3 files changed, 5 insertions, 16 deletions
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 63958f3394a5..4b6c5ca610fc 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -336,7 +336,7 @@ ipt_do_table(struct sk_buff *skb,
        cpu        = smp_processor_id();
        table_base = private->entries[cpu];
        jumpstack  = (struct ipt_entry **)private->jumpstack[cpu];
-        stackptr   = &private->stackptr[cpu];
+        stackptr   = per_cpu_ptr(private->stackptr, cpu);
        origptr    = *stackptr;
        e = get_entry(table_base, private->hook_entry[hook]);
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 6f517bd83692..9d2d68f0e605 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -363,7 +363,7 @@ ip6t_do_table(struct sk_buff *skb,
        cpu        = smp_processor_id();
        table_base = private->entries[cpu];
        jumpstack  = (struct ip6t_entry **)private->jumpstack[cpu];
-        stackptr   = &private->stackptr[cpu];
+        stackptr   = per_cpu_ptr(private->stackptr, cpu);
        origptr    = *stackptr;
        e = get_entry(table_base, private->hook_entry[hook]);
diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 445de702b8b7..e34622fa0003 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -699,10 +699,8 @@ void xt_free_table_info(struct xt_table_info *info)
                vfree(info->jumpstack);
        else
                kfree(info->jumpstack);
-        if (sizeof(unsigned int) * nr_cpu_ids > PAGE_SIZE)
-                vfree(info->stackptr);
+        free_percpu(info->stackptr);
-        else
-                kfree(info->stackptr);
        kfree(info);
 }
@@ -753,14 +751,9 @@ static int xt_jumpstack_alloc(struct xt_table_info *i)
        unsigned int size;
        int cpu;
-        size = sizeof(unsigned int) * nr_cpu_ids;
+        i->stackptr = alloc_percpu(unsigned int);
-        if (size > PAGE_SIZE)
-                i->stackptr = vmalloc(size);
-        else
-                i->stackptr = kmalloc(size, GFP_KERNEL);
        if (i->stackptr == NULL)
                return -ENOMEM;
-        memset(i->stackptr, 0, size);
        size = sizeof(void **) * nr_cpu_ids;
        if (size > PAGE_SIZE)
@@ -844,10 +837,6 @@ struct xt_table *xt_register_table(struct net *net,
        struct xt_table_info *private;
        struct xt_table *t, *table;
-        ret = xt_jumpstack_alloc(newinfo);
-        if (ret < 0)
-                return ERR_PTR(ret);
        /* Don't add one object to multiple lists. */
        table = kmemdup(input_table, sizeof(struct xt_table), GFP_KERNEL);
        if (!table) {

diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 63958f3394a5..4b6c5ca610fc 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c
@@ -336,7 +336,7 @@ ipt_do_table(struct sk_buff *skb,
336	cpu = smp_processor_id();	336	cpu = smp_processor_id();
337	table_base = private->entries[cpu];	337	table_base = private->entries[cpu];
338	jumpstack = (struct ipt_entry **)private->jumpstack[cpu];	338	jumpstack = (struct ipt_entry **)private->jumpstack[cpu];
339	stackptr = &private->stackptr[cpu];	339	stackptr = per_cpu_ptr(private->stackptr, cpu);
340	origptr = *stackptr;	340	origptr = *stackptr;
341		341
342	e = get_entry(table_base, private->hook_entry[hook]);	342	e = get_entry(table_base, private->hook_entry[hook]);


diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c index 6f517bd83692..9d2d68f0e605 100644 --- a/net/ipv6/netfilter/ip6_tables.c +++ b/net/ipv6/netfilter/ip6_tables.c
@@ -363,7 +363,7 @@ ip6t_do_table(struct sk_buff *skb,
363	cpu = smp_processor_id();	363	cpu = smp_processor_id();
364	table_base = private->entries[cpu];	364	table_base = private->entries[cpu];
365	jumpstack = (struct ip6t_entry **)private->jumpstack[cpu];	365	jumpstack = (struct ip6t_entry **)private->jumpstack[cpu];
366	stackptr = &private->stackptr[cpu];	366	stackptr = per_cpu_ptr(private->stackptr, cpu);
367	origptr = *stackptr;	367	origptr = *stackptr;
368		368
369	e = get_entry(table_base, private->hook_entry[hook]);	369	e = get_entry(table_base, private->hook_entry[hook]);


diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c index 445de702b8b7..e34622fa0003 100644 --- a/net/netfilter/x_tables.c +++ b/net/netfilter/x_tables.c
@@ -699,10 +699,8 @@ void xt_free_table_info(struct xt_table_info *info)
699	vfree(info->jumpstack);	699	vfree(info->jumpstack);
700	else	700	else
701	kfree(info->jumpstack);	701	kfree(info->jumpstack);
702	if (sizeof(unsigned int) * nr_cpu_ids > PAGE_SIZE)	702
703	vfree(info->stackptr);	703	free_percpu(info->stackptr);
704	else
705	kfree(info->stackptr);
706		704
707	kfree(info);	705	kfree(info);
708	}	706	}
@@ -753,14 +751,9 @@ static int xt_jumpstack_alloc(struct xt_table_info *i)
753	unsigned int size;	751	unsigned int size;
754	int cpu;	752	int cpu;
755		753
756	size = sizeof(unsigned int) * nr_cpu_ids;	754	i->stackptr = alloc_percpu(unsigned int);
757	if (size > PAGE_SIZE)
758	i->stackptr = vmalloc(size);
759	else
760	i->stackptr = kmalloc(size, GFP_KERNEL);
761	if (i->stackptr == NULL)	755	if (i->stackptr == NULL)
762	return -ENOMEM;	756	return -ENOMEM;
763	memset(i->stackptr, 0, size);
764		757
765	size = sizeof(void *) nr_cpu_ids;	758	size = sizeof(void *) nr_cpu_ids;
766	if (size > PAGE_SIZE)	759	if (size > PAGE_SIZE)
@@ -844,10 +837,6 @@ struct xt_table xt_register_table(struct net net,
844	struct xt_table_info *private;	837	struct xt_table_info *private;
845	struct xt_table t, table;	838	struct xt_table t, table;
846		839
847	ret = xt_jumpstack_alloc(newinfo);
848	if (ret < 0)
849	return ERR_PTR(ret);
850
851	/* Don't add one object to multiple lists. */	840	/* Don't add one object to multiple lists. */
852	table = kmemdup(input_table, sizeof(struct xt_table), GFP_KERNEL);	841	table = kmemdup(input_table, sizeof(struct xt_table), GFP_KERNEL);
853	if (!table) {	842	if (!table) {