kpriv/linux-hardened
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

netfilter: x_tables: simplify IS_ERR_OR_NULL to NULL test

Browse source 
Since commit 7926dbfa4b ("netfilter: don't use
mutex_lock_interruptible()"), the function xt_find_table_lock can only
return NULL on an error.  Simplify the call sites and update the
comment before the function.

The semantic patch that change the code is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@@
expression t,e;
@@

t = \(xt_find_table_lock(...)\|
      try_then_request_module(xt_find_table_lock(...),...)\)
... when != t=e
- ! IS_ERR_OR_NULL(t)
+ t

@@
expression t,e;
@@

t = \(xt_find_table_lock(...)\|
      try_then_request_module(xt_find_table_lock(...),...)\)
... when != t=e
- IS_ERR_OR_NULL(t)
+ !t

@@
expression t,e,e1;
@@

t = \(xt_find_table_lock(...)\|
      try_then_request_module(xt_find_table_lock(...),...)\)
... when != t=e
?- t ? PTR_ERR(t) : e1
+ e1
... when any

// </smpl>

Signed-off-by: Julia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Julia Lawall 2016-11-11 13:32:38 +01:00 committed by Pablo Neira Ayuso
parent 7e416ad741
commit eb1a6bdc28
4 changed files with 31 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
net/ipv4/netfilter/arp_tables.c
View file

@ -805,7 +805,7 @@ static int get_info(struct net *net, void __user *user,
#endif #endif
t = try_then_request_module(xt_find_table_lock(net, NFPROTO_ARP, name), t = try_then_request_module(xt_find_table_lock(net, NFPROTO_ARP, name),
"arptable_%s", name); "arptable_%s", name);
if (!IS_ERR_OR_NULL(t)) { if (t) {
struct arpt_getinfo info; struct arpt_getinfo info;
const struct xt_table_info *private = t->private; const struct xt_table_info *private = t->private;
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
@ -834,7 +834,7 @@ static int get_info(struct net *net, void __user *user,
xt_table_unlock(t); xt_table_unlock(t);
module_put(t->me); module_put(t->me);
} else } else
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
if (compat) if (compat)
xt_compat_unlock(NFPROTO_ARP); xt_compat_unlock(NFPROTO_ARP);
@ -859,7 +859,7 @@ static int get_entries(struct net *net, struct arpt_get_entries __user *uptr,
get.name[sizeof(get.name) - 1] = '\0'; get.name[sizeof(get.name) - 1] = '\0';
t = xt_find_table_lock(net, NFPROTO_ARP, get.name); t = xt_find_table_lock(net, NFPROTO_ARP, get.name);
if (!IS_ERR_OR_NULL(t)) { if (t) {
const struct xt_table_info *private = t->private; const struct xt_table_info *private = t->private;
if (get.size == private->size) if (get.size == private->size)
@ -871,7 +871,7 @@ static int get_entries(struct net *net, struct arpt_get_entries __user *uptr,
module_put(t->me); module_put(t->me);
xt_table_unlock(t); xt_table_unlock(t);
} else } else
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
return ret; return ret;
} }
@ -898,8 +898,8 @@ static int __do_replace(struct net *net, const char *name,
t = try_then_request_module(xt_find_table_lock(net, NFPROTO_ARP, name), t = try_then_request_module(xt_find_table_lock(net, NFPROTO_ARP, name),
"arptable_%s", name); "arptable_%s", name);
if (IS_ERR_OR_NULL(t)) { if (!t) {
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
goto free_newinfo_counters_untrans; goto free_newinfo_counters_untrans;
} }
@ -1014,8 +1014,8 @@ static int do_add_counters(struct net *net, const void __user *user,
return PTR_ERR(paddc); return PTR_ERR(paddc);
t = xt_find_table_lock(net, NFPROTO_ARP, tmp.name); t = xt_find_table_lock(net, NFPROTO_ARP, tmp.name);
if (IS_ERR_OR_NULL(t)) { if (!t) {
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
goto free; goto free;
} }
@ -1404,7 +1404,7 @@ static int compat_get_entries(struct net *net,
xt_compat_lock(NFPROTO_ARP); xt_compat_lock(NFPROTO_ARP);
t = xt_find_table_lock(net, NFPROTO_ARP, get.name); t = xt_find_table_lock(net, NFPROTO_ARP, get.name);
if (!IS_ERR_OR_NULL(t)) { if (t) {
const struct xt_table_info *private = t->private; const struct xt_table_info *private = t->private;
struct xt_table_info info; struct xt_table_info info;
@ -1419,7 +1419,7 @@ static int compat_get_entries(struct net *net,
module_put(t->me); module_put(t->me);
xt_table_unlock(t); xt_table_unlock(t);
} else } else
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
xt_compat_unlock(NFPROTO_ARP); xt_compat_unlock(NFPROTO_ARP);
return ret; return ret;

20
net/ipv4/netfilter/ip_tables.c
View file

@ -973,7 +973,7 @@ static int get_info(struct net *net, void __user *user,
#endif #endif
t = try_then_request_module(xt_find_table_lock(net, AF_INET, name), t = try_then_request_module(xt_find_table_lock(net, AF_INET, name),
"iptable_%s", name); "iptable_%s", name);
if (!IS_ERR_OR_NULL(t)) { if (t) {
struct ipt_getinfo info; struct ipt_getinfo info;
const struct xt_table_info *private = t->private; const struct xt_table_info *private = t->private;
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
@ -1003,7 +1003,7 @@ static int get_info(struct net *net, void __user *user,
xt_table_unlock(t); xt_table_unlock(t);
module_put(t->me); module_put(t->me);
} else } else
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
if (compat) if (compat)
xt_compat_unlock(AF_INET); xt_compat_unlock(AF_INET);
@ -1028,7 +1028,7 @@ get_entries(struct net *net, struct ipt_get_entries __user *uptr,
get.name[sizeof(get.name) - 1] = '\0'; get.name[sizeof(get.name) - 1] = '\0';
t = xt_find_table_lock(net, AF_INET, get.name); t = xt_find_table_lock(net, AF_INET, get.name);
if (!IS_ERR_OR_NULL(t)) { if (t) {
const struct xt_table_info *private = t->private; const struct xt_table_info *private = t->private;
if (get.size == private->size) if (get.size == private->size)
ret = copy_entries_to_user(private->size, ret = copy_entries_to_user(private->size,
@ -1039,7 +1039,7 @@ get_entries(struct net *net, struct ipt_get_entries __user *uptr,
module_put(t->me); module_put(t->me);
xt_table_unlock(t); xt_table_unlock(t);
} else } else
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
return ret; return ret;
} }
@ -1064,8 +1064,8 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks,
t = try_then_request_module(xt_find_table_lock(net, AF_INET, name), t = try_then_request_module(xt_find_table_lock(net, AF_INET, name),
"iptable_%s", name); "iptable_%s", name);
if (IS_ERR_OR_NULL(t)) { if (!t) {
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
goto free_newinfo_counters_untrans; goto free_newinfo_counters_untrans;
} }
@ -1180,8 +1180,8 @@ do_add_counters(struct net *net, const void __user *user,
return PTR_ERR(paddc); return PTR_ERR(paddc);
t = xt_find_table_lock(net, AF_INET, tmp.name); t = xt_find_table_lock(net, AF_INET, tmp.name);
if (IS_ERR_OR_NULL(t)) { if (!t) {
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
goto free; goto free;
} }
@ -1626,7 +1626,7 @@ compat_get_entries(struct net *net, struct compat_ipt_get_entries __user *uptr,
xt_compat_lock(AF_INET); xt_compat_lock(AF_INET);
t = xt_find_table_lock(net, AF_INET, get.name); t = xt_find_table_lock(net, AF_INET, get.name);
if (!IS_ERR_OR_NULL(t)) { if (t) {
const struct xt_table_info *private = t->private; const struct xt_table_info *private = t->private;
struct xt_table_info info; struct xt_table_info info;
ret = compat_table_info(private, &info); ret = compat_table_info(private, &info);
@ -1640,7 +1640,7 @@ compat_get_entries(struct net *net, struct compat_ipt_get_entries __user *uptr,
module_put(t->me); module_put(t->me);
xt_table_unlock(t); xt_table_unlock(t);
} else } else
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
xt_compat_unlock(AF_INET); xt_compat_unlock(AF_INET);
return ret; return ret;

20
net/ipv6/netfilter/ip6_tables.c
View file

@ -1003,7 +1003,7 @@ static int get_info(struct net *net, void __user *user,
#endif #endif
t = try_then_request_module(xt_find_table_lock(net, AF_INET6, name), t = try_then_request_module(xt_find_table_lock(net, AF_INET6, name),
"ip6table_%s", name); "ip6table_%s", name);
if (!IS_ERR_OR_NULL(t)) { if (t) {
struct ip6t_getinfo info; struct ip6t_getinfo info;
const struct xt_table_info *private = t->private; const struct xt_table_info *private = t->private;
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
@ -1033,7 +1033,7 @@ static int get_info(struct net *net, void __user *user,
xt_table_unlock(t); xt_table_unlock(t);
module_put(t->me); module_put(t->me);
} else } else
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
#ifdef CONFIG_COMPAT #ifdef CONFIG_COMPAT
if (compat) if (compat)
xt_compat_unlock(AF_INET6); xt_compat_unlock(AF_INET6);
@ -1059,7 +1059,7 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr,
get.name[sizeof(get.name) - 1] = '\0'; get.name[sizeof(get.name) - 1] = '\0';
t = xt_find_table_lock(net, AF_INET6, get.name); t = xt_find_table_lock(net, AF_INET6, get.name);
if (!IS_ERR_OR_NULL(t)) { if (t) {
struct xt_table_info *private = t->private; struct xt_table_info *private = t->private;
if (get.size == private->size) if (get.size == private->size)
ret = copy_entries_to_user(private->size, ret = copy_entries_to_user(private->size,
@ -1070,7 +1070,7 @@ get_entries(struct net *net, struct ip6t_get_entries __user *uptr,
module_put(t->me); module_put(t->me);
xt_table_unlock(t); xt_table_unlock(t);
} else } else
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
return ret; return ret;
} }
@ -1095,8 +1095,8 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks,
t = try_then_request_module(xt_find_table_lock(net, AF_INET6, name), t = try_then_request_module(xt_find_table_lock(net, AF_INET6, name),
"ip6table_%s", name); "ip6table_%s", name);
if (IS_ERR_OR_NULL(t)) { if (!t) {
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
goto free_newinfo_counters_untrans; goto free_newinfo_counters_untrans;
} }
@ -1210,8 +1210,8 @@ do_add_counters(struct net *net, const void __user *user, unsigned int len,
if (IS_ERR(paddc)) if (IS_ERR(paddc))
return PTR_ERR(paddc); return PTR_ERR(paddc);
t = xt_find_table_lock(net, AF_INET6, tmp.name); t = xt_find_table_lock(net, AF_INET6, tmp.name);
if (IS_ERR_OR_NULL(t)) { if (!t) {
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
goto free; goto free;
} }
@ -1647,7 +1647,7 @@ compat_get_entries(struct net *net, struct compat_ip6t_get_entries __user *uptr,
xt_compat_lock(AF_INET6); xt_compat_lock(AF_INET6);
t = xt_find_table_lock(net, AF_INET6, get.name); t = xt_find_table_lock(net, AF_INET6, get.name);
if (!IS_ERR_OR_NULL(t)) { if (t) {
const struct xt_table_info *private = t->private; const struct xt_table_info *private = t->private;
struct xt_table_info info; struct xt_table_info info;
ret = compat_table_info(private, &info); ret = compat_table_info(private, &info);
@ -1661,7 +1661,7 @@ compat_get_entries(struct net *net, struct compat_ip6t_get_entries __user *uptr,
module_put(t->me); module_put(t->me);
xt_table_unlock(t); xt_table_unlock(t);
} else } else
ret = t ? PTR_ERR(t) : -ENOENT; ret = -ENOENT;
xt_compat_unlock(AF_INET6); xt_compat_unlock(AF_INET6);
return ret; return ret;

2
net/netfilter/x_tables.c
View file

@ -982,7 +982,7 @@ void xt_free_table_info(struct xt_table_info *info)
} }
EXPORT_SYMBOL(xt_free_table_info); EXPORT_SYMBOL(xt_free_table_info);
/* Find table by name, grabs mutex & ref. Returns ERR_PTR() on error. */ /* Find table by name, grabs mutex & ref. Returns NULL on error. */
struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af, struct xt_table *xt_find_table_lock(struct net *net, u_int8_t af,
const char *name) const char *name)
{ {