netfilter: nf_tables: Don't allocate nft_rule_dump_ctx (99ab9f84) · Commits · git / linux-net

net/netfilter/nf_tables_api.c

+6 −13

Original line number	Diff line number	Diff line
		@@ -3453,7 +3453,7 @@ static int __nf_tables_dump_rules(struct sk_buff *skb,
		const struct nft_table *table,
		const struct nft_chain *chain)
		{
		struct nft_rule_dump_ctx *ctx = cb->data;
		struct nft_rule_dump_ctx ctx = (void )cb->ctx;
		struct net *net = sock_net(skb->sk);
		const struct nft_rule rule, prule;
		unsigned int entries = 0;
		@@ -3498,7 +3498,7 @@ static int nf_tables_dump_rules(struct sk_buff *skb,
		struct netlink_callback *cb)
		{
		const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
		struct nft_rule_dump_ctx *ctx = cb->data;
		struct nft_rule_dump_ctx ctx = (void )cb->ctx;
		struct nft_table *table;
		const struct nft_chain *chain;
		unsigned int idx = 0;
		@@ -3553,42 +3553,35 @@ static int nf_tables_dump_rules(struct sk_buff *skb,

		static int nf_tables_dump_rules_start(struct netlink_callback *cb)
		{
		struct nft_rule_dump_ctx ctx = (void )cb->ctx;
		const struct nlattr * const *nla = cb->data;
		struct nft_rule_dump_ctx *ctx = NULL;

		ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
		if (!ctx)
		return -ENOMEM;
		BUILD_BUG_ON(sizeof(*ctx) > sizeof(cb->ctx));

		if (nla[NFTA_RULE_TABLE]) {
		ctx->table = nla_strdup(nla[NFTA_RULE_TABLE], GFP_ATOMIC);
		if (!ctx->table) {
		kfree(ctx);
		if (!ctx->table)
		return -ENOMEM;
		}
		}
		if (nla[NFTA_RULE_CHAIN]) {
		ctx->chain = nla_strdup(nla[NFTA_RULE_CHAIN], GFP_ATOMIC);
		if (!ctx->chain) {
		kfree(ctx->table);
		kfree(ctx);
		return -ENOMEM;
		}
		}
		if (NFNL_MSG_TYPE(cb->nlh->nlmsg_type) == NFT_MSG_GETRULE_RESET)
		ctx->reset = true;

		cb->data = ctx;
		return 0;
		}

		static int nf_tables_dump_rules_done(struct netlink_callback *cb)
		{
		struct nft_rule_dump_ctx *ctx = cb->data;
		struct nft_rule_dump_ctx ctx = (void )cb->ctx;

		kfree(ctx->table);
		kfree(ctx->chain);
		kfree(ctx);
		return 0;
		}