From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org, netfilter-devel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH 4.14 60/86] netfilter: nftables: add nft_parse_register_load() and use it
Date: Sun, 28 May 2023 20:10:34 +0100 [thread overview]
Message-ID: <20230528190830.829395754@linuxfoundation.org> (raw)
In-Reply-To: <20230528190828.564682883@linuxfoundation.org>
From: Pablo Neira Ayuso <pablo@netfilter.org>
[ backport of 4f16d25c68ec844299a4df6ecbb0234eaf88a935 ]
This new function combines the netlink register attribute parser
and the load validation function.
This update requires to replace:
enum nft_registers sreg:8;
in many of the expression private areas otherwise compiler complains
with:
error: cannot take address of bit-field ‘sreg’
when passing the register field as reference.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
include/net/netfilter/nf_tables.h | 2 -
include/net/netfilter/nf_tables_core.h | 12 +++++++++--
include/net/netfilter/nft_masq.h | 4 +--
include/net/netfilter/nft_meta.h | 2 -
include/net/netfilter/nft_redir.h | 4 +--
net/ipv4/netfilter/nft_dup_ipv4.c | 18 ++++++++--------
net/ipv6/netfilter/nft_dup_ipv6.c | 18 ++++++++--------
net/netfilter/nf_tables_api.c | 18 +++++++++++++++-
net/netfilter/nft_bitwise.c | 6 ++---
net/netfilter/nft_byteorder.c | 6 ++---
net/netfilter/nft_cmp.c | 8 ++-----
net/netfilter/nft_ct.c | 5 +---
net/netfilter/nft_dup_netdev.c | 6 ++---
net/netfilter/nft_dynset.c | 12 +++++------
net/netfilter/nft_exthdr.c | 6 ++---
net/netfilter/nft_fwd_netdev.c | 6 ++---
net/netfilter/nft_hash.c | 10 +++++----
net/netfilter/nft_lookup.c | 6 ++---
net/netfilter/nft_masq.c | 14 ++++---------
net/netfilter/nft_meta.c | 3 --
net/netfilter/nft_nat.c | 35 +++++++++++++--------------------
net/netfilter/nft_objref.c | 6 ++---
net/netfilter/nft_payload.c | 4 +--
net/netfilter/nft_queue.c | 12 +++++------
net/netfilter/nft_range.c | 6 ++---
net/netfilter/nft_redir.c | 14 ++++---------
26 files changed, 124 insertions(+), 119 deletions(-)
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -198,7 +198,7 @@ int nft_parse_u32_check(const struct nla
unsigned int nft_parse_register(const struct nlattr *attr);
int nft_dump_register(struct sk_buff *skb, unsigned int attr, unsigned int reg);
-int nft_validate_register_load(enum nft_registers reg, unsigned int len);
+int nft_parse_register_load(const struct nlattr *attr, u8 *sreg, u32 len);
int nft_validate_register_store(const struct nft_ctx *ctx,
enum nft_registers reg,
const struct nft_data *data,
--- a/include/net/netfilter/nf_tables_core.h
+++ b/include/net/netfilter/nf_tables_core.h
@@ -14,9 +14,17 @@ extern struct nft_expr_type nft_range_ty
int nf_tables_core_module_init(void);
void nf_tables_core_module_exit(void);
+struct nft_bitwise_fast_expr {
+ u32 mask;
+ u32 xor;
+ u8 sreg;
+ enum nft_registers dreg:8;
+};
+
struct nft_cmp_fast_expr {
u32 data;
- enum nft_registers sreg:8;
+ u32 mask;
+ u8 sreg;
u8 len;
};
@@ -43,7 +51,7 @@ struct nft_payload_set {
enum nft_payload_bases base:8;
u8 offset;
u8 len;
- enum nft_registers sreg:8;
+ u8 sreg;
u8 csum_type;
u8 csum_offset;
u8 csum_flags;
--- a/include/net/netfilter/nft_masq.h
+++ b/include/net/netfilter/nft_masq.h
@@ -4,8 +4,8 @@
struct nft_masq {
u32 flags;
- enum nft_registers sreg_proto_min:8;
- enum nft_registers sreg_proto_max:8;
+ u8 sreg_proto_min;
+ u8 sreg_proto_max;
};
extern const struct nla_policy nft_masq_policy[];
--- a/include/net/netfilter/nft_meta.h
+++ b/include/net/netfilter/nft_meta.h
@@ -6,7 +6,7 @@ struct nft_meta {
enum nft_meta_keys key:8;
union {
enum nft_registers dreg:8;
- enum nft_registers sreg:8;
+ u8 sreg;
};
};
--- a/include/net/netfilter/nft_redir.h
+++ b/include/net/netfilter/nft_redir.h
@@ -3,8 +3,8 @@
#define _NFT_REDIR_H_
struct nft_redir {
- enum nft_registers sreg_proto_min:8;
- enum nft_registers sreg_proto_max:8;
+ u8 sreg_proto_min;
+ u8 sreg_proto_max;
u16 flags;
};
--- a/net/ipv4/netfilter/nft_dup_ipv4.c
+++ b/net/ipv4/netfilter/nft_dup_ipv4.c
@@ -16,8 +16,8 @@
#include <net/netfilter/ipv4/nf_dup_ipv4.h>
struct nft_dup_ipv4 {
- enum nft_registers sreg_addr:8;
- enum nft_registers sreg_dev:8;
+ u8 sreg_addr;
+ u8 sreg_dev;
};
static void nft_dup_ipv4_eval(const struct nft_expr *expr,
@@ -43,16 +43,16 @@ static int nft_dup_ipv4_init(const struc
if (tb[NFTA_DUP_SREG_ADDR] == NULL)
return -EINVAL;
- priv->sreg_addr = nft_parse_register(tb[NFTA_DUP_SREG_ADDR]);
- err = nft_validate_register_load(priv->sreg_addr, sizeof(struct in_addr));
+ err = nft_parse_register_load(tb[NFTA_DUP_SREG_ADDR], &priv->sreg_addr,
+ sizeof(struct in_addr));
if (err < 0)
return err;
- if (tb[NFTA_DUP_SREG_DEV] != NULL) {
- priv->sreg_dev = nft_parse_register(tb[NFTA_DUP_SREG_DEV]);
- return nft_validate_register_load(priv->sreg_dev, sizeof(int));
- }
- return 0;
+ if (tb[NFTA_DUP_SREG_DEV])
+ err = nft_parse_register_load(tb[NFTA_DUP_SREG_DEV],
+ &priv->sreg_dev, sizeof(int));
+
+ return err;
}
static int nft_dup_ipv4_dump(struct sk_buff *skb, const struct nft_expr *expr)
--- a/net/ipv6/netfilter/nft_dup_ipv6.c
+++ b/net/ipv6/netfilter/nft_dup_ipv6.c
@@ -16,8 +16,8 @@
#include <net/netfilter/ipv6/nf_dup_ipv6.h>
struct nft_dup_ipv6 {
- enum nft_registers sreg_addr:8;
- enum nft_registers sreg_dev:8;
+ u8 sreg_addr;
+ u8 sreg_dev;
};
static void nft_dup_ipv6_eval(const struct nft_expr *expr,
@@ -41,16 +41,16 @@ static int nft_dup_ipv6_init(const struc
if (tb[NFTA_DUP_SREG_ADDR] == NULL)
return -EINVAL;
- priv->sreg_addr = nft_parse_register(tb[NFTA_DUP_SREG_ADDR]);
- err = nft_validate_register_load(priv->sreg_addr, sizeof(struct in6_addr));
+ err = nft_parse_register_load(tb[NFTA_DUP_SREG_ADDR], &priv->sreg_addr,
+ sizeof(struct in6_addr));
if (err < 0)
return err;
- if (tb[NFTA_DUP_SREG_DEV] != NULL) {
- priv->sreg_dev = nft_parse_register(tb[NFTA_DUP_SREG_DEV]);
- return nft_validate_register_load(priv->sreg_dev, sizeof(int));
- }
- return 0;
+ if (tb[NFTA_DUP_SREG_DEV])
+ err = nft_parse_register_load(tb[NFTA_DUP_SREG_DEV],
+ &priv->sreg_dev, sizeof(int));
+
+ return err;
}
static int nft_dup_ipv6_dump(struct sk_buff *skb, const struct nft_expr *expr)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5663,7 +5663,7 @@ EXPORT_SYMBOL_GPL(nft_dump_register);
* Validate that the input register is one of the general purpose
* registers and that the length of the load is within the bounds.
*/
-int nft_validate_register_load(enum nft_registers reg, unsigned int len)
+static int nft_validate_register_load(enum nft_registers reg, unsigned int len)
{
if (reg < NFT_REG_1 * NFT_REG_SIZE / NFT_REG32_SIZE)
return -EINVAL;
@@ -5674,7 +5674,21 @@ int nft_validate_register_load(enum nft_
return 0;
}
-EXPORT_SYMBOL_GPL(nft_validate_register_load);
+
+int nft_parse_register_load(const struct nlattr *attr, u8 *sreg, u32 len)
+{
+ u32 reg;
+ int err;
+
+ reg = nft_parse_register(attr);
+ err = nft_validate_register_load(reg, len);
+ if (err < 0)
+ return err;
+
+ *sreg = reg;
+ return 0;
+}
+EXPORT_SYMBOL_GPL(nft_parse_register_load);
/**
* nft_validate_register_store - validate an expressions' register store
--- a/net/netfilter/nft_bitwise.c
+++ b/net/netfilter/nft_bitwise.c
@@ -18,7 +18,7 @@
#include <net/netfilter/nf_tables.h>
struct nft_bitwise {
- enum nft_registers sreg:8;
+ u8 sreg;
enum nft_registers dreg:8;
u8 len;
struct nft_data mask;
@@ -68,8 +68,8 @@ static int nft_bitwise_init(const struct
priv->len = len;
- priv->sreg = nft_parse_register(tb[NFTA_BITWISE_SREG]);
- err = nft_validate_register_load(priv->sreg, priv->len);
+ err = nft_parse_register_load(tb[NFTA_BITWISE_SREG], &priv->sreg,
+ priv->len);
if (err < 0)
return err;
--- a/net/netfilter/nft_byteorder.c
+++ b/net/netfilter/nft_byteorder.c
@@ -19,7 +19,7 @@
#include <net/netfilter/nf_tables.h>
struct nft_byteorder {
- enum nft_registers sreg:8;
+ u8 sreg;
enum nft_registers dreg:8;
enum nft_byteorder_ops op:8;
u8 len;
@@ -133,14 +133,14 @@ static int nft_byteorder_init(const stru
return -EINVAL;
}
- priv->sreg = nft_parse_register(tb[NFTA_BYTEORDER_SREG]);
err = nft_parse_u32_check(tb[NFTA_BYTEORDER_LEN], U8_MAX, &len);
if (err < 0)
return err;
priv->len = len;
- err = nft_validate_register_load(priv->sreg, priv->len);
+ err = nft_parse_register_load(tb[NFTA_BYTEORDER_SREG], &priv->sreg,
+ priv->len);
if (err < 0)
return err;
--- a/net/netfilter/nft_cmp.c
+++ b/net/netfilter/nft_cmp.c
@@ -19,7 +19,7 @@
struct nft_cmp_expr {
struct nft_data data;
- enum nft_registers sreg:8;
+ u8 sreg;
u8 len;
enum nft_cmp_ops op:8;
};
@@ -79,8 +79,7 @@ static int nft_cmp_init(const struct nft
tb[NFTA_CMP_DATA]);
BUG_ON(err < 0);
- priv->sreg = nft_parse_register(tb[NFTA_CMP_SREG]);
- err = nft_validate_register_load(priv->sreg, desc.len);
+ err = nft_parse_register_load(tb[NFTA_CMP_SREG], &priv->sreg, desc.len);
if (err < 0)
return err;
@@ -129,8 +128,7 @@ static int nft_cmp_fast_init(const struc
tb[NFTA_CMP_DATA]);
BUG_ON(err < 0);
- priv->sreg = nft_parse_register(tb[NFTA_CMP_SREG]);
- err = nft_validate_register_load(priv->sreg, desc.len);
+ err = nft_parse_register_load(tb[NFTA_CMP_SREG], &priv->sreg, desc.len);
if (err < 0)
return err;
--- a/net/netfilter/nft_ct.c
+++ b/net/netfilter/nft_ct.c
@@ -28,7 +28,7 @@ struct nft_ct {
enum ip_conntrack_dir dir:8;
union {
enum nft_registers dreg:8;
- enum nft_registers sreg:8;
+ u8 sreg;
};
};
@@ -578,8 +578,7 @@ static int nft_ct_set_init(const struct
}
}
- priv->sreg = nft_parse_register(tb[NFTA_CT_SREG]);
- err = nft_validate_register_load(priv->sreg, len);
+ err = nft_parse_register_load(tb[NFTA_CT_SREG], &priv->sreg, len);
if (err < 0)
goto err1;
--- a/net/netfilter/nft_dup_netdev.c
+++ b/net/netfilter/nft_dup_netdev.c
@@ -16,7 +16,7 @@
#include <net/netfilter/nf_dup_netdev.h>
struct nft_dup_netdev {
- enum nft_registers sreg_dev:8;
+ u8 sreg_dev;
};
static void nft_dup_netdev_eval(const struct nft_expr *expr,
@@ -42,8 +42,8 @@ static int nft_dup_netdev_init(const str
if (tb[NFTA_DUP_SREG_DEV] == NULL)
return -EINVAL;
- priv->sreg_dev = nft_parse_register(tb[NFTA_DUP_SREG_DEV]);
- return nft_validate_register_load(priv->sreg_dev, sizeof(int));
+ return nft_parse_register_load(tb[NFTA_DUP_SREG_DEV], &priv->sreg_dev,
+ sizeof(int));
}
static const struct nft_expr_ops nft_dup_netdev_ingress_ops;
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -20,8 +20,8 @@ struct nft_dynset {
struct nft_set *set;
struct nft_set_ext_tmpl tmpl;
enum nft_dynset_ops op:8;
- enum nft_registers sreg_key:8;
- enum nft_registers sreg_data:8;
+ u8 sreg_key;
+ u8 sreg_data;
bool invert;
u64 timeout;
struct nft_expr *expr;
@@ -163,8 +163,8 @@ static int nft_dynset_init(const struct
tb[NFTA_DYNSET_TIMEOUT])));
}
- priv->sreg_key = nft_parse_register(tb[NFTA_DYNSET_SREG_KEY]);
- err = nft_validate_register_load(priv->sreg_key, set->klen);;
+ err = nft_parse_register_load(tb[NFTA_DYNSET_SREG_KEY], &priv->sreg_key,
+ set->klen);
if (err < 0)
return err;
@@ -174,8 +174,8 @@ static int nft_dynset_init(const struct
if (set->dtype == NFT_DATA_VERDICT)
return -EOPNOTSUPP;
- priv->sreg_data = nft_parse_register(tb[NFTA_DYNSET_SREG_DATA]);
- err = nft_validate_register_load(priv->sreg_data, set->dlen);
+ err = nft_parse_register_load(tb[NFTA_DYNSET_SREG_DATA],
+ &priv->sreg_data, set->dlen);
if (err < 0)
return err;
} else if (set->flags & NFT_SET_MAP)
--- a/net/netfilter/nft_exthdr.c
+++ b/net/netfilter/nft_exthdr.c
@@ -24,7 +24,7 @@ struct nft_exthdr {
u8 len;
u8 op;
enum nft_registers dreg:8;
- enum nft_registers sreg:8;
+ u8 sreg;
u8 flags;
};
@@ -307,11 +307,11 @@ static int nft_exthdr_tcp_set_init(const
priv->type = nla_get_u8(tb[NFTA_EXTHDR_TYPE]);
priv->offset = offset;
priv->len = len;
- priv->sreg = nft_parse_register(tb[NFTA_EXTHDR_SREG]);
priv->flags = flags;
priv->op = op;
- return nft_validate_register_load(priv->sreg, priv->len);
+ return nft_parse_register_load(tb[NFTA_EXTHDR_SREG], &priv->sreg,
+ priv->len);
}
static int nft_exthdr_dump_common(struct sk_buff *skb, const struct nft_exthdr *priv)
--- a/net/netfilter/nft_fwd_netdev.c
+++ b/net/netfilter/nft_fwd_netdev.c
@@ -16,7 +16,7 @@
#include <net/netfilter/nf_dup_netdev.h>
struct nft_fwd_netdev {
- enum nft_registers sreg_dev:8;
+ u8 sreg_dev;
};
static void nft_fwd_netdev_eval(const struct nft_expr *expr,
@@ -43,8 +43,8 @@ static int nft_fwd_netdev_init(const str
if (tb[NFTA_FWD_SREG_DEV] == NULL)
return -EINVAL;
- priv->sreg_dev = nft_parse_register(tb[NFTA_FWD_SREG_DEV]);
- return nft_validate_register_load(priv->sreg_dev, sizeof(int));
+ return nft_parse_register_load(tb[NFTA_FWD_SREG_DEV], &priv->sreg_dev,
+ sizeof(int));
}
static const struct nft_expr_ops nft_fwd_netdev_ingress_ops;
--- a/net/netfilter/nft_hash.c
+++ b/net/netfilter/nft_hash.c
@@ -18,7 +18,7 @@
#include <linux/jhash.h>
struct nft_jhash {
- enum nft_registers sreg:8;
+ u8 sreg;
enum nft_registers dreg:8;
u8 len;
bool autogen_seed:1;
@@ -85,7 +85,6 @@ static int nft_jhash_init(const struct n
if (tb[NFTA_HASH_OFFSET])
priv->offset = ntohl(nla_get_be32(tb[NFTA_HASH_OFFSET]));
- priv->sreg = nft_parse_register(tb[NFTA_HASH_SREG]);
priv->dreg = nft_parse_register(tb[NFTA_HASH_DREG]);
err = nft_parse_u32_check(tb[NFTA_HASH_LEN], U8_MAX, &len);
@@ -96,6 +95,10 @@ static int nft_jhash_init(const struct n
priv->len = len;
+ err = nft_parse_register_load(tb[NFTA_HASH_SREG], &priv->sreg, len);
+ if (err < 0)
+ return err;
+
priv->modulus = ntohl(nla_get_be32(tb[NFTA_HASH_MODULUS]));
if (priv->modulus <= 1)
return -ERANGE;
@@ -110,8 +113,7 @@ static int nft_jhash_init(const struct n
get_random_bytes(&priv->seed, sizeof(priv->seed));
}
- return nft_validate_register_load(priv->sreg, len) &&
- nft_validate_register_store(ctx, priv->dreg, NULL,
+ return nft_validate_register_store(ctx, priv->dreg, NULL,
NFT_DATA_VALUE, sizeof(u32));
}
--- a/net/netfilter/nft_lookup.c
+++ b/net/netfilter/nft_lookup.c
@@ -20,7 +20,7 @@
struct nft_lookup {
struct nft_set *set;
- enum nft_registers sreg:8;
+ u8 sreg;
enum nft_registers dreg:8;
bool invert;
struct nft_set_binding binding;
@@ -76,8 +76,8 @@ static int nft_lookup_init(const struct
if (IS_ERR(set))
return PTR_ERR(set);
- priv->sreg = nft_parse_register(tb[NFTA_LOOKUP_SREG]);
- err = nft_validate_register_load(priv->sreg, set->klen);
+ err = nft_parse_register_load(tb[NFTA_LOOKUP_SREG], &priv->sreg,
+ set->klen);
if (err < 0)
return err;
--- a/net/netfilter/nft_masq.c
+++ b/net/netfilter/nft_masq.c
@@ -53,19 +53,15 @@ int nft_masq_init(const struct nft_ctx *
}
if (tb[NFTA_MASQ_REG_PROTO_MIN]) {
- priv->sreg_proto_min =
- nft_parse_register(tb[NFTA_MASQ_REG_PROTO_MIN]);
-
- err = nft_validate_register_load(priv->sreg_proto_min, plen);
+ err = nft_parse_register_load(tb[NFTA_MASQ_REG_PROTO_MIN],
+ &priv->sreg_proto_min, plen);
if (err < 0)
return err;
if (tb[NFTA_MASQ_REG_PROTO_MAX]) {
- priv->sreg_proto_max =
- nft_parse_register(tb[NFTA_MASQ_REG_PROTO_MAX]);
-
- err = nft_validate_register_load(priv->sreg_proto_max,
- plen);
+ err = nft_parse_register_load(tb[NFTA_MASQ_REG_PROTO_MAX],
+ &priv->sreg_proto_max,
+ plen);
if (err < 0)
return err;
} else {
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -374,8 +374,7 @@ int nft_meta_set_init(const struct nft_c
return -EOPNOTSUPP;
}
- priv->sreg = nft_parse_register(tb[NFTA_META_SREG]);
- err = nft_validate_register_load(priv->sreg, len);
+ err = nft_parse_register_load(tb[NFTA_META_SREG], &priv->sreg, len);
if (err < 0)
return err;
--- a/net/netfilter/nft_nat.c
+++ b/net/netfilter/nft_nat.c
@@ -27,10 +27,10 @@
#include <net/ip.h>
struct nft_nat {
- enum nft_registers sreg_addr_min:8;
- enum nft_registers sreg_addr_max:8;
- enum nft_registers sreg_proto_min:8;
- enum nft_registers sreg_proto_max:8;
+ u8 sreg_addr_min;
+ u8 sreg_addr_max;
+ u8 sreg_proto_min;
+ u8 sreg_proto_max;
enum nf_nat_manip_type type:8;
u8 family;
u16 flags;
@@ -160,18 +160,15 @@ static int nft_nat_init(const struct nft
priv->family = family;
if (tb[NFTA_NAT_REG_ADDR_MIN]) {
- priv->sreg_addr_min =
- nft_parse_register(tb[NFTA_NAT_REG_ADDR_MIN]);
- err = nft_validate_register_load(priv->sreg_addr_min, alen);
+ err = nft_parse_register_load(tb[NFTA_NAT_REG_ADDR_MIN],
+ &priv->sreg_addr_min, alen);
if (err < 0)
return err;
if (tb[NFTA_NAT_REG_ADDR_MAX]) {
- priv->sreg_addr_max =
- nft_parse_register(tb[NFTA_NAT_REG_ADDR_MAX]);
-
- err = nft_validate_register_load(priv->sreg_addr_max,
- alen);
+ err = nft_parse_register_load(tb[NFTA_NAT_REG_ADDR_MAX],
+ &priv->sreg_addr_max,
+ alen);
if (err < 0)
return err;
} else {
@@ -181,19 +178,15 @@ static int nft_nat_init(const struct nft
plen = FIELD_SIZEOF(struct nf_nat_range, min_addr.all);
if (tb[NFTA_NAT_REG_PROTO_MIN]) {
- priv->sreg_proto_min =
- nft_parse_register(tb[NFTA_NAT_REG_PROTO_MIN]);
-
- err = nft_validate_register_load(priv->sreg_proto_min, plen);
+ err = nft_parse_register_load(tb[NFTA_NAT_REG_PROTO_MIN],
+ &priv->sreg_proto_min, plen);
if (err < 0)
return err;
if (tb[NFTA_NAT_REG_PROTO_MAX]) {
- priv->sreg_proto_max =
- nft_parse_register(tb[NFTA_NAT_REG_PROTO_MAX]);
-
- err = nft_validate_register_load(priv->sreg_proto_max,
- plen);
+ err = nft_parse_register_load(tb[NFTA_NAT_REG_PROTO_MAX],
+ &priv->sreg_proto_max,
+ plen);
if (err < 0)
return err;
} else {
--- a/net/netfilter/nft_objref.c
+++ b/net/netfilter/nft_objref.c
@@ -97,7 +97,7 @@ static const struct nft_expr_ops nft_obj
struct nft_objref_map {
struct nft_set *set;
- enum nft_registers sreg:8;
+ u8 sreg;
struct nft_set_binding binding;
};
@@ -138,8 +138,8 @@ static int nft_objref_map_init(const str
if (!(set->flags & NFT_SET_OBJECT))
return -EINVAL;
- priv->sreg = nft_parse_register(tb[NFTA_OBJREF_SET_SREG]);
- err = nft_validate_register_load(priv->sreg, set->klen);
+ err = nft_parse_register_load(tb[NFTA_OBJREF_SET_SREG], &priv->sreg,
+ set->klen);
if (err < 0)
return err;
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -338,7 +338,6 @@ static int nft_payload_set_init(const st
priv->base = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_BASE]));
priv->offset = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_OFFSET]));
priv->len = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_LEN]));
- priv->sreg = nft_parse_register(tb[NFTA_PAYLOAD_SREG]);
if (tb[NFTA_PAYLOAD_CSUM_TYPE])
csum_type = ntohl(nla_get_be32(tb[NFTA_PAYLOAD_CSUM_TYPE]));
@@ -369,7 +368,8 @@ static int nft_payload_set_init(const st
}
priv->csum_type = csum_type;
- return nft_validate_register_load(priv->sreg, priv->len);
+ return nft_parse_register_load(tb[NFTA_PAYLOAD_SREG], &priv->sreg,
+ priv->len);
}
static int nft_payload_set_dump(struct sk_buff *skb, const struct nft_expr *expr)
--- a/net/netfilter/nft_queue.c
+++ b/net/netfilter/nft_queue.c
@@ -22,10 +22,10 @@
static u32 jhash_initval __read_mostly;
struct nft_queue {
- enum nft_registers sreg_qnum:8;
- u16 queuenum;
- u16 queues_total;
- u16 flags;
+ u8 sreg_qnum;
+ u16 queuenum;
+ u16 queues_total;
+ u16 flags;
};
static void nft_queue_eval(const struct nft_expr *expr,
@@ -114,8 +114,8 @@ static int nft_queue_sreg_init(const str
struct nft_queue *priv = nft_expr_priv(expr);
int err;
- priv->sreg_qnum = nft_parse_register(tb[NFTA_QUEUE_SREG_QNUM]);
- err = nft_validate_register_load(priv->sreg_qnum, sizeof(u32));
+ err = nft_parse_register_load(tb[NFTA_QUEUE_SREG_QNUM],
+ &priv->sreg_qnum, sizeof(u32));
if (err < 0)
return err;
--- a/net/netfilter/nft_range.c
+++ b/net/netfilter/nft_range.c
@@ -18,7 +18,7 @@
struct nft_range_expr {
struct nft_data data_from;
struct nft_data data_to;
- enum nft_registers sreg:8;
+ u8 sreg;
u8 len;
enum nft_range_ops op:8;
};
@@ -80,8 +80,8 @@ static int nft_range_init(const struct n
goto err2;
}
- priv->sreg = nft_parse_register(tb[NFTA_RANGE_SREG]);
- err = nft_validate_register_load(priv->sreg, desc_from.len);
+ err = nft_parse_register_load(tb[NFTA_RANGE_SREG], &priv->sreg,
+ desc_from.len);
if (err < 0)
goto err2;
--- a/net/netfilter/nft_redir.c
+++ b/net/netfilter/nft_redir.c
@@ -49,19 +49,15 @@ int nft_redir_init(const struct nft_ctx
plen = FIELD_SIZEOF(struct nf_nat_range, min_addr.all);
if (tb[NFTA_REDIR_REG_PROTO_MIN]) {
- priv->sreg_proto_min =
- nft_parse_register(tb[NFTA_REDIR_REG_PROTO_MIN]);
-
- err = nft_validate_register_load(priv->sreg_proto_min, plen);
+ err = nft_parse_register_load(tb[NFTA_REDIR_REG_PROTO_MIN],
+ &priv->sreg_proto_min, plen);
if (err < 0)
return err;
if (tb[NFTA_REDIR_REG_PROTO_MAX]) {
- priv->sreg_proto_max =
- nft_parse_register(tb[NFTA_REDIR_REG_PROTO_MAX]);
-
- err = nft_validate_register_load(priv->sreg_proto_max,
- plen);
+ err = nft_parse_register_load(tb[NFTA_REDIR_REG_PROTO_MAX],
+ &priv->sreg_proto_max,
+ plen);
if (err < 0)
return err;
} else {
next prev parent reply other threads:[~2023-05-28 19:15 UTC|newest]
Thread overview: 95+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-28 19:09 [PATCH 4.14 00/86] 4.14.316-rc1 review Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 01/86] net: Fix load-tearing on sk->sk_stamp in sock_recv_cmsgs() Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 02/86] netlink: annotate accesses to nlk->cb_running Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 03/86] net: annotate sk->sk_err write from do_recvmmsg() Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 04/86] ipvlan:Fix out-of-bounds caused by unclear skb->cb Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 05/86] af_unix: Fix a data race of sk->sk_receive_queue->qlen Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 06/86] fs: hfsplus: remove WARN_ON() from hfsplus_cat_{read,write}_inode() Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 07/86] regmap: cache: Return error in cache sync operations for REGCACHE_NONE Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 08/86] memstick: r592: Fix UAF bug in r592_remove due to race condition Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 09/86] ACPI: EC: Fix oops when removing custom query handlers Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 10/86] drm/tegra: Avoid potential 32-bit integer overflow Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 11/86] ACPICA: Avoid undefined behavior: applying zero offset to null pointer Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 12/86] ACPICA: ACPICA: check null return of ACPI_ALLOCATE_ZEROED in acpi_db_display_objects Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 13/86] wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 14/86] ext2: Check block size validity during mount Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 15/86] net: pasemi: Fix return type of pasemi_mac_start_tx() Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 16/86] net: Catch invalid index in XPS mapping Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 17/86] lib: cpu_rmap: Avoid use after free on rmap->obj array entries Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 18/86] scsi: message: mptlan: Fix use after free bug in mptlan_remove() due to race condition Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 19/86] gfs2: Fix inode height consistency check Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 20/86] ext4: set goal start correctly in ext4_mb_normalize_request Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 21/86] ext4: Fix best extent lstart adjustment logic in ext4_mb_new_inode_pa() Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 22/86] null_blk: Always check queue mode setting from configfs Greg Kroah-Hartman
2023-05-29 16:46 ` Harshit Mogalapalli
2023-05-29 19:00 ` Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 23/86] wifi: iwlwifi: dvm: Fix memcpy: detected field-spanning write backtrace Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 24/86] Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp Greg Kroah-Hartman
2023-05-28 19:09 ` [PATCH 4.14 25/86] staging: rtl8192e: Replace macro RTL_PCI_DEVICE with PCI_DEVICE Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 26/86] HID: logitech-hidpp: Dont use the USB serial for USB devices Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 27/86] HID: logitech-hidpp: Reconcile USB and Unifying serials Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 28/86] spi: spi-imx: fix MX51_ECSPI_* macros when cs > 3 Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 29/86] HID: wacom: generic: Set battery quirk only when we see battery data Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 30/86] serial: 8250: Reinit port->pm on port specific driver unbind Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 31/86] mcb-pci: Reallocate memory region to avoid memory overlapping Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 32/86] sched: Fix KCSAN noinstr violation Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 33/86] recordmcount: Fix memory leaks in the uwrite function Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 34/86] clk: tegra20: fix gcc-7 constant overflow warning Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 35/86] Input: xpad - add constants for GIP interface numbers Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 36/86] phy: st: miphy28lp: use _poll_timeout functions for waits Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 37/86] mfd: dln2: Fix memory leak in dln2_probe() Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 38/86] cpupower: Make TSC read per CPU for Mperf monitor Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 39/86] af_key: Reject optional tunnel/BEET mode templates in outbound policies Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 40/86] net: fec: Better handle pm_runtime_get() failing in .remove() Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 41/86] vsock: avoid to close connected socket after the timeout Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 42/86] media: netup_unidvb: fix use-after-free at del_timer() Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 43/86] net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 44/86] cassini: Fix a memory leak in the error handling path of cas_init_one() Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 45/86] igb: fix bit_shift to be in [1..8] range Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 46/86] vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 47/86] usb-storage: fix deadlock when a scsi command timeouts more than once Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 48/86] ALSA: hda: Fix Oops by 9.1 surround channel names Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 49/86] ALSA: hda: Add NVIDIA codec IDs a3 through a7 to patch table Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 50/86] statfs: enforce statfs[64] structure initialization Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 51/86] serial: Add support for Advantech PCI-1611U card Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 52/86] ceph: force updating the msg pointer in non-split case Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 53/86] nilfs2: fix use-after-free bug of nilfs_root in nilfs_evict_inode() Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 54/86] netfilter: nf_tables: bogus EBUSY in helper removal from transaction Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 55/86] spi: spi-fsl-spi: automatically adapt bits-per-word in cpu mode Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 56/86] spi: fsl-spi: Re-organise transfer bits_per_word adaptation Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 57/86] spi: fsl-cpm: Use 16 bit mode for large transfers with even size Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 58/86] m68k: Move signal frame following exception on 68020/030 Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 59/86] parisc: Allow to reboot machine after system halt Greg Kroah-Hartman
2023-05-28 19:10 ` Greg Kroah-Hartman [this message]
2023-05-28 19:10 ` [PATCH 4.14 61/86] netfilter: nftables: add nft_parse_register_store() and use it Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 62/86] netfilter: nftables: statify nft_parse_register() Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 63/86] netfilter: nf_tables: validate registers coming from userspace Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 64/86] netfilter: nf_tables: add nft_setelem_parse_key() Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 65/86] netfilter: nf_tables: allow up to 64 bytes in the set element data area Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 66/86] netfilter: nf_tables: stricter validation of element data Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 67/86] netfilter: nft_dynset: do not reject set updates with NFT_SET_EVAL Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 68/86] netfilter: nf_tables: do not allow RULE_ID to refer to another chain Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 69/86] netfilter: nf_tables: do not allow SET_ID to refer to another table Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 70/86] netfilter: nf_tables: fix register ordering Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 71/86] x86/mm: Avoid incomplete Global INVLPG flushes Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 72/86] selftests/memfd: Fix unknown type name build failure Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 73/86] USB: core: Add routines for endpoint checks in old drivers Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 74/86] USB: sisusbvga: Add endpoint checks Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 75/86] media: radio-shark: " Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 76/86] net: fix skb leak in __skb_tstamp_tx() Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 77/86] ipv6: Fix out-of-bounds access in ipv6_find_tlv() Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 78/86] power: supply: leds: Fix blink to LED on transition Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 79/86] power: supply: bq27xxx: Fix bq27xxx_battery_update() race condition Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 80/86] power: supply: bq27xxx: Fix I2C IRQ race on remove Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 81/86] power: supply: bq27xxx: Fix poll_interval handling and races " Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 82/86] power: supply: sbs-charger: Fix INHIBITED bit for Status reg Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 83/86] xen/pvcalls-back: fix double frees with pvcalls_new_active_socket() Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 84/86] x86/show_trace_log_lvl: Ensure stack pointer is aligned, again Greg Kroah-Hartman
2023-05-28 19:10 ` [PATCH 4.14 85/86] forcedeth: Fix an error handling path in nv_probe() Greg Kroah-Hartman
2023-05-28 19:11 ` [PATCH 4.14 86/86] 3c589_cs: Fix an error handling path in tc589_probe() Greg Kroah-Hartman
2023-05-29 16:04 ` [PATCH 4.14 00/86] 4.14.316-rc1 review Guenter Roeck
2023-05-29 17:55 ` Naresh Kamboju
2023-05-30 5:17 ` Harshit Mogalapalli
2023-05-30 9:19 ` Jon Hunter
2023-05-30 10:26 ` Pavel Machek
2023-05-30 11:53 ` Chris Paterson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230528190830.829395754@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=patches@lists.linux.dev \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox