1 files changed, 9 insertions, 52 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 9707079bc40a..1a92b369c820 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1882,7 +1882,7 @@ static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt,
        struct xt_match *match;
        struct xt_target *wt;
        void *dst = NULL;
-        int off, pad = 0, ret = 0;
+        int off, pad = 0;
        unsigned int size_kern, entry_offset, match_size = mwt->match_size;
        strlcpy(name, mwt->u.name, sizeof(name));
@@ -1935,13 +1935,6 @@ static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt,
                break;
        }
-        if (!dst) {
-                ret = xt_compat_add_offset(NFPROTO_BRIDGE, entry_offset,
-                                        off + ebt_compat_entry_padsize());
-                if (ret < 0)
-                        return ret;
-        }
        state->buf_kern_offset += match_size + off;
        state->buf_user_offset += match_size;
        pad = XT_ALIGN(size_kern) - size_kern;
@@ -2016,50 +2009,6 @@ static int ebt_size_mwt(struct compat_ebt_entry_mwt *match32,
        return growth;
 }
-#define EBT_COMPAT_WATCHER_ITERATE(e, fn, args...)          \
-({                                                          \
-        unsigned int __i;                                   \
-        int __ret = 0;                                      \
-        struct compat_ebt_entry_mwt *__watcher;             \
-                                                            \
-        for (__i = e->watchers_offset;                      \
-             __i < (e)->target_offset;                      \
-             __i += __watcher->watcher_size +               \
-             sizeof(struct compat_ebt_entry_mwt)) {         \
-                __watcher = (void *)(e) + __i;              \
-                __ret = fn(__watcher , ## args);            \
-                if (__ret != 0)                             \
-                        break;                              \
-        }                                                   \
-        if (__ret == 0) {                                   \
-                if (__i != (e)->target_offset)              \
-                        __ret = -EINVAL;                    \
-        }                                                   \
-        __ret;                                              \
-})
-#define EBT_COMPAT_MATCH_ITERATE(e, fn, args...)            \
-({                                                          \
-        unsigned int __i;                                   \
-        int __ret = 0;                                      \
-        struct compat_ebt_entry_mwt *__match;               \
-                                                            \
-        for (__i = sizeof(struct ebt_entry);                \
-             __i < (e)->watchers_offset;                    \
-             __i += __match->match_size +                   \
-             sizeof(struct compat_ebt_entry_mwt)) {         \
-                __match = (void *)(e) + __i;                \
-                __ret = fn(__match , ## args);              \
-                if (__ret != 0)                             \
-                        break;                              \
-        }                                                   \
-        if (__ret == 0) {                                   \
-                if (__i != (e)->watchers_offset)            \
-                        __ret = -EINVAL;                    \
-        }                                                   \
-        __ret;                                              \
-})
 /* called for all ebt_entry structures. */
 static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base,
                          unsigned int *total,
@@ -2132,6 +2081,14 @@ static int size_entry_mwt(struct ebt_entry *entry, const unsigned char *base,
                }
        }
+        if (state->buf_kern_start == NULL) {
+                unsigned int offset = buf_start - (char *) base;
+                ret = xt_compat_add_offset(NFPROTO_BRIDGE, offset, new_offset);
+                if (ret < 0)
+                        return ret;
+        }
        startoff = state->buf_user_offset - startoff;
        BUG_ON(*total < startoff);

diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c index 9707079bc40a..1a92b369c820 100644 --- a/net/bridge/netfilter/ebtables.c +++ b/net/bridge/netfilter/ebtables.c
@@ -1882,7 +1882,7 @@ static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt,
1882	struct xt_match *match;	1882	struct xt_match *match;
1883	struct xt_target *wt;	1883	struct xt_target *wt;
1884	void *dst = NULL;	1884	void *dst = NULL;
1885	int off, pad = 0, ret = 0;	1885	int off, pad = 0;
1886	unsigned int size_kern, entry_offset, match_size = mwt->match_size;	1886	unsigned int size_kern, entry_offset, match_size = mwt->match_size;
1887		1887
1888	strlcpy(name, mwt->u.name, sizeof(name));	1888	strlcpy(name, mwt->u.name, sizeof(name));
@@ -1935,13 +1935,6 @@ static int compat_mtw_from_user(struct compat_ebt_entry_mwt *mwt,
1935	break;	1935	break;
1936	}	1936	}
1937		1937
1938	if (!dst) {
1939	ret = xt_compat_add_offset(NFPROTO_BRIDGE, entry_offset,
1940	off + ebt_compat_entry_padsize());
1941	if (ret < 0)
1942	return ret;
1943	}
1944
1945	state->buf_kern_offset += match_size + off;	1938	state->buf_kern_offset += match_size + off;
1946	state->buf_user_offset += match_size;	1939	state->buf_user_offset += match_size;
1947	pad = XT_ALIGN(size_kern) - size_kern;	1940	pad = XT_ALIGN(size_kern) - size_kern;
@@ -2016,50 +2009,6 @@ static int ebt_size_mwt(struct compat_ebt_entry_mwt *match32,
2016	return growth;	2009	return growth;
2017	}	2010	}
2018		2011
2019	#define EBT_COMPAT_WATCHER_ITERATE(e, fn, args...) \
2020	({ \
2021	unsigned int __i; \
2022	int __ret = 0; \
2023	struct compat_ebt_entry_mwt *__watcher; \
2024	\
2025	for (__i = e->watchers_offset; \
2026	__i < (e)->target_offset; \
2027	__i += __watcher->watcher_size + \
2028	sizeof(struct compat_ebt_entry_mwt)) { \
2029	__watcher = (void *)(e) + __i; \
2030	__ret = fn(__watcher , ## args); \
2031	if (__ret != 0) \
2032	break; \
2033	} \
2034	if (__ret == 0) { \
2035	if (__i != (e)->target_offset) \
2036	__ret = -EINVAL; \
2037	} \
2038	__ret; \
2039	})
2040
2041	#define EBT_COMPAT_MATCH_ITERATE(e, fn, args...) \
2042	({ \
2043	unsigned int __i; \
2044	int __ret = 0; \
2045	struct compat_ebt_entry_mwt *__match; \
2046	\
2047	for (__i = sizeof(struct ebt_entry); \
2048	__i < (e)->watchers_offset; \
2049	__i += __match->match_size + \
2050	sizeof(struct compat_ebt_entry_mwt)) { \
2051	__match = (void *)(e) + __i; \
2052	__ret = fn(__match , ## args); \
2053	if (__ret != 0) \
2054	break; \
2055	} \
2056	if (__ret == 0) { \
2057	if (__i != (e)->watchers_offset) \
2058	__ret = -EINVAL; \
2059	} \
2060	__ret; \
2061	})
2062
2063	/* called for all ebt_entry structures. */	2012	/* called for all ebt_entry structures. */
2064	static int size_entry_mwt(struct ebt_entry entry, const unsigned char base,	2013	static int size_entry_mwt(struct ebt_entry entry, const unsigned char base,
2065	unsigned int *total,	2014	unsigned int *total,
@@ -2132,6 +2081,14 @@ static int size_entry_mwt(struct ebt_entry entry, const unsigned char base,
2132	}	2081	}
2133	}	2082	}
2134		2083
		2084	if (state->buf_kern_start == NULL) {
		2085	unsigned int offset = buf_start - (char *) base;
		2086
		2087	ret = xt_compat_add_offset(NFPROTO_BRIDGE, offset, new_offset);
		2088	if (ret < 0)
		2089	return ret;
		2090	}
		2091
2135	startoff = state->buf_user_offset - startoff;	2092	startoff = state->buf_user_offset - startoff;
2136		2093
2137	BUG_ON(*total < startoff);	2094	BUG_ON(*total < startoff);