releases/4.19.51/netfilter-nf_flow_table-fix-missing-error-check-for-.patch

   1 From 07946f656e835c9f38d73883d7714af978979fc2 Mon Sep 17 00:00:00 2001
   2 From: Taehee Yoo <ap420073@gmail.com>
   3 Date: Fri, 3 May 2019 01:56:38 +0900
   4 Subject: netfilter: nf_flow_table: fix missing error check for
   5  rhashtable_insert_fast
   6
   7 [ Upstream commit 43c8f131184faf20c07221f3e09724611c6525d8 ]
   8
   9 rhashtable_insert_fast() may return an error value when memory
  10 allocation fails, but flow_offload_add() does not check for errors.
  11 This patch just adds missing error checking.
  12
  13 Fixes: ac2a66665e23 ("netfilter: add generic flow table infrastructure")
  14 Signed-off-by: Taehee Yoo <ap420073@gmail.com>
  15 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  16 Signed-off-by: Sasha Levin <sashal@kernel.org>
  17 ---
  18  net/netfilter/nf_flow_table_core.c | 25 ++++++++++++++++++-------
  19  1 file changed, 18 insertions(+), 7 deletions(-)
  20
  21 diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
  22 index e1537ace2b90..5df7486bb416 100644
  23 --- a/net/netfilter/nf_flow_table_core.c
  24 +++ b/net/netfilter/nf_flow_table_core.c
  25 @@ -185,14 +185,25 @@ static const struct rhashtable_params nf_flow_offload_rhash_params = {
  26
  27  int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow)
  28  {
  29 -       flow->timeout = (u32)jiffies;
  30 +       int err;
  31
  32 -       rhashtable_insert_fast(&flow_table->rhashtable,
  33 -                              &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node,
  34 -                              nf_flow_offload_rhash_params);
  35 -       rhashtable_insert_fast(&flow_table->rhashtable,
  36 -                              &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node,
  37 -                              nf_flow_offload_rhash_params);
  38 +       err = rhashtable_insert_fast(&flow_table->rhashtable,
  39 +                                    &flow->tuplehash[0].node,
  40 +                                    nf_flow_offload_rhash_params);
  41 +       if (err < 0)
  42 +               return err;
  43 +
  44 +       err = rhashtable_insert_fast(&flow_table->rhashtable,
  45 +                                    &flow->tuplehash[1].node,
  46 +                                    nf_flow_offload_rhash_params);
  47 +       if (err < 0) {
  48 +               rhashtable_remove_fast(&flow_table->rhashtable,
  49 +                                      &flow->tuplehash[0].node,
  50 +                                      nf_flow_offload_rhash_params);
  51 +               return err;
  52 +       }
  53 +
  54 +       flow->timeout = (u32)jiffies;
  55         return 0;
  56  }
  57  EXPORT_SYMBOL_GPL(flow_offload_add);
  58 --
  59 2.20.1
  60