[PATCH nf-next 6/8] netfilter: nf_tables: nf_tables_getobj: use call_rcu

[Florian Westphal]

Signed-off-by: Florian Westphal <f...@strlen.de>
---
 net/netfilter/nf_tables_api.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index d0cfce2fb72b..9454c7fc1978 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -4453,7 +4453,7 @@ struct nft_object *nft_obj_lookup(const struct nft_table 
*table,
 {
        struct nft_object *obj;
 
-       list_for_each_entry(obj, &table->objects, list) {
+       list_for_each_entry_rcu(obj, &table->objects, list) {
                if (!nla_strcmp(nla, obj->name) &&
                    objtype == obj->ops->type->type &&
                    nft_active_genmask(obj, genmask))
@@ -4783,12 +4783,12 @@ nft_obj_filter_alloc(const struct nlattr * const nla[])
 {
        struct nft_obj_filter *filter;
 
-       filter = kzalloc(sizeof(*filter), GFP_KERNEL);
+       filter = kzalloc(sizeof(*filter), GFP_ATOMIC);
        if (!filter)
                return ERR_PTR(-ENOMEM);
 
        if (nla[NFTA_OBJ_TABLE]) {
-               filter->table = nla_strdup(nla[NFTA_OBJ_TABLE], GFP_KERNEL);
+               filter->table = nla_strdup(nla[NFTA_OBJ_TABLE], GFP_ATOMIC);
                if (!filter->table) {
                        kfree(filter);
                        return ERR_PTR(-ENOMEM);
@@ -4800,6 +4800,7 @@ nft_obj_filter_alloc(const struct nlattr * const nla[])
        return filter;
 }
 
+/* called with rcu_read_lock held */
 static int nf_tables_getobj(struct net *net, struct sock *nlsk,
                            struct sk_buff *skb, const struct nlmsghdr *nlh,
                            const struct nlattr * const nla[],
@@ -4819,6 +4820,7 @@ static int nf_tables_getobj(struct net *net, struct sock 
*nlsk,
                struct netlink_dump_control c = {
                        .dump = nf_tables_dump_obj,
                        .done = nf_tables_dump_obj_done,
+                       .module = THIS_MODULE,
                };
 
                if (nla[NFTA_OBJ_TABLE] ||
@@ -4831,7 +4833,7 @@ static int nf_tables_getobj(struct net *net, struct sock 
*nlsk,
 
                        c.data = filter;
                }
-               return netlink_dump_start(nlsk, skb, nlh, &c);
+               return nft_netlink_dump_start_rcu(nlsk, skb, nlh, &c);
        }
 
        if (!nla[NFTA_OBJ_NAME] ||
@@ -4851,7 +4853,7 @@ static int nf_tables_getobj(struct net *net, struct sock 
*nlsk,
                return PTR_ERR(obj);
        }
 
-       skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
+       skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
        if (!skb2)
                return -ENOMEM;
 
@@ -5781,7 +5783,7 @@ static const struct nfnl_callback 
nf_tables_cb[NFT_MSG_MAX] = {
                .policy         = nft_obj_policy,
        },
        [NFT_MSG_GETOBJ] = {
-               .call           = nf_tables_getobj,
+               .call_rcu       = nf_tables_getobj,
                .attr_count     = NFTA_OBJ_MAX,
                .policy         = nft_obj_policy,
        },
@@ -5791,7 +5793,7 @@ static const struct nfnl_callback 
nf_tables_cb[NFT_MSG_MAX] = {
                .policy         = nft_obj_policy,
        },
        [NFT_MSG_GETOBJ_RESET] = {
-               .call           = nf_tables_getobj,
+               .call_rcu       = nf_tables_getobj,
                .attr_count     = NFTA_OBJ_MAX,
                .policy         = nft_obj_policy,
        },
-- 
2.16.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html