netfilter: nf_tables: make all set structs const

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

They do not need to be writeable anymore.

v2: remove left-over __read_mostly annotation in set_pipapo.c (Stefano)

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by

Pablo Neira Ayuso 6 years ago 24d19826 e32a4dc6

+14 -34

7 changed files

expand all

include

net

netfilter

nf_tables.h

nf_tables_core.h

net

netfilter

nf_tables_api.c

nft_set_bitmap.c

nft_set_hash.c

nft_set_pipapo.c

nft_set_rbtree.c

-4

include/net/netfilter/nf_tables.h

··· 385 385 * struct nft_set_type - nf_tables set type 386 386 * 387 387 * @ops: set ops for this type 388 - * @list: used internally 389 - * @owner: module reference 390 388 * @features: features supported by the implementation 391 389 */ 392 390 struct nft_set_type { 393 391 const struct nft_set_ops ops; 394 - struct list_head list; 395 - struct module *owner; 396 392 u32 features; 397 393 }; 398 394 #define to_set_type(o) container_of(o, struct nft_set_type, ops)

+6 -6

include/net/netfilter/nf_tables_core.h

··· 69 69 extern struct static_key_false nft_counters_enabled; 70 70 extern struct static_key_false nft_trace_enabled; 71 71 72 - extern struct nft_set_type nft_set_rhash_type; 73 - extern struct nft_set_type nft_set_hash_type; 74 - extern struct nft_set_type nft_set_hash_fast_type; 75 - extern struct nft_set_type nft_set_rbtree_type; 76 - extern struct nft_set_type nft_set_bitmap_type; 77 - extern struct nft_set_type nft_set_pipapo_type; 72 + extern const struct nft_set_type nft_set_rhash_type; 73 + extern const struct nft_set_type nft_set_hash_type; 74 + extern const struct nft_set_type nft_set_hash_fast_type; 75 + extern const struct nft_set_type nft_set_rbtree_type; 76 + extern const struct nft_set_type nft_set_bitmap_type; 77 + extern const struct nft_set_type nft_set_pipapo_type; 78 78 79 79 struct nft_expr; 80 80 struct nft_regs;

+2 -12

net/netfilter/nf_tables_api.c

··· 3344 3344 break; 3345 3345 } 3346 3346 3347 - if (!try_module_get(type->owner)) 3348 - continue; 3349 - if (bops != NULL) 3350 - module_put(to_set_type(bops)->owner); 3351 - 3352 3347 bops = ops; 3353 3348 best = est; 3354 3349 } ··· 4042 4047 size = ops->privsize(nla, &desc); 4043 4048 4044 4049 set = kvzalloc(sizeof(*set) + size + udlen, GFP_KERNEL); 4045 - if (!set) { 4046 - err = -ENOMEM; 4047 - goto err1; 4048 - } 4050 + if (!set) 4051 + return -ENOMEM; 4049 4052 4050 4053 name = nla_strdup(nla[NFTA_SET_NAME], GFP_KERNEL); 4051 4054 if (!name) { ··· 4102 4109 kfree(set->name); 4103 4110 err2: 4104 4111 kvfree(set); 4105 - err1: 4106 - module_put(to_set_type(ops)->owner); 4107 4112 return err; 4108 4113 } 4109 4114 ··· 4111 4120 return; 4112 4121 4113 4122 set->ops->destroy(set); 4114 - module_put(to_set_type(set->ops)->owner); 4115 4123 kfree(set->name); 4116 4124 kvfree(set); 4117 4125 }

+1 -2

net/netfilter/nft_set_bitmap.c

··· 293 293 return true; 294 294 } 295 295 296 - struct nft_set_type nft_set_bitmap_type __read_mostly = { 297 - .owner = THIS_MODULE, 296 + const struct nft_set_type nft_set_bitmap_type = { 298 297 .ops = { 299 298 .privsize = nft_bitmap_privsize, 300 299 .elemsize = offsetof(struct nft_bitmap_elem, ext),

+3 -6

net/netfilter/nft_set_hash.c

··· 662 662 return true; 663 663 } 664 664 665 - struct nft_set_type nft_set_rhash_type __read_mostly = { 666 - .owner = THIS_MODULE, 665 + const struct nft_set_type nft_set_rhash_type = { 667 666 .features = NFT_SET_MAP | NFT_SET_OBJECT | 668 667 NFT_SET_TIMEOUT | NFT_SET_EVAL, 669 668 .ops = { ··· 685 686 }, 686 687 }; 687 688 688 - struct nft_set_type nft_set_hash_type __read_mostly = { 689 - .owner = THIS_MODULE, 689 + const struct nft_set_type nft_set_hash_type = { 690 690 .features = NFT_SET_MAP | NFT_SET_OBJECT, 691 691 .ops = { 692 692 .privsize = nft_hash_privsize, ··· 704 706 }, 705 707 }; 706 708 707 - struct nft_set_type nft_set_hash_fast_type __read_mostly = { 708 - .owner = THIS_MODULE, 709 + const struct nft_set_type nft_set_hash_fast_type = { 709 710 .features = NFT_SET_MAP | NFT_SET_OBJECT, 710 711 .ops = { 711 712 .privsize = nft_hash_privsize,

+1 -2

net/netfilter/nft_set_pipapo.c

··· 2081 2081 priv->last_gc = jiffies; 2082 2082 } 2083 2083 2084 - struct nft_set_type nft_set_pipapo_type __read_mostly = { 2085 - .owner = THIS_MODULE, 2084 + const struct nft_set_type nft_set_pipapo_type = { 2086 2085 .features = NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_OBJECT | 2087 2086 NFT_SET_TIMEOUT, 2088 2087 .ops = {

+1 -2

net/netfilter/nft_set_rbtree.c

··· 481 481 return true; 482 482 } 483 483 484 - struct nft_set_type nft_set_rbtree_type __read_mostly = { 485 - .owner = THIS_MODULE, 484 + const struct nft_set_type nft_set_rbtree_type = { 486 485 .features = NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_OBJECT | NFT_SET_TIMEOUT, 487 486 .ops = { 488 487 .privsize = nft_rbtree_privsize,