From patchwork Fri Sep  8 05:38:58 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Vishwanath Pai <vpai@akamai.com>
X-Patchwork-Id: 811320
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	secure) header.d=akamai.com header.i=@akamai.com header.b="eSHmCH2o";
	dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3xpR4X3QBHz9sCZ
	for <patchwork-incoming@ozlabs.org>;
	Fri,  8 Sep 2017 15:40:44 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754159AbdIHFkb (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 8 Sep 2017 01:40:31 -0400
Received: from mx0b-00190b01.pphosted.com ([67.231.157.127]:47484 "EHLO
	mx0b-00190b01.pphosted.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1750829AbdIHFk3 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 8 Sep 2017 01:40:29 -0400
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1])
	by m0050096.ppops.net-00190b01. (8.16.0.21/8.16.0.21) with SMTP id
	v885b31S013474; Fri, 8 Sep 2017 06:39:01 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com;
	h=from : to : cc :
	subject : date : message-id; s=jan2016.eng;
	bh=wCXiJHzKMQXsZVRfqNHbuTLP3XXLuFuJTz0LuXCkIaU=;
	b=eSHmCH2oXE+b9AvfuSXp7vry99ELFrVlkArHS9nc5NR7tVulM3TKN4dUB15Kf+YmP0VF
	/2s86ExEiZ2tMo2DTtzbG/wTfFW3552nQxaagA/5mhWs6ZsVMV/8PKXH9/IXo056WicN
	94PvBo5sM3zrIroc+SgH5AbKYFjDhxdawpOiU1UtgiQCtcWp9B8ywOV3AdhRlW+gZKXg
	I/pGPEmdY2h/SISpDAkro8dseGx8CgWUlMTRcZECudBb6ZrGO+rwFlGeQSdM6fSw36BH
	4we46mh5YNbAg4AnbYKgZSgFNos8x67KLBl9Ew7g0IrqHhghWQrj12g+pntGcjatzYCM
	xg==
Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com
	[184.51.33.18])
	by m0050096.ppops.net-00190b01. with ESMTP id 2cukpt0c8x-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
	verify=NOT); Fri, 08 Sep 2017 06:39:01 +0100
Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1])
	by prod-mail-ppoint1.akamai.com (8.16.0.17/8.16.0.17) with SMTP id
	v885ZOMx014663; Fri, 8 Sep 2017 01:39:00 -0400
Received: from prod-mail-relay10.akamai.com ([172.27.118.251])
	by prod-mail-ppoint1.akamai.com with ESMTP id 2cqqyuxtwe-1;
	Fri, 08 Sep 2017 01:38:59 -0400
Received: from bos-lpqrs.kendall.corp.akamai.com
	(bos-lpqrs.kendall.corp.akamai.com [172.28.13.81])
	by prod-mail-relay10.akamai.com (Postfix) with ESMTP id EA4E41FC74;
	Fri,  8 Sep 2017 05:38:58 +0000 (GMT)
Received: from vpai by bos-lpqrs.kendall.corp.akamai.com with local (Exim
	4.82) (envelope-from <vpai@akamai.com>)
	id 1dqC0I-0004Xd-80; Fri, 08 Sep 2017 01:38:58 -0400
From: Vishwanath Pai <vpai@akamai.com>
To: pablo@netfilter.org, netfilter-devel@vger.kernel.org,
	torvalds@linux-foundation.org, davem@davemloft.net
Cc: kadlec@blackhole.kfki.hu, johunt@akamai.com, fw@strlen.de,
	netdev@vger.kernel.org, pai.vishwain@gmail.com, mingo@kernel.org,
	ilubashe@akamai.com, bp@alien8.de, luto@kernel.org, x86@kernel.org,
	linux-kernel@vger.kernel.org, brgerst@gmail.com,
	andrew.cooper3@citrix.com, jgross@suse.com,
	boris.ostrovsky@oracle.com, keescook@chromium.org,
	akpm@linux-foundation.org, arnd@arndb.de
Subject: [PATCH v2] netfilter: xt_hashlimit: fix build error caused by 64bit
	division
Date: Fri,  8 Sep 2017 01:38:58 -0400
Message-Id: <1504849138-17427-1-git-send-email-vpai@akamai.com>
X-Mailer: git-send-email 1.9.1
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2017-09-08_03:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0
	suspectscore=0
	malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
	adjust=0 reason=mlx scancount=1 engine=8.0.1-1707230000
	definitions=main-1709080086
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, ,
	definitions=2017-09-08_03:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
	priorityscore=1501 malwarescore=0
	suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015
	lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam
	adjust=0
	reason=mlx scancount=1 engine=8.0.1-1707230000
	definitions=main-1709080087
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

64bit division causes build/link errors on 32bit architectures. It
prints out error messages like:

ERROR: "__aeabi_uldivmod" [net/netfilter/xt_hashlimit.ko] undefined!

The value of avg passed through by userspace in BYTE mode cannot exceed
U32_MAX. Which means 64bit division in user2rate_bytes is unnecessary.
To fix this I have changed the type of param 'user' to u32.

Since anything greater than U32_MAX is an invalid input we error out in
hashlimit_mt_check_common() when this is the case.

Changes in v2:
	Making return type as u32 would cause an overflow for small
	values of 'user' (for example 2, 3 etc). To avoid this I bumped up
	'r' to u64 again as well as the return type. This is OK since the
	variable that stores the result is u64. We still avoid 64bit
	division here since 'user' is u32.

Fixes: bea74641e378 ("netfilter: xt_hashlimit: add rate match mode")
Signed-off-by: Vishwanath Pai <vpai@akamai.com>
---
 net/netfilter/xt_hashlimit.c | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 10d4823..1c1941e 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -35,6 +35,7 @@
 #include <linux/netfilter_ipv6/ip6_tables.h>
 #include <linux/netfilter/xt_hashlimit.h>
 #include <linux/mutex.h>
+#include <linux/kernel.h>
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
@@ -527,12 +528,12 @@ static u64 user2rate(u64 user)
 	}
 }
 
-static u64 user2rate_bytes(u64 user)
+static u64 user2rate_bytes(u32 user)
 {
 	u64 r;
 
-	r = user ? 0xFFFFFFFFULL / user : 0xFFFFFFFFULL;
-	r = (r - 1) << 4;
+	r = user ? U32_MAX / user : U32_MAX;
+	r = (r - 1) << XT_HASHLIMIT_BYTE_SHIFT;
 	return r;
 }
 
@@ -588,7 +589,8 @@ static void rateinfo_init(struct dsthash_ent *dh,
 		dh->rateinfo.prev_window = 0;
 		dh->rateinfo.current_rate = 0;
 		if (hinfo->cfg.mode & XT_HASHLIMIT_BYTES) {
-			dh->rateinfo.rate = user2rate_bytes(hinfo->cfg.avg);
+			dh->rateinfo.rate =
+				user2rate_bytes((u32)hinfo->cfg.avg);
 			if (hinfo->cfg.burst)
 				dh->rateinfo.burst =
 					hinfo->cfg.burst * dh->rateinfo.rate;
@@ -870,7 +872,7 @@ static int hashlimit_mt_check_common(const struct xt_mtchk_param *par,
 
 	/* Check for overflow. */
 	if (revision >= 3 && cfg->mode & XT_HASHLIMIT_RATE_MATCH) {
-		if (cfg->avg == 0) {
+		if (cfg->avg == 0 || cfg->avg > U32_MAX) {
 			pr_info("hashlimit invalid rate\n");
 			return -ERANGE;
 		}