netfilter: nf_tables: use dev->name directly

no need to store the name in separate area. Furthermore, it uses kmalloc but not kfree and most accesses seem to treat it as char[IFNAMSIZ] not char *. Remove this and use dev->name instead. In case event zeroed dev, just omit the name in the dump. Fixes: d92191aa84e5f1 ("netfilter: nf_tables: cache device name in flowtable object") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2018-07-17 01:17:53 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-07-20 09:31:43 -0400
commit: b8088dda98b9064a2b3007fe54b03ede70a15602 (patch)
tree: 2c231e58617e7cacb2dd007e15691e154f9f4069
parent: c293ac959f809ee1cd31609d9e62bccf6804b2e6 (diff)
2 files changed, 5 insertions, 10 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 4e82a4c49912..dc417ef0a0c5 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -1124,7 +1124,6 @@ struct nft_flowtable {
        u32                             genmask:2,
                                        use:30;
        u64                             handle;
-        char                            *dev_name[NFT_FLOWTABLE_DEVICE_MAX];
        /* runtime data below here */
        struct nf_hook_ops              *ops ____cacheline_aligned;
        struct nf_flowtable             data;
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index d41fa2c82f14..54a4f75ff9da 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5324,8 +5324,6 @@ static int nf_tables_flowtable_parse_hook(const struct nft_ctx *ctx,
                flowtable->ops[i].priv          = &flowtable->data;
                flowtable->ops[i].hook          = flowtable->data.type->hook;
                flowtable->ops[i].dev           = dev_array[i];
-                flowtable->dev_name[i]          = kstrdup(dev_array[i]->name,
-                                                          GFP_KERNEL);
        }
        return err;
@@ -5483,10 +5481,8 @@ static int nf_tables_newflowtable(struct net *net, struct sock *nlsk,
 err6:
        i = flowtable->ops_len;
 err5:
-        for (k = i - 1; k >= 0; k--) {
+        for (k = i - 1; k >= 0; k--)
-                kfree(flowtable->dev_name[k]);
                nf_unregister_net_hook(net, &flowtable->ops[k]);
-        }
        kfree(flowtable->ops);
 err4:
@@ -5585,9 +5581,10 @@ static int nf_tables_fill_flowtable_info(struct sk_buff *skb, struct net *net,
                goto nla_put_failure;
        for (i = 0; i < flowtable->ops_len; i++) {
-                if (flowtable->dev_name[i][0] &&
+                const struct net_device *dev = READ_ONCE(flowtable->ops[i].dev);
-                    nla_put_string(skb, NFTA_DEVICE_NAME,
-                                   flowtable->dev_name[i]))
+                if (dev &&
+                    nla_put_string(skb, NFTA_DEVICE_NAME, dev->name))
                        goto nla_put_failure;
        }
        nla_nest_end(skb, nest_devs);
@@ -5829,7 +5826,6 @@ static void nft_flowtable_event(unsigned long event, struct net_device *dev,
                        continue;
                nf_unregister_net_hook(dev_net(dev), &flowtable->ops[i]);
-                flowtable->dev_name[i][0] = '\0';
                flowtable->ops[i].dev = NULL;
                break;
        }
author	Florian Westphal <fw@strlen.de>	2018-07-17 01:17:53 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-07-20 09:31:43 -0400
commit	b8088dda98b9064a2b3007fe54b03ede70a15602 (patch)
tree	2c231e58617e7cacb2dd007e15691e154f9f4069
parent	c293ac959f809ee1cd31609d9e62bccf6804b2e6 (diff)

diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 4e82a4c49912..dc417ef0a0c5 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h
@@ -1124,7 +1124,6 @@ struct nft_flowtable {
1124	u32 genmask:2,	1124	u32 genmask:2,
1125	use:30;	1125	use:30;
1126	u64 handle;	1126	u64 handle;
1127	char *dev_name[NFT_FLOWTABLE_DEVICE_MAX];
1128	/* runtime data below here */	1127	/* runtime data below here */
1129	struct nf_hook_ops *ops ____cacheline_aligned;	1128	struct nf_hook_ops *ops ____cacheline_aligned;
1130	struct nf_flowtable data;	1129	struct nf_flowtable data;


diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index d41fa2c82f14..54a4f75ff9da 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c
@@ -5324,8 +5324,6 @@ static int nf_tables_flowtable_parse_hook(const struct nft_ctx *ctx,
5324	flowtable->ops[i].priv = &flowtable->data;	5324	flowtable->ops[i].priv = &flowtable->data;
5325	flowtable->ops[i].hook = flowtable->data.type->hook;	5325	flowtable->ops[i].hook = flowtable->data.type->hook;
5326	flowtable->ops[i].dev = dev_array[i];	5326	flowtable->ops[i].dev = dev_array[i];
5327	flowtable->dev_name[i] = kstrdup(dev_array[i]->name,
5328	GFP_KERNEL);
5329	}	5327	}
5330		5328
5331	return err;	5329	return err;
@@ -5483,10 +5481,8 @@ static int nf_tables_newflowtable(struct net net, struct sock nlsk,
5483	err6:	5481	err6:
5484	i = flowtable->ops_len;	5482	i = flowtable->ops_len;
5485	err5:	5483	err5:
5486	for (k = i - 1; k >= 0; k--) {	5484	for (k = i - 1; k >= 0; k--)
5487	kfree(flowtable->dev_name[k]);
5488	nf_unregister_net_hook(net, &flowtable->ops[k]);	5485	nf_unregister_net_hook(net, &flowtable->ops[k]);
5489	}
5490		5486
5491	kfree(flowtable->ops);	5487	kfree(flowtable->ops);
5492	err4:	5488	err4:
@@ -5585,9 +5581,10 @@ static int nf_tables_fill_flowtable_info(struct sk_buff skb, struct net net,
5585	goto nla_put_failure;	5581	goto nla_put_failure;
5586		5582
5587	for (i = 0; i < flowtable->ops_len; i++) {	5583	for (i = 0; i < flowtable->ops_len; i++) {
5588	if (flowtable->dev_name[i][0] &&	5584	const struct net_device *dev = READ_ONCE(flowtable->ops[i].dev);
5589	nla_put_string(skb, NFTA_DEVICE_NAME,	5585
5590	flowtable->dev_name[i]))	5586	if (dev &&
		5587	nla_put_string(skb, NFTA_DEVICE_NAME, dev->name))
5591	goto nla_put_failure;	5588	goto nla_put_failure;
5592	}	5589	}
5593	nla_nest_end(skb, nest_devs);	5590	nla_nest_end(skb, nest_devs);
@@ -5829,7 +5826,6 @@ static void nft_flowtable_event(unsigned long event, struct net_device *dev,
5829	continue;	5826	continue;
5830		5827
5831	nf_unregister_net_hook(dev_net(dev), &flowtable->ops[i]);	5828	nf_unregister_net_hook(dev_net(dev), &flowtable->ops[i]);
5832	flowtable->dev_name[i][0] = '\0';
5833	flowtable->ops[i].dev = NULL;	5829	flowtable->ops[i].dev = NULL;
5834	break;	5830	break;
5835	}	5831	}