review.tizen.org Git - platform/kernel/linux-rpi3.git/commit

author	Florian Westphal <fw@strlen.de>
	Fri, 12 Apr 2019 17:55:03 +0000 (10:55 -0700)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 17 Apr 2019 06:38:46 +0000 (08:38 +0200)
commit	40177a7931e0043f9f5016e370c0695e4bae6b19
tree	d8ca2b323dc5aca7e84c80fac618aaeabc2da781	tree \| snapshot
parent	c2d27b330a983d176311c1368037baa315fa0fd6	commit \| diff

netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too

commit 89259088c1b7fecb43e8e245dc931909132a4e03 upstream

syzbot was able to trigger the WARN in cttimeout_default_get() by
passing UDPLITE as l4protocol. Alias UDPLITE to UDP, both use
same timeout values.

Furthermore, also fetch GRE timeouts. GRE is a bit more complicated,
as it still can be a module and its netns_proto_gre struct layout isn't
visible outside of the gre module. Can't move timeouts around, it
appears conntrack sysctl unregister assumes net_generic() returns
nf_proto_net, so we get crash. Expose layout of netns_proto_gre instead.

A followup nf-next patch could make gre tracker be built-in as well
if needed, its not that large.

Last, make the WARN() mention the missing protocol value in case
anything else is missing.

Reported-by: syzbot+2fae8fa157dd92618cae@syzkaller.appspotmail.com
Fixes: 8866df9264a3 ("netfilter: nfnetlink_cttimeout: pass default timeout policy to obj_to_nlattr")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Sasha Levin (Microsoft) <sashal@kernel.org>

include/linux/netfilter/nf_conntrack_proto_gre.h		diff \| blob \| history
net/netfilter/nf_conntrack_proto_gre.c		diff \| blob \| history
net/netfilter/nfnetlink_cttimeout.c		diff \| blob \| history