Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp698629pxf; Wed, 31 Mar 2021 13:50:31 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzrnZ4rdxi1P2jM/En8xBUuTIWcyWu096/ErUAWgW19s6n/CvbIDje3J7BzFj4seDcgEY7F X-Received: by 2002:a17:906:14d0:: with SMTP id y16mr5741613ejc.242.1617223831652; Wed, 31 Mar 2021 13:50:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617223831; cv=none; d=google.com; s=arc-20160816; b=Bq6deWCOexJAsAhvY472mP6F/eaIcYiwKz1wrsqjYyYbYHflMP5f0FfXIPfe6MHQru sq7WidZHKgeQQv6H95q8laZp4THbMFqJ8+aHfktdh93zontqCUyKOl7w3MWy9YAMEsAj FNW1d/ZvWK1PvpkZjv2Yl6KJTF3sNqH1CLJ7si0JIks2vXJrV6loo8xlpJXuQr73Y10J ObS7Oxf618/i2wVLh+/LQiTGktnW7PjVHjOTPHCccgwA4Hy1X+hEob07d1R7ehryXgfs I5ijj4TQC8U7pGWectNtRJkkiPeKuwy6kxk1q3bQBEFoKEEWTb9iBH9F1GwMjnQxBpgQ t6zw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=bhUyQaZV773z9fLkjfHe0Qj88sPZ9tAbc9tH0oHmCmk=; b=gzxn2svESVNaaQZBeLRunq/QkhqWBE3r1BbpLxua3CzOc2US7ON+GiVd7X2LDYDtPH 574ttmvb2jtfEi2mdojs+yib3ereN2RRhalZN0iRTpu7fPBCwlyyBjMP/zAfb5njE/Af i1lpyK6Lbo0e11F6ZXlq7px61kcoY+Po45XLdUCczyZhyygzghWKazbLAwPeym+GjKAd 29PMcT4xwRPjM7wJbrK3Kbid2mnF7dhVwx1RdMjAdpsCNJgEDfJAk2L5VqxUztuE3Q3X 3kq5tA/qBi0RaHSmcU1sCX0tgCjud9w61ZfPIwUtRhk2hm93m7mpU6TUuXx8aczbcTjn ynHg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id hp13si2558342ejc.210.2021.03.31.13.50.01; Wed, 31 Mar 2021 13:50:31 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232817AbhCaUqp (ORCPT + 99 others); Wed, 31 Mar 2021 16:46:45 -0400 Received: from mail.netfilter.org ([217.70.188.207]:48974 "EHLO mail.netfilter.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232601AbhCaUqj (ORCPT ); Wed, 31 Mar 2021 16:46:39 -0400 Received: from us.es (unknown [90.77.255.23]) by mail.netfilter.org (Postfix) with ESMTPSA id 1421463E47; Wed, 31 Mar 2021 22:46:23 +0200 (CEST) Date: Wed, 31 Mar 2021 22:46:35 +0200 From: Pablo Neira Ayuso To: Richard Guy Briggs Cc: Linux-Audit Mailing List , LKML , netfilter-devel@vger.kernel.org, Paul Moore , Eric Paris , Steve Grubb , Florian Westphal , Phil Sutter , twoerner@redhat.com, tgraf@infradead.org, dan.carpenter@oracle.com, Jones Desougi Subject: Re: [PATCH v5] audit: log nftables configuration change events once per table Message-ID: <20210331204635.GA4634@salvia> References: <28de34275f58b45fd4626a92ccae96b6d2b4e287.1616702731.git.rgb@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <28de34275f58b45fd4626a92ccae96b6d2b4e287.1616702731.git.rgb@redhat.com> User-Agent: Mutt/1.10.1 (2018-07-13) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 26, 2021 at 01:38:59PM -0400, Richard Guy Briggs wrote: > @@ -8006,12 +7966,65 @@ static void nft_commit_notify(struct net *net, u32 portid) > WARN_ON_ONCE(!list_empty(&net->nft.notify_list)); > } > > +static int nf_tables_commit_audit_alloc(struct list_head *adl, > + struct nft_table *table) > +{ > + struct nft_audit_data *adp; > + > + list_for_each_entry(adp, adl, list) { > + if (adp->table == table) > + return 0; > + } > + adp = kzalloc(sizeof(*adp), GFP_KERNEL); > + if (!adp) > + return -ENOMEM; > + adp->table = table; > + INIT_LIST_HEAD(&adp->list); This INIT_LIST_HEAD is not required for an object that is going to be inserted into the 'adl' list. > + list_add(&adp->list, adl); If no objections, I'll amend this patch. I'll include the UAF fix and remove this unnecessary INIT_LIST_HEAD.