netfilter: nfnetlink: pass down netns pointer to call() and call_rcu()

Backport patch from Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/configure.ac b/configure.ac
index 6627ee78307beba46d43b6cadc312276532a76b5..43d3923cf1df2be333b4966621423dc7ca73d14d 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -426,6 +426,17 @@ else
        AC_SUBST(HAVE_NLA_PUT_IN_ADDR, undef)
 fi
 
+AC_MSG_CHECKING([kernel source for struct net in struct nfnl_callback])
+if test -f $ksourcedir/include/linux/netfilter/nfnetlink.h && \
+   $AWK '/^struct nfnl_callback / {for(i=1; i<=3; i++) {getline; print}}' $ksourcedir/include/linux/netfilter/nfnetlink.h | \
+   $GREP -q 'struct net'; then
+       AC_MSG_RESULT(yes)
+       AC_SUBST(HAVE_NET_IN_NFNL_CALLBACK_FN, define)
+else
+       AC_MSG_RESULT(no)
+       AC_SUBST(HAVE_NET_IN_NFNL_CALLBACK_FN, undef)
+fi
+
 AC_MSG_CHECKING([kernel source for struct net_generic])
 if test -f $ksourcedir/include/net/netns/generic.h && \
    $GREP -q 'struct net_generic' $ksourcedir/include/net/netns/generic.h; then

diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
index 33f14eb7497b64d57eaff5f403f910c464e5eef5..f08f538d25b217e50538a9650b0b2c7385907140 100644 (file)
--- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
+++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in
@@ -30,6 +30,7 @@
 #@HAVE_ETHER_ADDR_COPY@ HAVE_ETHER_ADDR_COPY
 #@HAVE_NF_BRIDGE_GET_PHYSDEV@ HAVE_NF_BRIDGE_GET_PHYSDEV
 #@HAVE_NLA_PUT_IN_ADDR@ HAVE_NLA_PUT_IN_ADDR
+#@HAVE_NET_IN_NFNL_CALLBACK_FN@ HAVE_NET_IN_NFNL_CALLBACK_FN
 
 #ifdef HAVE_EXPORT_H
 #include <linux/export.h>
@@ -252,6 +253,14 @@ static inline int nla_put_in6_addr(struct sk_buff *skb, int attrtype,
 }
 #endif
 
+#ifdef HAVE_NET_IN_NFNL_CALLBACK_FN
+#define IPSET_CBFN(fn, net, nl, skb, nlh, cda) fn(net, nl, skb, nlh, cda)
+#define IPSET_SOCK_NET(net, ctnl)              net
+#else
+#define IPSET_CBFN(fn, net, nl, skb, nlh, cda) fn(nl, skb, nlh, cda)
+#define IPSET_SOCK_NET(net, ctnl)              sock_net(ctnl)
+#endif
+
 #ifndef smp_mb__before_atomic
 #define smp_mb__before_atomic()        smp_mb()
 #define smp_mb__after_atomic() smp_mb()

diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index d7e2a15fb74e773f5e260f2dd30d994818b565b9..31a6954b6baeee51081c975b2ef5ccd56bb20e24 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -834,19 +834,19 @@ find_free_id(struct ip_set_net *inst, const char *name, ip_set_id_t *index,
 }
 
 static int
-ip_set_none(struct sock *ctnl, struct sk_buff *skb,
-           const struct nlmsghdr *nlh,
-           const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_none, struct net *net, struct sock *ctnl,
+          struct sk_buff *skb, const struct nlmsghdr *nlh,
+          const struct nlattr * const attr[])
 {
        return -EOPNOTSUPP;
 }
 
 static int
-ip_set_create(struct sock *ctnl, struct sk_buff *skb,
-             const struct nlmsghdr *nlh,
-             const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_create, struct net *n, struct sock *ctnl,
+          struct sk_buff *skb, const struct nlmsghdr *nlh,
+          const struct nlattr * const attr[])
 {
-       struct net *net = sock_net(ctnl);
+       struct net *net = IPSET_SOCK_NET(n, ctnl);
        struct ip_set_net *inst = ip_set_pernet(net);
        struct ip_set *set, *clash = NULL;
        ip_set_id_t index = IPSET_INVALID_ID;
@@ -985,11 +985,11 @@ ip_set_destroy_set(struct ip_set *set)
 }
 
 static int
-ip_set_destroy(struct sock *ctnl, struct sk_buff *skb,
-              const struct nlmsghdr *nlh,
-              const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_destroy, struct net *net, struct sock *ctnl,
+          struct sk_buff *skb, const struct nlmsghdr *nlh,
+          const struct nlattr * const attr[])
 {
-       struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+       struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
        struct ip_set *s;
        ip_set_id_t i;
        int ret = 0;
@@ -1061,11 +1061,11 @@ ip_set_flush_set(struct ip_set *set)
 }
 
 static int
-ip_set_flush(struct sock *ctnl, struct sk_buff *skb,
-            const struct nlmsghdr *nlh,
-            const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_flush, struct net *net, struct sock *ctnl,
+          struct sk_buff *skb, const struct nlmsghdr *nlh,
+          const struct nlattr * const attr[])
 {
-       struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+       struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
        struct ip_set *s;
        ip_set_id_t i;
 
@@ -1101,11 +1101,11 @@ ip_set_setname2_policy[IPSET_ATTR_CMD_MAX + 1] = {
 };
 
 static int
-ip_set_rename(struct sock *ctnl, struct sk_buff *skb,
-             const struct nlmsghdr *nlh,
-             const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_rename, struct net *net, struct sock *ctnl,
+          struct sk_buff *skb, const struct nlmsghdr *nlh,
+          const struct nlattr * const attr[])
 {
-       struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+       struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
        struct ip_set *set, *s;
        const char *name2;
        ip_set_id_t i;
@@ -1151,11 +1151,11 @@ out:
  */
 
 static int
-ip_set_swap(struct sock *ctnl, struct sk_buff *skb,
-           const struct nlmsghdr *nlh,
-           const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_swap, struct net *net, struct sock *ctnl,
+          struct sk_buff *skb, const struct nlmsghdr *nlh,
+          const struct nlattr * const attr[])
 {
-       struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+       struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
        struct ip_set *from, *to;
        ip_set_id_t from_id, to_id;
        char from_name[IPSET_MAXNAMELEN];
@@ -1422,9 +1422,9 @@ out:
 }
 
 static int
-ip_set_dump(struct sock *ctnl, struct sk_buff *skb,
-           const struct nlmsghdr *nlh,
-           const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_dump, struct net *net, struct sock *ctnl,
+          struct sk_buff *skb, const struct nlmsghdr *nlh,
+          const struct nlattr * const attr[])
 {
        if (unlikely(protocol_failed(attr)))
                return -IPSET_ERR_PROTOCOL;
@@ -1519,11 +1519,11 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set,
 }
 
 static int
-ip_set_uadd(struct sock *ctnl, struct sk_buff *skb,
-           const struct nlmsghdr *nlh,
-           const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_uadd, struct net *net, struct sock *ctnl,
+          struct sk_buff *skb, const struct nlmsghdr *nlh,
+          const struct nlattr * const attr[])
 {
-       struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+       struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
        struct ip_set *set;
        struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};
        const struct nlattr *nla;
@@ -1574,11 +1574,11 @@ ip_set_uadd(struct sock *ctnl, struct sk_buff *skb,
 }
 
 static int
-ip_set_udel(struct sock *ctnl, struct sk_buff *skb,
-           const struct nlmsghdr *nlh,
-           const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_udel, struct net *net, struct sock *ctnl,
+          struct sk_buff *skb, const struct nlmsghdr *nlh,
+          const struct nlattr * const attr[])
 {
-       struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+       struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
        struct ip_set *set;
        struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};
        const struct nlattr *nla;
@@ -1629,11 +1629,12 @@ ip_set_udel(struct sock *ctnl, struct sk_buff *skb,
 }
 
 static int
-ip_set_utest(struct sock *ctnl, struct sk_buff *skb,
-            const struct nlmsghdr *nlh,
-            const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_utest, struct net *net, struct sock *ctnl,
+          struct sk_buff *skb,
+          const struct nlmsghdr *nlh,
+          const struct nlattr * const attr[])
 {
-       struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+       struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
        struct ip_set *set;
        struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};
        int ret = 0;
@@ -1665,11 +1666,11 @@ ip_set_utest(struct sock *ctnl, struct sk_buff *skb,
 /* Get headed data of a set */
 
 static int
-ip_set_header(struct sock *ctnl, struct sk_buff *skb,
-             const struct nlmsghdr *nlh,
-             const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_header, struct net *net, struct sock *ctnl,
+          struct sk_buff *skb, const struct nlmsghdr *nlh,
+          const struct nlattr * const attr[])
 {
-       struct ip_set_net *inst = ip_set_pernet(sock_net(ctnl));
+       struct ip_set_net *inst = ip_set_pernet(IPSET_SOCK_NET(net, ctnl));
        const struct ip_set *set;
        struct sk_buff *skb2;
        struct nlmsghdr *nlh2;
@@ -1722,9 +1723,9 @@ static const struct nla_policy ip_set_type_policy[IPSET_ATTR_CMD_MAX + 1] = {
 };
 
 static int
-ip_set_type(struct sock *ctnl, struct sk_buff *skb,
-           const struct nlmsghdr *nlh,
-           const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_type, struct net *net, struct sock *ctnl,
+          struct sk_buff *skb, const struct nlmsghdr *nlh,
+          const struct nlattr * const attr[])
 {
        struct sk_buff *skb2;
        struct nlmsghdr *nlh2;
@@ -1781,9 +1782,9 @@ ip_set_protocol_policy[IPSET_ATTR_CMD_MAX + 1] = {
 };
 
 static int
-ip_set_protocol(struct sock *ctnl, struct sk_buff *skb,
-               const struct nlmsghdr *nlh,
-               const struct nlattr * const attr[])
+IPSET_CBFN(ip_set_protocol, struct net *net, struct sock *ctnl,
+          struct sk_buff *skb, const struct nlmsghdr *nlh,
+          const struct nlattr * const attr[])
 {
        struct sk_buff *skb2;
        struct nlmsghdr *nlh2;