[PATCH nf 4/4] netfilter: nf_tables: check set->size before decreasing set->nelems

Taehee Yoo <ap420073@xxxxxxxxx> · Sun, 1 Jul 2018 20:44:32 +0900

set->nelems is increased when set->size is given.
so that checking set->size routine should be added.

Signed-off-by: Taehee Yoo <ap420073@xxxxxxxxx>
---
 net/netfilter/nf_tables_api.c  | 6 ++++--
 net/netfilter/nft_set_hash.c   | 3 ++-
 net/netfilter/nft_set_rbtree.c | 7 ++++---
 3 files changed, 10 insertions(+), 6 deletions(-)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 896d4a3..99a85b6 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -6377,7 +6377,8 @@ static int nf_tables_commit(struct net *net, struct sk_buff *skb)
 						 &te->elem,
 						 NFT_MSG_DELSETELEM, 0);
 			te->set->ops->remove(net, te->set, &te->elem);
-			atomic_dec(&te->set->nelems);
+			if (te->set->size)
+				atomic_dec(&te->set->nelems);
 			te->set->ndeact--;
 			break;
 		case NFT_MSG_NEWOBJ:
@@ -6510,7 +6511,8 @@ static int __nf_tables_abort(struct net *net)
 			te = (struct nft_trans_elem *)trans->data;
 
 			te->set->ops->remove(net, te->set, &te->elem);
-			atomic_dec(&te->set->nelems);
+			if (te->set->size)
+				atomic_dec(&te->set->nelems);
 			break;
 		case NFT_MSG_DELSETELEM:
 			te = (struct nft_trans_elem *)trans->data;
diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c
index ef66824..d736ab1 100644
--- a/net/netfilter/nft_set_hash.c
+++ b/net/netfilter/nft_set_hash.c
@@ -328,7 +328,8 @@ static void nft_rhash_gc(struct work_struct *work)
 		if (gcb == NULL)
 			goto out;
 		rhashtable_remove_fast(&priv->ht, &he->node, nft_rhash_params);
-		atomic_dec(&set->nelems);
+		if (set->size)
+			atomic_dec(&set->nelems);
 		nft_set_gc_batch_add(gcb, he);
 	}
 out:
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
index 1db52b0..de2d6b6 100644
--- a/net/netfilter/nft_set_rbtree.c
+++ b/net/netfilter/nft_set_rbtree.c
@@ -382,8 +382,8 @@ static void nft_rbtree_gc(struct work_struct *work)
 		gcb = nft_set_gc_batch_check(set, gcb, GFP_ATOMIC);
 		if (!gcb)
 			goto out;
-
-		atomic_dec(&set->nelems);
+		if (set->size)
+			atomic_dec(&set->nelems);
 		nft_set_gc_batch_add(gcb, rbe);
 
 		if (interval) {
@@ -398,7 +398,8 @@ static void nft_rbtree_gc(struct work_struct *work)
 			}
 			if (nft_set_elem_mark_busy(&rbe->ext))
 				continue;
-			atomic_dec(&set->nelems);
+			if (set->size)
+				atomic_dec(&set->nelems);
 			nft_set_gc_batch_add(gcb, rbe);
 		}
 	}
-- 
2.9.3

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






