[nf-next,v6] net: netfilter: nf_tables_api: Use id allocation

Message ID 20180628175915.3897-1-rvarsha016@gmail.com
State Not Applicable
Delegated to: Pablo Neira
Headers show
Series
  • [nf-next,v6] net: netfilter: nf_tables_api: Use id allocation
Related show

Commit Message

Varsha Rao June 28, 2018, 5:59 p.m.
In nf_tables_set_alloc_name function, remove get_zeroed_page
find_first_zero_bit and set_bit functions. Instead use ida_get_new_above
function as it simplifies the code. In case of -EAGAIN error return
-ENOMEM , EAGAIN indicates failure in loading module. Remove page size
limit as id's are allocated within the range of 0x7fffffff.

Signed-off-by: Varsha Rao <rvarsha016@gmail.com>
---
Changes in v2:
- Modified the upper limit of page size.

Changes in v3:
- Used ida_get_new_above instead of ida_simple_get due to internal
  locking.
- Defined macro NFT_SET_IDA_SIZE.
- Modified commit message.

Changes in v4:
- Removed -EAGAIN return value.
- Updated NFT_SET_IDA_SIZE value.

Changes in v5:
- In case of -EAGAIN error returned -ENOMEM.
- Removed limit for page size.
- Modified commit message.

Changes in v6:
- Removed tmp < 0 condition.

 net/netfilter/nf_tables_api.c | 34 ++++++++++++++++++----------------
 1 file changed, 18 insertions(+), 16 deletions(-)

Comments

Pablo Neira Ayuso July 17, 2018, 1:03 p.m. | #1
On Thu, Jun 28, 2018 at 11:29:15PM +0530, Varsha Rao wrote:
> In nf_tables_set_alloc_name function, remove get_zeroed_page
> find_first_zero_bit and set_bit functions. Instead use ida_get_new_above
> function as it simplifies the code. In case of -EAGAIN error return
> -ENOMEM , EAGAIN indicates failure in loading module. Remove page size
> limit as id's are allocated within the range of 0x7fffffff.

Applied, thanks Varsha.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 3f211e1025c1..7202295f0617 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2926,18 +2926,14 @@  static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set,
 {
 	const struct nft_set *i;
 	const char *p;
-	unsigned long *inuse;
-	unsigned int n = 0, min = 0;
+	unsigned int n = 0, id = 0;
+	DEFINE_IDA(inuse);
 
 	p = strchr(name, '%');
 	if (p != NULL) {
 		if (p[1] != 'd' || strchr(p + 2, '%'))
 			return -EINVAL;
 
-		inuse = (unsigned long *)get_zeroed_page(GFP_KERNEL);
-		if (inuse == NULL)
-			return -ENOMEM;
-cont:
 		list_for_each_entry(i, &ctx->table->sets, list) {
 			int tmp;
 
@@ -2945,22 +2941,28 @@  static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set,
 				continue;
 			if (!sscanf(i->name, name, &tmp))
 				continue;
-			if (tmp < min || tmp >= min + BITS_PER_BYTE * PAGE_SIZE)
-				continue;
 
-			set_bit(tmp - min, inuse);
+			n = ida_get_new_above(&inuse, tmp, &id);
+			if (n < 0) {
+				if (n == -EAGAIN)
+					return -ENOMEM;
+
+				return n;
+			}
 		}
 
-		n = find_first_zero_bit(inuse, BITS_PER_BYTE * PAGE_SIZE);
-		if (n >= BITS_PER_BYTE * PAGE_SIZE) {
-			min += BITS_PER_BYTE * PAGE_SIZE;
-			memset(inuse, 0, PAGE_SIZE);
-			goto cont;
+		n = ida_get_new_above(&inuse, 0, &id);
+		ida_destroy(&inuse);
+
+		if (n < 0) {
+			if (n == -EAGAIN)
+				return -ENOMEM;
+			return n;
 		}
-		free_page((unsigned long)inuse);
+
 	}
 
-	set->name = kasprintf(GFP_KERNEL, name, min + n);
+	set->name = kasprintf(GFP_KERNEL, name, id);
 	if (!set->name)
 		return -ENOMEM;