Skip to content

Commit 8dddd32

Browse files
Florian Westphalummakynes
Florian Westphal
authored and
ummakynes
committed
netfilter: arp_tables: simplify translate_compat_table args
Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
1 parent 329a080 commit 8dddd32

File tree

1 file changed

+36
-46
lines changed

1 file changed

+36
-46
lines changed

net/ipv4/netfilter/arp_tables.c

Lines changed: 36 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -1214,6 +1214,18 @@ static int do_add_counters(struct net *net, const void __user *user,
12141214
}
12151215

12161216
#ifdef CONFIG_COMPAT
1217+
struct compat_arpt_replace {
1218+
char name[XT_TABLE_MAXNAMELEN];
1219+
u32 valid_hooks;
1220+
u32 num_entries;
1221+
u32 size;
1222+
u32 hook_entry[NF_ARP_NUMHOOKS];
1223+
u32 underflow[NF_ARP_NUMHOOKS];
1224+
u32 num_counters;
1225+
compat_uptr_t counters;
1226+
struct compat_arpt_entry entries[0];
1227+
};
1228+
12171229
static inline void compat_release_entry(struct compat_arpt_entry *e)
12181230
{
12191231
struct xt_entry_target *t;
@@ -1229,8 +1241,7 @@ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e,
12291241
const unsigned char *base,
12301242
const unsigned char *limit,
12311243
const unsigned int *hook_entries,
1232-
const unsigned int *underflows,
1233-
const char *name)
1244+
const unsigned int *underflows)
12341245
{
12351246
struct xt_entry_target *t;
12361247
struct xt_target *target;
@@ -1301,7 +1312,7 @@ check_compat_entry_size_and_hooks(struct compat_arpt_entry *e,
13011312

13021313
static int
13031314
compat_copy_entry_from_user(struct compat_arpt_entry *e, void **dstptr,
1304-
unsigned int *size, const char *name,
1315+
unsigned int *size,
13051316
struct xt_table_info *newinfo, unsigned char *base)
13061317
{
13071318
struct xt_entry_target *t;
@@ -1334,14 +1345,9 @@ compat_copy_entry_from_user(struct compat_arpt_entry *e, void **dstptr,
13341345
return ret;
13351346
}
13361347

1337-
static int translate_compat_table(const char *name,
1338-
unsigned int valid_hooks,
1339-
struct xt_table_info **pinfo,
1348+
static int translate_compat_table(struct xt_table_info **pinfo,
13401349
void **pentry0,
1341-
unsigned int total_size,
1342-
unsigned int number,
1343-
unsigned int *hook_entries,
1344-
unsigned int *underflows)
1350+
const struct compat_arpt_replace *compatr)
13451351
{
13461352
unsigned int i, j;
13471353
struct xt_table_info *newinfo, *info;
@@ -1353,8 +1359,8 @@ static int translate_compat_table(const char *name,
13531359

13541360
info = *pinfo;
13551361
entry0 = *pentry0;
1356-
size = total_size;
1357-
info->number = number;
1362+
size = compatr->size;
1363+
info->number = compatr->num_entries;
13581364

13591365
/* Init all hooks to impossible value. */
13601366
for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
@@ -1365,40 +1371,39 @@ static int translate_compat_table(const char *name,
13651371
duprintf("translate_compat_table: size %u\n", info->size);
13661372
j = 0;
13671373
xt_compat_lock(NFPROTO_ARP);
1368-
xt_compat_init_offsets(NFPROTO_ARP, number);
1374+
xt_compat_init_offsets(NFPROTO_ARP, compatr->num_entries);
13691375
/* Walk through entries, checking offsets. */
1370-
xt_entry_foreach(iter0, entry0, total_size) {
1376+
xt_entry_foreach(iter0, entry0, compatr->size) {
13711377
ret = check_compat_entry_size_and_hooks(iter0, info, &size,
13721378
entry0,
1373-
entry0 + total_size,
1374-
hook_entries,
1375-
underflows,
1376-
name);
1379+
entry0 + compatr->size,
1380+
compatr->hook_entry,
1381+
compatr->underflow);
13771382
if (ret != 0)
13781383
goto out_unlock;
13791384
++j;
13801385
}
13811386

13821387
ret = -EINVAL;
1383-
if (j != number) {
1388+
if (j != compatr->num_entries) {
13841389
duprintf("translate_compat_table: %u not %u entries\n",
1385-
j, number);
1390+
j, compatr->num_entries);
13861391
goto out_unlock;
13871392
}
13881393

13891394
/* Check hooks all assigned */
13901395
for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
13911396
/* Only hooks which are valid */
1392-
if (!(valid_hooks & (1 << i)))
1397+
if (!(compatr->valid_hooks & (1 << i)))
13931398
continue;
13941399
if (info->hook_entry[i] == 0xFFFFFFFF) {
13951400
duprintf("Invalid hook entry %u %u\n",
1396-
i, hook_entries[i]);
1401+
i, info->hook_entry[i]);
13971402
goto out_unlock;
13981403
}
13991404
if (info->underflow[i] == 0xFFFFFFFF) {
14001405
duprintf("Invalid underflow %u %u\n",
1401-
i, underflows[i]);
1406+
i, info->underflow[i]);
14021407
goto out_unlock;
14031408
}
14041409
}
@@ -1408,17 +1413,17 @@ static int translate_compat_table(const char *name,
14081413
if (!newinfo)
14091414
goto out_unlock;
14101415

1411-
newinfo->number = number;
1416+
newinfo->number = compatr->num_entries;
14121417
for (i = 0; i < NF_ARP_NUMHOOKS; i++) {
14131418
newinfo->hook_entry[i] = info->hook_entry[i];
14141419
newinfo->underflow[i] = info->underflow[i];
14151420
}
14161421
entry1 = newinfo->entries;
14171422
pos = entry1;
1418-
size = total_size;
1419-
xt_entry_foreach(iter0, entry0, total_size) {
1423+
size = compatr->size;
1424+
xt_entry_foreach(iter0, entry0, compatr->size) {
14201425
ret = compat_copy_entry_from_user(iter0, &pos, &size,
1421-
name, newinfo, entry1);
1426+
newinfo, entry1);
14221427
if (ret != 0)
14231428
break;
14241429
}
@@ -1428,7 +1433,7 @@ static int translate_compat_table(const char *name,
14281433
goto free_newinfo;
14291434

14301435
ret = -ELOOP;
1431-
if (!mark_source_chains(newinfo, valid_hooks, entry1))
1436+
if (!mark_source_chains(newinfo, compatr->valid_hooks, entry1))
14321437
goto free_newinfo;
14331438

14341439
i = 0;
@@ -1439,7 +1444,7 @@ static int translate_compat_table(const char *name,
14391444
break;
14401445
}
14411446

1442-
ret = check_target(iter1, name);
1447+
ret = check_target(iter1, compatr->name);
14431448
if (ret != 0) {
14441449
xt_percpu_counter_free(iter1->counters.pcnt);
14451450
break;
@@ -1481,7 +1486,7 @@ static int translate_compat_table(const char *name,
14811486
free_newinfo:
14821487
xt_free_table_info(newinfo);
14831488
out:
1484-
xt_entry_foreach(iter0, entry0, total_size) {
1489+
xt_entry_foreach(iter0, entry0, compatr->size) {
14851490
if (j-- == 0)
14861491
break;
14871492
compat_release_entry(iter0);
@@ -1493,18 +1498,6 @@ static int translate_compat_table(const char *name,
14931498
goto out;
14941499
}
14951500

1496-
struct compat_arpt_replace {
1497-
char name[XT_TABLE_MAXNAMELEN];
1498-
u32 valid_hooks;
1499-
u32 num_entries;
1500-
u32 size;
1501-
u32 hook_entry[NF_ARP_NUMHOOKS];
1502-
u32 underflow[NF_ARP_NUMHOOKS];
1503-
u32 num_counters;
1504-
compat_uptr_t counters;
1505-
struct compat_arpt_entry entries[0];
1506-
};
1507-
15081501
static int compat_do_replace(struct net *net, void __user *user,
15091502
unsigned int len)
15101503
{
@@ -1537,10 +1530,7 @@ static int compat_do_replace(struct net *net, void __user *user,
15371530
goto free_newinfo;
15381531
}
15391532

1540-
ret = translate_compat_table(tmp.name, tmp.valid_hooks,
1541-
&newinfo, &loc_cpu_entry, tmp.size,
1542-
tmp.num_entries, tmp.hook_entry,
1543-
tmp.underflow);
1533+
ret = translate_compat_table(&newinfo, &loc_cpu_entry, &tmp);
15441534
if (ret != 0)
15451535
goto free_newinfo;
15461536

0 commit comments

Comments
 (0)