Discussion:
[PATCH net-next] ipvs: Avoid null-pointer deref in debug code
Alex Gartrell
2014-10-06 00:54:55 UTC
Permalink
Ensure that the pointer is non-NULL before dereferencing it for debugging
purposes.

Reported-by: Dan Carpenter <***@oracle.com>
Signed-off-by: Alex Gartrell <***@fb.com>
---
net/netfilter/ipvs/ip_vs_xmit.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 91f17c1..06bba9b 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -316,7 +316,7 @@ __ip_vs_get_out_rt(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
if (unlikely(crosses_local_route_boundary(skb_af, skb, rt_mode,
local))) {
IP_VS_DBG_RL("We are crossing local and non-local addresses"
- " daddr=%pI4\n", &dest->addr.ip);
+ " daddr=%pI4\n", dest ? &dest->addr.ip : NULL);
goto err_put;
}

@@ -458,7 +458,7 @@ __ip_vs_get_out_rt_v6(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
if (unlikely(crosses_local_route_boundary(skb_af, skb, rt_mode,
local))) {
IP_VS_DBG_RL("We are crossing local and non-local addresses"
- " daddr=%pI6\n", &dest->addr.in6);
+ " daddr=%pI6\n", dest ? &dest->addr.in6 : NULL);
goto err_put;
}
--
Alex Gartrell <***@fb.com>
Julian Anastasov
2014-10-06 06:49:57 UTC
Permalink
Hello,
Post by Alex Gartrell
Ensure that the pointer is non-NULL before dereferencing it for debugging
purposes.
---
net/netfilter/ipvs/ip_vs_xmit.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 91f17c1..06bba9b 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -316,7 +316,7 @@ __ip_vs_get_out_rt(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
if (unlikely(crosses_local_route_boundary(skb_af, skb, rt_mode,
local))) {
IP_VS_DBG_RL("We are crossing local and non-local addresses"
- " daddr=%pI4\n", &dest->addr.ip);
+ " daddr=%pI4\n", dest ? &dest->addr.ip : NULL);
goto err_put;
}
@@ -458,7 +458,7 @@ __ip_vs_get_out_rt_v6(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
if (unlikely(crosses_local_route_boundary(skb_af, skb, rt_mode,
local))) {
IP_VS_DBG_RL("We are crossing local and non-local addresses"
- " daddr=%pI6\n", &dest->addr.in6);
+ " daddr=%pI6\n", dest ? &dest->addr.in6 : NULL);
goto err_put;
}
You have to print the "daddr" variable as
it was done before your patchset in the
"Stopping traffic to %s address, dest: %p..." message
because dest is not present in all cases, for example,
for *bypass_xmit. Other places provide cp->daddr but
for backup server some conns can live without cp->dest.

Regards

--
Julian Anastasov <***@ssi.bg>
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Alex Gartrell
2014-10-06 15:56:40 UTC
Permalink
Hey Julian,
Post by Julian Anastasov
You have to print the "daddr" variable as
it was done before your patchset in the
"Stopping traffic to %s address, dest: %p..." message
because dest is not present in all cases, for example,
for *bypass_xmit. Other places provide cp->daddr but
for backup server some conns can live without cp->dest.
I've sent an updated patch that does this but I have some questions
about other stuff that I find mildly confusing. Specifically I didn't
realize until looking at the call sites that !dest || daddr =
dest->addr.ip (but maybe I'm wrong?)

If that's the case, why do we have the following line in __ip_vs_get_out_rt?

daddr = dest->addr.ip;

If that's /always/ true then we should add the following line or a
comment to the same effect to clarify

BUG_ON(dest && dest->addr.ip != daddr);

If that's not intended to always be true, then should the patch be the
following?

...%pI4", dest ? &dest->addr.ip : &daddr);

Thanks,
--
Alex Gartrell <***@fb.com>
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Julian Anastasov
2014-10-06 19:13:07 UTC
Permalink
Hello,
Post by Alex Gartrell
Hey Julian,
I've sent an updated patch that does this but I have some questions about
other stuff that I find mildly confusing. Specifically I didn't realize until
looking at the call sites that !dest || daddr = dest->addr.ip (but maybe I'm
wrong?)
If that's the case, why do we have the following line in __ip_vs_get_out_rt?
daddr = dest->addr.ip;
Extra line that is not needed...
Post by Alex Gartrell
If that's /always/ true then we should add the following line or a comment to
the same effect to clarify
BUG_ON(dest && dest->addr.ip != daddr);
IMHO, BUG_ON is not needed.
Post by Alex Gartrell
If that's not intended to always be true, then should the patch be the
following?
...%pI4", dest ? &dest->addr.ip : &daddr);
Using daddr is fine.

Regards

--
Julian Anastasov <***@ssi.bg>
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Alex Gartrell
2014-10-06 15:46:19 UTC
Permalink
Use daddr instead of reaching into dest.

Reported-by: Dan Carpenter <***@oracle.com>
Signed-off-by: Alex Gartrell <***@fb.com>
---
net/netfilter/ipvs/ip_vs_xmit.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 91f17c1..437a366 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -316,7 +316,7 @@ __ip_vs_get_out_rt(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
if (unlikely(crosses_local_route_boundary(skb_af, skb, rt_mode,
local))) {
IP_VS_DBG_RL("We are crossing local and non-local addresses"
- " daddr=%pI4\n", &dest->addr.ip);
+ " daddr=%pI4\n", &daddr);
goto err_put;
}

@@ -458,7 +458,7 @@ __ip_vs_get_out_rt_v6(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
if (unlikely(crosses_local_route_boundary(skb_af, skb, rt_mode,
local))) {
IP_VS_DBG_RL("We are crossing local and non-local addresses"
- " daddr=%pI6\n", &dest->addr.in6);
+ " daddr=%pI6\n", daddr);
goto err_put;
}
--
Alex Gartrell <***@fb.com>

--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Julian Anastasov
2014-10-06 19:01:08 UTC
Permalink
Hello,
Post by Alex Gartrell
Use daddr instead of reaching into dest.
Thanks!
Post by Alex Gartrell
---
net/netfilter/ipvs/ip_vs_xmit.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 91f17c1..437a366 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -316,7 +316,7 @@ __ip_vs_get_out_rt(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
if (unlikely(crosses_local_route_boundary(skb_af, skb, rt_mode,
local))) {
IP_VS_DBG_RL("We are crossing local and non-local addresses"
- " daddr=%pI4\n", &dest->addr.ip);
+ " daddr=%pI4\n", &daddr);
goto err_put;
}
@@ -458,7 +458,7 @@ __ip_vs_get_out_rt_v6(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
if (unlikely(crosses_local_route_boundary(skb_af, skb, rt_mode,
local))) {
IP_VS_DBG_RL("We are crossing local and non-local addresses"
- " daddr=%pI6\n", &dest->addr.in6);
+ " daddr=%pI6\n", daddr);
goto err_put;
}
--
Regards

--
Julian Anastasov <***@ssi.bg>
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Simon Horman
2014-10-17 06:27:18 UTC
Permalink
Post by Julian Anastasov
Hello,
Post by Alex Gartrell
Use daddr instead of reaching into dest.
Thanks!
Thanks, I have applied this to the ipvs tree and will see about
both getting it included in v3.18 and v3.17-stable.
Post by Julian Anastasov
Post by Alex Gartrell
---
net/netfilter/ipvs/ip_vs_xmit.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/ipvs/ip_vs_xmit.c b/net/netfilter/ipvs/ip_vs_xmit.c
index 91f17c1..437a366 100644
--- a/net/netfilter/ipvs/ip_vs_xmit.c
+++ b/net/netfilter/ipvs/ip_vs_xmit.c
@@ -316,7 +316,7 @@ __ip_vs_get_out_rt(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
if (unlikely(crosses_local_route_boundary(skb_af, skb, rt_mode,
local))) {
IP_VS_DBG_RL("We are crossing local and non-local addresses"
- " daddr=%pI4\n", &dest->addr.ip);
+ " daddr=%pI4\n", &daddr);
goto err_put;
}
@@ -458,7 +458,7 @@ __ip_vs_get_out_rt_v6(int skb_af, struct sk_buff *skb, struct ip_vs_dest *dest,
if (unlikely(crosses_local_route_boundary(skb_af, skb, rt_mode,
local))) {
IP_VS_DBG_RL("We are crossing local and non-local addresses"
- " daddr=%pI6\n", &dest->addr.in6);
+ " daddr=%pI6\n", daddr);
goto err_put;
}
--
Regards
--
--
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to ***@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Loading...