BUGPRINT("Unknown flag for inv bitmask\n"); | |
128 | + | |
129 | + if (e->invflags & ~EBT_INV_MASK) | |
130 | return -EINVAL; | |
131 | - } | |
132 | - if ((e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3)) { | |
133 | - BUGPRINT("NOPROTO & 802_3 not allowed\n"); | |
134 | + | |
135 | + if ((e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3)) | |
136 | return -EINVAL; | |
137 | - } | |
138 | + | |
139 | /* what hook do we belong to? */ | |
140 | for (i = 0; i < NF_BR_NUMHOOKS; i++) { | |
141 | if (!newinfo->hook_entry[i]) | |
142 | @@ -748,13 +727,11 @@ ebt_check_entry(struct ebt_entry *e, str | |
143 | t->u.target = target; | |
144 | if (t->u.target == &ebt_standard_target) { | |
145 | if (gap < sizeof(struct ebt_standard_target)) { | |
146 | - BUGPRINT("Standard target size too big\n"); | |
147 | ret = -EFAULT; | |
148 | goto cleanup_watchers; | |
149 | } | |
150 | if (((struct ebt_standard_target *)t)->verdict < | |
151 | -NUM_STANDARD_TARGETS) { | |
152 | - BUGPRINT("Invalid standard target\n"); | |
153 | ret = -EFAULT; | |
154 | goto cleanup_watchers; | |
155 | } | |
156 | @@ -813,10 +790,9 @@ static int check_chainloops(const struct | |
157 | if (strcmp(t->u.name, EBT_STANDARD_TARGET)) | |
158 | goto letscontinue; | |
159 | if (e->target_offset + sizeof(struct ebt_standard_target) > | |
160 | - e->next_offset) { | |
161 | - BUGPRINT("Standard target size too big\n"); | |
162 | + e->next_offset) | |
163 | return -1; | |
164 | - } | |
165 | + | |
166 | verdict = ((struct ebt_standard_target *)t)->verdict; | |
167 | if (verdict >= 0) { /* jump to another chain */ | |
168 | struct ebt_entries *hlp2 = | |
169 | @@ -825,14 +801,12 @@ static int check_chainloops(const struct | |
170 | if (hlp2 == cl_s[i].cs.chaininfo) | |
171 | break; | |
172 | /* bad destination or loop */ | |
173 | - if (i == udc_cnt) { | |
174 | - BUGPRINT("bad destination\n"); | |
175 | + if (i == udc_cnt) | |
176 | return -1; | |
177 | - } | |
178 | - if (cl_s[i].cs.n) { | |
179 | - BUGPRINT("loop\n"); | |
180 | + | |
181 | + if (cl_s[i].cs.n) | |
182 | return -1; | |
183 | - } | |
184 | + | |
185 | if (cl_s[i].hookmask & (1 << hooknr)) | |
186 | goto letscontinue; | |
187 | /* this can't be 0, so the loop test is correct */ | |
188 | @@ -865,24 +839,21 @@ static int translate_table(struct net *n | |
189 | i = 0; | |
190 | while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i]) | |
191 | i++; | |
192 | - if (i == NF_BR_NUMHOOKS) { | |
193 | - BUGPRINT("No valid hooks specified\n"); | |
194 | + if (i == NF_BR_NUMHOOKS) | |
195 | return -EINVAL; | |
196 | - } | |
197 | - if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) { | |
198 | - BUGPRINT("Chains don't start at beginning\n"); | |
199 | + | |
200 | + if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) | |
201 | return -EINVAL; | |
202 | - } | |
203 | + | |
204 | /* make sure chains are ordered after each other in same order | |
205 | * as their corresponding hooks | |
206 | */ | |
207 | for (j = i + 1; j < NF_BR_NUMHOOKS; j++) { | |
208 | if (!newinfo->hook_entry[j]) | |
209 | continue; | |
210 | - if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) { | |
211 | - BUGPRINT("Hook order must be followed\n"); | |
212 | + if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) | |
213 | return -EINVAL; | |
214 | - } | |
215 | + | |
216 | i = j; | |
217 | } | |
218 | ||
219 | @@ -900,15 +871,11 @@ static int translate_table(struct net *n | |
220 | if (ret != 0) | |
221 | return ret; | |
222 | ||
223 | - if (i != j) { | |
224 | - BUGPRINT("nentries does not equal the nr of entries in the " | |
225 | - "(last) chain\n"); | |
226 | + if (i != j) | |
227 | return -EINVAL; | |
228 | - } | |
229 | - if (k != newinfo->nentries) { | |
230 | - BUGPRINT("Total nentries is wrong\n"); | |
231 | + | |
232 | + if (k != newinfo->nentries) | |
233 | return -EINVAL; | |
234 | - } | |
235 | ||
236 | /* get the location of the udc, put them in an array | |
237 | * while we're at it, allocate the chainstack | |
238 | @@ -942,7 +909,6 @@ static int translate_table(struct net *n | |
239 | ebt_get_udc_positions, newinfo, &i, cl_s); | |
240 | /* sanity check */ | |
241 | if (i != udc_cnt) { | |
242 | - BUGPRINT("i != udc_cnt\n"); | |
243 | vfree(cl_s); | |
244 | return -EFAULT; | |
245 | } | |
246 | @@ -1042,7 +1008,6 @@ static int do_replace_finish(struct net | |
247 | goto free_unlock; | |
248 | ||
249 | if (repl->num_counters && repl->num_counters != t->private->nentries) { | |
250 | - BUGPRINT("Wrong nr. of counters requested\n"); | |
251 | ret = -EINVAL; | |
252 | goto free_unlock; | |
253 | } | |
254 | @@ -1118,15 +1083,12 @@ static int do_replace(struct net *net, c | |
255 | if (copy_from_user(&tmp, user, sizeof(tmp)) != 0) | |
256 | return -EFAULT; | |
257 | ||
258 | - if (len != sizeof(tmp) + tmp.entries_size) { | |
259 | - BUGPRINT("Wrong len argument\n"); | |
260 | + if (len != sizeof(tmp) + tmp.entries_size) | |
261 | return -EINVAL; | |
262 | - } | |
263 | ||
264 | - if (tmp.entries_size == 0) { | |
265 | - BUGPRINT("Entries_size never zero\n"); | |
266 | + if (tmp.entries_size == 0) | |
267 | return -EINVAL; | |
268 | - } | |
269 | + | |
270 | /* overflow check */ | |
271 | if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) / | |
272 | NR_CPUS - SMP_CACHE_BYTES) / sizeof(struct ebt_counter)) | |
273 | @@ -1153,7 +1115,6 @@ static int do_replace(struct net *net, c | |
274 | } | |
275 | if (copy_from_user( | |
276 | newinfo->entries, tmp.entries, tmp.entries_size) != 0) { | |
277 | - BUGPRINT("Couldn't copy entries from userspace\n"); | |
278 | ret = -EFAULT; | |
279 | goto free_entries; | |
280 | } | |
281 | @@ -1194,10 +1155,8 @@ int ebt_register_table(struct net *net, | |
282 | ||
283 | if (input_table == NULL || (repl = input_table->table) == NULL || | |
284 | repl->entries == NULL || repl->entries_size == 0 || | |
285 | - repl->counters != NULL || input_table->private != NULL) { | |
286 | - BUGPRINT("Bad table data for ebt_register_table!!!\n"); | |
287 | + repl->counters != NULL || input_table->private != NULL) | |
288 | return -EINVAL; | |
289 | - } | |
290 | ||
291 | /* Don't add one table to multiple lists. */ | |
292 | table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL); | |
293 | @@ -1235,13 +1194,10 @@ int ebt_register_table(struct net *net, | |
294 | ((char *)repl->hook_entry[i] - repl->entries); | |
295 | } | |
296 | ret = translate_table(net, repl->name, newinfo); | |
297 | - if (ret != 0) { | |
298 | - BUGPRINT("Translate_table failed\n"); | |
299 | + if (ret != 0) | |
300 | goto free_chainstack; | |
301 | - } | |
302 | ||
303 | if (table->check && table->check(newinfo, table->valid_hooks)) { | |
304 | - BUGPRINT("The table doesn't like its own initial data, lol\n"); | |
305 | ret = -EINVAL; | |
306 | goto free_chainstack; | |
307 | } | |
308 | @@ -1252,7 +1208,6 @@ int ebt_register_table(struct net *net, | |
309 | list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) { | |
310 | if (strcmp(t->name, table->name) == 0) { | |
311 | ret = -EEXIST; | |
312 | - BUGPRINT("Table name already exists\n"); | |
313 | goto free_unlock; | |
314 | } | |
315 | } | |
316 | @@ -1320,7 +1275,6 @@ static int do_update_counters(struct net | |
317 | goto free_tmp; | |
318 | ||
319 | if (num_counters != t->private->nentries) { | |
320 | - BUGPRINT("Wrong nr of counters\n"); | |
321 | ret = -EINVAL; | |
322 | goto unlock_mutex; | |
323 | } | |
324 | @@ -1447,10 +1401,8 @@ static int copy_counters_to_user(struct | |
325 | if (num_counters == 0) | |
326 | return 0; | |
327 | ||
328 | - if (num_counters != nentries) { | |
329 | - BUGPRINT("Num_counters wrong\n"); | |
330 | + if (num_counters != nentries) | |
331 | return -EINVAL; | |
332 | - } | |
333 | ||
334 | counterstmp = vmalloc(array_size(nentries, sizeof(*counterstmp))); | |
335 | if (!counterstmp) | |
336 | @@ -1496,15 +1448,11 @@ static int copy_everything_to_user(struc | |
337 | (tmp.num_counters ? nentries * sizeof(struct ebt_counter) : 0)) | |
338 | return -EINVAL; | |
339 | ||
340 | - if (tmp.nentries != nentries) { | |
341 | - BUGPRINT("Nentries wrong\n"); | |
342 | + if (tmp.nentries != nentries) | |
343 | return -EINVAL; | |
344 | - } | |
345 | ||
346 | - if (tmp.entries_size != entries_size) { | |
347 | - BUGPRINT("Wrong size\n"); | |
348 | + if (tmp.entries_size != entries_size) | |
349 | return -EINVAL; | |
350 | - } | |
351 | ||
352 | ret = copy_counters_to_user(t, oldcounters, tmp.counters, | |
353 | tmp.num_counters, nentries); | |
354 | @@ -1576,7 +1524,6 @@ static int do_ebt_get_ctl(struct sock *s | |
355 | } | |
356 | mutex_unlock(&ebt_mutex); | |
357 | if (copy_to_user(user, &tmp, *len) != 0) { | |
358 | - BUGPRINT("c2u Didn't work\n"); | |
359 | ret = -EFAULT; | |
360 | break; | |
361 | } |