Merge branch 'for-linus-v3.20' of git://git.infradead.org/linux-ubifs

[firefly-linux-kernel-4.4.55.git] / net / netfilter / nf_tables_api.c
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c

index 3b3ddb4fb9ee122a5b6d3a39450be38a64d6f614..199fd0f27b0e128cfb8674ca331c2dae240e1b1c 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -427,7 +427,8 @@ static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net,
             nla_put_be32(skb, NFTA_TABLE_USE, htonl(table->use)))
                 goto nla_put_failure;
  
-       return nlmsg_end(skb, nlh);
+       nlmsg_end(skb, nlh);
+       return 0;
  
  nla_put_failure:
         nlmsg_trim(skb, nlh);
@@ -971,7 +972,8 @@ static int nf_tables_fill_chain_info(struct sk_buff *skb, struct net *net,
         if (nla_put_be32(skb, NFTA_CHAIN_USE, htonl(chain->use)))
                 goto nla_put_failure;
  
-       return nlmsg_end(skb, nlh);
+       nlmsg_end(skb, nlh);
+       return 0;
  
  nla_put_failure:
         nlmsg_trim(skb, nlh);
@@ -1134,9 +1136,11 @@ static struct nft_stats __percpu *nft_stats_alloc(const struct nlattr *attr)
         /* Restore old counters on this cpu, no problem. Per-cpu statistics
          * are not exposed to userspace.
          */
+       preempt_disable();
         stats = this_cpu_ptr(newstats);
         stats->bytes = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_BYTES]));
         stats->pkts = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_PACKETS]));
+       preempt_enable();
  
         return newstats;
  }
@@ -1262,8 +1266,10 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
                 nft_ctx_init(&ctx, skb, nlh, afi, table, chain, nla);
                 trans = nft_trans_alloc(&ctx, NFT_MSG_NEWCHAIN,
                                         sizeof(struct nft_trans_chain));
-               if (trans == NULL)
+               if (trans == NULL) {
+                       free_percpu(stats);
                         return -ENOMEM;
+               }
  
                 nft_trans_chain_stats(trans) = stats;
                 nft_trans_chain_update(trans) = true;
@@ -1319,8 +1325,10 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
                 hookfn = type->hooks[hooknum];
  
                 basechain = kzalloc(sizeof(*basechain), GFP_KERNEL);
-               if (basechain == NULL)
+               if (basechain == NULL) {
+                       module_put(type->owner);
                         return -ENOMEM;
+               }
  
                 if (nla[NFTA_CHAIN_COUNTERS]) {
                         stats = nft_stats_alloc(nla[NFTA_CHAIN_COUNTERS]);
@@ -1707,7 +1715,8 @@ static int nf_tables_fill_rule_info(struct sk_buff *skb, struct net *net,
             nla_put(skb, NFTA_RULE_USERDATA, rule->ulen, nft_userdata(rule)))
                 goto nla_put_failure;
  
-       return nlmsg_end(skb, nlh);
+       nlmsg_end(skb, nlh);
+       return 0;
  
  nla_put_failure:
         nlmsg_trim(skb, nlh);
@@ -2361,7 +2370,8 @@ static int nf_tables_fill_set(struct sk_buff *skb, const struct nft_ctx *ctx,
                 goto nla_put_failure;
         nla_nest_end(skb, desc);
  
-       return nlmsg_end(skb, nlh);
+       nlmsg_end(skb, nlh);
+       return 0;
  
  nla_put_failure:
         nlmsg_trim(skb, nlh);
@@ -3035,7 +3045,8 @@ static int nf_tables_fill_setelem_info(struct sk_buff *skb,
  
         nla_nest_end(skb, nest);
  
-       return nlmsg_end(skb, nlh);
+       nlmsg_end(skb, nlh);
+       return 0;
  
  nla_put_failure:
         nlmsg_trim(skb, nlh);
@@ -3324,7 +3335,8 @@ static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
         if (nla_put_be32(skb, NFTA_GEN_ID, htonl(net->nft.base_seq)))
                 goto nla_put_failure;
  
-       return nlmsg_end(skb, nlh);
+       nlmsg_end(skb, nlh);
+       return 0;
  
  nla_put_failure:
         nlmsg_trim(skb, nlh);
@@ -3753,6 +3765,24 @@ int nft_chain_validate_dependency(const struct nft_chain *chain,
  }
  EXPORT_SYMBOL_GPL(nft_chain_validate_dependency);
  
+int nft_chain_validate_hooks(const struct nft_chain *chain,
+                            unsigned int hook_flags)
+{
+       struct nft_base_chain *basechain;
+
+       if (chain->flags & NFT_BASE_CHAIN) {
+               basechain = nft_base_chain(chain);
+
+               if ((1 << basechain->ops[0].hooknum) & hook_flags)
+                       return 0;
+
+               return -EOPNOTSUPP;
+       }
+
+       return 0;
+}
+EXPORT_SYMBOL_GPL(nft_chain_validate_hooks);
+
  /*
   * Loop detection - walk through the ruleset beginning at the destination chain
   * of a new jump until either the source chain is reached (loop) or all