From b418935ba84bce0fd2dd332b87df8d56c707e056 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Tue, 16 Feb 2016 07:50:22 +0100 Subject: netfilter: nfnetlink: pass down netns pointer to call() and call_rcu() Backport patch from Pablo Neira Ayuso --- .../linux/netfilter/ipset/ip_set_compat.h.in | 9 ++ kernel/net/netfilter/ipset/ip_set_core.c | 97 +++++++++++----------- 2 files changed, 58 insertions(+), 48 deletions(-) (limited to 'kernel') diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in index 33f14eb..f08f538 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in +++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in @@ -30,6 +30,7 @@ #@HAVE_ETHER_ADDR_COPY@ HAVE_ETHER_ADDR_COPY #@HAVE_NF_BRIDGE_GET_PHYSDEV@ HAVE_NF_BRIDGE_GET_PHYSDEV #@HAVE_NLA_PUT_IN_ADDR@ HAVE_NLA_PUT_IN_ADDR +#@HAVE_NET_IN_NFNL_CALLBACK_FN@ HAVE_NET_IN_NFNL_CALLBACK_FN #ifdef HAVE_EXPORT_H #include @@ -252,6 +253,14 @@ static inline int nla_put_in6_addr(struct sk_buff *skb, int attrtype, } #endif +#ifdef HAVE_NET_IN_NFNL_CALLBACK_FN +#define IPSET_CBFN(fn, net, nl, skb, nlh, cda) fn(net, nl, skb, nlh, cda) +#define IPSET_SOCK_NET(net, ctnl) net +#else +#define IPSET_CBFN(fn, net, nl, skb, nlh, cda) fn(nl, skb, nlh, cda) +#define IPSET_SOCK_NET(net, ctnl) sock_net(ctnl) +#endif + #ifndef smp_mb__before_atomic #define smp_mb__before_atomic() smp_mb() #define smp_mb__after_atomic() smp_mb() diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index d7e2a15..31a6954 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -834,19 +834,19 @@ find_free_id(struct ip_set_net *inst, const char *name, ip_set_id_t *index, } static int -ip_set_none(struct sock *ctnl, struct sk_buff *skb, - const struct nlmsghdr *nlh, - const struct nlattr * const attr[]) +IPSET_CBFN(ip_set_none, struct net *net, struct sock *ctnl, + struct sk_buff *skb, const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { return -EOPNOTSUPP; } static int -ip_set_create(struct sock *ctnl, struct sk_buff *skb, - const struct nlmsghdr *nlh, - const struct nlattr * const attr[]) +IPSET_CBFN(ip_set_create, struct net *n, struct sock *ctnl, + struct sk_buff *skb, const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { - struct net *net = sock_net(ctnl); + struct net *net = IPSET_SOCK_NET(n, ctnl); struct ip_set_net *inst = ip_set_pernet(net); struct ip_set *set, *clash = NULL; ip_set_id_t index = IPSET_INVALID_ID; @@ -985,11 +985,11 @@ ip_set_destroy_set(struct ip_set *set) } static int -ip_set_destroy(struct sock *ctnl, struct sk_buff *skb, - const struct nlmsghdr *nlh, - const struct nlattr * const attr[]) +IPSET_CBFN(ip_set_destroy, struct net *net, struct sock *ctnl, + struct sk_buff *skb, const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { - struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl)); + struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl)); struct ip_set *s; ip_set_id_t i; int ret = 0; @@ -1061,11 +1061,11 @@ ip_set_flush_set(struct ip_set *set) } static int -ip_set_flush(struct sock *ctnl, struct sk_buff *skb, - const struct nlmsghdr *nlh, - const struct nlattr * const attr[]) +IPSET_CBFN(ip_set_flush, struct net *net, struct sock *ctnl, + struct sk_buff *skb, const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { - struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl)); + struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl)); struct ip_set *s; ip_set_id_t i; @@ -1101,11 +1101,11 @@ ip_set_setname2_policy[IPSET_ATTR_CMD_MAX + 1] = { }; static int -ip_set_rename(struct sock *ctnl, struct sk_buff *skb, - const struct nlmsghdr *nlh, - const struct nlattr * const attr[]) +IPSET_CBFN(ip_set_rename, struct net *net, struct sock *ctnl, + struct sk_buff *skb, const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { - struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl)); + struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl)); struct ip_set *set, *s; const char *name2; ip_set_id_t i; @@ -1151,11 +1151,11 @@ out: */ static int -ip_set_swap(struct sock *ctnl, struct sk_buff *skb, - const struct nlmsghdr *nlh, - const struct nlattr * const attr[]) +IPSET_CBFN(ip_set_swap, struct net *net, struct sock *ctnl, + struct sk_buff *skb, const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { - struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl)); + struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl)); struct ip_set *from, *to; ip_set_id_t from_id, to_id; char from_name[IPSET_MAXNAMELEN]; @@ -1422,9 +1422,9 @@ out: } static int -ip_set_dump(struct sock *ctnl, struct sk_buff *skb, - const struct nlmsghdr *nlh, - const struct nlattr * const attr[]) +IPSET_CBFN(ip_set_dump, struct net *net, struct sock *ctnl, + struct sk_buff *skb, const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { if (unlikely(protocol_failed(attr))) return -IPSET_ERR_PROTOCOL; @@ -1519,11 +1519,11 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set, } static int -ip_set_uadd(struct sock *ctnl, struct sk_buff *skb, - const struct nlmsghdr *nlh, - const struct nlattr * const attr[]) +IPSET_CBFN(ip_set_uadd, struct net *net, struct sock *ctnl, + struct sk_buff *skb, const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { - struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl)); + struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl)); struct ip_set *set; struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {}; const struct nlattr *nla; @@ -1574,11 +1574,11 @@ ip_set_uadd(struct sock *ctnl, struct sk_buff *skb, } static int -ip_set_udel(struct sock *ctnl, struct sk_buff *skb, - const struct nlmsghdr *nlh, - const struct nlattr * const attr[]) +IPSET_CBFN(ip_set_udel, struct net *net, struct sock *ctnl, + struct sk_buff *skb, const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { - struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl)); + struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl)); struct ip_set *set; struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {}; const struct nlattr *nla; @@ -1629,11 +1629,12 @@ ip_set_udel(struct sock *ctnl, struct sk_buff *skb, } static int -ip_set_utest(struct sock *ctnl, struct sk_buff *skb, - const struct nlmsghdr *nlh, - const struct nlattr * const attr[]) +IPSET_CBFN(ip_set_utest, struct net *net, struct sock *ctnl, + struct sk_buff *skb, + const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { - struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl)); + struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl)); struct ip_set *set; struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {}; int ret = 0; @@ -1665,11 +1666,11 @@ ip_set_utest(struct sock *ctnl, struct sk_buff *skb, /* Get headed data of a set */ static int -ip_set_header(struct sock *ctnl, struct sk_buff *skb, - const struct nlmsghdr *nlh, - const struct nlattr * const attr[]) +IPSET_CBFN(ip_set_header, struct net *net, struct sock *ctnl, + struct sk_buff *skb, const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { - struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl)); + struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl)); const struct ip_set *set; struct sk_buff *skb2; struct nlmsghdr *nlh2; @@ -1722,9 +1723,9 @@ static const struct nla_policy ip_set_type_policy[IPSET_ATTR_CMD_MAX + 1] = { }; static int -ip_set_type(struct sock *ctnl, struct sk_buff *skb, - const struct nlmsghdr *nlh, - const struct nlattr * const attr[]) +IPSET_CBFN(ip_set_type, struct net *net, struct sock *ctnl, + struct sk_buff *skb, const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { struct sk_buff *skb2; struct nlmsghdr *nlh2; @@ -1781,9 +1782,9 @@ ip_set_protocol_policy[IPSET_ATTR_CMD_MAX + 1] = { }; static int -ip_set_protocol(struct sock *ctnl, struct sk_buff *skb, - const struct nlmsghdr *nlh, - const struct nlattr * const attr[]) +IPSET_CBFN(ip_set_protocol, struct net *net, struct sock *ctnl, + struct sk_buff *skb, const struct nlmsghdr *nlh, + const struct nlattr * const attr[]) { struct sk_buff *skb2; struct nlmsghdr *nlh2; -- cgit v1.2.3