From 81145c5548a7ab94ff69fc92359ba17fdb03f4d6 Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 19 Dec 2010 02:27:53 +0100 Subject: xt_set: avoid user types in exported kernel headers Within isolated code it would be ok, but not so in exported headers. --- kernel/include/linux/netfilter/xt_set.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'kernel/include') diff --git a/kernel/include/linux/netfilter/xt_set.h b/kernel/include/linux/netfilter/xt_set.h index c6084df..69b2bd1 100644 --- a/kernel/include/linux/netfilter/xt_set.h +++ b/kernel/include/linux/netfilter/xt_set.h @@ -15,11 +15,11 @@ struct xt_set_info_v0 { ip_set_id_t index; union { - u_int32_t flags[IPSET_DIM_MAX + 1]; + __u32 flags[IPSET_DIM_MAX + 1]; struct { - u_int32_t __flags[IPSET_DIM_MAX]; - u_int8_t dim; - u_int8_t flags; + __u32 __flags[IPSET_DIM_MAX]; + __u8 dim; + __u8 flags; } compat; } u; }; @@ -38,8 +38,8 @@ struct xt_set_info_target_v0 { struct xt_set_info { ip_set_id_t index; - u_int8_t dim; - u_int8_t flags; + __u8 dim; + __u8 flags; }; /* match and target infos */ -- cgit v1.2.3 From 8f88de56d8ab22e6b34dba81ebf69e75929706ff Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 19 Dec 2010 02:09:19 +0100 Subject: kernel: do not mix const and __read_mostly It makes no sense to mix these two. Either it is writable-plus-read-mostly, or it is constant. --- kernel/include/linux/netfilter/ipset/ip_set.h | 3 +-- kernel/include/linux/netfilter/ipset/ip_set_ahash.h | 4 ++-- kernel/include/linux/netfilter/ipset/ip_set_chash.h | 4 ++-- 3 files changed, 5 insertions(+), 6 deletions(-) (limited to 'kernel/include') diff --git a/kernel/include/linux/netfilter/ipset/ip_set.h b/kernel/include/linux/netfilter/ipset/ip_set.h index df144cc..23661c4 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set.h +++ b/kernel/include/linux/netfilter/ipset/ip_set.h @@ -383,8 +383,7 @@ ip_set_get_n16(const struct nlattr *attr) return attr->nla_type & NLA_F_NET_BYTEORDER ? value : htons(value); } -static const struct nla_policy -ipaddr_policy[IPSET_ATTR_IPADDR_MAX + 1] __read_mostly = { +static const struct nla_policy ipaddr_policy[IPSET_ATTR_IPADDR_MAX + 1] = { [IPSET_ATTR_IPADDR_IPV4] = { .type = NLA_U32 }, [IPSET_ATTR_IPADDR_IPV6] = { .type = NLA_BINARY, .len = sizeof(struct in6_addr) }, diff --git a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h index 85e23b2..589b157 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h +++ b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h @@ -592,7 +592,7 @@ static int type_pf_uadt(struct ip_set *set, struct nlattr *head, int len, enum ipset_adt adt, u32 *lineno, u32 flags); -static const struct ip_set_type_variant type_pf_variant __read_mostly = { +static const struct ip_set_type_variant type_pf_variant = { .kadt = type_pf_kadt, .uadt = type_pf_uadt, .adt = { @@ -986,7 +986,7 @@ nla_put_failure: return 0; } -static const struct ip_set_type_variant type_pf_tvariant __read_mostly = { +static const struct ip_set_type_variant type_pf_tvariant = { .kadt = type_pf_kadt, .uadt = type_pf_uadt, .adt = { diff --git a/kernel/include/linux/netfilter/ipset/ip_set_chash.h b/kernel/include/linux/netfilter/ipset/ip_set_chash.h index 04955ef..62756e5 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_chash.h +++ b/kernel/include/linux/netfilter/ipset/ip_set_chash.h @@ -636,7 +636,7 @@ static int type_pf_uadt(struct ip_set *set, struct nlattr *head, int len, enum ipset_adt adt, u32 *lineno, u32 flags); -static const struct ip_set_type_variant type_pf_variant __read_mostly = { +static const struct ip_set_type_variant type_pf_variant = { .kadt = type_pf_kadt, .uadt = type_pf_uadt, .adt = { @@ -1072,7 +1072,7 @@ nla_put_failure: return 0; } -static const struct ip_set_type_variant type_pf_tvariant __read_mostly = { +static const struct ip_set_type_variant type_pf_tvariant = { .kadt = type_pf_kadt, .uadt = type_pf_uadt, .adt = { -- cgit v1.2.3 From 3850182ab671a7726f02c495dd5422629e2520dd Mon Sep 17 00:00:00 2001 From: Jan Engelhardt Date: Sun, 19 Dec 2010 02:44:14 +0100 Subject: kernel: const annotations --- kernel/include/linux/netfilter/ipset/ip_set.h | 2 +- kernel/include/linux/netfilter/ipset/ip_set_ahash.h | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'kernel/include') diff --git a/kernel/include/linux/netfilter/ipset/ip_set.h b/kernel/include/linux/netfilter/ipset/ip_set.h index 23661c4..a3e4bb9 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set.h +++ b/kernel/include/linux/netfilter/ipset/ip_set.h @@ -240,7 +240,7 @@ struct ip_set_type_variant { /* List set header data */ int (*head)(struct ip_set *set, struct sk_buff *skb); /* List elements */ - int (*list)(struct ip_set *set, struct sk_buff *skb, + int (*list)(const struct ip_set *set, struct sk_buff *skb, struct netlink_callback *cb); /* Return true if "b" set is the same as "a" diff --git a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h index 589b157..7e0af3d 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_ahash.h +++ b/kernel/include/linux/netfilter/ipset/ip_set_ahash.h @@ -530,7 +530,7 @@ nla_put_failure: /* Reply a LIST/SAVE request: dump the elements of the specified set */ static int -type_pf_list(struct ip_set *set, +type_pf_list(const struct ip_set *set, struct sk_buff *skb, struct netlink_callback *cb) { const struct ip_set_hash *h = set->data; @@ -931,7 +931,7 @@ type_pf_ttest(struct ip_set *set, void *value, u32 timeout) } static int -type_pf_tlist(struct ip_set *set, +type_pf_tlist(const struct ip_set *set, struct sk_buff *skb, struct netlink_callback *cb) { const struct ip_set_hash *h = set->data; -- cgit v1.2.3