From 2c9ec23d25766a71ed3f262007b8f2211cd4a769 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Mon, 11 Sep 2017 20:45:44 +0200 Subject: [PATCH] Backport patch: netlink: pass extended ACK struct to parsing functions --- configure.ac | 10 +++++ .../linux/netfilter/ipset/ip_set_compat.h.in | 9 +++++ kernel/net/netfilter/ipset/ip_set_core.c | 39 ++++++++++--------- 3 files changed, 39 insertions(+), 19 deletions(-) diff --git a/configure.ac b/configure.ac index 2c6354f..c818557 100644 --- a/configure.ac +++ b/configure.ac @@ -559,6 +559,16 @@ else AC_SUBST(HAVE_NETLINK_EXTENDED_ACK, undef) fi +AC_MSG_CHECKING([kernel source for passing extended ACK struct to parsing functions]) +if test -f $ksourcedir/include/linux/netlink.h && \ + $AWK '/^static inline int nla_parse_nested/ {for(i=1; i<=4; i++) {getline; print}}' $ksourcedir/include/linux/netlink.h | $GREP -q 'struct netlink_ext_ack'; then + AC_MSG_RESULT(yes) + AC_SUBST(HAVE_PASSING_EXTENDED_ACK_TO_PARSERS, define) +else + AC_MSG_RESULT(no) + AC_SUBST(HAVE_PASSING_EXTENDED_ACK_TO_PARSERS, undef) +fi + AC_MSG_CHECKING([kernel source for struct net_generic]) if test -f $ksourcedir/include/net/netns/generic.h && \ $GREP -q 'struct net_generic' $ksourcedir/include/net/netns/generic.h; then diff --git a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in index fd1696b..36eecee 100644 --- a/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in +++ b/kernel/include/linux/netfilter/ipset/ip_set_compat.h.in @@ -40,6 +40,7 @@ #@HAVE_XT_NET@ HAVE_XT_NET #@HAVE_NFNL_MSG_TYPE@ HAVE_NFNL_MSG_TYPE #@HAVE_NETLINK_EXTENDED_ACK@ HAVE_NETLINK_EXTENDED_ACK +#@HAVE_PASSING_EXTENDED_ACK_TO_PARSERS@ HAVE_PASSING_EXTENDED_ACK_TO_PARSERS #ifdef HAVE_EXPORT_SYMBOL_GPL_IN_MODULE_H #include @@ -311,6 +312,14 @@ static inline u16 nfnl_msg_type(u8 subsys, u8 msg_type) #define NETLINK_ACK(in_skb, nlh, err, extack) netlink_ack(in_skb, nlh, err) #endif +#ifdef HAVE_PASSING_EXTENDED_ACK_TO_PARSERS +#define NLA_PARSE(t, m, h, l, p, e) nla_parse(t, m, h, l, p, e) +#define NLA_PARSE_NESTED(t, m, n, p, e) nla_parse_nested(t, m, n, p, e) +#else +#define NLA_PARSE(t, m, h, l, p, e) nla_parse(t, m, h, l, p) +#define NLA_PARSE_NESTED(t, m, n, p, e) nla_parse_nested(t, m, n, p) +#endif + #ifdef HAVE_STATE_IN_XT_ACTION_PARAM #define XAP_STATE(par) (par->state) #else diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index d7ef329..6d6c1d7 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -300,7 +300,8 @@ ip_set_get_ipaddr4(struct nlattr *nla, __be32 *ipaddr) if (unlikely(!flag_nested(nla))) return -IPSET_ERR_PROTOCOL; - if (nla_parse_nested(tb, IPSET_ATTR_IPADDR_MAX, nla, ipaddr_policy)) + if (NLA_PARSE_NESTED(tb, IPSET_ATTR_IPADDR_MAX, nla, + ipaddr_policy, NULL)) return -IPSET_ERR_PROTOCOL; if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_IPADDR_IPV4))) return -IPSET_ERR_PROTOCOL; @@ -318,7 +319,8 @@ ip_set_get_ipaddr6(struct nlattr *nla, union nf_inet_addr *ipaddr) if (unlikely(!flag_nested(nla))) return -IPSET_ERR_PROTOCOL; - if (nla_parse_nested(tb, IPSET_ATTR_IPADDR_MAX, nla, ipaddr_policy)) + if (NLA_PARSE_NESTED(tb, IPSET_ATTR_IPADDR_MAX, nla, + ipaddr_policy, NULL)) return -IPSET_ERR_PROTOCOL; if (unlikely(!ip_set_attr_netorder(tb, IPSET_ATTR_IPADDR_IPV6))) return -IPSET_ERR_PROTOCOL; @@ -913,8 +915,8 @@ IPSET_CBFN(ip_set_create, struct net *n, struct sock *ctnl, /* Without holding any locks, create private part. */ if (attr[IPSET_ATTR_DATA] && - nla_parse_nested(tb, IPSET_ATTR_CREATE_MAX, attr[IPSET_ATTR_DATA], - set->type->create_policy)) { + NLA_PARSE_NESTED(tb, IPSET_ATTR_CREATE_MAX, attr[IPSET_ATTR_DATA], + set->type->create_policy, NULL)) { ret = -IPSET_ERR_PROTOCOL; goto put_out; } @@ -1269,8 +1271,8 @@ dump_init(struct netlink_callback *cb, struct ip_set_net *inst) ip_set_id_t index; /* Second pass, so parser can't fail */ - nla_parse(cda, IPSET_ATTR_CMD_MAX, - attr, nlh->nlmsg_len - min_len, ip_set_setname_policy); + NLA_PARSE(cda, IPSET_ATTR_CMD_MAX, attr, nlh->nlmsg_len - min_len, + ip_set_setname_policy, NULL); if (cda[IPSET_ATTR_SETNAME]) { struct ip_set *set; @@ -1524,9 +1526,8 @@ call_ad(struct sock *ctnl, struct sk_buff *skb, struct ip_set *set, memcpy(&errmsg->msg, nlh, nlh->nlmsg_len); cmdattr = (void *)&errmsg->msg + min_len; - nla_parse(cda, IPSET_ATTR_CMD_MAX, - cmdattr, nlh->nlmsg_len - min_len, - ip_set_adt_policy); + NLA_PARSE(cda, IPSET_ATTR_CMD_MAX, cmdattr, + nlh->nlmsg_len - min_len, ip_set_adt_policy, NULL); errline = nla_data(cda[IPSET_ATTR_LINENO]); @@ -1571,9 +1572,9 @@ IPSET_CBFN(ip_set_uadd, struct net *net, struct sock *ctnl, use_lineno = !!attr[IPSET_ATTR_LINENO]; if (attr[IPSET_ATTR_DATA]) { - if (nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, + if (NLA_PARSE_NESTED(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA], - set->type->adt_policy)) + set->type->adt_policy, NULL)) return -IPSET_ERR_PROTOCOL; ret = call_ad(ctnl, skb, set, tb, IPSET_ADD, flags, use_lineno); @@ -1584,8 +1585,8 @@ IPSET_CBFN(ip_set_uadd, struct net *net, struct sock *ctnl, memset(tb, 0, sizeof(tb)); if (nla_type(nla) != IPSET_ATTR_DATA || !flag_nested(nla) || - nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, nla, - set->type->adt_policy)) + NLA_PARSE_NESTED(tb, IPSET_ATTR_ADT_MAX, nla, + set->type->adt_policy, NULL)) return -IPSET_ERR_PROTOCOL; ret = call_ad(ctnl, skb, set, tb, IPSET_ADD, flags, use_lineno); @@ -1626,9 +1627,9 @@ IPSET_CBFN(ip_set_udel, struct net *net, struct sock *ctnl, use_lineno = !!attr[IPSET_ATTR_LINENO]; if (attr[IPSET_ATTR_DATA]) { - if (nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, + if (NLA_PARSE_NESTED(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA], - set->type->adt_policy)) + set->type->adt_policy, NULL)) return -IPSET_ERR_PROTOCOL; ret = call_ad(ctnl, skb, set, tb, IPSET_DEL, flags, use_lineno); @@ -1639,8 +1640,8 @@ IPSET_CBFN(ip_set_udel, struct net *net, struct sock *ctnl, memset(tb, 0, sizeof(*tb)); if (nla_type(nla) != IPSET_ATTR_DATA || !flag_nested(nla) || - nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, nla, - set->type->adt_policy)) + NLA_PARSE_NESTED(tb, IPSET_ATTR_ADT_MAX, nla, + set->type->adt_policy, NULL)) return -IPSET_ERR_PROTOCOL; ret = call_ad(ctnl, skb, set, tb, IPSET_DEL, flags, use_lineno); @@ -1672,8 +1673,8 @@ IPSET_CBFN(ip_set_utest, struct net *net, struct sock *ctnl, if (!set) return -ENOENT; - if (nla_parse_nested(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA], - set->type->adt_policy)) + if (NLA_PARSE_NESTED(tb, IPSET_ATTR_ADT_MAX, attr[IPSET_ATTR_DATA], + set->type->adt_policy, NULL)) return -IPSET_ERR_PROTOCOL; rcu_read_lock_bh(); -- 2.40.0