From patchwork Fri Sep  8 02:14:45 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vishwanath Pai <vpai@akamai.com>
X-Patchwork-Id: 811298
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	secure) header.d=akamai.com header.i=@akamai.com header.b="l4tnUSJq";
	dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3xpLXs4Y4Mz9sQl
	for <patchwork-incoming@ozlabs.org>;
	Fri,  8 Sep 2017 12:16:29 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1753072AbdIHCQP (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Thu, 7 Sep 2017 22:16:15 -0400
Received: from mx0a-00190b01.pphosted.com ([67.231.149.131]:42317 "EHLO
	mx0a-00190b01.pphosted.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1750852AbdIHCQN (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 7 Sep 2017 22:16:13 -0400
Received: from pps.filterd (m0122333.ppops.net [127.0.0.1])
	by mx0a-00190b01.pphosted.com (8.16.0.21/8.16.0.21) with SMTP id
	v882CdVw028911; Fri, 8 Sep 2017 03:14:50 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com;
	h=from : to : cc :
	subject : date : message-id; s=jan2016.eng;
	bh=J46niw1JaalKAFjajsbbPhmGRT8keZj+mlHoKN7ik2s=;
	b=l4tnUSJqTNQIEG0fy/EWq8/fRvulAm86N0s5UmQ87gTjXSn7ZEDIOfAugTt6bUD2/g4z
	Wb7KPNwGoaaW/pcMEMwP0xSj1UTvKQs8rirgmEKNLk1NO63K8nisdOoomF+L2dv9yEpb
	rZFTeCQcSJBNcY8hN51W6a0X9d/hcsbKLOOY7Tt8HqG/kbBgcr6AHU2X3VhvMosS6qBI
	q8FUGzV+jpLuTUsQPPrc1KEV9H8adC7LTBUiDS2yy47J1/AvRtv2EA5Qg3ylONj8vf8Q
	lERFwf2giKLDLTvx2+/w06kGPQzYD/S6XzQTQ0L1xj3fvg1O3VvnDEKZeD+V21Rm0nzr
	VQ==
Received: from prod-mail-ppoint3 ([96.6.114.86])
	by mx0a-00190b01.pphosted.com with ESMTP id 2cuhn484t6-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Fri, 08 Sep 2017 03:14:50 +0100
Received: from pps.filterd (prod-mail-ppoint3.akamai.com [127.0.0.1])
	by prod-mail-ppoint3.akamai.com (8.16.0.17/8.16.0.17) with SMTP id
	v882BZsN027664; Thu, 7 Sep 2017 22:14:49 -0400
Received: from prod-mail-relay15.akamai.com ([172.27.17.40])
	by prod-mail-ppoint3.akamai.com with ESMTP id 2cqqyw08bv-1;
	Thu, 07 Sep 2017 22:14:49 -0400
Received: from bos-lpqrs.kendall.corp.akamai.com
	(bos-lpqrs.kendall.corp.akamai.com [172.28.13.81])
	by prod-mail-relay15.akamai.com (Postfix) with ESMTP id CCAFF20066;
	Thu,  7 Sep 2017 20:14:47 -0600 (MDT)
Received: from vpai by bos-lpqrs.kendall.corp.akamai.com with local (Exim
	4.82) (envelope-from <vpai@akamai.com>)
	id 1dq8of-0007Zi-Qj; Thu, 07 Sep 2017 22:14:45 -0400
From: Vishwanath Pai <vpai@akamai.com>
To: pablo@netfilter.org, netfilter-devel@vger.kernel.org,
	torvalds@linux-foundation.org, davem@davemloft.net
Cc: kadlec@blackhole.kfki.hu, johunt@akamai.com, fw@strlen.de,
	netdev@vger.kernel.org, pai.vishwain@gmail.com, mingo@kernel.org,
	ilubashe@akamai.com, bp@alien8.de, luto@kernel.org, x86@kernel.org,
	linux-kernel@vger.kernel.org, brgerst@gmail.com,
	andrew.cooper3@citrix.com, jgross@suse.com,
	boris.ostrovsky@oracle.com, keescook@chromium.org,
	akpm@linux-foundation.org, arnd@arndb.de
Subject: [PATCH] netfilter: xt_hashlimit: fix build error caused by 64bit
	division
Date: Thu,  7 Sep 2017 22:14:45 -0400
Message-Id: <1504836885-29088-1-git-send-email-vpai@akamai.com>
X-Mailer: git-send-email 1.9.1
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2017-09-08_01:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
	suspectscore=0
	malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
	adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000
	definitions=main-1709080031
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2017-09-08_02:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
	priorityscore=1501 malwarescore=0
	suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011
	lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam
	adjust=0
	reason=mlx scancount=1 engine=8.0.1-1707230000
	definitions=main-1709080031
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

64bit division causes build/link errors on 32bit architectures. It
prints out error messages like:

ERROR: "__aeabi_uldivmod" [net/netfilter/xt_hashlimit.ko] undefined!

The value of avg passed through by userspace in BYTE mode cannot exceed
U32_MAX. Which means 64bit division in user2rate_bytes is unnecessary.

This fix changes the size of both the param as well as return type on
user2rate_bytes to u32.

Since anything greater than U32_MAX is an invalid input we error out in
hashlimit_mt_check_common() when this is the case.

Also fixed warning about const pointer conversion in cfg_copy().

Fixes: bea74641e378 ("netfilter: xt_hashlimit: add rate match mode")
Signed-off-by: Vishwanath Pai <vpai@akamai.com>
---
 net/netfilter/xt_hashlimit.c | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 10d4823..1d818f1 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -35,6 +35,7 @@
 #include <linux/netfilter_ipv6/ip6_tables.h>
 #include <linux/netfilter/xt_hashlimit.h>
 #include <linux/mutex.h>
+#include <linux/kernel.h>
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
@@ -527,12 +528,12 @@ static u64 user2rate(u64 user)
 	}
 }
 
-static u64 user2rate_bytes(u64 user)
+static u32 user2rate_bytes(u32 user)
 {
-	u64 r;
+	u32 r;
 
-	r = user ? 0xFFFFFFFFULL / user : 0xFFFFFFFFULL;
-	r = (r - 1) << 4;
+	r = user ? U32_MAX / user : U32_MAX;
+	r = (r - 1) << XT_HASHLIMIT_BYTE_SHIFT;
 	return r;
 }
 
@@ -588,7 +589,8 @@ static void rateinfo_init(struct dsthash_ent *dh,
 		dh->rateinfo.prev_window = 0;
 		dh->rateinfo.current_rate = 0;
 		if (hinfo->cfg.mode & XT_HASHLIMIT_BYTES) {
-			dh->rateinfo.rate = user2rate_bytes(hinfo->cfg.avg);
+			dh->rateinfo.rate =
+				user2rate_bytes((u32)hinfo->cfg.avg);
 			if (hinfo->cfg.burst)
 				dh->rateinfo.burst =
 					hinfo->cfg.burst * dh->rateinfo.rate;
@@ -870,7 +872,7 @@ static int hashlimit_mt_check_common(const struct xt_mtchk_param *par,
 
 	/* Check for overflow. */
 	if (revision >= 3 && cfg->mode & XT_HASHLIMIT_RATE_MATCH) {
-		if (cfg->avg == 0) {
+		if (cfg->avg == 0 || cfg->avg > U32_MAX) {
 			pr_info("hashlimit invalid rate\n");
 			return -ERANGE;
 		}