netfilter: nf_tables: make all set structs const
They do not need to be writeable anymore. v2: remove left-over __read_mostly annotation in set_pipapo.c (Stefano) Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
e32a4dc651
commit
24d19826fc
@ -385,14 +385,10 @@ struct nft_set_ops {
|
|||||||
* struct nft_set_type - nf_tables set type
|
* struct nft_set_type - nf_tables set type
|
||||||
*
|
*
|
||||||
* @ops: set ops for this type
|
* @ops: set ops for this type
|
||||||
* @list: used internally
|
|
||||||
* @owner: module reference
|
|
||||||
* @features: features supported by the implementation
|
* @features: features supported by the implementation
|
||||||
*/
|
*/
|
||||||
struct nft_set_type {
|
struct nft_set_type {
|
||||||
const struct nft_set_ops ops;
|
const struct nft_set_ops ops;
|
||||||
struct list_head list;
|
|
||||||
struct module *owner;
|
|
||||||
u32 features;
|
u32 features;
|
||||||
};
|
};
|
||||||
#define to_set_type(o) container_of(o, struct nft_set_type, ops)
|
#define to_set_type(o) container_of(o, struct nft_set_type, ops)
|
||||||
|
@ -69,12 +69,12 @@ extern const struct nft_expr_ops nft_payload_fast_ops;
|
|||||||
extern struct static_key_false nft_counters_enabled;
|
extern struct static_key_false nft_counters_enabled;
|
||||||
extern struct static_key_false nft_trace_enabled;
|
extern struct static_key_false nft_trace_enabled;
|
||||||
|
|
||||||
extern struct nft_set_type nft_set_rhash_type;
|
extern const struct nft_set_type nft_set_rhash_type;
|
||||||
extern struct nft_set_type nft_set_hash_type;
|
extern const struct nft_set_type nft_set_hash_type;
|
||||||
extern struct nft_set_type nft_set_hash_fast_type;
|
extern const struct nft_set_type nft_set_hash_fast_type;
|
||||||
extern struct nft_set_type nft_set_rbtree_type;
|
extern const struct nft_set_type nft_set_rbtree_type;
|
||||||
extern struct nft_set_type nft_set_bitmap_type;
|
extern const struct nft_set_type nft_set_bitmap_type;
|
||||||
extern struct nft_set_type nft_set_pipapo_type;
|
extern const struct nft_set_type nft_set_pipapo_type;
|
||||||
|
|
||||||
struct nft_expr;
|
struct nft_expr;
|
||||||
struct nft_regs;
|
struct nft_regs;
|
||||||
|
@ -3344,11 +3344,6 @@ nft_select_set_ops(const struct nft_ctx *ctx,
|
|||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!try_module_get(type->owner))
|
|
||||||
continue;
|
|
||||||
if (bops != NULL)
|
|
||||||
module_put(to_set_type(bops)->owner);
|
|
||||||
|
|
||||||
bops = ops;
|
bops = ops;
|
||||||
best = est;
|
best = est;
|
||||||
}
|
}
|
||||||
@ -4047,10 +4042,8 @@ static int nf_tables_newset(struct net *net, struct sock *nlsk,
|
|||||||
size = ops->privsize(nla, &desc);
|
size = ops->privsize(nla, &desc);
|
||||||
|
|
||||||
set = kvzalloc(sizeof(*set) + size + udlen, GFP_KERNEL);
|
set = kvzalloc(sizeof(*set) + size + udlen, GFP_KERNEL);
|
||||||
if (!set) {
|
if (!set)
|
||||||
err = -ENOMEM;
|
return -ENOMEM;
|
||||||
goto err1;
|
|
||||||
}
|
|
||||||
|
|
||||||
name = nla_strdup(nla[NFTA_SET_NAME], GFP_KERNEL);
|
name = nla_strdup(nla[NFTA_SET_NAME], GFP_KERNEL);
|
||||||
if (!name) {
|
if (!name) {
|
||||||
@ -4109,8 +4102,6 @@ err3:
|
|||||||
kfree(set->name);
|
kfree(set->name);
|
||||||
err2:
|
err2:
|
||||||
kvfree(set);
|
kvfree(set);
|
||||||
err1:
|
|
||||||
module_put(to_set_type(ops)->owner);
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -4120,7 +4111,6 @@ static void nft_set_destroy(struct nft_set *set)
|
|||||||
return;
|
return;
|
||||||
|
|
||||||
set->ops->destroy(set);
|
set->ops->destroy(set);
|
||||||
module_put(to_set_type(set->ops)->owner);
|
|
||||||
kfree(set->name);
|
kfree(set->name);
|
||||||
kvfree(set);
|
kvfree(set);
|
||||||
}
|
}
|
||||||
|
@ -293,8 +293,7 @@ static bool nft_bitmap_estimate(const struct nft_set_desc *desc, u32 features,
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct nft_set_type nft_set_bitmap_type __read_mostly = {
|
const struct nft_set_type nft_set_bitmap_type = {
|
||||||
.owner = THIS_MODULE,
|
|
||||||
.ops = {
|
.ops = {
|
||||||
.privsize = nft_bitmap_privsize,
|
.privsize = nft_bitmap_privsize,
|
||||||
.elemsize = offsetof(struct nft_bitmap_elem, ext),
|
.elemsize = offsetof(struct nft_bitmap_elem, ext),
|
||||||
|
@ -662,8 +662,7 @@ static bool nft_hash_fast_estimate(const struct nft_set_desc *desc, u32 features
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct nft_set_type nft_set_rhash_type __read_mostly = {
|
const struct nft_set_type nft_set_rhash_type = {
|
||||||
.owner = THIS_MODULE,
|
|
||||||
.features = NFT_SET_MAP | NFT_SET_OBJECT |
|
.features = NFT_SET_MAP | NFT_SET_OBJECT |
|
||||||
NFT_SET_TIMEOUT | NFT_SET_EVAL,
|
NFT_SET_TIMEOUT | NFT_SET_EVAL,
|
||||||
.ops = {
|
.ops = {
|
||||||
@ -686,8 +685,7 @@ struct nft_set_type nft_set_rhash_type __read_mostly = {
|
|||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
struct nft_set_type nft_set_hash_type __read_mostly = {
|
const struct nft_set_type nft_set_hash_type = {
|
||||||
.owner = THIS_MODULE,
|
|
||||||
.features = NFT_SET_MAP | NFT_SET_OBJECT,
|
.features = NFT_SET_MAP | NFT_SET_OBJECT,
|
||||||
.ops = {
|
.ops = {
|
||||||
.privsize = nft_hash_privsize,
|
.privsize = nft_hash_privsize,
|
||||||
@ -706,8 +704,7 @@ struct nft_set_type nft_set_hash_type __read_mostly = {
|
|||||||
},
|
},
|
||||||
};
|
};
|
||||||
|
|
||||||
struct nft_set_type nft_set_hash_fast_type __read_mostly = {
|
const struct nft_set_type nft_set_hash_fast_type = {
|
||||||
.owner = THIS_MODULE,
|
|
||||||
.features = NFT_SET_MAP | NFT_SET_OBJECT,
|
.features = NFT_SET_MAP | NFT_SET_OBJECT,
|
||||||
.ops = {
|
.ops = {
|
||||||
.privsize = nft_hash_privsize,
|
.privsize = nft_hash_privsize,
|
||||||
|
@ -2081,8 +2081,7 @@ static void nft_pipapo_gc_init(const struct nft_set *set)
|
|||||||
priv->last_gc = jiffies;
|
priv->last_gc = jiffies;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct nft_set_type nft_set_pipapo_type __read_mostly = {
|
const struct nft_set_type nft_set_pipapo_type = {
|
||||||
.owner = THIS_MODULE,
|
|
||||||
.features = NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_OBJECT |
|
.features = NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_OBJECT |
|
||||||
NFT_SET_TIMEOUT,
|
NFT_SET_TIMEOUT,
|
||||||
.ops = {
|
.ops = {
|
||||||
|
@ -481,8 +481,7 @@ static bool nft_rbtree_estimate(const struct nft_set_desc *desc, u32 features,
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct nft_set_type nft_set_rbtree_type __read_mostly = {
|
const struct nft_set_type nft_set_rbtree_type = {
|
||||||
.owner = THIS_MODULE,
|
|
||||||
.features = NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_OBJECT | NFT_SET_TIMEOUT,
|
.features = NFT_SET_INTERVAL | NFT_SET_MAP | NFT_SET_OBJECT | NFT_SET_TIMEOUT,
|
||||||
.ops = {
|
.ops = {
|
||||||
.privsize = nft_rbtree_privsize,
|
.privsize = nft_rbtree_privsize,
|
||||||
|
Loading…
Reference in New Issue
Block a user