linux/include/net/tc_act/tc_gact.h
Davide Caratti fe384e2fa3 net/sched: don't dereference a->goto_chain to read the chain index
callers of tcf_gact_goto_chain_index() can potentially read an old value
of the chain index, or even dereference a NULL 'goto_chain' pointer,
because 'goto_chain' and 'tcfa_action' are read in the traffic path
without caring of concurrent write in the control path. The most recent
value of chain index can be read also from a->tcfa_action (it's encoded
there together with TC_ACT_GOTO_CHAIN bits), so we don't really need to
dereference 'goto_chain': just read the chain id from the control action.

Fixes: e457d86ada ("net: sched: add couple of goto_chain helpers")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-03-21 13:26:42 -07:00

63 lines
1.3 KiB
C

/* SPDX-License-Identifier: GPL-2.0 */
#ifndef __NET_TC_GACT_H
#define __NET_TC_GACT_H
#include <net/act_api.h>
#include <linux/tc_act/tc_gact.h>
struct tcf_gact {
struct tc_action common;
#ifdef CONFIG_GACT_PROB
u16 tcfg_ptype;
u16 tcfg_pval;
int tcfg_paction;
atomic_t packets;
#endif
};
#define to_gact(a) ((struct tcf_gact *)a)
static inline bool __is_tcf_gact_act(const struct tc_action *a, int act,
bool is_ext)
{
#ifdef CONFIG_NET_CLS_ACT
struct tcf_gact *gact;
if (a->ops && a->ops->id != TCA_ID_GACT)
return false;
gact = to_gact(a);
if ((!is_ext && gact->tcf_action == act) ||
(is_ext && TC_ACT_EXT_CMP(gact->tcf_action, act)))
return true;
#endif
return false;
}
static inline bool is_tcf_gact_ok(const struct tc_action *a)
{
return __is_tcf_gact_act(a, TC_ACT_OK, false);
}
static inline bool is_tcf_gact_shot(const struct tc_action *a)
{
return __is_tcf_gact_act(a, TC_ACT_SHOT, false);
}
static inline bool is_tcf_gact_trap(const struct tc_action *a)
{
return __is_tcf_gact_act(a, TC_ACT_TRAP, false);
}
static inline bool is_tcf_gact_goto_chain(const struct tc_action *a)
{
return __is_tcf_gact_act(a, TC_ACT_GOTO_CHAIN, true);
}
static inline u32 tcf_gact_goto_chain_index(const struct tc_action *a)
{
return READ_ONCE(a->tcfa_action) & TC_ACT_EXT_VAL_MASK;
}
#endif /* __NET_TC_GACT_H */