netfilter: nf_tables: report use refcount overflow
Overflow use refcount checks are not complete. Add helper function to deal with object reference counter tracking. Report -EMFILE in case UINT_MAX is reached. nft_use_dec() splats in case that reference counter underflows, which should not ever happen. Add nft_use_inc_restore() and nft_use_dec_restore() which are used to restore reference counter from error and abort paths. Use u32 in nft_flowtable and nft_object since helper functions cannot work on bitfields. Remove the few early incomplete checks now that the helper functions are in place and used to check for refcount overflow. Fixes: 96518518 ("netfilter: add nftables") Signed-off-by:Pablo Neira Ayuso <pablo@netfilter.org>
Showing
- include/net/netfilter/nf_tables.h 27 additions, 4 deletionsinclude/net/netfilter/nf_tables.h
- net/netfilter/nf_tables_api.c 101 additions, 62 deletionsnet/netfilter/nf_tables_api.c
- net/netfilter/nft_flow_offload.c 4 additions, 2 deletionsnet/netfilter/nft_flow_offload.c
- net/netfilter/nft_immediate.c 4 additions, 4 deletionsnet/netfilter/nft_immediate.c
- net/netfilter/nft_objref.c 5 additions, 3 deletionsnet/netfilter/nft_objref.c
Loading
Please register or sign in to comment