netfilter: nfnetlink: pass down netns pointer to call() and call_rcu()

Backport patch from Pablo Neira Ayuso <pablo@netfilter.org>
author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2016-02-16 07:50:22 +0100
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2016-02-16 07:50:22 +0100
commit: b418935ba84bce0fd2dd332b87df8d56c707e056 (patch)
tree: f2f1d3e74e50ae72e18652f7c6d7c409c32e1b24 /kernel
parent: 9592763b89d03e988fb46f2fc05c0cdc992534d3 (diff)
2 files changed, 58 insertions, 48 deletions
diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
index 33f14eb..f08f538 100644
--- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
+++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
@@ -30,6 +30,7 @@
 #@HAVE_ETHER_ADDR_COPY@ HAVE_ETHER_ADDR_COPY
 #@HAVE_NF_BRIDGE_GET_PHYSDEV@ HAVE_NF_BRIDGE_GET_PHYSDEV
 #@HAVE_NLA_PUT_IN_ADDR@ HAVE_NLA_PUT_IN_ADDR
+#@HAVE_NET_IN_NFNL_CALLBACK_FN@ HAVE_NET_IN_NFNL_CALLBACK_FN
 
 #ifdef HAVE_EXPORT_H
 #include <linux/export.h>
@@ -252,6 +253,14 @@ static inline int nla_put_in6_addr(struct sk_buff *skb, int attrtype,
 }
 #endif
 
+#ifdef HAVE_NET_IN_NFNL_CALLBACK_FN
+#define IPSET_CBFN(fn, net, nl, skb, nlh, cda)	fn(net, nl, skb, nlh, cda)
+#define IPSET_SOCK_NET(net, ctnl)		net
+#else
+#define IPSET_CBFN(fn, net, nl, skb, nlh, cda)	fn(nl, skb, nlh, cda)
+#define IPSET_SOCK_NET(net, ctnl)		sock_net(ctnl)
+#endif
+
 #ifndef smp_mb__before_atomic
 #define smp_mb__before_atomic()	smp_mb()
 #define smp_mb__after_atomic()	smp_mb()
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index d7e2a15..31a6954 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -834,19 +834,19 @@ find_free_id(struct ip_set_net *inst, const char *name, ip_set_id_t *index,
 }
 
 static int
-ip_set_none(struct sock *ctnl, struct sk_buff *skb,
-	    const struct nlmsghdr *nlh,
-	    const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_none, struct net *net, struct sock *ctnl,
+	   struct sk_buff *skb, const struct nlmsghdr *nlh,
+	   const struct nlattr * const attr[])
 {
 	return -EOPNOTSUPP;
 }
 
 static int
-ip_set_create(struct sock *ctnl, struct sk_buff *skb,
-	      const struct nlmsghdr *nlh,
-	      const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_create, struct net *n, struct sock *ctnl,
+	   struct sk_buff *skb, const struct nlmsghdr *nlh,
+	   const struct nlattr * const attr[])
 {
-	struct net *net = sock_net(ctnl);
+	struct net *net = IPSET_SOCK_NET(n, ctnl);
 	struct ip_set_net *inst = ip_set_pernet(net);
 	struct ip_set *set, *clash = NULL;
 	ip_set_id_t index = IPSET_INVALID_ID;
@@ -985,11 +985,11 @@ ip_set_destroy_set(struct ip_set *set)
 }
 
 static int
-ip_set_destroy(struct sock *ctnl, struct sk_buff *skb,
-	       const struct nlmsghdr *nlh,
-	       const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_destroy, struct net *net, struct sock *ctnl,
+	   struct sk_buff *skb, const struct nlmsghdr *nlh,
+	   const struct nlattr * const attr[])
 {
-	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+	struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
 	struct ip_set *s;
 	ip_set_id_t i;
 	int ret = 0;
@@ -1061,11 +1061,11 @@ ip_set_flush_set(struct ip_set *set)
 }
 
 static int
-ip_set_flush(struct sock *ctnl, struct sk_buff *skb,
-	     const struct nlmsghdr *nlh,
-	     const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_flush, struct net *net, struct sock *ctnl,
+	   struct sk_buff *skb, const struct nlmsghdr *nlh,
+	   const struct nlattr * const attr[])
 {
-	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+	struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
 	struct ip_set *s;
 	ip_set_id_t i;
 
@@ -1101,11 +1101,11 @@ ip_set_setname2_policy[IPSET_ATTR_CMD_MAX + 1] = {
 };
 
 static int
-ip_set_rename(struct sock *ctnl, struct sk_buff *skb,
-	      const struct nlmsghdr *nlh,
-	      const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_rename, struct net *net, struct sock *ctnl,
+	   struct sk_buff *skb, const struct nlmsghdr *nlh,
+	   const struct nlattr * const attr[])
 {
-	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+	struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
 	struct ip_set *set, *s;
 	const char *name2;
 	ip_set_id_t i;
@@ -1151,11 +1151,11 @@ out:
  */
 
 static int
-ip_set_swap(struct sock *ctnl, struct sk_buff *skb,
-	    const struct nlmsghdr *nlh,
-	    const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_swap, struct net *net, struct sock *ctnl,
+	   struct sk_buff *skb, const struct nlmsghdr *nlh,
+	   const struct nlattr * const attr[])
 {
-	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+	struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
 	struct ip_set *from, *to;
 	ip_set_id_t from_id, to_id;
 	char from_name[IPSET_MAXNAMELEN];
@@ -1422,9 +1422,9 @@ out:
 }
 
 static int
-ip_set_dump(struct sock *ctnl, struct sk_buff *skb,
-	    const struct nlmsghdr *nlh,
-	    const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_dump, struct net *net, struct sock *ctnl,
+	   struct sk_buff *skb, const struct nlmsghdr *nlh,
+	   const struct nlattr * const attr[])
 {
 	if (unlikely(protocol_failed(attr)))
 		return -IPSET_ERR_PROTOCOL;
@@ -1519,11 +1519,11 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set,
 }
 
 static int
-ip_set_uadd(struct sock *ctnl, struct sk_buff *skb,
-	    const struct nlmsghdr *nlh,
-	    const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_uadd, struct net *net, struct sock *ctnl,
+	   struct sk_buff *skb, const struct nlmsghdr *nlh,
+	   const struct nlattr * const attr[])
 {
-	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+	struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
 	struct ip_set *set;
 	struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};
 	const struct nlattr *nla;
@@ -1574,11 +1574,11 @@ ip_set_uadd(struct sock *ctnl, struct sk_buff *skb,
 }
 
 static int
-ip_set_udel(struct sock *ctnl, struct sk_buff *skb,
-	    const struct nlmsghdr *nlh,
-	    const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_udel, struct net *net, struct sock *ctnl,
+	   struct sk_buff *skb, const struct nlmsghdr *nlh,
+	   const struct nlattr * const attr[])
 {
-	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+	struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
 	struct ip_set *set;
 	struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};
 	const struct nlattr *nla;
@@ -1629,11 +1629,12 @@ ip_set_udel(struct sock *ctnl, struct sk_buff *skb,
 }
 
 static int
-ip_set_utest(struct sock *ctnl, struct sk_buff *skb,
-	     const struct nlmsghdr *nlh,
-	     const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_utest, struct net *net, struct sock *ctnl,
+	   struct sk_buff *skb,
+	   const struct nlmsghdr *nlh,
+	   const struct nlattr * const attr[])
 {
-	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+	struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
 	struct ip_set *set;
 	struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};
 	int ret = 0;
@@ -1665,11 +1666,11 @@ ip_set_utest(struct sock *ctnl, struct sk_buff *skb,
 /* Get headed data of a set */
 
 static int
-ip_set_header(struct sock *ctnl, struct sk_buff *skb,
-	      const struct nlmsghdr *nlh,
-	      const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_header, struct net *net, struct sock *ctnl,
+	   struct sk_buff *skb, const struct nlmsghdr *nlh,
+	   const struct nlattr * const attr[])
 {
-	struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+	struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
 	const struct ip_set *set;
 	struct sk_buff *skb2;
 	struct nlmsghdr *nlh2;
@@ -1722,9 +1723,9 @@ static const struct nla_policy ip_set_type_policy[IPSET_ATTR_CMD_MAX + 1] = {
 };
 
 static int
-ip_set_type(struct sock *ctnl, struct sk_buff *skb,
-	    const struct nlmsghdr *nlh,
-	    const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_type, struct net *net, struct sock *ctnl,
+	   struct sk_buff *skb, const struct nlmsghdr *nlh,
+	   const struct nlattr * const attr[])
 {
 	struct sk_buff *skb2;
 	struct nlmsghdr *nlh2;
@@ -1781,9 +1782,9 @@ ip_set_protocol_policy[IPSET_ATTR_CMD_MAX + 1] = {
 };
 
 static int
-ip_set_protocol(struct sock *ctnl, struct sk_buff *skb,
-		const struct nlmsghdr *nlh,
-		const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_protocol, struct net *net, struct sock *ctnl,
+	   struct sk_buff *skb, const struct nlmsghdr *nlh,
+	   const struct nlattr * const attr[])
 {
 	struct sk_buff *skb2;
 	struct nlmsghdr *nlh2;
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2016-02-16 07:50:22 +0100
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2016-02-16 07:50:22 +0100
commit	b418935ba84bce0fd2dd332b87df8d56c707e056 (patch)
tree	f2f1d3e74e50ae72e18652f7c6d7c409c32e1b24 /kernel
parent	9592763b89d03e988fb46f2fc05c0cdc992534d3 (diff)