Re: [bug report] audit: log nftables configuration change events
On 2020-06-26 13:22, Dan Carpenter wrote:
Hello Richard Guy Briggs,
The patch 8e6cf365e1d5: "audit: log nftables configuration change
events" from Jun 4, 2020, leads to the following static checker
warning:
net/netfilter/nf_tables_api.c:6160 nft_obj_notify()
warn: use 'gfp' here instead of GFP_XXX?
net/netfilter/nf_tables_api.c
6153 void nft_obj_notify(struct net *net, const struct nft_table *table,
6154 struct nft_object *obj, u32 portid, u32 seq, int event,
6155 int family, int report, gfp_t gfp)
^^^^^^^^^
6156 {
6157 struct sk_buff *skb;
6158 int err;
6159 char *buf = kasprintf(GFP_KERNEL, "%s:%llu;?:0",
^^^^^^^^^^
This should probably be "gfp".
Agreed, nice catch. Checking other similar uses from that patch
leads me to another bug and the need to extend audit_log_nfcfg() to
accept a GFP flag. Patch coming...
6160 table->name,
table->handle);
6161
6162 audit_log_nfcfg(buf,
6163 family,
6164 obj->handle,
6165 event == NFT_MSG_NEWOBJ ?
6166 AUDIT_NFT_OP_OBJ_REGISTER :
6167 AUDIT_NFT_OP_OBJ_UNREGISTER);
6168 kfree(buf);
6169
6170 if (!report &&
6171 !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
6172 return;
6173
6174 skb = nlmsg_new(NLMSG_GOODSIZE, gfp);
^^^
6175 if (skb == NULL)
6176 goto err;
6177
6178 err = nf_tables_fill_obj_info(skb, net, portid, seq, event, 0, family,
6179 table, obj, false);
6180 if (err < 0) {
6181 kfree_skb(skb);
6182 goto err;
6183 }
6184
6185 nfnetlink_send(skb, net, portid, NFNLGRP_NFTABLES, report, gfp);
6186 return;
6187 err:
6188 nfnetlink_set_err(net, portid, NFNLGRP_NFTABLES, -ENOBUFS);
6189 }
regards,
dan carpenter
- RGB
--
Richard Guy Briggs <rgb(a)redhat.com>
Sr. S/W Engineer, Kernel Security, Base Operating Systems
Remote, Ottawa, Red Hat Canada
IRC: rgb, SunRaycer
Voice: +1.647.777.2635, Internal: (81) 32635