Commit 357ddbb9 authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 



Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net:

1) Patches to bump position index from sysctl seq_next,
   from Vasilin Averin.

2) Release flowtable hook from error path, from Florian Westphal.

3) Patches to add missing netlink attribute validation,
   from Jakub Kicinski.

4) Missing NFTA_CHAIN_FLAGS in nf_tables_fill_chain_info().

5) Infinite loop in module autoload if extension is not available,
   from Florian Westphal.

6) Missing module ownership in inet/nat chain type definition.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents 2398e399 6a42cefb

net/netfilter/nf_conntrack_standalone.c

+1 −1
Original line number Diff line number Diff line
@@ -411,7 +411,7 @@ static void *ct_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos) 
		*pos = cpu + 1;

		return per_cpu_ptr(net->ct.stat, cpu);

	}



	(*pos)++;

	return NULL;

}

net/netfilter/nf_synproxy_core.c

+1 −1
Original line number Diff line number Diff line
@@ -267,7 +267,7 @@ static void *synproxy_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos) 
		*pos = cpu + 1;

		return per_cpu_ptr(snet->stats, cpu);

	}



	(*pos)++;

	return NULL;

}

net/netfilter/nf_tables_api.c

+14 −8
Original line number Diff line number Diff line
@@ -1405,6 +1405,11 @@ static int nf_tables_fill_chain_info(struct sk_buff *skb, struct net *net, 
					      lockdep_commit_lock_is_held(net));

		if (nft_dump_stats(skb, stats))

			goto nla_put_failure;



		if ((chain->flags & NFT_CHAIN_HW_OFFLOAD) &&

		    nla_put_be32(skb, NFTA_CHAIN_FLAGS,

				 htonl(NFT_CHAIN_HW_OFFLOAD)))

			goto nla_put_failure;

	}



	if (nla_put_be32(skb, NFTA_CHAIN_USE, htonl(chain->use)))
@@ -6300,8 +6305,13 @@ static int nf_tables_newflowtable(struct net *net, struct sock *nlsk, 
		goto err4;



	err = nft_register_flowtable_net_hooks(ctx.net, table, flowtable);

	if (err < 0)

	if (err < 0) {

		list_for_each_entry_safe(hook, next, &flowtable->hook_list, list) {

			list_del_rcu(&hook->list);

			kfree_rcu(hook, rcu);

		}

		goto err4;

	}



	err = nft_trans_flowtable_add(&ctx, NFT_MSG_NEWFLOWTABLE, flowtable);

	if (err < 0)
@@ -7378,14 +7388,9 @@ static void nf_tables_module_autoload(struct net *net) 
	list_splice_init(&net->nft.module_list, &module_list);

	mutex_unlock(&net->nft.commit_mutex);

	list_for_each_entry_safe(req, next, &module_list, list) {

		if (req->done) {

			list_del(&req->list);

			kfree(req);

		} else {

		request_module("%s", req->module);

		req->done = true;

	}

	}

	mutex_lock(&net->nft.commit_mutex);

	list_splice(&module_list, &net->nft.module_list);

}
@@ -8167,6 +8172,7 @@ static void __net_exit nf_tables_exit_net(struct net *net) 
	__nft_release_tables(net);

	mutex_unlock(&net->nft.commit_mutex);

	WARN_ON_ONCE(!list_empty(&net->nft.tables));

	WARN_ON_ONCE(!list_empty(&net->nft.module_list));

}



static struct pernet_operations nf_tables_net_ops = {

net/netfilter/nfnetlink_cthelper.c

+2 −0
Original line number Diff line number Diff line
@@ -742,6 +742,8 @@ static const struct nla_policy nfnl_cthelper_policy[NFCTH_MAX+1] = { 
	[NFCTH_NAME] = { .type = NLA_NUL_STRING,

			 .len = NF_CT_HELPER_NAME_LEN-1 },

	[NFCTH_QUEUE_NUM] = { .type = NLA_U32, },

	[NFCTH_PRIV_DATA_LEN] = { .type = NLA_U32, },

	[NFCTH_STATUS] = { .type = NLA_U32, },

};



static const struct nfnl_callback nfnl_cthelper_cb[NFNL_MSG_CTHELPER_MAX] = {

net/netfilter/nft_chain_nat.c

+1 −0
Original line number Diff line number Diff line
@@ -89,6 +89,7 @@ static const struct nft_chain_type nft_chain_nat_inet = { 
	.name		= "nat",

	.type		= NFT_CHAIN_T_NAT,

	.family		= NFPROTO_INET,

	.owner		= THIS_MODULE,

	.hook_mask	= (1 << NF_INET_PRE_ROUTING) |

			  (1 << NF_INET_LOCAL_IN) |

			  (1 << NF_INET_LOCAL_OUT) |