netfilter: nft_ct: prepare for key-dependent error unwind (5c178d81) · Commits · 戴 / test

net/netfilter/nft_ct.c

+15 −14

Original line number	Original line	Diff line number	Diff line
	@@ -386,12 +386,24 @@ static int nft_ct_get_init(const struct nft_ctx *ctx,
	return 0;		return 0;
	}		}

			static void __nft_ct_set_destroy(const struct nft_ctx ctx, struct nft_ct priv)
			{
			switch (priv->key) {
			#ifdef CONFIG_NF_CONNTRACK_LABELS
			case NFT_CT_LABELS:
			nf_connlabels_put(ctx->net);
			break;
			#endif
			default:
			break;
			}
			}

	static int nft_ct_set_init(const struct nft_ctx *ctx,		static int nft_ct_set_init(const struct nft_ctx *ctx,
	const struct nft_expr *expr,		const struct nft_expr *expr,
	const struct nlattr * const tb[])		const struct nlattr * const tb[])
	{		{
	struct nft_ct *priv = nft_expr_priv(expr);		struct nft_ct *priv = nft_expr_priv(expr);
	bool label_got = false;
	unsigned int len;		unsigned int len;
	int err;		int err;

	@@ -412,7 +424,6 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
	err = nf_connlabels_get(ctx->net, (len * BITS_PER_BYTE) - 1);		err = nf_connlabels_get(ctx->net, (len * BITS_PER_BYTE) - 1);
	if (err)		if (err)
	return err;		return err;
	label_got = true;
	break;		break;
	#endif		#endif
	default:		default:
	@@ -431,8 +442,7 @@ static int nft_ct_set_init(const struct nft_ctx *ctx,
	return 0;		return 0;

	err1:		err1:
	if (label_got)		__nft_ct_set_destroy(ctx, priv);
	nf_connlabels_put(ctx->net);
	return err;		return err;
	}		}

	@@ -447,16 +457,7 @@ static void nft_ct_set_destroy(const struct nft_ctx *ctx,
	{		{
	struct nft_ct *priv = nft_expr_priv(expr);		struct nft_ct *priv = nft_expr_priv(expr);

	switch (priv->key) {		__nft_ct_set_destroy(ctx, priv);
	#ifdef CONFIG_NF_CONNTRACK_LABELS
	case NFT_CT_LABELS:
	nf_connlabels_put(ctx->net);
	break;
	#endif
	default:
	break;
	}

	nft_ct_netns_put(ctx->net, ctx->afi->family);		nft_ct_netns_put(ctx->net, ctx->afi->family);
	}		}

Admin message