Doesn't seem entirely consistent now either though. Two cases below.
/Jones
On Sun, Jun 28, 2020 at 5:27 AM Richard Guy Briggs <rgb(a)redhat.com> wrote:
Fixed an inconsistent use of GFP flags in nft_obj_notify() that used
GFP_KERNEL when a GFP flag was passed in to that function. Given this
allocated memory was then used in audit_log_nfcfg() it led to an audit
of all other GFP allocations in net/netfilter/nf_tables_api.c and a
modification of audit_log_nfcfg() to accept a GFP parameter.
Reported-by: Dan Carptenter <dan.carpenter(a)oracle.com>
Signed-off-by: Richard Guy Briggs <rgb(a)redhat.com>
---
Passes audit-testsuite.
include/linux/audit.h | 8 ++++----
kernel/auditsc.c | 4 ++--
net/bridge/netfilter/ebtables.c | 6 +++---
net/netfilter/nf_tables_api.c | 33 +++++++++++++++++++++------------
net/netfilter/x_tables.c | 5 +++--
5 files changed, 33 insertions(+), 23 deletions(-)
...
diff --git a/net/netfilter/nf_tables_api.c
b/net/netfilter/nf_tables_api.c
index 164700273947..f7ff91479647 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
...
@@ -6071,13 +6077,14 @@ static int nf_tables_getobj(struct net *net,
struct sock *nlsk,
reset = true;
if (reset) {
- char *buf = kasprintf(GFP_KERNEL, "%s:%llu;?:0",
+ char *buf = kasprintf(GFP_ATOMIC, "%s:%llu;?:0",
table->name, table->handle);
audit_log_nfcfg(buf,
family,
obj->handle,
- AUDIT_NFT_OP_OBJ_RESET);
+ AUDIT_NFT_OP_OBJ_RESET,
+ GFP_KERNEL);
kfree(buf);
}
Replaces one GFP_KERNEL (with GFP_ATOMIC) but also adds a new one in
the following statement.
Is that intentional?
@@ -6156,7 +6163,7 @@ void nft_obj_notify(struct net *net, const
struct nft_table *table,
{
struct sk_buff *skb;
int err;
- char *buf = kasprintf(GFP_KERNEL, "%s:%llu;?:0",
+ char *buf = kasprintf(gfp, "%s:%llu;?:0",
table->name, table->handle);
audit_log_nfcfg(buf,
@@ -6164,7 +6171,8 @@ void nft_obj_notify(struct net *net, const struct nft_table
*table,
obj->handle,
event == NFT_MSG_NEWOBJ ?
AUDIT_NFT_OP_OBJ_REGISTER :
- AUDIT_NFT_OP_OBJ_UNREGISTER);
+ AUDIT_NFT_OP_OBJ_UNREGISTER,
+ GFP_KERNEL);
kfree(buf);
if (!report &&
It would seem these two hunks form a similar discrepancy.
...
--
1.8.3.1