netfilter: nf_conntrack: padding breaks conntrack hash on ARM

commit 0794935e "[NETFILTER]: nf_conntrack: optimize hash_conntrack()"
results in ARM platforms hashing uninitialised padding.  This padding
doesn't exist on other architectures.

Fix this by replacing NF_CT_TUPLE_U_BLANK() with memset() to ensure
everything is initialised.  There were only 4 bytes that
NF_CT_TUPLE_U_BLANK() wasn't clearing anyway (or 12 bytes on ARM).

Signed-off-by: Philip Craig <philipc@snapgear.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index 1bb7087833d374eb2429dd55318248ddc1747d50..a6874ba22d546322dc5ef9c2c86271003ec156e4 100644 (file)
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -107,16 +107,6 @@ struct nf_conntrack_tuple_mask
        } src;
 };
 
-/* This is optimized opposed to a memset of the whole structure.  Everything we
- * really care about is the  source/destination unions */
-#define NF_CT_TUPLE_U_BLANK(tuple)                                     \
-        do {                                                           \
-                (tuple)->src.u.all = 0;                                \
-                (tuple)->dst.u.all = 0;                                \
-               memset(&(tuple)->src.u3, 0, sizeof((tuple)->src.u3));   \
-               memset(&(tuple)->dst.u3, 0, sizeof((tuple)->dst.u3));   \
-        } while (0)
-
 #ifdef __KERNEL__
 
 static inline void nf_ct_dump_tuple_ip(const struct nf_conntrack_tuple *t)

diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index cacb9cb27dab75d62b9628f58e048b3f2110902e..5a955c440364728d3002a09213790273bb924339 100644 (file)
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -303,7 +303,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len)
        const struct nf_conntrack_tuple_hash *h;
        struct nf_conntrack_tuple tuple;
 
-       NF_CT_TUPLE_U_BLANK(&tuple);
+       memset(&tuple, 0, sizeof(tuple));
        tuple.src.u3.ip = inet->rcv_saddr;
        tuple.src.u.tcp.port = inet->sport;
        tuple.dst.u3.ip = inet->daddr;

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 4eac65c74ed05ac18a504957f2dbcb721bb2014d..c4b1799da5d76ac98920527e9fe85d30866ff9c8 100644 (file)
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -104,7 +104,7 @@ nf_ct_get_tuple(const struct sk_buff *skb,
                const struct nf_conntrack_l3proto *l3proto,
                const struct nf_conntrack_l4proto *l4proto)
 {
-       NF_CT_TUPLE_U_BLANK(tuple);
+       memset(tuple, 0, sizeof(*tuple));
 
        tuple->src.l3num = l3num;
        if (l3proto->pkt_to_tuple(skb, nhoff, tuple) == 0)
@@ -151,7 +151,7 @@ nf_ct_invert_tuple(struct nf_conntrack_tuple *inverse,
                   const struct nf_conntrack_l3proto *l3proto,
                   const struct nf_conntrack_l4proto *l4proto)
 {
-       NF_CT_TUPLE_U_BLANK(inverse);
+       memset(inverse, 0, sizeof(*inverse));
 
        inverse->src.l3num = orig->src.l3num;
        if (l3proto->invert_tuple(inverse, orig) == 0)