From patchwork Fri Aug 30 09:43:32 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tomasz Bursztyka X-Patchwork-Id: 271202 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 003A32C00A3 for ; Fri, 30 Aug 2013 19:43:46 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753604Ab3H3Jnp (ORCPT ); Fri, 30 Aug 2013 05:43:45 -0400 Received: from mga01.intel.com ([192.55.52.88]:6402 "EHLO mga01.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753417Ab3H3Jnp (ORCPT ); Fri, 30 Aug 2013 05:43:45 -0400 Received: from fmsmga002.fm.intel.com ([10.253.24.26]) by fmsmga101.fm.intel.com with ESMTP; 30 Aug 2013 02:43:44 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.89,989,1367996400"; d="scan'208";a="394446742" Received: from unknown (HELO rd-180.ger.corp.intel.com) ([10.252.123.66]) by fmsmga002.fm.intel.com with ESMTP; 30 Aug 2013 02:43:38 -0700 From: Tomasz Bursztyka To: netfilter-devel@vger.kernel.org Cc: Tomasz Bursztyka Subject: [nftables-kernel PATCH] netfilter: nf_tables: Fixes how a table is checked to be in use Date: Fri, 30 Aug 2013 12:43:32 +0300 Message-Id: <1377855812-15251-1-git-send-email-tomasz.bursztyka@linux.intel.com> X-Mailer: git-send-email 1.8.3.2 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Let's check table's chain list emptyness instead so struct nft_table does not grow and we avoid the (unlikely to happen) overflow. Signed-off-by: Tomasz Bursztyka --- include/net/netfilter/nf_tables.h | 1 - net/netfilter/nf_tables_api.c | 7 +------ 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 215edf5..e4306a4 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -450,7 +450,6 @@ struct nft_table { struct list_head chains; struct list_head sets; u64 hgenerator; - u32 use; u16 flags; char name[]; }; diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index c5d0129..68f90da 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -448,7 +448,7 @@ static int nf_tables_deltable(struct sock *nlsk, struct sk_buff *skb, if (IS_ERR(table)) return PTR_ERR(table); - if (table->use) + if (!list_empty(&table->chains)) return -EBUSY; list_del(&table->list); @@ -835,9 +835,6 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, if (IS_ERR(table)) return PTR_ERR(table); - if (table->use == UINT_MAX) - return -EOVERFLOW; - chain = NULL; name = nla[NFTA_CHAIN_NAME]; @@ -992,7 +989,6 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, } } list_add_tail(&chain->list, &table->chains); - table->use++; notify: nf_tables_chain_notify(skb, nlh, table, chain, NFT_MSG_NEWCHAIN, family); @@ -1038,7 +1034,6 @@ static int nf_tables_delchain(struct sock *nlsk, struct sk_buff *skb, return -EBUSY; list_del(&chain->list); - table->use--; if (!(table->flags & NFT_TABLE_F_DORMANT) && chain->flags & NFT_BASE_CHAIN)