Message ID | 20240311141454.31537-1-tianquan23@gmail.com |
---|---|
State | New |
Headers | show |
Series | [v3,nf-next,1/2] netfilter: nf_tables: use struct nlattr * to store userdata for nft_table | expand |
Quan Tian <tianquan23@gmail.com> wrote: > u32 nlpid; > char *name; > - u16 udlen; > - u8 *udata; > + struct nlattr *udata; I missed this detail. As Pablo pointed out this pointer now needs a __rcu annotation. And this needs something like: struct nlattr *udata = rcu_dereference(table->udata); if (udata) { if (nla_put(skb, NFTA_TABLE_USERDATA, nla_len(udata), nla_data(udata))) > + if (nla_put(skb, NFTA_TABLE_USERDATA, nla_len(table->udata), > + nla_data(table->udata))) ... because this version can observe different table->udata for nla_len() and nla_data() calls if the swap() has the "right" / "wrong" timing.
On Tue, Mar 12, 2024 at 03:05:35PM +0100, Florian Westphal wrote: > Quan Tian <tianquan23@gmail.com> wrote: > > u32 nlpid; > > char *name; > > - u16 udlen; > > - u8 *udata; > > + struct nlattr *udata; May I suggest to use our own data structure, instead of using nlattr? It is just a bit misleading to the reader. But maybe I need to get used to this and that's all, your call. Thanks.
Pablo Neira Ayuso <pablo@netfilter.org> wrote: > > > + struct nlattr *udata; > > May I suggest to use our own data structure, instead of using nlattr? > It is just a bit misleading to the reader. > > But maybe I need to get used to this and that's all, your call. I have no preference. I thought reusing nlattr was simpler because you can just kmemdup the nlattr+header. I'll leave it up to patch author, no strong opinion either.
On Tue, Mar 12, 2024 at 03:34:44PM +0100, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@netfilter.org> wrote: > > > > + struct nlattr *udata; > > > > May I suggest to use our own data structure, instead of using nlattr? > > It is just a bit misleading to the reader. > > > > But maybe I need to get used to this and that's all, your call. > > I have no preference. I thought reusing nlattr was simpler > because you can just kmemdup the nlattr+header. > > I'll leave it up to patch author, no strong opinion either. I found an existing struct nft_userdata defined in nf_tables.h and used by nft_rule. Perhaps I could reuse it for nft_table? Its struct is as below: struct nft_userdata { u8 len; unsigned char data[]; };
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index e27c28b612e4..144dc469ebf8 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -1248,7 +1248,6 @@ static inline void nft_use_inc_restore(u32 *use) * @genmask: generation mask * @nlpid: netlink port ID * @name: name of the table - * @udlen: length of the user data * @udata: user data * @validate_state: internal, set when transaction adds jumps */ @@ -1267,8 +1266,7 @@ struct nft_table { genmask:2; u32 nlpid; char *name; - u16 udlen; - u8 *udata; + struct nlattr *udata; u8 validate_state; }; diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 224e5fb6a916..85088297dd0d 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -183,6 +183,11 @@ static void nft_trans_destroy(struct nft_trans *trans) kfree(trans); } +static struct nlattr *nft_userdata_dup(const struct nlattr *udata, gfp_t gfp) +{ + return kmemdup(udata, nla_total_size(nla_len(udata)), gfp); +} + static void __nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set, bool bind) { @@ -983,7 +988,8 @@ static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net, goto nla_put_failure; if (table->udata) { - if (nla_put(skb, NFTA_TABLE_USERDATA, table->udlen, table->udata)) + if (nla_put(skb, NFTA_TABLE_USERDATA, nla_len(table->udata), + nla_data(table->udata))) goto nla_put_failure; } @@ -1398,11 +1404,10 @@ static int nf_tables_newtable(struct sk_buff *skb, const struct nfnl_info *info, goto err_strdup; if (nla[NFTA_TABLE_USERDATA]) { - table->udata = nla_memdup(nla[NFTA_TABLE_USERDATA], GFP_KERNEL_ACCOUNT); + table->udata = nft_userdata_dup(nla[NFTA_TABLE_USERDATA], + GFP_KERNEL_ACCOUNT); if (table->udata == NULL) goto err_table_udata; - - table->udlen = nla_len(nla[NFTA_TABLE_USERDATA]); } err = rhltable_init(&table->chains_ht, &nft_chain_ht_params);
To prepare for the support for table comment updates, the patch changes to store userdata in struct nlattr *, which can be updated atomically on updates. Signed-off-by: Quan Tian <tianquan23@gmail.com> --- v2: Change to store userdata in struct nlattr * to ensure atomical update v3: Extract a helper function to duplicate userdata include/net/netfilter/nf_tables.h | 4 +--- net/netfilter/nf_tables_api.c | 13 +++++++++---- 2 files changed, 10 insertions(+), 7 deletions(-)