Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1945922AbbEVJFd (ORCPT ); Fri, 22 May 2015 05:05:33 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:35393 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755849AbbEVJAa (ORCPT ); Fri, 22 May 2015 05:00:30 -0400 From: Luis Henriques To: linux-kernel@vger.kernel.org, stable@vger.kernel.org, kernel-team@lists.ubuntu.com Cc: Pablo Neira Ayuso , Luis Henriques Subject: [PATCH 3.16.y-ckt 120/129] netfilter: nf_tables: fix error handling of rule replacement Date: Fri, 22 May 2015 09:58:25 +0100 Message-Id: <1432285114-9254-121-git-send-email-luis.henriques@canonical.com> X-Mailer: git-send-email 2.1.4 In-Reply-To: <1432285114-9254-1-git-send-email-luis.henriques@canonical.com> References: <1432285114-9254-1-git-send-email-luis.henriques@canonical.com> X-Extended-Stable: 3.16 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1525 Lines: 44 3.16.7-ckt12 -stable review patch. If anyone has any objections, please let me know. ------------------ From: Pablo Neira Ayuso commit 59900e0a019e7c2bdb7809a03ed5742d311b15b3 upstream. In general, if a transaction object is added to the list successfully, we can rely on the abort path to undo what we've done. This allows us to simplify the error handling of the rule replacement path in nf_tables_newrule(). This implicitly fixes an unnecessary removal of the old rule, which needs to be left in place if we fail to replace. Signed-off-by: Pablo Neira Ayuso Signed-off-by: Luis Henriques --- net/netfilter/nf_tables_api.c | 6 ------ 1 file changed, 6 deletions(-) diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index e1cf0f89748d..e8624c751ec6 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1857,12 +1857,6 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb, err3: list_del_rcu(&rule->list); - if (trans) { - list_del_rcu(&nft_trans_rule(trans)->list); - nft_rule_clear(net, nft_trans_rule(trans)); - nft_trans_destroy(trans); - chain->use++; - } err2: nf_tables_rule_destroy(&ctx, rule); err1: -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/