netfilter: nfnetlink_acct: avoid using NFACCT_F_OVERQUOTA with bit helper functions

Bit helper functions were used for manipulation with NFACCT_F_OVERQUOTA, but they are accepting pit position, but not a bit mask. As a result not a third bit for NFACCT_F_OVERQUOTA was set, but forth. Such behaviour was dangarous and could lead to unexpected overquota report result. Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nfnetlink_acct: avoid using NFACCT_F_OVERQUOTA with bit helper functions
Bit helper functions were used for manipulation with NFACCT_F_OVERQUOTA, but they are accepting pit position, but not a bit mask. As a result not a third bit for NFACCT_F_OVERQUOTA was set, but forth. Such behaviour was dangarous and could lead to unexpected overquota report result. Signed-off-by: Alexey Perevalov <a.perevalov@samsung.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Alexey Perevalov · Pablo Neira Ayuso
1 parent d24675cb1f
Showing 1 changed file with 5 additions and 3 deletions Side-by-side Diff
net/netfilter/nfnetlink_acct.c
@@ -41,6 +41,7 @@
 };
  
 #define NFACCT_F_QUOTA (NFACCT_F_QUOTA_PKTS | NFACCT_F_QUOTA_BYTES)
+#define NFACCT_OVERQUOTA_BIT	2	/* NFACCT_F_OVERQUOTA */
  
 static int
 nfnl_acct_new(struct sock *nfnl, struct sk_buff *skb,
@@ -77,7 +78,8 @@
 			smp_mb__before_atomic();
 			/* reset overquota flag if quota is enabled. */
 			if ((matching->flags & NFACCT_F_QUOTA))
-				clear_bit(NFACCT_F_OVERQUOTA, &matching->flags);
+				clear_bit(NFACCT_OVERQUOTA_BIT,
+					  &matching->flags);
 			return 0;
 		}
 		return -EBUSY;
@@ -150,7 +152,7 @@
 		bytes = atomic64_xchg(&acct->bytes, 0);
 		smp_mb__before_atomic();
 		if (acct->flags & NFACCT_F_QUOTA)
-			clear_bit(NFACCT_F_OVERQUOTA, &acct->flags);
+			clear_bit(NFACCT_OVERQUOTA_BIT, &acct->flags);
 	} else {
 		pkts = atomic64_read(&acct->pkts);
 		bytes = atomic64_read(&acct->bytes);
@@ -414,7 +416,7 @@
 	ret = now > *quota;
  
 	if (now >= *quota &&
-	    !test_and_set_bit(NFACCT_F_OVERQUOTA, &nfacct->flags)) {
+	    !test_and_set_bit(NFACCT_OVERQUOTA_BIT, &nfacct->flags)) {
 		nfnl_overquota_report(nfacct);
 	}
...	...	@@ -41,6 +41,7 @@
41	41	};
42	42
43	43	#define NFACCT_F_QUOTA (NFACCT_F_QUOTA_PKTS \| NFACCT_F_QUOTA_BYTES)
	44	+#define NFACCT_OVERQUOTA_BIT 2 /* NFACCT_F_OVERQUOTA */
44	45
45	46	static int
46	47	nfnl_acct_new(struct sock nfnl, struct sk_buff skb,
...	...	@@ -77,7 +78,8 @@
77	78	smp_mb__before_atomic();
78	79	/* reset overquota flag if quota is enabled. */
79	80	if ((matching->flags & NFACCT_F_QUOTA))
80		- clear_bit(NFACCT_F_OVERQUOTA, &matching->flags);
	81	+ clear_bit(NFACCT_OVERQUOTA_BIT,
	82	+ &matching->flags);
81	83	return 0;
82	84	}
83	85	return -EBUSY;
...	...	@@ -150,7 +152,7 @@
150	152	bytes = atomic64_xchg(&acct->bytes, 0);
151	153	smp_mb__before_atomic();
152	154	if (acct->flags & NFACCT_F_QUOTA)
153		- clear_bit(NFACCT_F_OVERQUOTA, &acct->flags);
	155	+ clear_bit(NFACCT_OVERQUOTA_BIT, &acct->flags);
154	156	} else {
155	157	pkts = atomic64_read(&acct->pkts);
156	158	bytes = atomic64_read(&acct->bytes);
...	...	@@ -414,7 +416,7 @@
414	416	ret = now > *quota;
415	417
416	418	if (now >= *quota &&
417		- !test_and_set_bit(NFACCT_F_OVERQUOTA, &nfacct->flags)) {
	419	+ !test_and_set_bit(NFACCT_OVERQUOTA_BIT, &nfacct->flags)) {
418	420	nfnl_overquota_report(nfacct);
419	421	}
420	422