On 2020-07-03 09:36, Paul Moore wrote:
> Commit 142240398e50 ("audit: add gfp parameter to audit_log_nfcfg")
> incorrectly passed gfp flags to audit_log_nfcfg() which were not
> consistent with the calling function, this commit fixes that.
>
> Fixes: 142240398e50 ("audit: add gfp parameter to audit_log_nfcfg")
> Reported-by: Jones Desougi <jones.desougi+netfilter@xxxxxxxxx>
> Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
Looks good to me. For what it's worth:
Reviewed-by: Richard Guy Briggs <rgb@xxxxxxxxxx>
> ---
> net/netfilter/nf_tables_api.c | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index f7ff91479647..886e64291f41 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -5953,7 +5953,7 @@ static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
> goto cont;
>
> if (reset) {
> - char *buf = kasprintf(GFP_KERNEL,
> + char *buf = kasprintf(GFP_ATOMIC,
> "%s:%llu;?:0",
> table->name,
> table->handle);
> @@ -5962,7 +5962,7 @@ static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
> family,
> obj->handle,
> AUDIT_NFT_OP_OBJ_RESET,
> - GFP_KERNEL);
> + GFP_ATOMIC);
> kfree(buf);
> }
>
> @@ -6084,7 +6084,7 @@ static int nf_tables_getobj(struct net *net, struct sock *nlsk,
> family,
> obj->handle,
> AUDIT_NFT_OP_OBJ_RESET,
> - GFP_KERNEL);
> + GFP_ATOMIC);
> kfree(buf);
> }
>
> @@ -6172,7 +6172,7 @@ void nft_obj_notify(struct net *net, const struct nft_table *table,
> event == NFT_MSG_NEWOBJ ?
> AUDIT_NFT_OP_OBJ_REGISTER :
> AUDIT_NFT_OP_OBJ_UNREGISTER,
> - GFP_KERNEL);
> + gfp);
> kfree(buf);
>
> if (!report &&
>
- RGB
--
Richard Guy Briggs <rgb@xxxxxxxxxx>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635
