netfilter: make nf_queue_entry_get_refs return void

We don't care if module is being unloaded anymore since hook unregister
handling will destroy queue entries using that hook.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

3 files changed, 6 insertions, 18 deletions

diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 32a289420caf..09e661c3ae58 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -313,8 +313,6 @@ next_hook:
                 int err = nf_queue(skb, elem, state,
                                    verdict >> NF_VERDICT_QBITS);
                 if (err < 0) {
-                        if (err == -ECANCELED)
-                                goto next_hook;
                         if (err == -ESRCH &&
                            (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS))
                                 goto next_hook;
diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index eef1c50e0e21..efc968807199 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -73,7 +73,7 @@ void nf_queue_entry_release_refs(struct nf_queue_entry *entry)
 EXPORT_SYMBOL_GPL(nf_queue_entry_release_refs);
 
 /* Bump dev refs so they don't vanish while packet is out */
-bool nf_queue_entry_get_refs(struct nf_queue_entry *entry)
+void nf_queue_entry_get_refs(struct nf_queue_entry *entry)
 {
         struct nf_hook_state *state = &entry->state;
 
@@ -95,8 +95,6 @@ bool nf_queue_entry_get_refs(struct nf_queue_entry *entry)
                         dev_hold(physdev);
         }
 #endif
-
-        return true;
 }
 EXPORT_SYMBOL_GPL(nf_queue_entry_get_refs);
 
@@ -151,10 +149,7 @@ int nf_queue(struct sk_buff *skb,
                 .size   = sizeof(*entry) + afinfo->route_key_size,
         };
 
-        if (!nf_queue_entry_get_refs(entry)) {
-                status = -ECANCELED;
-                goto err_unlock;
-        }
+        nf_queue_entry_get_refs(entry);
         skb_dst_force(skb);
         afinfo->saveroute(skb, entry);
         status = qh->outfn(entry, queuenum);
@@ -215,8 +210,6 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
                 err = nf_queue(skb, elem, &entry->state,
                                verdict >> NF_VERDICT_QBITS);
                 if (err < 0) {
-                        if (err == -ECANCELED)
-                                goto next_hook;
                         if (err == -ESRCH &&
                            (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS))
                                 goto next_hook;
diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index a659e57aa576..7d81d280cb4f 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -606,12 +606,9 @@ static struct nf_queue_entry *
 nf_queue_entry_dup(struct nf_queue_entry *e)
 {
         struct nf_queue_entry *entry = kmemdup(e, e->size, GFP_ATOMIC);
-        if (entry) {
-                if (nf_queue_entry_get_refs(entry))
-                        return entry;
-                kfree(entry);
-        }
-        return NULL;
+        if (entry)
+                nf_queue_entry_get_refs(entry);
+        return entry;
 }
 
 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER)
@@ -706,7 +703,7 @@ nfqnl_enqueue_packet(struct nf_queue_entry *entry, unsigned int queuenum)
         nf_bridge_adjust_skb_data(skb);
         segs = skb_gso_segment(skb, 0);
         /* Does not use PTR_ERR to limit the number of error codes that can be
-         * returned by nf_queue.  For instance, callers rely on -ECANCELED to
+         * returned by nf_queue.  For instance, callers rely on -ESRCH to
          * mean 'ignore this hook'.
          */
         if (IS_ERR_OR_NULL(segs))