xref: /linux/net/netfilter/nf_tables_api.c (revision 10f79dbd7719d1da9f5884d13060322d8729f091) 
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * Copyright (c) 2007-2009 Patrick McHardy <kaber@trash.net>
4  *
5  * Development of this code funded by Astaro AG (http://www.astaro.com/)
6  */
7 
8 #include <linux/module.h>
9 #include <linux/init.h>
10 #include <linux/list.h>
11 #include <linux/skbuff.h>
12 #include <linux/netlink.h>
13 #include <linux/vmalloc.h>
14 #include <linux/rhashtable.h>
15 #include <linux/audit.h>
16 #include <linux/netfilter.h>
17 #include <linux/netfilter_ipv4.h>
18 #include <linux/netfilter/nfnetlink.h>
19 #include <linux/netfilter/nf_tables.h>
20 #include <net/netfilter/nf_flow_table.h>
21 #include <net/netfilter/nf_tables_core.h>
22 #include <net/netfilter/nf_tables.h>
23 #include <net/netfilter/nf_tables_offload.h>
24 #include <net/net_namespace.h>
25 #include <net/sock.h>
26 
27 #define NFT_MODULE_AUTOLOAD_LIMIT (MODULE_NAME_LEN - sizeof("nft-expr-255-"))
28 #define NFT_SET_MAX_ANONLEN 16
29 
30 /* limit compaction to avoid huge kmalloc/krealloc sizes. */
31 #define NFT_MAX_SET_NELEMS ((2048 - sizeof(struct nft_trans_elem)) / sizeof(struct nft_trans_one_elem))
32 
33 unsigned int nf_tables_net_id __read_mostly;
34 
35 static LIST_HEAD(nf_tables_expressions);
36 static LIST_HEAD(nf_tables_objects);
37 static LIST_HEAD(nf_tables_flowtables);
38 static LIST_HEAD(nf_tables_gc_list);
39 static DEFINE_SPINLOCK(nf_tables_destroy_list_lock);
40 static DEFINE_SPINLOCK(nf_tables_gc_list_lock);
41 
42 enum {
43 	NFT_VALIDATE_SKIP	= 0,
44 	NFT_VALIDATE_NEED,
45 	NFT_VALIDATE_DO,
46 };
47 
48 static struct rhltable nft_objname_ht;
49 
50 static u32 nft_chain_hash(const void *data, u32 len, u32 seed);
51 static u32 nft_chain_hash_obj(const void *data, u32 len, u32 seed);
52 static int nft_chain_hash_cmp(struct rhashtable_compare_arg *, const void *);
53 
54 static u32 nft_objname_hash(const void *data, u32 len, u32 seed);
55 static u32 nft_objname_hash_obj(const void *data, u32 len, u32 seed);
56 static int nft_objname_hash_cmp(struct rhashtable_compare_arg *, const void *);
57 
58 static const struct rhashtable_params nft_chain_ht_params = {
59 	.head_offset		= offsetof(struct nft_chain, rhlhead),
60 	.key_offset		= offsetof(struct nft_chain, name),
61 	.hashfn			= nft_chain_hash,
62 	.obj_hashfn		= nft_chain_hash_obj,
63 	.obj_cmpfn		= nft_chain_hash_cmp,
64 	.automatic_shrinking	= true,
65 };
66 
67 static const struct rhashtable_params nft_objname_ht_params = {
68 	.head_offset		= offsetof(struct nft_object, rhlhead),
69 	.key_offset		= offsetof(struct nft_object, key),
70 	.hashfn			= nft_objname_hash,
71 	.obj_hashfn		= nft_objname_hash_obj,
72 	.obj_cmpfn		= nft_objname_hash_cmp,
73 	.automatic_shrinking	= true,
74 };
75 
76 struct nft_audit_data {
77 	struct nft_table *table;
78 	int entries;
79 	int op;
80 	struct list_head list;
81 };
82 
83 static const u8 nft2audit_op[NFT_MSG_MAX] = { // enum nf_tables_msg_types
84 	[NFT_MSG_NEWTABLE]	= AUDIT_NFT_OP_TABLE_REGISTER,
85 	[NFT_MSG_GETTABLE]	= AUDIT_NFT_OP_INVALID,
86 	[NFT_MSG_DELTABLE]	= AUDIT_NFT_OP_TABLE_UNREGISTER,
87 	[NFT_MSG_NEWCHAIN]	= AUDIT_NFT_OP_CHAIN_REGISTER,
88 	[NFT_MSG_GETCHAIN]	= AUDIT_NFT_OP_INVALID,
89 	[NFT_MSG_DELCHAIN]	= AUDIT_NFT_OP_CHAIN_UNREGISTER,
90 	[NFT_MSG_NEWRULE]	= AUDIT_NFT_OP_RULE_REGISTER,
91 	[NFT_MSG_GETRULE]	= AUDIT_NFT_OP_INVALID,
92 	[NFT_MSG_DELRULE]	= AUDIT_NFT_OP_RULE_UNREGISTER,
93 	[NFT_MSG_NEWSET]	= AUDIT_NFT_OP_SET_REGISTER,
94 	[NFT_MSG_GETSET]	= AUDIT_NFT_OP_INVALID,
95 	[NFT_MSG_DELSET]	= AUDIT_NFT_OP_SET_UNREGISTER,
96 	[NFT_MSG_NEWSETELEM]	= AUDIT_NFT_OP_SETELEM_REGISTER,
97 	[NFT_MSG_GETSETELEM]	= AUDIT_NFT_OP_INVALID,
98 	[NFT_MSG_DELSETELEM]	= AUDIT_NFT_OP_SETELEM_UNREGISTER,
99 	[NFT_MSG_NEWGEN]	= AUDIT_NFT_OP_GEN_REGISTER,
100 	[NFT_MSG_GETGEN]	= AUDIT_NFT_OP_INVALID,
101 	[NFT_MSG_TRACE]		= AUDIT_NFT_OP_INVALID,
102 	[NFT_MSG_NEWOBJ]	= AUDIT_NFT_OP_OBJ_REGISTER,
103 	[NFT_MSG_GETOBJ]	= AUDIT_NFT_OP_INVALID,
104 	[NFT_MSG_DELOBJ]	= AUDIT_NFT_OP_OBJ_UNREGISTER,
105 	[NFT_MSG_GETOBJ_RESET]	= AUDIT_NFT_OP_OBJ_RESET,
106 	[NFT_MSG_NEWFLOWTABLE]	= AUDIT_NFT_OP_FLOWTABLE_REGISTER,
107 	[NFT_MSG_GETFLOWTABLE]	= AUDIT_NFT_OP_INVALID,
108 	[NFT_MSG_DELFLOWTABLE]	= AUDIT_NFT_OP_FLOWTABLE_UNREGISTER,
109 	[NFT_MSG_GETSETELEM_RESET] = AUDIT_NFT_OP_SETELEM_RESET,
110 };
111 
112 static void nft_validate_state_update(struct nft_table *table, u8 new_validate_state)
113 {
114 	switch (table->validate_state) {
115 	case NFT_VALIDATE_SKIP:
116 		WARN_ON_ONCE(new_validate_state == NFT_VALIDATE_DO);
117 		break;
118 	case NFT_VALIDATE_NEED:
119 		break;
120 	case NFT_VALIDATE_DO:
121 		if (new_validate_state == NFT_VALIDATE_NEED)
122 			return;
123 	}
124 
125 	table->validate_state = new_validate_state;
126 }
127 
128 static bool nft_chain_vstate_valid(const struct nft_ctx *ctx,
129 				   const struct nft_chain *chain)
130 {
131 	const struct nft_base_chain *base_chain;
132 	enum nft_chain_types type;
133 	u8 hooknum;
134 
135 	if (WARN_ON_ONCE(!nft_is_base_chain(ctx->chain)))
136 		return false;
137 
138 	base_chain = nft_base_chain(ctx->chain);
139 	hooknum = base_chain->ops.hooknum;
140 	type = base_chain->type->type;
141 
142 	/* chain is already validated for this call depth */
143 	if (chain->vstate.depth >= ctx->level &&
144 	    chain->vstate.hook_mask[type] & BIT(hooknum))
145 		return true;
146 
147 	return false;
148 }
149 
150 static void nf_tables_trans_destroy_work(struct work_struct *w);
151 
152 static void nft_trans_gc_work(struct work_struct *work);
153 static DECLARE_WORK(trans_gc_work, nft_trans_gc_work);
154 
155 static void nft_ctx_init(struct nft_ctx *ctx,
156 			 struct net *net,
157 			 const struct sk_buff *skb,
158 			 const struct nlmsghdr *nlh,
159 			 u8 family,
160 			 struct nft_table *table,
161 			 struct nft_chain *chain,
162 			 const struct nlattr * const *nla)
163 {
164 	ctx->net	= net;
165 	ctx->family	= family;
166 	ctx->level	= 0;
167 	ctx->table	= table;
168 	ctx->chain	= chain;
169 	ctx->nla   	= nla;
170 	ctx->portid	= NETLINK_CB(skb).portid;
171 	ctx->report	= nlmsg_report(nlh);
172 	ctx->flags	= nlh->nlmsg_flags;
173 	ctx->seq	= nlh->nlmsg_seq;
174 
175 	bitmap_zero(ctx->reg_inited, NFT_REG32_NUM);
176 }
177 
178 static struct nft_trans *nft_trans_alloc(const struct nft_ctx *ctx,
179 					 int msg_type, u32 size)
180 {
181 	struct nft_trans *trans;
182 
183 	trans = kzalloc(size, GFP_KERNEL);
184 	if (trans == NULL)
185 		return NULL;
186 
187 	INIT_LIST_HEAD(&trans->list);
188 	trans->msg_type = msg_type;
189 
190 	trans->net = ctx->net;
191 	trans->table = ctx->table;
192 	trans->seq = ctx->seq;
193 	trans->flags = ctx->flags;
194 	trans->report = ctx->report;
195 
196 	return trans;
197 }
198 
199 static struct nft_trans_binding *nft_trans_get_binding(struct nft_trans *trans)
200 {
201 	switch (trans->msg_type) {
202 	case NFT_MSG_NEWCHAIN:
203 	case NFT_MSG_NEWSET:
204 		return container_of(trans, struct nft_trans_binding, nft_trans);
205 	}
206 
207 	return NULL;
208 }
209 
210 static void nft_trans_list_del(struct nft_trans *trans)
211 {
212 	struct nft_trans_binding *trans_binding;
213 
214 	list_del(&trans->list);
215 
216 	trans_binding = nft_trans_get_binding(trans);
217 	if (trans_binding)
218 		list_del(&trans_binding->binding_list);
219 }
220 
221 static void nft_trans_destroy(struct nft_trans *trans)
222 {
223 	nft_trans_list_del(trans);
224 	kfree(trans);
225 }
226 
227 static void __nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set,
228 				 bool bind)
229 {
230 	struct nftables_pernet *nft_net;
231 	struct net *net = ctx->net;
232 	struct nft_trans *trans;
233 
234 	if (!nft_set_is_anonymous(set))
235 		return;
236 
237 	nft_net = nft_pernet(net);
238 	list_for_each_entry_reverse(trans, &nft_net->commit_list, list) {
239 		switch (trans->msg_type) {
240 		case NFT_MSG_NEWSET:
241 			if (nft_trans_set(trans) == set)
242 				nft_trans_set_bound(trans) = bind;
243 			break;
244 		case NFT_MSG_NEWSETELEM:
245 			if (nft_trans_elem_set(trans) == set)
246 				nft_trans_elem_set_bound(trans) = bind;
247 			break;
248 		}
249 	}
250 }
251 
252 static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set)
253 {
254 	return __nft_set_trans_bind(ctx, set, true);
255 }
256 
257 static void nft_set_trans_unbind(const struct nft_ctx *ctx, struct nft_set *set)
258 {
259 	return __nft_set_trans_bind(ctx, set, false);
260 }
261 
262 static void __nft_chain_trans_bind(const struct nft_ctx *ctx,
263 				   struct nft_chain *chain, bool bind)
264 {
265 	struct nftables_pernet *nft_net;
266 	struct net *net = ctx->net;
267 	struct nft_trans *trans;
268 
269 	if (!nft_chain_binding(chain))
270 		return;
271 
272 	nft_net = nft_pernet(net);
273 	list_for_each_entry_reverse(trans, &nft_net->commit_list, list) {
274 		switch (trans->msg_type) {
275 		case NFT_MSG_NEWCHAIN:
276 			if (nft_trans_chain(trans) == chain)
277 				nft_trans_chain_bound(trans) = bind;
278 			break;
279 		case NFT_MSG_NEWRULE:
280 			if (nft_trans_rule_chain(trans) == chain)
281 				nft_trans_rule_bound(trans) = bind;
282 			break;
283 		}
284 	}
285 }
286 
287 static void nft_chain_trans_bind(const struct nft_ctx *ctx,
288 				 struct nft_chain *chain)
289 {
290 	__nft_chain_trans_bind(ctx, chain, true);
291 }
292 
293 int nf_tables_bind_chain(const struct nft_ctx *ctx, struct nft_chain *chain)
294 {
295 	if (!nft_chain_binding(chain))
296 		return 0;
297 
298 	if (nft_chain_binding(ctx->chain))
299 		return -EOPNOTSUPP;
300 
301 	if (chain->bound)
302 		return -EBUSY;
303 
304 	if (!nft_use_inc(&chain->use))
305 		return -EMFILE;
306 
307 	chain->bound = true;
308 	nft_chain_trans_bind(ctx, chain);
309 
310 	return 0;
311 }
312 
313 void nf_tables_unbind_chain(const struct nft_ctx *ctx, struct nft_chain *chain)
314 {
315 	__nft_chain_trans_bind(ctx, chain, false);
316 }
317 
318 static int nft_netdev_register_hooks(struct net *net,
319 				     struct list_head *hook_list)
320 {
321 	struct nf_hook_ops *ops;
322 	struct nft_hook *hook;
323 	int err, j;
324 
325 	j = 0;
326 	list_for_each_entry(hook, hook_list, list) {
327 		list_for_each_entry(ops, &hook->ops_list, list) {
328 			err = nf_register_net_hook(net, ops);
329 			if (err < 0)
330 				goto err_register;
331 
332 			j++;
333 		}
334 	}
335 	return 0;
336 
337 err_register:
338 	list_for_each_entry(hook, hook_list, list) {
339 		list_for_each_entry(ops, &hook->ops_list, list) {
340 			if (j-- <= 0)
341 				break;
342 
343 			nf_unregister_net_hook(net, ops);
344 		}
345 	}
346 	return err;
347 }
348 
349 static void nft_netdev_hook_free_ops(struct nft_hook *hook)
350 {
351 	struct nf_hook_ops *ops, *next;
352 
353 	list_for_each_entry_safe(ops, next, &hook->ops_list, list) {
354 		list_del(&ops->list);
355 		kfree(ops);
356 	}
357 }
358 
359 static void nft_netdev_hook_free(struct nft_hook *hook)
360 {
361 	nft_netdev_hook_free_ops(hook);
362 	kfree(hook);
363 }
364 
365 static void __nft_netdev_hook_free_rcu(struct rcu_head *rcu)
366 {
367 	struct nft_hook *hook = container_of(rcu, struct nft_hook, rcu);
368 
369 	nft_netdev_hook_free(hook);
370 }
371 
372 static void nft_netdev_hook_free_rcu(struct nft_hook *hook)
373 {
374 	call_rcu(&hook->rcu, __nft_netdev_hook_free_rcu);
375 }
376 
377 static void nft_netdev_hook_unlink_free_rcu(struct nft_hook *hook)
378 {
379 	list_del_rcu(&hook->list);
380 	nft_netdev_hook_free_rcu(hook);
381 }
382 
383 static void nft_trans_hook_destroy(struct nft_trans_hook *trans_hook)
384 {
385 	list_del(&trans_hook->list);
386 	kfree(trans_hook);
387 }
388 
389 static void nft_netdev_unregister_trans_hook(struct net *net,
390 					     const struct nft_table *table,
391 					     struct list_head *hook_list)
392 {
393 	struct nft_trans_hook *trans_hook, *next;
394 	struct nf_hook_ops *ops;
395 	struct nft_hook *hook;
396 
397 	list_for_each_entry_safe(trans_hook, next, hook_list, list) {
398 		hook = trans_hook->hook;
399 
400 		if (!(table->flags & NFT_TABLE_F_DORMANT)) {
401 			list_for_each_entry(ops, &hook->ops_list, list)
402 				nf_unregister_net_hook(net, ops);
403 		}
404 		nft_netdev_hook_unlink_free_rcu(hook);
405 		nft_trans_hook_destroy(trans_hook);
406 	}
407 }
408 
409 static void nft_netdev_unregister_hooks(struct net *net,
410 					struct list_head *hook_list,
411 					bool release_netdev)
412 {
413 	struct nft_hook *hook, *next;
414 	struct nf_hook_ops *ops;
415 
416 	list_for_each_entry_safe(hook, next, hook_list, list) {
417 		list_for_each_entry(ops, &hook->ops_list, list)
418 			nf_unregister_net_hook(net, ops);
419 		if (release_netdev)
420 			nft_netdev_hook_unlink_free_rcu(hook);
421 	}
422 }
423 
424 static int nf_tables_register_hook(struct net *net,
425 				   const struct nft_table *table,
426 				   struct nft_chain *chain)
427 {
428 	struct nft_base_chain *basechain;
429 	const struct nf_hook_ops *ops;
430 
431 	if (table->flags & NFT_TABLE_F_DORMANT ||
432 	    !nft_is_base_chain(chain))
433 		return 0;
434 
435 	basechain = nft_base_chain(chain);
436 	ops = &basechain->ops;
437 
438 	if (basechain->type->ops_register)
439 		return basechain->type->ops_register(net, ops);
440 
441 	if (nft_base_chain_netdev(table->family, basechain->ops.hooknum))
442 		return nft_netdev_register_hooks(net, &basechain->hook_list);
443 
444 	return nf_register_net_hook(net, &basechain->ops);
445 }
446 
447 static void __nf_tables_unregister_hook(struct net *net,
448 					const struct nft_table *table,
449 					struct nft_chain *chain,
450 					bool release_netdev)
451 {
452 	struct nft_base_chain *basechain;
453 	const struct nf_hook_ops *ops;
454 
455 	if (table->flags & NFT_TABLE_F_DORMANT ||
456 	    !nft_is_base_chain(chain))
457 		return;
458 	basechain = nft_base_chain(chain);
459 	ops = &basechain->ops;
460 
461 	if (basechain->type->ops_unregister)
462 		return basechain->type->ops_unregister(net, ops);
463 
464 	if (nft_base_chain_netdev(table->family, basechain->ops.hooknum))
465 		nft_netdev_unregister_hooks(net, &basechain->hook_list,
466 					    release_netdev);
467 	else
468 		nf_unregister_net_hook(net, &basechain->ops);
469 }
470 
471 static void nf_tables_unregister_hook(struct net *net,
472 				      const struct nft_table *table,
473 				      struct nft_chain *chain)
474 {
475 	return __nf_tables_unregister_hook(net, table, chain, false);
476 }
477 
478 static bool nft_trans_collapse_set_elem_allowed(const struct nft_trans_elem *a, const struct nft_trans_elem *b)
479 {
480 	/* NB: the ->bound equality check is defensive, at this time we only merge
481 	 * a new nft_trans_elem transaction request with the transaction tail
482 	 * element, but a->bound != b->bound would imply a NEWRULE transaction
483 	 * is queued in-between.
484 	 *
485 	 * The set check is mandatory, the NFT_MAX_SET_NELEMS check prevents
486 	 * huge krealloc() requests.
487 	 */
488 	return a->set == b->set && a->bound == b->bound && a->nelems < NFT_MAX_SET_NELEMS;
489 }
490 
491 static bool nft_trans_collapse_set_elem(struct nftables_pernet *nft_net,
492 					struct nft_trans_elem *tail,
493 					struct nft_trans_elem *trans)
494 {
495 	unsigned int nelems, old_nelems = tail->nelems;
496 	struct nft_trans_elem *new_trans;
497 
498 	if (!nft_trans_collapse_set_elem_allowed(tail, trans))
499 		return false;
500 
501 	/* "cannot happen", at this time userspace element add
502 	 * requests always allocate a new transaction element.
503 	 *
504 	 * This serves as a reminder to adjust the list_add_tail
505 	 * logic below in case this ever changes.
506 	 */
507 	if (WARN_ON_ONCE(trans->nelems != 1))
508 		return false;
509 
510 	if (check_add_overflow(old_nelems, trans->nelems, &nelems))
511 		return false;
512 
513 	/* krealloc might free tail which invalidates list pointers */
514 	list_del_init(&tail->nft_trans.list);
515 
516 	new_trans = krealloc(tail, struct_size(tail, elems, nelems),
517 			     GFP_KERNEL);
518 	if (!new_trans) {
519 		list_add_tail(&tail->nft_trans.list,
520 			      &nft_net->commit_list);
521 		return false;
522 	}
523 
524 	/*
525 	 * new_trans->nft_trans.list contains garbage, but
526 	 * list_add_tail() doesn't care.
527 	 */
528 	new_trans->nelems = nelems;
529 	new_trans->elems[old_nelems] = trans->elems[0];
530 	list_add_tail(&new_trans->nft_trans.list, &nft_net->commit_list);
531 
532 	return true;
533 }
534 
535 static bool nft_trans_try_collapse(struct nftables_pernet *nft_net,
536 				   struct nft_trans *trans)
537 {
538 	struct nft_trans *tail;
539 
540 	if (list_empty(&nft_net->commit_list))
541 		return false;
542 
543 	tail = list_last_entry(&nft_net->commit_list, struct nft_trans, list);
544 
545 	if (tail->msg_type != trans->msg_type)
546 		return false;
547 
548 	switch (trans->msg_type) {
549 	case NFT_MSG_NEWSETELEM:
550 	case NFT_MSG_DELSETELEM:
551 		return nft_trans_collapse_set_elem(nft_net,
552 						   nft_trans_container_elem(tail),
553 						   nft_trans_container_elem(trans));
554 	}
555 
556 	return false;
557 }
558 
559 static void nft_trans_commit_list_add_tail(struct net *net, struct nft_trans *trans)
560 {
561 	struct nftables_pernet *nft_net = nft_pernet(net);
562 	struct nft_trans_binding *binding;
563 	struct nft_trans_set *trans_set;
564 
565 	list_add_tail(&trans->list, &nft_net->commit_list);
566 
567 	binding = nft_trans_get_binding(trans);
568 	if (!binding)
569 		return;
570 
571 	switch (trans->msg_type) {
572 	case NFT_MSG_NEWSET:
573 		trans_set = nft_trans_container_set(trans);
574 
575 		if (!nft_trans_set_update(trans) &&
576 		    nft_set_is_anonymous(nft_trans_set(trans)))
577 			list_add_tail(&binding->binding_list, &nft_net->binding_list);
578 
579 		list_add_tail(&trans_set->list_trans_newset, &nft_net->commit_set_list);
580 		break;
581 	case NFT_MSG_NEWCHAIN:
582 		if (!nft_trans_chain_update(trans) &&
583 		    nft_chain_binding(nft_trans_chain(trans)))
584 			list_add_tail(&binding->binding_list, &nft_net->binding_list);
585 		break;
586 	}
587 }
588 
589 static void nft_trans_commit_list_add_elem(struct net *net, struct nft_trans *trans)
590 {
591 	struct nftables_pernet *nft_net = nft_pernet(net);
592 
593 	WARN_ON_ONCE(trans->msg_type != NFT_MSG_NEWSETELEM &&
594 		     trans->msg_type != NFT_MSG_DELSETELEM);
595 
596 	if (nft_trans_try_collapse(nft_net, trans)) {
597 		kfree(trans);
598 		return;
599 	}
600 
601 	nft_trans_commit_list_add_tail(net, trans);
602 }
603 
604 static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type)
605 {
606 	struct nft_trans *trans;
607 
608 	trans = nft_trans_alloc(ctx, msg_type, sizeof(struct nft_trans_table));
609 	if (trans == NULL)
610 		return -ENOMEM;
611 
612 	if (msg_type == NFT_MSG_NEWTABLE)
613 		nft_activate_next(ctx->net, ctx->table);
614 
615 	nft_trans_commit_list_add_tail(ctx->net, trans);
616 	return 0;
617 }
618 
619 static int nft_deltable(struct nft_ctx *ctx)
620 {
621 	int err;
622 
623 	err = nft_trans_table_add(ctx, NFT_MSG_DELTABLE);
624 	if (err < 0)
625 		return err;
626 
627 	nft_deactivate_next(ctx->net, ctx->table);
628 	return err;
629 }
630 
631 static struct nft_trans *
632 nft_trans_alloc_chain(const struct nft_ctx *ctx, int msg_type)
633 {
634 	struct nft_trans_chain *trans_chain;
635 	struct nft_trans *trans;
636 
637 	trans = nft_trans_alloc(ctx, msg_type, sizeof(struct nft_trans_chain));
638 	if (!trans)
639 		return NULL;
640 
641 	trans_chain = nft_trans_container_chain(trans);
642 	INIT_LIST_HEAD(&trans_chain->nft_trans_binding.binding_list);
643 	trans_chain->chain = ctx->chain;
644 
645 	return trans;
646 }
647 
648 static struct nft_trans *nft_trans_chain_add(struct nft_ctx *ctx, int msg_type)
649 {
650 	struct nft_trans *trans;
651 
652 	trans = nft_trans_alloc_chain(ctx, msg_type);
653 	if (trans == NULL)
654 		return ERR_PTR(-ENOMEM);
655 
656 	if (msg_type == NFT_MSG_NEWCHAIN) {
657 		nft_activate_next(ctx->net, ctx->chain);
658 
659 		if (ctx->nla[NFTA_CHAIN_ID]) {
660 			nft_trans_chain_id(trans) =
661 				ntohl(nla_get_be32(ctx->nla[NFTA_CHAIN_ID]));
662 		}
663 	}
664 	nft_trans_commit_list_add_tail(ctx->net, trans);
665 
666 	return trans;
667 }
668 
669 static int nft_delchain(struct nft_ctx *ctx)
670 {
671 	struct nft_trans *trans;
672 
673 	trans = nft_trans_chain_add(ctx, NFT_MSG_DELCHAIN);
674 	if (IS_ERR(trans))
675 		return PTR_ERR(trans);
676 
677 	nft_use_dec(&ctx->table->use);
678 	nft_deactivate_next(ctx->net, ctx->chain);
679 
680 	return 0;
681 }
682 
683 void nft_rule_expr_activate(const struct nft_ctx *ctx, struct nft_rule *rule)
684 {
685 	struct nft_expr *expr;
686 
687 	expr = nft_expr_first(rule);
688 	while (nft_expr_more(rule, expr)) {
689 		if (expr->ops->activate)
690 			expr->ops->activate(ctx, expr);
691 
692 		expr = nft_expr_next(expr);
693 	}
694 }
695 
696 void nft_rule_expr_deactivate(const struct nft_ctx *ctx, struct nft_rule *rule,
697 			      enum nft_trans_phase phase)
698 {
699 	struct nft_expr *expr;
700 
701 	expr = nft_expr_first(rule);
702 	while (nft_expr_more(rule, expr)) {
703 		if (expr->ops->deactivate)
704 			expr->ops->deactivate(ctx, expr, phase);
705 
706 		expr = nft_expr_next(expr);
707 	}
708 }
709 
710 static int
711 nf_tables_delrule_deactivate(struct nft_ctx *ctx, struct nft_rule *rule)
712 {
713 	/* You cannot delete the same rule twice */
714 	if (nft_is_active_next(ctx->net, rule)) {
715 		nft_deactivate_next(ctx->net, rule);
716 		nft_use_dec(&ctx->chain->use);
717 		return 0;
718 	}
719 	return -ENOENT;
720 }
721 
722 static struct nft_trans *nft_trans_rule_add(struct nft_ctx *ctx, int msg_type,
723 					    struct nft_rule *rule)
724 {
725 	struct nft_trans *trans;
726 
727 	trans = nft_trans_alloc(ctx, msg_type, sizeof(struct nft_trans_rule));
728 	if (trans == NULL)
729 		return NULL;
730 
731 	if (msg_type == NFT_MSG_NEWRULE && ctx->nla[NFTA_RULE_ID] != NULL) {
732 		nft_trans_rule_id(trans) =
733 			ntohl(nla_get_be32(ctx->nla[NFTA_RULE_ID]));
734 	}
735 	nft_trans_rule(trans) = rule;
736 	nft_trans_rule_chain(trans) = ctx->chain;
737 	nft_trans_commit_list_add_tail(ctx->net, trans);
738 
739 	return trans;
740 }
741 
742 static int nft_delrule(struct nft_ctx *ctx, struct nft_rule *rule)
743 {
744 	struct nft_flow_rule *flow;
745 	struct nft_trans *trans;
746 	int err;
747 
748 	trans = nft_trans_rule_add(ctx, NFT_MSG_DELRULE, rule);
749 	if (trans == NULL)
750 		return -ENOMEM;
751 
752 	if (ctx->chain->flags & NFT_CHAIN_HW_OFFLOAD) {
753 		flow = nft_flow_rule_create(ctx->net, rule);
754 		if (IS_ERR(flow)) {
755 			nft_trans_destroy(trans);
756 			return PTR_ERR(flow);
757 		}
758 
759 		nft_trans_flow_rule(trans) = flow;
760 	}
761 
762 	err = nf_tables_delrule_deactivate(ctx, rule);
763 	if (err < 0) {
764 		nft_trans_destroy(trans);
765 		return err;
766 	}
767 	nft_rule_expr_deactivate(ctx, rule, NFT_TRANS_PREPARE);
768 
769 	return 0;
770 }
771 
772 static int nft_delrule_by_chain(struct nft_ctx *ctx)
773 {
774 	struct nft_rule *rule;
775 	int err;
776 
777 	list_for_each_entry(rule, &ctx->chain->rules, list) {
778 		if (!nft_is_active_next(ctx->net, rule))
779 			continue;
780 
781 		err = nft_delrule(ctx, rule);
782 		if (err < 0)
783 			return err;
784 	}
785 	return 0;
786 }
787 
788 static int __nft_trans_set_add(const struct nft_ctx *ctx, int msg_type,
789 			       struct nft_set *set,
790 			       const struct nft_set_desc *desc)
791 {
792 	struct nft_trans_set *trans_set;
793 	struct nft_trans *trans;
794 
795 	trans = nft_trans_alloc(ctx, msg_type, sizeof(struct nft_trans_set));
796 	if (trans == NULL)
797 		return -ENOMEM;
798 
799 	trans_set = nft_trans_container_set(trans);
800 	INIT_LIST_HEAD(&trans_set->nft_trans_binding.binding_list);
801 	INIT_LIST_HEAD(&trans_set->list_trans_newset);
802 
803 	if (msg_type == NFT_MSG_NEWSET && ctx->nla[NFTA_SET_ID] && !desc) {
804 		nft_trans_set_id(trans) =
805 			ntohl(nla_get_be32(ctx->nla[NFTA_SET_ID]));
806 		nft_activate_next(ctx->net, set);
807 	}
808 	nft_trans_set(trans) = set;
809 	if (desc) {
810 		nft_trans_set_update(trans) = true;
811 		nft_trans_set_gc_int(trans) = desc->gc_int;
812 		nft_trans_set_timeout(trans) = desc->timeout;
813 		nft_trans_set_size(trans) = desc->size;
814 	}
815 	nft_trans_commit_list_add_tail(ctx->net, trans);
816 
817 	return 0;
818 }
819 
820 static int nft_trans_set_add(const struct nft_ctx *ctx, int msg_type,
821 			     struct nft_set *set)
822 {
823 	return __nft_trans_set_add(ctx, msg_type, set, NULL);
824 }
825 
826 static int nft_mapelem_deactivate(const struct nft_ctx *ctx,
827 				  struct nft_set *set,
828 				  const struct nft_set_iter *iter,
829 				  struct nft_elem_priv *elem_priv)
830 {
831 	struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
832 
833 	if (!nft_set_elem_active(ext, iter->genmask))
834 		return 0;
835 
836 	nft_set_elem_change_active(ctx->net, set, ext);
837 	nft_setelem_data_deactivate(ctx->net, set, elem_priv);
838 
839 	return 0;
840 }
841 
842 struct nft_set_elem_catchall {
843 	struct list_head	list;
844 	struct rcu_head		rcu;
845 	struct nft_elem_priv	*elem;
846 };
847 
848 static void nft_map_catchall_deactivate(const struct nft_ctx *ctx,
849 					struct nft_set *set)
850 {
851 	u8 genmask = nft_genmask_next(ctx->net);
852 	struct nft_set_elem_catchall *catchall;
853 	struct nft_set_ext *ext;
854 
855 	list_for_each_entry(catchall, &set->catchall_list, list) {
856 		ext = nft_set_elem_ext(set, catchall->elem);
857 		if (!nft_set_elem_active(ext, genmask))
858 			continue;
859 
860 		nft_set_elem_change_active(ctx->net, set, ext);
861 		nft_setelem_data_deactivate(ctx->net, set, catchall->elem);
862 	}
863 }
864 
865 /* Use NFT_ITER_UPDATE iterator even if this may be called from the preparation
866  * phase, the set clone might already exist from a previous command, or it might
867  * be a set that is going away and does not require a clone. The netns and
868  * netlink release paths also need to work on the live set.
869  */
870 static void nft_map_deactivate(const struct nft_ctx *ctx, struct nft_set *set)
871 {
872 	struct nft_set_iter iter = {
873 		.genmask	= nft_genmask_next(ctx->net),
874 		.type		= NFT_ITER_UPDATE,
875 		.fn		= nft_mapelem_deactivate,
876 	};
877 
878 	set->ops->walk(ctx, set, &iter);
879 	WARN_ON_ONCE(iter.err);
880 
881 	nft_map_catchall_deactivate(ctx, set);
882 }
883 
884 static int nft_delset(const struct nft_ctx *ctx, struct nft_set *set)
885 {
886 	int err;
887 
888 	err = nft_trans_set_add(ctx, NFT_MSG_DELSET, set);
889 	if (err < 0)
890 		return err;
891 
892 	if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT))
893 		nft_map_deactivate(ctx, set);
894 
895 	nft_deactivate_next(ctx->net, set);
896 	nft_use_dec(&ctx->table->use);
897 
898 	return err;
899 }
900 
901 static int nft_trans_obj_add(struct nft_ctx *ctx, int msg_type,
902 			     struct nft_object *obj)
903 {
904 	struct nft_trans *trans;
905 
906 	trans = nft_trans_alloc(ctx, msg_type, sizeof(struct nft_trans_obj));
907 	if (trans == NULL)
908 		return -ENOMEM;
909 
910 	if (msg_type == NFT_MSG_NEWOBJ)
911 		nft_activate_next(ctx->net, obj);
912 
913 	nft_trans_obj(trans) = obj;
914 	nft_trans_commit_list_add_tail(ctx->net, trans);
915 
916 	return 0;
917 }
918 
919 static int nft_delobj(struct nft_ctx *ctx, struct nft_object *obj)
920 {
921 	int err;
922 
923 	err = nft_trans_obj_add(ctx, NFT_MSG_DELOBJ, obj);
924 	if (err < 0)
925 		return err;
926 
927 	nft_deactivate_next(ctx->net, obj);
928 	nft_use_dec(&ctx->table->use);
929 
930 	return err;
931 }
932 
933 static struct nft_trans *
934 nft_trans_flowtable_add(struct nft_ctx *ctx, int msg_type,
935 		        struct nft_flowtable *flowtable)
936 {
937 	struct nft_trans *trans;
938 
939 	trans = nft_trans_alloc(ctx, msg_type,
940 				sizeof(struct nft_trans_flowtable));
941 	if (trans == NULL)
942 		return ERR_PTR(-ENOMEM);
943 
944 	if (msg_type == NFT_MSG_NEWFLOWTABLE)
945 		nft_activate_next(ctx->net, flowtable);
946 
947 	INIT_LIST_HEAD(&nft_trans_flowtable_hooks(trans));
948 	nft_trans_flowtable(trans) = flowtable;
949 	nft_trans_commit_list_add_tail(ctx->net, trans);
950 
951 	return trans;
952 }
953 
954 static int nft_delflowtable(struct nft_ctx *ctx,
955 			    struct nft_flowtable *flowtable)
956 {
957 	struct nft_trans *trans;
958 
959 	trans = nft_trans_flowtable_add(ctx, NFT_MSG_DELFLOWTABLE, flowtable);
960 	if (IS_ERR(trans))
961 		return PTR_ERR(trans);
962 
963 	nft_deactivate_next(ctx->net, flowtable);
964 	nft_use_dec(&ctx->table->use);
965 
966 	return 0;
967 }
968 
969 /*
970  * Tables
971  */
972 
973 static struct nft_table *nft_table_lookup(const struct net *net,
974 					  const struct nlattr *nla,
975 					  u8 family, u8 genmask, u32 nlpid)
976 {
977 	struct nftables_pernet *nft_net;
978 	struct nft_table *table;
979 
980 	if (nla == NULL)
981 		return ERR_PTR(-EINVAL);
982 
983 	nft_net = nft_pernet(net);
984 	list_for_each_entry_rcu(table, &nft_net->tables, list,
985 				lockdep_is_held(&nft_net->commit_mutex)) {
986 		if (!nla_strcmp(nla, table->name) &&
987 		    table->family == family &&
988 		    nft_active_genmask(table, genmask)) {
989 			if (nft_table_has_owner(table) &&
990 			    nlpid && table->nlpid != nlpid)
991 				return ERR_PTR(-EPERM);
992 
993 			return table;
994 		}
995 	}
996 
997 	return ERR_PTR(-ENOENT);
998 }
999 
1000 static struct nft_table *nft_table_lookup_byhandle(const struct net *net,
1001 						   const struct nlattr *nla,
1002 						   int family, u8 genmask, u32 nlpid)
1003 {
1004 	struct nftables_pernet *nft_net;
1005 	struct nft_table *table;
1006 
1007 	nft_net = nft_pernet(net);
1008 	list_for_each_entry(table, &nft_net->tables, list) {
1009 		if (be64_to_cpu(nla_get_be64(nla)) == table->handle &&
1010 		    table->family == family &&
1011 		    nft_active_genmask(table, genmask)) {
1012 			if (nft_table_has_owner(table) &&
1013 			    nlpid && table->nlpid != nlpid)
1014 				return ERR_PTR(-EPERM);
1015 
1016 			return table;
1017 		}
1018 	}
1019 
1020 	return ERR_PTR(-ENOENT);
1021 }
1022 
1023 static inline u64 nf_tables_alloc_handle(struct nft_table *table)
1024 {
1025 	return ++table->hgenerator;
1026 }
1027 
1028 static const struct nft_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX];
1029 
1030 static const struct nft_chain_type *
1031 __nft_chain_type_get(u8 family, enum nft_chain_types type)
1032 {
1033 	if (family >= NFPROTO_NUMPROTO ||
1034 	    type >= NFT_CHAIN_T_MAX)
1035 		return NULL;
1036 
1037 	return chain_type[family][type];
1038 }
1039 
1040 static const struct nft_chain_type *
1041 __nf_tables_chain_type_lookup(const struct nlattr *nla, u8 family)
1042 {
1043 	const struct nft_chain_type *type;
1044 	int i;
1045 
1046 	for (i = 0; i < NFT_CHAIN_T_MAX; i++) {
1047 		type = __nft_chain_type_get(family, i);
1048 		if (!type)
1049 			continue;
1050 		if (!nla_strcmp(nla, type->name))
1051 			return type;
1052 	}
1053 	return NULL;
1054 }
1055 
1056 struct nft_module_request {
1057 	struct list_head	list;
1058 	char			module[MODULE_NAME_LEN];
1059 	bool			done;
1060 };
1061 
1062 #ifdef CONFIG_MODULES
1063 __printf(2, 3) int nft_request_module(struct net *net, const char *fmt,
1064 				      ...)
1065 {
1066 	char module_name[MODULE_NAME_LEN];
1067 	struct nftables_pernet *nft_net;
1068 	struct nft_module_request *req;
1069 	va_list args;
1070 	int ret;
1071 
1072 	va_start(args, fmt);
1073 	ret = vsnprintf(module_name, MODULE_NAME_LEN, fmt, args);
1074 	va_end(args);
1075 	if (ret >= MODULE_NAME_LEN)
1076 		return 0;
1077 
1078 	nft_net = nft_pernet(net);
1079 	list_for_each_entry(req, &nft_net->module_list, list) {
1080 		if (!strcmp(req->module, module_name)) {
1081 			if (req->done)
1082 				return 0;
1083 
1084 			/* A request to load this module already exists. */
1085 			return -EAGAIN;
1086 		}
1087 	}
1088 
1089 	req = kmalloc_obj(*req);
1090 	if (!req)
1091 		return -ENOMEM;
1092 
1093 	req->done = false;
1094 	strscpy(req->module, module_name, MODULE_NAME_LEN);
1095 	list_add_tail(&req->list, &nft_net->module_list);
1096 
1097 	return -EAGAIN;
1098 }
1099 EXPORT_SYMBOL_GPL(nft_request_module);
1100 #endif
1101 
1102 static void lockdep_nfnl_nft_mutex_not_held(void)
1103 {
1104 #ifdef CONFIG_PROVE_LOCKING
1105 	if (debug_locks)
1106 		WARN_ON_ONCE(lockdep_nfnl_is_held(NFNL_SUBSYS_NFTABLES));
1107 #endif
1108 }
1109 
1110 static const struct nft_chain_type *
1111 nf_tables_chain_type_lookup(struct net *net, const struct nlattr *nla,
1112 			    u8 family, bool autoload)
1113 {
1114 	const struct nft_chain_type *type;
1115 
1116 	type = __nf_tables_chain_type_lookup(nla, family);
1117 	if (type != NULL)
1118 		return type;
1119 
1120 	lockdep_nfnl_nft_mutex_not_held();
1121 #ifdef CONFIG_MODULES
1122 	if (autoload) {
1123 		if (nft_request_module(net, "nft-chain-%u-%.*s", family,
1124 				       nla_len(nla),
1125 				       (const char *)nla_data(nla)) == -EAGAIN)
1126 			return ERR_PTR(-EAGAIN);
1127 	}
1128 #endif
1129 	return ERR_PTR(-ENOENT);
1130 }
1131 
1132 static unsigned int nft_base_seq(const struct net *net)
1133 {
1134 	return READ_ONCE(net->nft.base_seq);
1135 }
1136 
1137 static __be16 nft_base_seq_be16(const struct net *net)
1138 {
1139 	return htons(nft_base_seq(net) & 0xffff);
1140 }
1141 
1142 static const struct nla_policy nft_table_policy[NFTA_TABLE_MAX + 1] = {
1143 	[NFTA_TABLE_NAME]	= { .type = NLA_STRING,
1144 				    .len = NFT_TABLE_MAXNAMELEN - 1 },
1145 	[NFTA_TABLE_FLAGS]	= NLA_POLICY_MASK(NLA_BE32, NFT_TABLE_F_MASK),
1146 	[NFTA_TABLE_HANDLE]	= { .type = NLA_U64 },
1147 	[NFTA_TABLE_USERDATA]	= { .type = NLA_BINARY,
1148 				    .len = NFT_USERDATA_MAXLEN }
1149 };
1150 
1151 static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net,
1152 				     u32 portid, u32 seq, int event, u32 flags,
1153 				     int family, const struct nft_table *table)
1154 {
1155 	struct nlmsghdr *nlh;
1156 
1157 	nlh = nfnl_msg_put(skb, portid, seq,
1158 			   nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event),
1159 			   flags, family, NFNETLINK_V0, nft_base_seq_be16(net));
1160 	if (!nlh)
1161 		goto nla_put_failure;
1162 
1163 	if (nla_put_string(skb, NFTA_TABLE_NAME, table->name) ||
1164 	    nla_put_be32(skb, NFTA_TABLE_USE, htonl(table->use)) ||
1165 	    nla_put_be64(skb, NFTA_TABLE_HANDLE, cpu_to_be64(table->handle),
1166 			 NFTA_TABLE_PAD))
1167 		goto nla_put_failure;
1168 
1169 	if (event == NFT_MSG_DELTABLE ||
1170 	    event == NFT_MSG_DESTROYTABLE) {
1171 		nlmsg_end(skb, nlh);
1172 		return 0;
1173 	}
1174 
1175 	if (nla_put_be32(skb, NFTA_TABLE_FLAGS,
1176 			 htonl(table->flags & NFT_TABLE_F_MASK)))
1177 		goto nla_put_failure;
1178 
1179 	if (nft_table_has_owner(table) &&
1180 	    nla_put_be32(skb, NFTA_TABLE_OWNER, htonl(table->nlpid)))
1181 		goto nla_put_failure;
1182 
1183 	if (table->udata) {
1184 		if (nla_put(skb, NFTA_TABLE_USERDATA, table->udlen, table->udata))
1185 			goto nla_put_failure;
1186 	}
1187 
1188 	nlmsg_end(skb, nlh);
1189 	return 0;
1190 
1191 nla_put_failure:
1192 	nlmsg_trim(skb, nlh);
1193 	return -1;
1194 }
1195 
1196 struct nftnl_skb_parms {
1197 	bool report;
1198 };
1199 #define NFT_CB(skb)	(*(struct nftnl_skb_parms*)&((skb)->cb))
1200 
1201 static void nft_notify_enqueue(struct sk_buff *skb, bool report,
1202 			       struct list_head *notify_list)
1203 {
1204 	NFT_CB(skb).report = report;
1205 	list_add_tail(&skb->list, notify_list);
1206 }
1207 
1208 static void nf_tables_table_notify(const struct nft_ctx *ctx, int event)
1209 {
1210 	struct nftables_pernet *nft_net;
1211 	struct sk_buff *skb;
1212 	u16 flags = 0;
1213 	int err;
1214 
1215 	if (!ctx->report &&
1216 	    !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES))
1217 		return;
1218 
1219 	skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
1220 	if (skb == NULL)
1221 		goto err;
1222 
1223 	if (ctx->flags & (NLM_F_CREATE | NLM_F_EXCL))
1224 		flags |= ctx->flags & (NLM_F_CREATE | NLM_F_EXCL);
1225 
1226 	err = nf_tables_fill_table_info(skb, ctx->net, ctx->portid, ctx->seq,
1227 					event, flags, ctx->family, ctx->table);
1228 	if (err < 0) {
1229 		kfree_skb(skb);
1230 		goto err;
1231 	}
1232 
1233 	nft_net = nft_pernet(ctx->net);
1234 	nft_notify_enqueue(skb, ctx->report, &nft_net->notify_list);
1235 	return;
1236 err:
1237 	nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
1238 }
1239 
1240 static int nf_tables_dump_tables(struct sk_buff *skb,
1241 				 struct netlink_callback *cb)
1242 {
1243 	const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
1244 	struct nftables_pernet *nft_net;
1245 	const struct nft_table *table;
1246 	unsigned int idx = 0, s_idx = cb->args[0];
1247 	struct net *net = sock_net(skb->sk);
1248 	int family = nfmsg->nfgen_family;
1249 
1250 	rcu_read_lock();
1251 	nft_net = nft_pernet(net);
1252 	cb->seq = nft_base_seq(net);
1253 
1254 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
1255 		if (family != NFPROTO_UNSPEC && family != table->family)
1256 			continue;
1257 
1258 		if (idx < s_idx)
1259 			goto cont;
1260 		if (idx > s_idx)
1261 			memset(&cb->args[1], 0,
1262 			       sizeof(cb->args) - sizeof(cb->args[0]));
1263 		if (!nft_is_active(net, table))
1264 			continue;
1265 		if (nf_tables_fill_table_info(skb, net,
1266 					      NETLINK_CB(cb->skb).portid,
1267 					      cb->nlh->nlmsg_seq,
1268 					      NFT_MSG_NEWTABLE, NLM_F_MULTI,
1269 					      table->family, table) < 0)
1270 			goto done;
1271 
1272 		nl_dump_check_consistent(cb, nlmsg_hdr(skb));
1273 cont:
1274 		idx++;
1275 	}
1276 done:
1277 	rcu_read_unlock();
1278 	cb->args[0] = idx;
1279 	return skb->len;
1280 }
1281 
1282 static int nft_netlink_dump_start_rcu(struct sock *nlsk, struct sk_buff *skb,
1283 				      const struct nlmsghdr *nlh,
1284 				      struct netlink_dump_control *c)
1285 {
1286 	int err;
1287 
1288 	if (!try_module_get(THIS_MODULE))
1289 		return -EINVAL;
1290 
1291 	rcu_read_unlock();
1292 	err = netlink_dump_start(nlsk, skb, nlh, c);
1293 	rcu_read_lock();
1294 	module_put(THIS_MODULE);
1295 
1296 	return err;
1297 }
1298 
1299 /* called with rcu_read_lock held */
1300 static int nf_tables_gettable(struct sk_buff *skb, const struct nfnl_info *info,
1301 			      const struct nlattr * const nla[])
1302 {
1303 	struct netlink_ext_ack *extack = info->extack;
1304 	u8 genmask = nft_genmask_cur(info->net);
1305 	u8 family = info->nfmsg->nfgen_family;
1306 	const struct nft_table *table;
1307 	struct net *net = info->net;
1308 	struct sk_buff *skb2;
1309 	int err;
1310 
1311 	if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
1312 		struct netlink_dump_control c = {
1313 			.dump = nf_tables_dump_tables,
1314 			.module = THIS_MODULE,
1315 		};
1316 
1317 		return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
1318 	}
1319 
1320 	table = nft_table_lookup(net, nla[NFTA_TABLE_NAME], family, genmask, 0);
1321 	if (IS_ERR(table)) {
1322 		NL_SET_BAD_ATTR(extack, nla[NFTA_TABLE_NAME]);
1323 		return PTR_ERR(table);
1324 	}
1325 
1326 	skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
1327 	if (!skb2)
1328 		return -ENOMEM;
1329 
1330 	err = nf_tables_fill_table_info(skb2, net, NETLINK_CB(skb).portid,
1331 					info->nlh->nlmsg_seq, NFT_MSG_NEWTABLE,
1332 					0, family, table);
1333 	if (err < 0)
1334 		goto err_fill_table_info;
1335 
1336 	return nfnetlink_unicast(skb2, net, NETLINK_CB(skb).portid);
1337 
1338 err_fill_table_info:
1339 	kfree_skb(skb2);
1340 	return err;
1341 }
1342 
1343 static void nft_table_disable(struct net *net, struct nft_table *table, u32 cnt)
1344 {
1345 	struct nft_chain *chain;
1346 	u32 i = 0;
1347 
1348 	list_for_each_entry(chain, &table->chains, list) {
1349 		if (!nft_is_active_next(net, chain))
1350 			continue;
1351 		if (!nft_is_base_chain(chain))
1352 			continue;
1353 
1354 		if (cnt && i++ == cnt)
1355 			break;
1356 
1357 		nf_tables_unregister_hook(net, table, chain);
1358 	}
1359 }
1360 
1361 static int nf_tables_table_enable(struct net *net, struct nft_table *table)
1362 {
1363 	struct nft_chain *chain;
1364 	int err, i = 0;
1365 
1366 	list_for_each_entry(chain, &table->chains, list) {
1367 		if (!nft_is_active_next(net, chain))
1368 			continue;
1369 		if (!nft_is_base_chain(chain))
1370 			continue;
1371 
1372 		err = nf_tables_register_hook(net, table, chain);
1373 		if (err < 0)
1374 			goto err_register_hooks;
1375 
1376 		i++;
1377 	}
1378 	return 0;
1379 
1380 err_register_hooks:
1381 	if (i)
1382 		nft_table_disable(net, table, i);
1383 	return err;
1384 }
1385 
1386 static void nf_tables_table_disable(struct net *net, struct nft_table *table)
1387 {
1388 	table->flags &= ~NFT_TABLE_F_DORMANT;
1389 	nft_table_disable(net, table, 0);
1390 	table->flags |= NFT_TABLE_F_DORMANT;
1391 }
1392 
1393 #define __NFT_TABLE_F_INTERNAL		(NFT_TABLE_F_MASK + 1)
1394 #define __NFT_TABLE_F_WAS_DORMANT	(__NFT_TABLE_F_INTERNAL << 0)
1395 #define __NFT_TABLE_F_WAS_AWAKEN	(__NFT_TABLE_F_INTERNAL << 1)
1396 #define __NFT_TABLE_F_WAS_ORPHAN	(__NFT_TABLE_F_INTERNAL << 2)
1397 #define __NFT_TABLE_F_UPDATE		(__NFT_TABLE_F_WAS_DORMANT | \
1398 					 __NFT_TABLE_F_WAS_AWAKEN | \
1399 					 __NFT_TABLE_F_WAS_ORPHAN)
1400 
1401 static bool nft_table_pending_update(const struct nft_ctx *ctx)
1402 {
1403 	struct nftables_pernet *nft_net = nft_pernet(ctx->net);
1404 	struct nft_trans *trans;
1405 
1406 	if (ctx->table->flags & __NFT_TABLE_F_UPDATE)
1407 		return true;
1408 
1409 	list_for_each_entry(trans, &nft_net->commit_list, list) {
1410 		if (trans->table == ctx->table &&
1411 		    ((trans->msg_type == NFT_MSG_NEWCHAIN &&
1412 		      nft_trans_chain_update(trans)) ||
1413 		     (trans->msg_type == NFT_MSG_DELCHAIN &&
1414 		      nft_is_base_chain(nft_trans_chain(trans)))))
1415 			return true;
1416 	}
1417 
1418 	return false;
1419 }
1420 
1421 static int nf_tables_updtable(struct nft_ctx *ctx)
1422 {
1423 	struct nft_trans *trans;
1424 	u32 flags;
1425 	int ret;
1426 
1427 	if (!ctx->nla[NFTA_TABLE_FLAGS])
1428 		return 0;
1429 
1430 	flags = ntohl(nla_get_be32(ctx->nla[NFTA_TABLE_FLAGS]));
1431 	if (flags & ~NFT_TABLE_F_MASK)
1432 		return -EOPNOTSUPP;
1433 
1434 	if (flags == (ctx->table->flags & NFT_TABLE_F_MASK))
1435 		return 0;
1436 
1437 	if ((nft_table_has_owner(ctx->table) &&
1438 	     !(flags & NFT_TABLE_F_OWNER)) ||
1439 	    (flags & NFT_TABLE_F_OWNER &&
1440 	     !nft_table_is_orphan(ctx->table)))
1441 		return -EOPNOTSUPP;
1442 
1443 	if ((flags ^ ctx->table->flags) & NFT_TABLE_F_PERSIST)
1444 		return -EOPNOTSUPP;
1445 
1446 	/* No dormant off/on/off/on games in single transaction */
1447 	if (nft_table_pending_update(ctx))
1448 		return -EINVAL;
1449 
1450 	trans = nft_trans_alloc(ctx, NFT_MSG_NEWTABLE,
1451 				sizeof(struct nft_trans_table));
1452 	if (trans == NULL)
1453 		return -ENOMEM;
1454 
1455 	if ((flags & NFT_TABLE_F_DORMANT) &&
1456 	    !(ctx->table->flags & NFT_TABLE_F_DORMANT)) {
1457 		ctx->table->flags |= NFT_TABLE_F_DORMANT;
1458 		if (!(ctx->table->flags & __NFT_TABLE_F_UPDATE))
1459 			ctx->table->flags |= __NFT_TABLE_F_WAS_AWAKEN;
1460 	} else if (!(flags & NFT_TABLE_F_DORMANT) &&
1461 		   ctx->table->flags & NFT_TABLE_F_DORMANT) {
1462 		ctx->table->flags &= ~NFT_TABLE_F_DORMANT;
1463 		if (!(ctx->table->flags & __NFT_TABLE_F_UPDATE)) {
1464 			ret = nf_tables_table_enable(ctx->net, ctx->table);
1465 			if (ret < 0)
1466 				goto err_register_hooks;
1467 
1468 			ctx->table->flags |= __NFT_TABLE_F_WAS_DORMANT;
1469 		}
1470 	}
1471 
1472 	if ((flags & NFT_TABLE_F_OWNER) &&
1473 	    !nft_table_has_owner(ctx->table)) {
1474 		ctx->table->nlpid = ctx->portid;
1475 		ctx->table->flags |= NFT_TABLE_F_OWNER |
1476 				     __NFT_TABLE_F_WAS_ORPHAN;
1477 	}
1478 
1479 	nft_trans_table_update(trans) = true;
1480 	nft_trans_commit_list_add_tail(ctx->net, trans);
1481 
1482 	return 0;
1483 
1484 err_register_hooks:
1485 	ctx->table->flags |= NFT_TABLE_F_DORMANT;
1486 	nft_trans_destroy(trans);
1487 	return ret;
1488 }
1489 
1490 static u32 nft_chain_hash(const void *data, u32 len, u32 seed)
1491 {
1492 	const char *name = data;
1493 
1494 	return jhash(name, strlen(name), seed);
1495 }
1496 
1497 static u32 nft_chain_hash_obj(const void *data, u32 len, u32 seed)
1498 {
1499 	const struct nft_chain *chain = data;
1500 
1501 	return nft_chain_hash(chain->name, 0, seed);
1502 }
1503 
1504 static int nft_chain_hash_cmp(struct rhashtable_compare_arg *arg,
1505 			      const void *ptr)
1506 {
1507 	const struct nft_chain *chain = ptr;
1508 	const char *name = arg->key;
1509 
1510 	return strcmp(chain->name, name);
1511 }
1512 
1513 static u32 nft_objname_hash(const void *data, u32 len, u32 seed)
1514 {
1515 	const struct nft_object_hash_key *k = data;
1516 
1517 	seed ^= hash_ptr(k->table, 32);
1518 
1519 	return jhash(k->name, strlen(k->name), seed);
1520 }
1521 
1522 static u32 nft_objname_hash_obj(const void *data, u32 len, u32 seed)
1523 {
1524 	const struct nft_object *obj = data;
1525 
1526 	return nft_objname_hash(&obj->key, 0, seed);
1527 }
1528 
1529 static int nft_objname_hash_cmp(struct rhashtable_compare_arg *arg,
1530 				const void *ptr)
1531 {
1532 	const struct nft_object_hash_key *k = arg->key;
1533 	const struct nft_object *obj = ptr;
1534 
1535 	if (obj->key.table != k->table)
1536 		return -1;
1537 
1538 	return strcmp(obj->key.name, k->name);
1539 }
1540 
1541 static bool nft_supported_family(u8 family)
1542 {
1543 	return false
1544 #ifdef CONFIG_NF_TABLES_INET
1545 		|| family == NFPROTO_INET
1546 #endif
1547 #ifdef CONFIG_NF_TABLES_IPV4
1548 		|| family == NFPROTO_IPV4
1549 #endif
1550 #ifdef CONFIG_NF_TABLES_ARP
1551 		|| family == NFPROTO_ARP
1552 #endif
1553 #ifdef CONFIG_NF_TABLES_NETDEV
1554 		|| family == NFPROTO_NETDEV
1555 #endif
1556 #if IS_ENABLED(CONFIG_NF_TABLES_BRIDGE)
1557 		|| family == NFPROTO_BRIDGE
1558 #endif
1559 #ifdef CONFIG_NF_TABLES_IPV6
1560 		|| family == NFPROTO_IPV6
1561 #endif
1562 		;
1563 }
1564 
1565 static int nf_tables_newtable(struct sk_buff *skb, const struct nfnl_info *info,
1566 			      const struct nlattr * const nla[])
1567 {
1568 	struct nftables_pernet *nft_net = nft_pernet(info->net);
1569 	struct netlink_ext_ack *extack = info->extack;
1570 	u8 genmask = nft_genmask_next(info->net);
1571 	u8 family = info->nfmsg->nfgen_family;
1572 	struct net *net = info->net;
1573 	const struct nlattr *attr;
1574 	struct nft_table *table;
1575 	struct nft_ctx ctx;
1576 	u32 flags = 0;
1577 	int err;
1578 
1579 	if (!nft_supported_family(family))
1580 		return -EOPNOTSUPP;
1581 
1582 	lockdep_assert_held(&nft_net->commit_mutex);
1583 	attr = nla[NFTA_TABLE_NAME];
1584 	table = nft_table_lookup(net, attr, family, genmask,
1585 				 NETLINK_CB(skb).portid);
1586 	if (IS_ERR(table)) {
1587 		if (PTR_ERR(table) != -ENOENT)
1588 			return PTR_ERR(table);
1589 	} else {
1590 		if (info->nlh->nlmsg_flags & NLM_F_EXCL) {
1591 			NL_SET_BAD_ATTR(extack, attr);
1592 			return -EEXIST;
1593 		}
1594 		if (info->nlh->nlmsg_flags & NLM_F_REPLACE)
1595 			return -EOPNOTSUPP;
1596 
1597 		nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
1598 
1599 		return nf_tables_updtable(&ctx);
1600 	}
1601 
1602 	if (nla[NFTA_TABLE_FLAGS]) {
1603 		flags = ntohl(nla_get_be32(nla[NFTA_TABLE_FLAGS]));
1604 		if (flags & ~NFT_TABLE_F_MASK)
1605 			return -EOPNOTSUPP;
1606 	}
1607 
1608 	err = -ENOMEM;
1609 	table = kzalloc_obj(*table, GFP_KERNEL_ACCOUNT);
1610 	if (table == NULL)
1611 		goto err_kzalloc;
1612 
1613 	table->validate_state = nft_net->validate_state;
1614 	table->name = nla_strdup(attr, GFP_KERNEL_ACCOUNT);
1615 	if (table->name == NULL)
1616 		goto err_strdup;
1617 
1618 	if (nla[NFTA_TABLE_USERDATA]) {
1619 		table->udata = nla_memdup(nla[NFTA_TABLE_USERDATA], GFP_KERNEL_ACCOUNT);
1620 		if (table->udata == NULL)
1621 			goto err_table_udata;
1622 
1623 		table->udlen = nla_len(nla[NFTA_TABLE_USERDATA]);
1624 	}
1625 
1626 	err = rhltable_init(&table->chains_ht, &nft_chain_ht_params);
1627 	if (err)
1628 		goto err_chain_ht;
1629 
1630 	INIT_LIST_HEAD(&table->chains);
1631 	INIT_LIST_HEAD(&table->sets);
1632 	INIT_LIST_HEAD(&table->objects);
1633 	INIT_LIST_HEAD(&table->flowtables);
1634 	table->family = family;
1635 	table->flags = flags;
1636 	table->handle = ++nft_net->table_handle;
1637 	if (table->flags & NFT_TABLE_F_OWNER)
1638 		table->nlpid = NETLINK_CB(skb).portid;
1639 
1640 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
1641 	err = nft_trans_table_add(&ctx, NFT_MSG_NEWTABLE);
1642 	if (err < 0)
1643 		goto err_trans;
1644 
1645 	list_add_tail_rcu(&table->list, &nft_net->tables);
1646 	return 0;
1647 err_trans:
1648 	rhltable_destroy(&table->chains_ht);
1649 err_chain_ht:
1650 	kfree(table->udata);
1651 err_table_udata:
1652 	kfree(table->name);
1653 err_strdup:
1654 	kfree(table);
1655 err_kzalloc:
1656 	return err;
1657 }
1658 
1659 static int nft_flush_table(struct nft_ctx *ctx)
1660 {
1661 	struct nft_flowtable *flowtable, *nft;
1662 	struct nft_chain *chain, *nc;
1663 	struct nft_object *obj, *ne;
1664 	struct nft_set *set, *ns;
1665 	int err;
1666 
1667 	list_for_each_entry(chain, &ctx->table->chains, list) {
1668 		if (!nft_is_active_next(ctx->net, chain))
1669 			continue;
1670 
1671 		if (nft_chain_binding(chain))
1672 			continue;
1673 
1674 		ctx->chain = chain;
1675 
1676 		err = nft_delrule_by_chain(ctx);
1677 		if (err < 0)
1678 			goto out;
1679 	}
1680 
1681 	list_for_each_entry_safe(set, ns, &ctx->table->sets, list) {
1682 		if (!nft_is_active_next(ctx->net, set))
1683 			continue;
1684 
1685 		if (nft_set_is_anonymous(set))
1686 			continue;
1687 
1688 		err = nft_delset(ctx, set);
1689 		if (err < 0)
1690 			goto out;
1691 	}
1692 
1693 	list_for_each_entry_safe(flowtable, nft, &ctx->table->flowtables, list) {
1694 		if (!nft_is_active_next(ctx->net, flowtable))
1695 			continue;
1696 
1697 		err = nft_delflowtable(ctx, flowtable);
1698 		if (err < 0)
1699 			goto out;
1700 	}
1701 
1702 	list_for_each_entry_safe(obj, ne, &ctx->table->objects, list) {
1703 		if (!nft_is_active_next(ctx->net, obj))
1704 			continue;
1705 
1706 		err = nft_delobj(ctx, obj);
1707 		if (err < 0)
1708 			goto out;
1709 	}
1710 
1711 	list_for_each_entry_safe(chain, nc, &ctx->table->chains, list) {
1712 		if (!nft_is_active_next(ctx->net, chain))
1713 			continue;
1714 
1715 		if (nft_chain_binding(chain))
1716 			continue;
1717 
1718 		ctx->chain = chain;
1719 
1720 		err = nft_delchain(ctx);
1721 		if (err < 0)
1722 			goto out;
1723 	}
1724 
1725 	err = nft_deltable(ctx);
1726 out:
1727 	return err;
1728 }
1729 
1730 static int nft_flush(struct nft_ctx *ctx, int family)
1731 {
1732 	struct nftables_pernet *nft_net = nft_pernet(ctx->net);
1733 	const struct nlattr * const *nla = ctx->nla;
1734 	struct nft_table *table, *nt;
1735 	int err = 0;
1736 
1737 	list_for_each_entry_safe(table, nt, &nft_net->tables, list) {
1738 		if (family != AF_UNSPEC && table->family != family)
1739 			continue;
1740 
1741 		ctx->family = table->family;
1742 
1743 		if (!nft_is_active_next(ctx->net, table))
1744 			continue;
1745 
1746 		if (nft_table_has_owner(table) && table->nlpid != ctx->portid)
1747 			continue;
1748 
1749 		if (nla[NFTA_TABLE_NAME] &&
1750 		    nla_strcmp(nla[NFTA_TABLE_NAME], table->name) != 0)
1751 			continue;
1752 
1753 		ctx->table = table;
1754 
1755 		err = nft_flush_table(ctx);
1756 		if (err < 0)
1757 			goto out;
1758 	}
1759 out:
1760 	return err;
1761 }
1762 
1763 static int nf_tables_deltable(struct sk_buff *skb, const struct nfnl_info *info,
1764 			      const struct nlattr * const nla[])
1765 {
1766 	struct netlink_ext_ack *extack = info->extack;
1767 	u8 genmask = nft_genmask_next(info->net);
1768 	u8 family = info->nfmsg->nfgen_family;
1769 	struct net *net = info->net;
1770 	const struct nlattr *attr;
1771 	struct nft_table *table;
1772 	struct nft_ctx ctx;
1773 
1774 	nft_ctx_init(&ctx, net, skb, info->nlh, 0, NULL, NULL, nla);
1775 	if (family == AF_UNSPEC ||
1776 	    (!nla[NFTA_TABLE_NAME] && !nla[NFTA_TABLE_HANDLE]))
1777 		return nft_flush(&ctx, family);
1778 
1779 	if (nla[NFTA_TABLE_HANDLE]) {
1780 		attr = nla[NFTA_TABLE_HANDLE];
1781 		table = nft_table_lookup_byhandle(net, attr, family, genmask,
1782 						  NETLINK_CB(skb).portid);
1783 	} else {
1784 		attr = nla[NFTA_TABLE_NAME];
1785 		table = nft_table_lookup(net, attr, family, genmask,
1786 					 NETLINK_CB(skb).portid);
1787 	}
1788 
1789 	if (IS_ERR(table)) {
1790 		if (PTR_ERR(table) == -ENOENT &&
1791 		    NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_DESTROYTABLE)
1792 			return 0;
1793 
1794 		NL_SET_BAD_ATTR(extack, attr);
1795 		return PTR_ERR(table);
1796 	}
1797 
1798 	if (info->nlh->nlmsg_flags & NLM_F_NONREC &&
1799 	    table->use > 0)
1800 		return -EBUSY;
1801 
1802 	ctx.family = family;
1803 	ctx.table = table;
1804 
1805 	return nft_flush_table(&ctx);
1806 }
1807 
1808 static void nf_tables_table_destroy(struct nft_table *table)
1809 {
1810 	if (WARN_ON(table->use > 0))
1811 		return;
1812 
1813 	rhltable_destroy(&table->chains_ht);
1814 	kfree(table->name);
1815 	kfree(table->udata);
1816 	kfree(table);
1817 }
1818 
1819 void nft_register_chain_type(const struct nft_chain_type *ctype)
1820 {
1821 	nfnl_lock(NFNL_SUBSYS_NFTABLES);
1822 	if (WARN_ON(__nft_chain_type_get(ctype->family, ctype->type))) {
1823 		nfnl_unlock(NFNL_SUBSYS_NFTABLES);
1824 		return;
1825 	}
1826 	chain_type[ctype->family][ctype->type] = ctype;
1827 	nfnl_unlock(NFNL_SUBSYS_NFTABLES);
1828 }
1829 EXPORT_SYMBOL_GPL(nft_register_chain_type);
1830 
1831 void nft_unregister_chain_type(const struct nft_chain_type *ctype)
1832 {
1833 	nfnl_lock(NFNL_SUBSYS_NFTABLES);
1834 	chain_type[ctype->family][ctype->type] = NULL;
1835 	nfnl_unlock(NFNL_SUBSYS_NFTABLES);
1836 }
1837 EXPORT_SYMBOL_GPL(nft_unregister_chain_type);
1838 
1839 /*
1840  * Chains
1841  */
1842 
1843 static struct nft_chain *
1844 nft_chain_lookup_byhandle(const struct nft_table *table, u64 handle, u8 genmask)
1845 {
1846 	struct nft_chain *chain;
1847 
1848 	list_for_each_entry(chain, &table->chains, list) {
1849 		if (chain->handle == handle &&
1850 		    nft_active_genmask(chain, genmask))
1851 			return chain;
1852 	}
1853 
1854 	return ERR_PTR(-ENOENT);
1855 }
1856 
1857 static bool lockdep_commit_lock_is_held(const struct net *net)
1858 {
1859 #ifdef CONFIG_PROVE_LOCKING
1860 	struct nftables_pernet *nft_net = nft_pernet(net);
1861 
1862 	return lockdep_is_held(&nft_net->commit_mutex);
1863 #else
1864 	return true;
1865 #endif
1866 }
1867 
1868 static struct nft_chain *nft_chain_lookup(struct net *net,
1869 					  struct nft_table *table,
1870 					  const struct nlattr *nla, u8 genmask)
1871 {
1872 	char search[NFT_CHAIN_MAXNAMELEN + 1];
1873 	struct rhlist_head *tmp, *list;
1874 	struct nft_chain *chain;
1875 
1876 	if (nla == NULL)
1877 		return ERR_PTR(-EINVAL);
1878 
1879 	nla_strscpy(search, nla, sizeof(search));
1880 
1881 	WARN_ON(!rcu_read_lock_held() &&
1882 		!lockdep_commit_lock_is_held(net));
1883 
1884 	chain = ERR_PTR(-ENOENT);
1885 	rcu_read_lock();
1886 	list = rhltable_lookup(&table->chains_ht, search, nft_chain_ht_params);
1887 	if (!list)
1888 		goto out_unlock;
1889 
1890 	rhl_for_each_entry_rcu(chain, tmp, list, rhlhead) {
1891 		if (nft_active_genmask(chain, genmask))
1892 			goto out_unlock;
1893 	}
1894 	chain = ERR_PTR(-ENOENT);
1895 out_unlock:
1896 	rcu_read_unlock();
1897 	return chain;
1898 }
1899 
1900 static const struct nla_policy nft_chain_policy[NFTA_CHAIN_MAX + 1] = {
1901 	[NFTA_CHAIN_TABLE]	= { .type = NLA_STRING,
1902 				    .len = NFT_TABLE_MAXNAMELEN - 1 },
1903 	[NFTA_CHAIN_HANDLE]	= { .type = NLA_U64 },
1904 	[NFTA_CHAIN_NAME]	= { .type = NLA_STRING,
1905 				    .len = NFT_CHAIN_MAXNAMELEN - 1 },
1906 	[NFTA_CHAIN_HOOK]	= { .type = NLA_NESTED },
1907 	[NFTA_CHAIN_POLICY]	= { .type = NLA_U32 },
1908 	[NFTA_CHAIN_TYPE]	= { .type = NLA_STRING,
1909 				    .len = NFT_MODULE_AUTOLOAD_LIMIT },
1910 	[NFTA_CHAIN_COUNTERS]	= { .type = NLA_NESTED },
1911 	[NFTA_CHAIN_FLAGS]	= NLA_POLICY_MASK(NLA_BE32, NFT_CHAIN_FLAGS),
1912 	[NFTA_CHAIN_ID]		= { .type = NLA_U32 },
1913 	[NFTA_CHAIN_USERDATA]	= { .type = NLA_BINARY,
1914 				    .len = NFT_USERDATA_MAXLEN },
1915 };
1916 
1917 static const struct nla_policy nft_hook_policy[NFTA_HOOK_MAX + 1] = {
1918 	[NFTA_HOOK_HOOKNUM]	= { .type = NLA_U32 },
1919 	[NFTA_HOOK_PRIORITY]	= { .type = NLA_U32 },
1920 	[NFTA_HOOK_DEV]		= { .type = NLA_STRING,
1921 				    .len = IFNAMSIZ - 1 },
1922 };
1923 
1924 static int nft_dump_stats(struct sk_buff *skb, struct nft_stats __percpu *stats)
1925 {
1926 	struct nft_stats *cpu_stats, total;
1927 	struct nlattr *nest;
1928 	unsigned int seq;
1929 	u64 pkts, bytes;
1930 	int cpu;
1931 
1932 	if (!stats)
1933 		return 0;
1934 
1935 	memset(&total, 0, sizeof(total));
1936 	for_each_possible_cpu(cpu) {
1937 		cpu_stats = per_cpu_ptr(stats, cpu);
1938 		do {
1939 			seq = u64_stats_fetch_begin(&cpu_stats->syncp);
1940 			pkts = cpu_stats->pkts;
1941 			bytes = cpu_stats->bytes;
1942 		} while (u64_stats_fetch_retry(&cpu_stats->syncp, seq));
1943 		total.pkts += pkts;
1944 		total.bytes += bytes;
1945 	}
1946 	nest = nla_nest_start_noflag(skb, NFTA_CHAIN_COUNTERS);
1947 	if (nest == NULL)
1948 		goto nla_put_failure;
1949 
1950 	if (nla_put_be64(skb, NFTA_COUNTER_PACKETS, cpu_to_be64(total.pkts),
1951 			 NFTA_COUNTER_PAD) ||
1952 	    nla_put_be64(skb, NFTA_COUNTER_BYTES, cpu_to_be64(total.bytes),
1953 			 NFTA_COUNTER_PAD))
1954 		goto nla_put_failure;
1955 
1956 	nla_nest_end(skb, nest);
1957 	return 0;
1958 
1959 nla_put_failure:
1960 	return -ENOSPC;
1961 }
1962 
1963 static bool hook_is_prefix(struct nft_hook *hook)
1964 {
1965 	return strlen(hook->ifname) >= hook->ifnamelen;
1966 }
1967 
1968 static int nft_nla_put_hook_dev(struct sk_buff *skb, struct nft_hook *hook)
1969 {
1970 	int attr = hook_is_prefix(hook) ? NFTA_DEVICE_PREFIX : NFTA_DEVICE_NAME;
1971 
1972 	return nla_put_string(skb, attr, hook->ifname);
1973 }
1974 
1975 struct nft_hook_dump_ctx {
1976 	struct nft_hook *first;
1977 	int n;
1978 };
1979 
1980 static int nft_dump_basechain_hook_one(struct sk_buff *skb,
1981 				       struct nft_hook *hook,
1982 				       struct nft_hook_dump_ctx *dump_ctx)
1983 {
1984 	if (!dump_ctx->first)
1985 		dump_ctx->first = hook;
1986 
1987 	if (nft_nla_put_hook_dev(skb, hook))
1988 		return -1;
1989 
1990 	dump_ctx->n++;
1991 
1992 	return 0;
1993 }
1994 
1995 static int nft_dump_basechain_hook_list(struct sk_buff *skb,
1996 					const struct net *net,
1997 					const struct list_head *hook_list,
1998 					struct nft_hook_dump_ctx *dump_ctx)
1999 {
2000 	struct nft_hook *hook;
2001 	int err;
2002 
2003 	list_for_each_entry_rcu(hook, hook_list, list,
2004 				lockdep_commit_lock_is_held(net)) {
2005 		err = nft_dump_basechain_hook_one(skb, hook, dump_ctx);
2006 		if (err < 0)
2007 			return err;
2008 	}
2009 
2010 	return 0;
2011 }
2012 
2013 static int nft_dump_basechain_trans_hook_list(struct sk_buff *skb,
2014 					      const struct list_head *trans_hook_list,
2015 					      struct nft_hook_dump_ctx *dump_ctx)
2016 {
2017 	struct nft_trans_hook *trans_hook;
2018 	int err;
2019 
2020 	list_for_each_entry(trans_hook, trans_hook_list, list) {
2021 		err = nft_dump_basechain_hook_one(skb, trans_hook->hook, dump_ctx);
2022 		if (err < 0)
2023 			return err;
2024 	}
2025 
2026 	return 0;
2027 }
2028 
2029 static int nft_dump_basechain_hook(struct sk_buff *skb,
2030 				   const struct net *net, int family,
2031 				   const struct nft_base_chain *basechain,
2032 				   const struct list_head *hook_list,
2033 				   const struct list_head *trans_hook_list)
2034 {
2035 	const struct nf_hook_ops *ops = &basechain->ops;
2036 	struct nft_hook_dump_ctx dump_hook_ctx = {};
2037 	struct nlattr *nest, *nest_devs;
2038 
2039 	nest = nla_nest_start_noflag(skb, NFTA_CHAIN_HOOK);
2040 	if (nest == NULL)
2041 		goto nla_put_failure;
2042 	if (nla_put_be32(skb, NFTA_HOOK_HOOKNUM, htonl(ops->hooknum)))
2043 		goto nla_put_failure;
2044 	if (nla_put_be32(skb, NFTA_HOOK_PRIORITY, htonl(ops->priority)))
2045 		goto nla_put_failure;
2046 
2047 	if (nft_base_chain_netdev(family, ops->hooknum)) {
2048 		nest_devs = nla_nest_start_noflag(skb, NFTA_HOOK_DEVS);
2049 		if (!nest_devs)
2050 			goto nla_put_failure;
2051 
2052 		if (!hook_list && !trans_hook_list)
2053 			hook_list = &basechain->hook_list;
2054 
2055 		if (hook_list &&
2056 		    nft_dump_basechain_hook_list(skb, net, hook_list, &dump_hook_ctx)) {
2057 			goto nla_put_failure;
2058 		} else if (trans_hook_list &&
2059 			   nft_dump_basechain_trans_hook_list(skb, trans_hook_list,
2060 							      &dump_hook_ctx)) {
2061 			goto nla_put_failure;
2062 		}
2063 
2064 		nla_nest_end(skb, nest_devs);
2065 
2066 		if (dump_hook_ctx.n == 1 &&
2067 		    !hook_is_prefix(dump_hook_ctx.first) &&
2068 		    nla_put_string(skb, NFTA_HOOK_DEV, dump_hook_ctx.first->ifname))
2069 			goto nla_put_failure;
2070 	}
2071 	nla_nest_end(skb, nest);
2072 
2073 	return 0;
2074 nla_put_failure:
2075 	return -1;
2076 }
2077 
2078 static int nf_tables_fill_chain_info(struct sk_buff *skb, struct net *net,
2079 				     u32 portid, u32 seq, int event, u32 flags,
2080 				     int family, const struct nft_table *table,
2081 				     const struct nft_chain *chain,
2082 				     const struct list_head *hook_list,
2083 				     const struct list_head *trans_hook_list)
2084 {
2085 	struct nlmsghdr *nlh;
2086 
2087 	nlh = nfnl_msg_put(skb, portid, seq,
2088 			   nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event),
2089 			   flags, family, NFNETLINK_V0, nft_base_seq_be16(net));
2090 	if (!nlh)
2091 		goto nla_put_failure;
2092 
2093 	if (nla_put_string(skb, NFTA_CHAIN_TABLE, table->name) ||
2094 	    nla_put_string(skb, NFTA_CHAIN_NAME, chain->name) ||
2095 	    nla_put_be64(skb, NFTA_CHAIN_HANDLE, cpu_to_be64(chain->handle),
2096 			 NFTA_CHAIN_PAD))
2097 		goto nla_put_failure;
2098 
2099 	if (!hook_list && !trans_hook_list &&
2100 	    (event == NFT_MSG_DELCHAIN ||
2101 	     event == NFT_MSG_DESTROYCHAIN)) {
2102 		nlmsg_end(skb, nlh);
2103 		return 0;
2104 	}
2105 
2106 	if (nft_is_base_chain(chain)) {
2107 		const struct nft_base_chain *basechain = nft_base_chain(chain);
2108 		struct nft_stats __percpu *stats;
2109 
2110 		if (nft_dump_basechain_hook(skb, net, family, basechain,
2111 					    hook_list, trans_hook_list))
2112 			goto nla_put_failure;
2113 
2114 		if (nla_put_be32(skb, NFTA_CHAIN_POLICY,
2115 				 htonl(basechain->policy)))
2116 			goto nla_put_failure;
2117 
2118 		if (nla_put_string(skb, NFTA_CHAIN_TYPE, basechain->type->name))
2119 			goto nla_put_failure;
2120 
2121 		stats = rcu_dereference_check(basechain->stats,
2122 					      lockdep_commit_lock_is_held(net));
2123 		if (nft_dump_stats(skb, stats))
2124 			goto nla_put_failure;
2125 	}
2126 
2127 	if (chain->flags &&
2128 	    nla_put_be32(skb, NFTA_CHAIN_FLAGS, htonl(chain->flags)))
2129 		goto nla_put_failure;
2130 
2131 	if (nla_put_be32(skb, NFTA_CHAIN_USE, htonl(chain->use)))
2132 		goto nla_put_failure;
2133 
2134 	if (chain->udata &&
2135 	    nla_put(skb, NFTA_CHAIN_USERDATA, chain->udlen, chain->udata))
2136 		goto nla_put_failure;
2137 
2138 	nlmsg_end(skb, nlh);
2139 	return 0;
2140 
2141 nla_put_failure:
2142 	nlmsg_trim(skb, nlh);
2143 	return -1;
2144 }
2145 
2146 static void nf_tables_chain_notify(const struct nft_ctx *ctx, int event,
2147 				   const struct list_head *hook_list,
2148 				   const struct list_head *trans_hook_list)
2149 {
2150 	struct nftables_pernet *nft_net;
2151 	struct sk_buff *skb;
2152 	u16 flags = 0;
2153 	int err;
2154 
2155 	if (!ctx->report &&
2156 	    !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES))
2157 		return;
2158 
2159 	skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
2160 	if (skb == NULL)
2161 		goto err;
2162 
2163 	if (ctx->flags & (NLM_F_CREATE | NLM_F_EXCL))
2164 		flags |= ctx->flags & (NLM_F_CREATE | NLM_F_EXCL);
2165 
2166 	err = nf_tables_fill_chain_info(skb, ctx->net, ctx->portid, ctx->seq,
2167 					event, flags, ctx->family, ctx->table,
2168 					ctx->chain, hook_list, trans_hook_list);
2169 	if (err < 0) {
2170 		kfree_skb(skb);
2171 		goto err;
2172 	}
2173 
2174 	nft_net = nft_pernet(ctx->net);
2175 	nft_notify_enqueue(skb, ctx->report, &nft_net->notify_list);
2176 	return;
2177 err:
2178 	nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
2179 }
2180 
2181 static int nf_tables_dump_chains(struct sk_buff *skb,
2182 				 struct netlink_callback *cb)
2183 {
2184 	const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
2185 	unsigned int idx = 0, s_idx = cb->args[0];
2186 	struct net *net = sock_net(skb->sk);
2187 	int family = nfmsg->nfgen_family;
2188 	struct nftables_pernet *nft_net;
2189 	const struct nft_table *table;
2190 	const struct nft_chain *chain;
2191 
2192 	rcu_read_lock();
2193 	nft_net = nft_pernet(net);
2194 	cb->seq = nft_base_seq(net);
2195 
2196 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
2197 		if (family != NFPROTO_UNSPEC && family != table->family)
2198 			continue;
2199 
2200 		list_for_each_entry_rcu(chain, &table->chains, list) {
2201 			if (idx < s_idx)
2202 				goto cont;
2203 			if (idx > s_idx)
2204 				memset(&cb->args[1], 0,
2205 				       sizeof(cb->args) - sizeof(cb->args[0]));
2206 			if (!nft_is_active(net, chain))
2207 				continue;
2208 			if (nf_tables_fill_chain_info(skb, net,
2209 						      NETLINK_CB(cb->skb).portid,
2210 						      cb->nlh->nlmsg_seq,
2211 						      NFT_MSG_NEWCHAIN,
2212 						      NLM_F_MULTI,
2213 						      table->family, table,
2214 						      chain, NULL, NULL) < 0)
2215 				goto done;
2216 
2217 			nl_dump_check_consistent(cb, nlmsg_hdr(skb));
2218 cont:
2219 			idx++;
2220 		}
2221 	}
2222 done:
2223 	rcu_read_unlock();
2224 	cb->args[0] = idx;
2225 	return skb->len;
2226 }
2227 
2228 /* called with rcu_read_lock held */
2229 static int nf_tables_getchain(struct sk_buff *skb, const struct nfnl_info *info,
2230 			      const struct nlattr * const nla[])
2231 {
2232 	struct netlink_ext_ack *extack = info->extack;
2233 	u8 genmask = nft_genmask_cur(info->net);
2234 	u8 family = info->nfmsg->nfgen_family;
2235 	const struct nft_chain *chain;
2236 	struct net *net = info->net;
2237 	struct nft_table *table;
2238 	struct sk_buff *skb2;
2239 	int err;
2240 
2241 	if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
2242 		struct netlink_dump_control c = {
2243 			.dump = nf_tables_dump_chains,
2244 			.module = THIS_MODULE,
2245 		};
2246 
2247 		return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
2248 	}
2249 
2250 	table = nft_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, genmask, 0);
2251 	if (IS_ERR(table)) {
2252 		NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_TABLE]);
2253 		return PTR_ERR(table);
2254 	}
2255 
2256 	chain = nft_chain_lookup(net, table, nla[NFTA_CHAIN_NAME], genmask);
2257 	if (IS_ERR(chain)) {
2258 		NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_NAME]);
2259 		return PTR_ERR(chain);
2260 	}
2261 
2262 	skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
2263 	if (!skb2)
2264 		return -ENOMEM;
2265 
2266 	err = nf_tables_fill_chain_info(skb2, net, NETLINK_CB(skb).portid,
2267 					info->nlh->nlmsg_seq, NFT_MSG_NEWCHAIN,
2268 					0, family, table, chain, NULL, NULL);
2269 	if (err < 0)
2270 		goto err_fill_chain_info;
2271 
2272 	return nfnetlink_unicast(skb2, net, NETLINK_CB(skb).portid);
2273 
2274 err_fill_chain_info:
2275 	kfree_skb(skb2);
2276 	return err;
2277 }
2278 
2279 static const struct nla_policy nft_counter_policy[NFTA_COUNTER_MAX + 1] = {
2280 	[NFTA_COUNTER_PACKETS]	= { .type = NLA_U64 },
2281 	[NFTA_COUNTER_BYTES]	= { .type = NLA_U64 },
2282 };
2283 
2284 static struct nft_stats __percpu *nft_stats_alloc(const struct nlattr *attr)
2285 {
2286 	struct nlattr *tb[NFTA_COUNTER_MAX+1];
2287 	struct nft_stats __percpu *newstats;
2288 	struct nft_stats *stats;
2289 	int err;
2290 
2291 	err = nla_parse_nested_deprecated(tb, NFTA_COUNTER_MAX, attr,
2292 					  nft_counter_policy, NULL);
2293 	if (err < 0)
2294 		return ERR_PTR_PCPU(err);
2295 
2296 	if (!tb[NFTA_COUNTER_BYTES] || !tb[NFTA_COUNTER_PACKETS])
2297 		return ERR_PTR_PCPU(-EINVAL);
2298 
2299 	newstats = netdev_alloc_pcpu_stats(struct nft_stats);
2300 	if (newstats == NULL)
2301 		return ERR_PTR_PCPU(-ENOMEM);
2302 
2303 	/* Restore old counters on this cpu, no problem. Per-cpu statistics
2304 	 * are not exposed to userspace.
2305 	 */
2306 	preempt_disable();
2307 	stats = this_cpu_ptr(newstats);
2308 	stats->bytes = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_BYTES]));
2309 	stats->pkts = be64_to_cpu(nla_get_be64(tb[NFTA_COUNTER_PACKETS]));
2310 	preempt_enable();
2311 
2312 	return newstats;
2313 }
2314 
2315 static void nft_chain_stats_replace(struct nft_trans_chain *trans)
2316 {
2317 	const struct nft_trans *t = &trans->nft_trans_binding.nft_trans;
2318 	struct nft_base_chain *chain = nft_base_chain(trans->chain);
2319 
2320 	if (!trans->stats)
2321 		return;
2322 
2323 	trans->stats =
2324 		rcu_replace_pointer(chain->stats, trans->stats,
2325 				    lockdep_commit_lock_is_held(t->net));
2326 
2327 	if (!trans->stats)
2328 		static_branch_inc(&nft_counters_enabled);
2329 }
2330 
2331 static void nf_tables_chain_free_chain_rules(struct nft_chain *chain)
2332 {
2333 	struct nft_rule_blob *g0 = rcu_dereference_raw(chain->blob_gen_0);
2334 	struct nft_rule_blob *g1 = rcu_dereference_raw(chain->blob_gen_1);
2335 
2336 	if (g0 != g1)
2337 		kvfree(g1);
2338 	kvfree(g0);
2339 
2340 	/* should be NULL either via abort or via successful commit */
2341 	WARN_ON_ONCE(chain->blob_next);
2342 	kvfree(chain->blob_next);
2343 }
2344 
2345 void nf_tables_chain_destroy(struct nft_chain *chain)
2346 {
2347 	const struct nft_table *table = chain->table;
2348 	struct nft_hook *hook, *next;
2349 
2350 	if (WARN_ON(chain->use > 0))
2351 		return;
2352 
2353 	/* no concurrent access possible anymore */
2354 	nf_tables_chain_free_chain_rules(chain);
2355 
2356 	if (nft_is_base_chain(chain)) {
2357 		struct nft_base_chain *basechain = nft_base_chain(chain);
2358 
2359 		if (nft_base_chain_netdev(table->family, basechain->ops.hooknum)) {
2360 			list_for_each_entry_safe(hook, next,
2361 						 &basechain->hook_list, list)
2362 				nft_netdev_hook_unlink_free_rcu(hook);
2363 		}
2364 		module_put(basechain->type->owner);
2365 		if (rcu_access_pointer(basechain->stats)) {
2366 			static_branch_dec(&nft_counters_enabled);
2367 			free_percpu(rcu_dereference_raw(basechain->stats));
2368 		}
2369 		kfree(chain->name);
2370 		kfree(chain->udata);
2371 		kfree(basechain);
2372 	} else {
2373 		kfree(chain->name);
2374 		kfree(chain->udata);
2375 		kfree(chain);
2376 	}
2377 }
2378 
2379 static struct nft_hook *nft_netdev_hook_alloc(struct net *net,
2380 					      const struct nlattr *attr,
2381 					      bool prefix)
2382 {
2383 	struct nf_hook_ops *ops;
2384 	struct net_device *dev;
2385 	struct nft_hook *hook;
2386 	int err;
2387 
2388 	hook = kzalloc_obj(struct nft_hook, GFP_KERNEL_ACCOUNT);
2389 	if (!hook)
2390 		return ERR_PTR(-ENOMEM);
2391 
2392 	INIT_LIST_HEAD(&hook->ops_list);
2393 
2394 	err = nla_strscpy(hook->ifname, attr, IFNAMSIZ);
2395 	if (err < 0)
2396 		goto err_hook_free;
2397 
2398 	/* include the terminating NUL-char when comparing non-prefixes */
2399 	hook->ifnamelen = strlen(hook->ifname) + !prefix;
2400 
2401 	/* nf_tables_netdev_event() is called under rtnl_mutex, this is
2402 	 * indirectly serializing all the other holders of the commit_mutex with
2403 	 * the rtnl_mutex.
2404 	 */
2405 	for_each_netdev(net, dev) {
2406 		if (strncmp(dev->name, hook->ifname, hook->ifnamelen))
2407 			continue;
2408 
2409 		ops = kzalloc_obj(struct nf_hook_ops, GFP_KERNEL_ACCOUNT);
2410 		if (!ops) {
2411 			err = -ENOMEM;
2412 			goto err_hook_free;
2413 		}
2414 		ops->dev = dev;
2415 		list_add_tail(&ops->list, &hook->ops_list);
2416 	}
2417 	return hook;
2418 
2419 err_hook_free:
2420 	nft_netdev_hook_free(hook);
2421 	return ERR_PTR(err);
2422 }
2423 
2424 static struct nft_hook *nft_hook_list_find(struct list_head *hook_list,
2425 					   const struct nft_hook *this)
2426 {
2427 	struct nft_hook *hook;
2428 
2429 	list_for_each_entry(hook, hook_list, list) {
2430 		if (!strncmp(hook->ifname, this->ifname,
2431 			     min(hook->ifnamelen, this->ifnamelen))) {
2432 			if (hook->flags & NFT_HOOK_REMOVE)
2433 				continue;
2434 
2435 			return hook;
2436 		}
2437 	}
2438 
2439 	return NULL;
2440 }
2441 
2442 static int nf_tables_parse_netdev_hooks(struct net *net,
2443 					const struct nlattr *attr,
2444 					struct list_head *hook_list,
2445 					struct netlink_ext_ack *extack)
2446 {
2447 	struct nft_hook *hook, *next;
2448 	const struct nlattr *tmp;
2449 	int rem, n = 0, err;
2450 	bool prefix;
2451 
2452 	nla_for_each_nested(tmp, attr, rem) {
2453 		switch (nla_type(tmp)) {
2454 		case NFTA_DEVICE_NAME:
2455 			prefix = false;
2456 			break;
2457 		case NFTA_DEVICE_PREFIX:
2458 			prefix = true;
2459 			break;
2460 		default:
2461 			err = -EINVAL;
2462 			goto err_hook;
2463 		}
2464 
2465 		hook = nft_netdev_hook_alloc(net, tmp, prefix);
2466 		if (IS_ERR(hook)) {
2467 			NL_SET_BAD_ATTR(extack, tmp);
2468 			err = PTR_ERR(hook);
2469 			goto err_hook;
2470 		}
2471 		if (nft_hook_list_find(hook_list, hook)) {
2472 			NL_SET_BAD_ATTR(extack, tmp);
2473 			nft_netdev_hook_free(hook);
2474 			err = -EEXIST;
2475 			goto err_hook;
2476 		}
2477 		list_add_tail(&hook->list, hook_list);
2478 		n++;
2479 
2480 		if (n == NFT_NETDEVICE_MAX) {
2481 			err = -EFBIG;
2482 			goto err_hook;
2483 		}
2484 	}
2485 
2486 	return 0;
2487 
2488 err_hook:
2489 	list_for_each_entry_safe(hook, next, hook_list, list) {
2490 		list_del(&hook->list);
2491 		nft_netdev_hook_free(hook);
2492 	}
2493 	return err;
2494 }
2495 
2496 struct nft_chain_hook {
2497 	u32				num;
2498 	s32				priority;
2499 	const struct nft_chain_type	*type;
2500 	struct list_head		list;
2501 };
2502 
2503 static int nft_chain_parse_netdev(struct net *net, struct nlattr *tb[],
2504 				  struct list_head *hook_list,
2505 				  struct netlink_ext_ack *extack, u32 flags)
2506 {
2507 	struct nft_hook *hook;
2508 	int err;
2509 
2510 	if (tb[NFTA_HOOK_DEV]) {
2511 		hook = nft_netdev_hook_alloc(net, tb[NFTA_HOOK_DEV], false);
2512 		if (IS_ERR(hook)) {
2513 			NL_SET_BAD_ATTR(extack, tb[NFTA_HOOK_DEV]);
2514 			return PTR_ERR(hook);
2515 		}
2516 
2517 		list_add_tail(&hook->list, hook_list);
2518 	} else if (tb[NFTA_HOOK_DEVS]) {
2519 		err = nf_tables_parse_netdev_hooks(net, tb[NFTA_HOOK_DEVS],
2520 						   hook_list, extack);
2521 		if (err < 0)
2522 			return err;
2523 
2524 	}
2525 
2526 	if (flags & NFT_CHAIN_HW_OFFLOAD &&
2527 	    list_empty(hook_list))
2528 		return -EINVAL;
2529 
2530 	return 0;
2531 }
2532 
2533 static int nft_chain_parse_hook(struct net *net,
2534 				struct nft_base_chain *basechain,
2535 				const struct nlattr * const nla[],
2536 				struct nft_chain_hook *hook, u8 family,
2537 				u32 flags, struct netlink_ext_ack *extack)
2538 {
2539 	struct nftables_pernet *nft_net = nft_pernet(net);
2540 	struct nlattr *ha[NFTA_HOOK_MAX + 1];
2541 	const struct nft_chain_type *type;
2542 	int err;
2543 
2544 	lockdep_assert_held(&nft_net->commit_mutex);
2545 	lockdep_nfnl_nft_mutex_not_held();
2546 
2547 	err = nla_parse_nested_deprecated(ha, NFTA_HOOK_MAX,
2548 					  nla[NFTA_CHAIN_HOOK],
2549 					  nft_hook_policy, NULL);
2550 	if (err < 0)
2551 		return err;
2552 
2553 	if (!basechain) {
2554 		if (!ha[NFTA_HOOK_HOOKNUM] ||
2555 		    !ha[NFTA_HOOK_PRIORITY]) {
2556 			NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_NAME]);
2557 			return -ENOENT;
2558 		}
2559 
2560 		hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
2561 		hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
2562 
2563 		type = __nft_chain_type_get(family, NFT_CHAIN_T_DEFAULT);
2564 		if (!type)
2565 			return -EOPNOTSUPP;
2566 
2567 		if (nla[NFTA_CHAIN_TYPE]) {
2568 			type = nf_tables_chain_type_lookup(net, nla[NFTA_CHAIN_TYPE],
2569 							   family, true);
2570 			if (IS_ERR(type)) {
2571 				NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_TYPE]);
2572 				return PTR_ERR(type);
2573 			}
2574 		}
2575 		if (hook->num >= NFT_MAX_HOOKS || !(type->hook_mask & (1 << hook->num)))
2576 			return -EOPNOTSUPP;
2577 
2578 		if (type->type == NFT_CHAIN_T_NAT &&
2579 		    hook->priority <= NF_IP_PRI_CONNTRACK)
2580 			return -EOPNOTSUPP;
2581 	} else {
2582 		if (ha[NFTA_HOOK_HOOKNUM]) {
2583 			hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));
2584 			if (hook->num != basechain->ops.hooknum)
2585 				return -EOPNOTSUPP;
2586 		}
2587 		if (ha[NFTA_HOOK_PRIORITY]) {
2588 			hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
2589 			if (hook->priority != basechain->ops.priority)
2590 				return -EOPNOTSUPP;
2591 		}
2592 
2593 		if (nla[NFTA_CHAIN_TYPE]) {
2594 			type = __nf_tables_chain_type_lookup(nla[NFTA_CHAIN_TYPE],
2595 							     family);
2596 			if (!type) {
2597 				NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_TYPE]);
2598 				return -ENOENT;
2599 			}
2600 		} else {
2601 			type = basechain->type;
2602 		}
2603 	}
2604 
2605 	if (!try_module_get(type->owner)) {
2606 		if (nla[NFTA_CHAIN_TYPE])
2607 			NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_TYPE]);
2608 		return -ENOENT;
2609 	}
2610 
2611 	hook->type = type;
2612 
2613 	INIT_LIST_HEAD(&hook->list);
2614 	if (nft_base_chain_netdev(family, hook->num)) {
2615 		err = nft_chain_parse_netdev(net, ha, &hook->list, extack, flags);
2616 		if (err < 0) {
2617 			module_put(type->owner);
2618 			return err;
2619 		}
2620 	} else if (ha[NFTA_HOOK_DEV] || ha[NFTA_HOOK_DEVS]) {
2621 		module_put(type->owner);
2622 		return -EOPNOTSUPP;
2623 	}
2624 
2625 	return 0;
2626 }
2627 
2628 static void nft_chain_release_hook(struct nft_chain_hook *hook)
2629 {
2630 	struct nft_hook *h, *next;
2631 
2632 	list_for_each_entry_safe(h, next, &hook->list, list) {
2633 		list_del(&h->list);
2634 		nft_netdev_hook_free(h);
2635 	}
2636 	module_put(hook->type->owner);
2637 }
2638 
2639 static void nft_last_rule(const struct nft_chain *chain, const void *ptr)
2640 {
2641 	struct nft_rule_dp_last *lrule;
2642 
2643 	BUILD_BUG_ON(offsetof(struct nft_rule_dp_last, end) != 0);
2644 
2645 	lrule = (struct nft_rule_dp_last *)ptr;
2646 	lrule->end.is_last = 1;
2647 	lrule->chain = chain;
2648 	/* blob size does not include the trailer rule */
2649 }
2650 
2651 static struct nft_rule_blob *nf_tables_chain_alloc_rules(const struct nft_chain *chain,
2652 							 unsigned int size)
2653 {
2654 	struct nft_rule_blob *blob;
2655 
2656 	if (size > INT_MAX)
2657 		return NULL;
2658 
2659 	size += sizeof(struct nft_rule_blob) + sizeof(struct nft_rule_dp_last);
2660 
2661 	blob = kvmalloc(size, GFP_KERNEL_ACCOUNT);
2662 	if (!blob)
2663 		return NULL;
2664 
2665 	blob->size = 0;
2666 	nft_last_rule(chain, blob->data);
2667 
2668 	return blob;
2669 }
2670 
2671 static void nft_basechain_hook_init(struct nf_hook_ops *ops, u8 family,
2672 				    const struct nft_chain_hook *hook,
2673 				    struct nft_chain *chain)
2674 {
2675 	ops->pf			= family;
2676 	ops->hooknum		= hook->num;
2677 	ops->priority		= hook->priority;
2678 	ops->priv		= chain;
2679 	ops->hook		= hook->type->hooks[ops->hooknum];
2680 	ops->hook_ops_type	= NF_HOOK_OP_NF_TABLES;
2681 }
2682 
2683 static int nft_basechain_init(struct nft_base_chain *basechain, u8 family,
2684 			      struct nft_chain_hook *hook, u32 flags)
2685 {
2686 	struct nft_chain *chain;
2687 	struct nf_hook_ops *ops;
2688 	struct nft_hook *h;
2689 
2690 	basechain->type = hook->type;
2691 	INIT_LIST_HEAD(&basechain->hook_list);
2692 	chain = &basechain->chain;
2693 
2694 	if (nft_base_chain_netdev(family, hook->num)) {
2695 		list_splice_init(&hook->list, &basechain->hook_list);
2696 		list_for_each_entry(h, &basechain->hook_list, list) {
2697 			list_for_each_entry(ops, &h->ops_list, list)
2698 				nft_basechain_hook_init(ops, family, hook, chain);
2699 		}
2700 	}
2701 	nft_basechain_hook_init(&basechain->ops, family, hook, chain);
2702 
2703 	chain->flags |= NFT_CHAIN_BASE | flags;
2704 	basechain->policy = NF_ACCEPT;
2705 	if (chain->flags & NFT_CHAIN_HW_OFFLOAD &&
2706 	    !nft_chain_offload_support(basechain)) {
2707 		list_splice_init(&basechain->hook_list, &hook->list);
2708 		return -EOPNOTSUPP;
2709 	}
2710 
2711 	flow_block_init(&basechain->flow_block);
2712 
2713 	return 0;
2714 }
2715 
2716 int nft_chain_add(struct nft_table *table, struct nft_chain *chain)
2717 {
2718 	int err;
2719 
2720 	err = rhltable_insert_key(&table->chains_ht, chain->name,
2721 				  &chain->rhlhead, nft_chain_ht_params);
2722 	if (err)
2723 		return err;
2724 
2725 	list_add_tail_rcu(&chain->list, &table->chains);
2726 
2727 	return 0;
2728 }
2729 
2730 static u64 chain_id;
2731 
2732 static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 policy,
2733 			      u32 flags, struct netlink_ext_ack *extack)
2734 {
2735 	const struct nlattr * const *nla = ctx->nla;
2736 	struct nft_table *table = ctx->table;
2737 	struct nft_base_chain *basechain;
2738 	struct net *net = ctx->net;
2739 	char name[NFT_NAME_MAXLEN];
2740 	struct nft_rule_blob *blob;
2741 	struct nft_trans *trans;
2742 	struct nft_chain *chain;
2743 	int err;
2744 
2745 	if (nla[NFTA_CHAIN_HOOK]) {
2746 		struct nft_stats __percpu *stats = NULL;
2747 		struct nft_chain_hook hook = {};
2748 
2749 		if (table->flags & __NFT_TABLE_F_UPDATE)
2750 			return -EINVAL;
2751 
2752 		if (flags & NFT_CHAIN_BINDING)
2753 			return -EOPNOTSUPP;
2754 
2755 		err = nft_chain_parse_hook(net, NULL, nla, &hook, family, flags,
2756 					   extack);
2757 		if (err < 0)
2758 			return err;
2759 
2760 		basechain = kzalloc_obj(*basechain, GFP_KERNEL_ACCOUNT);
2761 		if (basechain == NULL) {
2762 			nft_chain_release_hook(&hook);
2763 			return -ENOMEM;
2764 		}
2765 		chain = &basechain->chain;
2766 
2767 		if (nla[NFTA_CHAIN_COUNTERS]) {
2768 			stats = nft_stats_alloc(nla[NFTA_CHAIN_COUNTERS]);
2769 			if (IS_ERR_PCPU(stats)) {
2770 				nft_chain_release_hook(&hook);
2771 				kfree(basechain);
2772 				return PTR_ERR_PCPU(stats);
2773 			}
2774 			rcu_assign_pointer(basechain->stats, stats);
2775 		}
2776 
2777 		err = nft_basechain_init(basechain, family, &hook, flags);
2778 		if (err < 0) {
2779 			nft_chain_release_hook(&hook);
2780 			kfree(basechain);
2781 			free_percpu(stats);
2782 			return err;
2783 		}
2784 		if (stats)
2785 			static_branch_inc(&nft_counters_enabled);
2786 	} else {
2787 		if (flags & NFT_CHAIN_BASE)
2788 			return -EINVAL;
2789 		if (flags & NFT_CHAIN_HW_OFFLOAD)
2790 			return -EOPNOTSUPP;
2791 
2792 		chain = kzalloc_obj(*chain, GFP_KERNEL_ACCOUNT);
2793 		if (chain == NULL)
2794 			return -ENOMEM;
2795 
2796 		chain->flags = flags;
2797 	}
2798 	ctx->chain = chain;
2799 
2800 	INIT_LIST_HEAD(&chain->rules);
2801 	chain->handle = nf_tables_alloc_handle(table);
2802 	chain->table = table;
2803 
2804 	if (nla[NFTA_CHAIN_NAME]) {
2805 		chain->name = nla_strdup(nla[NFTA_CHAIN_NAME], GFP_KERNEL_ACCOUNT);
2806 	} else {
2807 		if (!(flags & NFT_CHAIN_BINDING)) {
2808 			err = -EINVAL;
2809 			goto err_destroy_chain;
2810 		}
2811 
2812 		snprintf(name, sizeof(name), "__chain%llu", ++chain_id);
2813 		chain->name = kstrdup(name, GFP_KERNEL_ACCOUNT);
2814 	}
2815 
2816 	if (!chain->name) {
2817 		err = -ENOMEM;
2818 		goto err_destroy_chain;
2819 	}
2820 
2821 	if (nla[NFTA_CHAIN_USERDATA]) {
2822 		chain->udata = nla_memdup(nla[NFTA_CHAIN_USERDATA], GFP_KERNEL_ACCOUNT);
2823 		if (chain->udata == NULL) {
2824 			err = -ENOMEM;
2825 			goto err_destroy_chain;
2826 		}
2827 		chain->udlen = nla_len(nla[NFTA_CHAIN_USERDATA]);
2828 	}
2829 
2830 	blob = nf_tables_chain_alloc_rules(chain, 0);
2831 	if (!blob) {
2832 		err = -ENOMEM;
2833 		goto err_destroy_chain;
2834 	}
2835 
2836 	RCU_INIT_POINTER(chain->blob_gen_0, blob);
2837 	RCU_INIT_POINTER(chain->blob_gen_1, blob);
2838 
2839 	if (!nft_use_inc(&table->use)) {
2840 		err = -EMFILE;
2841 		goto err_destroy_chain;
2842 	}
2843 
2844 	trans = nft_trans_chain_add(ctx, NFT_MSG_NEWCHAIN);
2845 	if (IS_ERR(trans)) {
2846 		err = PTR_ERR(trans);
2847 		goto err_trans;
2848 	}
2849 
2850 	nft_trans_chain_policy(trans) = NFT_CHAIN_POLICY_UNSET;
2851 	if (nft_is_base_chain(chain))
2852 		nft_trans_chain_policy(trans) = policy;
2853 
2854 	err = nft_chain_add(table, chain);
2855 	if (err < 0)
2856 		goto err_chain_add;
2857 
2858 	/* This must be LAST to ensure no packets are walking over this chain. */
2859 	err = nf_tables_register_hook(net, table, chain);
2860 	if (err < 0)
2861 		goto err_register_hook;
2862 
2863 	return 0;
2864 
2865 err_register_hook:
2866 	nft_chain_del(chain);
2867 	synchronize_rcu();
2868 err_chain_add:
2869 	nft_trans_destroy(trans);
2870 err_trans:
2871 	nft_use_dec_restore(&table->use);
2872 err_destroy_chain:
2873 	nf_tables_chain_destroy(chain);
2874 
2875 	return err;
2876 }
2877 
2878 static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy,
2879 			      u32 flags, const struct nlattr *attr,
2880 			      struct netlink_ext_ack *extack)
2881 {
2882 	const struct nlattr * const *nla = ctx->nla;
2883 	struct nft_base_chain *basechain = NULL;
2884 	struct nft_table *table = ctx->table;
2885 	struct nft_chain *chain = ctx->chain;
2886 	struct nft_chain_hook hook = {};
2887 	struct nft_stats __percpu *stats = NULL;
2888 	struct nftables_pernet *nft_net;
2889 	struct nft_hook *h, *next;
2890 	struct nf_hook_ops *ops;
2891 	struct nft_trans *trans;
2892 	bool unregister = false;
2893 	int err;
2894 
2895 	if (chain->flags ^ flags)
2896 		return -EOPNOTSUPP;
2897 
2898 	INIT_LIST_HEAD(&hook.list);
2899 
2900 	if (nla[NFTA_CHAIN_HOOK]) {
2901 		if (!nft_is_base_chain(chain)) {
2902 			NL_SET_BAD_ATTR(extack, attr);
2903 			return -EEXIST;
2904 		}
2905 
2906 		basechain = nft_base_chain(chain);
2907 		err = nft_chain_parse_hook(ctx->net, basechain, nla, &hook,
2908 					   ctx->family, flags, extack);
2909 		if (err < 0)
2910 			return err;
2911 
2912 		if (basechain->type != hook.type) {
2913 			nft_chain_release_hook(&hook);
2914 			NL_SET_BAD_ATTR(extack, attr);
2915 			return -EEXIST;
2916 		}
2917 
2918 		if (nft_base_chain_netdev(ctx->family, basechain->ops.hooknum)) {
2919 			list_for_each_entry_safe(h, next, &hook.list, list) {
2920 				list_for_each_entry(ops, &h->ops_list, list) {
2921 					ops->pf		= basechain->ops.pf;
2922 					ops->hooknum	= basechain->ops.hooknum;
2923 					ops->priority	= basechain->ops.priority;
2924 					ops->priv	= basechain->ops.priv;
2925 					ops->hook	= basechain->ops.hook;
2926 				}
2927 
2928 				if (nft_hook_list_find(&basechain->hook_list, h)) {
2929 					list_del(&h->list);
2930 					nft_netdev_hook_free(h);
2931 					continue;
2932 				}
2933 
2934 				nft_net = nft_pernet(ctx->net);
2935 				list_for_each_entry(trans, &nft_net->commit_list, list) {
2936 					if (trans->msg_type != NFT_MSG_NEWCHAIN ||
2937 					    trans->table != ctx->table ||
2938 					    !nft_trans_chain_update(trans))
2939 						continue;
2940 
2941 					if (nft_hook_list_find(&nft_trans_chain_hooks(trans), h)) {
2942 						nft_chain_release_hook(&hook);
2943 						return -EEXIST;
2944 					}
2945 				}
2946 			}
2947 		} else {
2948 			ops = &basechain->ops;
2949 			if (ops->hooknum != hook.num ||
2950 			    ops->priority != hook.priority) {
2951 				nft_chain_release_hook(&hook);
2952 				NL_SET_BAD_ATTR(extack, attr);
2953 				return -EEXIST;
2954 			}
2955 		}
2956 	}
2957 
2958 	if (nla[NFTA_CHAIN_HANDLE] &&
2959 	    nla[NFTA_CHAIN_NAME]) {
2960 		struct nft_chain *chain2;
2961 
2962 		chain2 = nft_chain_lookup(ctx->net, table,
2963 					  nla[NFTA_CHAIN_NAME], genmask);
2964 		if (!IS_ERR(chain2)) {
2965 			NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_NAME]);
2966 			err = -EEXIST;
2967 			goto err_hooks;
2968 		}
2969 	}
2970 
2971 	if (table->flags & __NFT_TABLE_F_UPDATE &&
2972 	    !list_empty(&hook.list)) {
2973 		NL_SET_BAD_ATTR(extack, attr);
2974 		err = -EOPNOTSUPP;
2975 		goto err_hooks;
2976 	}
2977 
2978 	if (!(table->flags & NFT_TABLE_F_DORMANT) &&
2979 	    nft_is_base_chain(chain) &&
2980 	    !list_empty(&hook.list)) {
2981 		basechain = nft_base_chain(chain);
2982 		ops = &basechain->ops;
2983 
2984 		if (nft_base_chain_netdev(table->family, basechain->ops.hooknum)) {
2985 			err = nft_netdev_register_hooks(ctx->net, &hook.list);
2986 			if (err < 0)
2987 				goto err_hooks;
2988 
2989 			unregister = true;
2990 		}
2991 	}
2992 
2993 	if (nla[NFTA_CHAIN_COUNTERS]) {
2994 		if (!nft_is_base_chain(chain)) {
2995 			err = -EOPNOTSUPP;
2996 			goto err_hooks;
2997 		}
2998 
2999 		stats = nft_stats_alloc(nla[NFTA_CHAIN_COUNTERS]);
3000 		if (IS_ERR_PCPU(stats)) {
3001 			err = PTR_ERR_PCPU(stats);
3002 			goto err_hooks;
3003 		}
3004 	}
3005 
3006 	err = -ENOMEM;
3007 	trans = nft_trans_alloc_chain(ctx, NFT_MSG_NEWCHAIN);
3008 	if (trans == NULL)
3009 		goto err_trans;
3010 
3011 	nft_trans_chain_stats(trans) = stats;
3012 	nft_trans_chain_update(trans) = true;
3013 
3014 	if (nla[NFTA_CHAIN_POLICY])
3015 		nft_trans_chain_policy(trans) = policy;
3016 	else
3017 		nft_trans_chain_policy(trans) = -1;
3018 
3019 	if (nla[NFTA_CHAIN_HANDLE] &&
3020 	    nla[NFTA_CHAIN_NAME]) {
3021 		struct nftables_pernet *nft_net = nft_pernet(ctx->net);
3022 		struct nft_trans *tmp;
3023 		char *name;
3024 
3025 		err = -ENOMEM;
3026 		name = nla_strdup(nla[NFTA_CHAIN_NAME], GFP_KERNEL_ACCOUNT);
3027 		if (!name)
3028 			goto err_trans;
3029 
3030 		err = -EEXIST;
3031 		list_for_each_entry(tmp, &nft_net->commit_list, list) {
3032 			if (tmp->msg_type == NFT_MSG_NEWCHAIN &&
3033 			    tmp->table == table &&
3034 			    nft_trans_chain_update(tmp) &&
3035 			    nft_trans_chain_name(tmp) &&
3036 			    strcmp(name, nft_trans_chain_name(tmp)) == 0) {
3037 				NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_NAME]);
3038 				kfree(name);
3039 				goto err_trans;
3040 			}
3041 		}
3042 
3043 		nft_trans_chain_name(trans) = name;
3044 	}
3045 
3046 	nft_trans_basechain(trans) = basechain;
3047 	INIT_LIST_HEAD(&nft_trans_chain_hooks(trans));
3048 	list_splice(&hook.list, &nft_trans_chain_hooks(trans));
3049 	if (nla[NFTA_CHAIN_HOOK])
3050 		module_put(hook.type->owner);
3051 
3052 	nft_trans_commit_list_add_tail(ctx->net, trans);
3053 
3054 	return 0;
3055 
3056 err_trans:
3057 	free_percpu(stats);
3058 	kfree(trans);
3059 err_hooks:
3060 	if (nla[NFTA_CHAIN_HOOK]) {
3061 		list_for_each_entry_safe(h, next, &hook.list, list) {
3062 			if (unregister) {
3063 				list_for_each_entry(ops, &h->ops_list, list)
3064 					nf_unregister_net_hook(ctx->net, ops);
3065 			}
3066 			/* hook.list is on stack, no need for list_del_rcu() */
3067 			list_del(&h->list);
3068 			nft_netdev_hook_free_rcu(h);
3069 		}
3070 		module_put(hook.type->owner);
3071 	}
3072 
3073 	return err;
3074 }
3075 
3076 static struct nft_chain *nft_chain_lookup_byid(const struct net *net,
3077 					       const struct nft_table *table,
3078 					       const struct nlattr *nla, u8 genmask)
3079 {
3080 	struct nftables_pernet *nft_net = nft_pernet(net);
3081 	u32 id = ntohl(nla_get_be32(nla));
3082 	struct nft_trans *trans;
3083 
3084 	list_for_each_entry(trans, &nft_net->commit_list, list) {
3085 		if (trans->msg_type == NFT_MSG_NEWCHAIN &&
3086 		    nft_trans_chain(trans)->table == table &&
3087 		    id == nft_trans_chain_id(trans) &&
3088 		    nft_active_genmask(nft_trans_chain(trans), genmask))
3089 			return nft_trans_chain(trans);
3090 	}
3091 	return ERR_PTR(-ENOENT);
3092 }
3093 
3094 static int nf_tables_newchain(struct sk_buff *skb, const struct nfnl_info *info,
3095 			      const struct nlattr * const nla[])
3096 {
3097 	struct nftables_pernet *nft_net = nft_pernet(info->net);
3098 	struct netlink_ext_ack *extack = info->extack;
3099 	u8 genmask = nft_genmask_next(info->net);
3100 	u8 family = info->nfmsg->nfgen_family;
3101 	struct nft_chain *chain = NULL;
3102 	struct net *net = info->net;
3103 	const struct nlattr *attr;
3104 	struct nft_table *table;
3105 	u8 policy = NF_ACCEPT;
3106 	struct nft_ctx ctx;
3107 	u64 handle = 0;
3108 	u32 flags = 0;
3109 
3110 	lockdep_assert_held(&nft_net->commit_mutex);
3111 
3112 	table = nft_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, genmask,
3113 				 NETLINK_CB(skb).portid);
3114 	if (IS_ERR(table)) {
3115 		NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_TABLE]);
3116 		return PTR_ERR(table);
3117 	}
3118 
3119 	chain = NULL;
3120 	attr = nla[NFTA_CHAIN_NAME];
3121 
3122 	if (nla[NFTA_CHAIN_HANDLE]) {
3123 		handle = be64_to_cpu(nla_get_be64(nla[NFTA_CHAIN_HANDLE]));
3124 		chain = nft_chain_lookup_byhandle(table, handle, genmask);
3125 		if (IS_ERR(chain)) {
3126 			NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_HANDLE]);
3127 			return PTR_ERR(chain);
3128 		}
3129 		attr = nla[NFTA_CHAIN_HANDLE];
3130 	} else if (nla[NFTA_CHAIN_NAME]) {
3131 		chain = nft_chain_lookup(net, table, attr, genmask);
3132 		if (IS_ERR(chain)) {
3133 			if (PTR_ERR(chain) != -ENOENT) {
3134 				NL_SET_BAD_ATTR(extack, attr);
3135 				return PTR_ERR(chain);
3136 			}
3137 			chain = NULL;
3138 		}
3139 	} else if (!nla[NFTA_CHAIN_ID]) {
3140 		return -EINVAL;
3141 	}
3142 
3143 	if (nla[NFTA_CHAIN_POLICY]) {
3144 		if (chain != NULL &&
3145 		    !nft_is_base_chain(chain)) {
3146 			NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_POLICY]);
3147 			return -EOPNOTSUPP;
3148 		}
3149 
3150 		if (chain == NULL &&
3151 		    nla[NFTA_CHAIN_HOOK] == NULL) {
3152 			NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_POLICY]);
3153 			return -EOPNOTSUPP;
3154 		}
3155 
3156 		policy = ntohl(nla_get_be32(nla[NFTA_CHAIN_POLICY]));
3157 		switch (policy) {
3158 		case NF_DROP:
3159 		case NF_ACCEPT:
3160 			break;
3161 		default:
3162 			return -EINVAL;
3163 		}
3164 	}
3165 
3166 	if (nla[NFTA_CHAIN_FLAGS])
3167 		flags = ntohl(nla_get_be32(nla[NFTA_CHAIN_FLAGS]));
3168 	else if (chain)
3169 		flags = chain->flags;
3170 
3171 	if (flags & ~NFT_CHAIN_FLAGS)
3172 		return -EOPNOTSUPP;
3173 
3174 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, chain, nla);
3175 
3176 	if (chain != NULL) {
3177 		if (chain->flags & NFT_CHAIN_BINDING)
3178 			return -EINVAL;
3179 
3180 		if (info->nlh->nlmsg_flags & NLM_F_EXCL) {
3181 			NL_SET_BAD_ATTR(extack, attr);
3182 			return -EEXIST;
3183 		}
3184 		if (info->nlh->nlmsg_flags & NLM_F_REPLACE)
3185 			return -EOPNOTSUPP;
3186 
3187 		flags |= chain->flags & NFT_CHAIN_BASE;
3188 		return nf_tables_updchain(&ctx, genmask, policy, flags, attr,
3189 					  extack);
3190 	}
3191 
3192 	return nf_tables_addchain(&ctx, family, policy, flags, extack);
3193 }
3194 
3195 static int nft_trans_delhook(struct nft_hook *hook,
3196 			     struct list_head *del_list)
3197 {
3198 	struct nft_trans_hook *trans_hook;
3199 
3200 	trans_hook = kmalloc_obj(*trans_hook, GFP_KERNEL);
3201 	if (!trans_hook)
3202 		return -ENOMEM;
3203 
3204 	trans_hook->hook = hook;
3205 	list_add_tail(&trans_hook->list, del_list);
3206 	hook->flags |= NFT_HOOK_REMOVE;
3207 
3208 	return 0;
3209 }
3210 
3211 static void nft_trans_delhook_abort(struct list_head *del_list)
3212 {
3213 	struct nft_trans_hook *trans_hook, *next;
3214 
3215 	list_for_each_entry_safe(trans_hook, next, del_list, list) {
3216 		trans_hook->hook->flags &= ~NFT_HOOK_REMOVE;
3217 		nft_trans_hook_destroy(trans_hook);
3218 	}
3219 }
3220 
3221 static int nft_delchain_hook(struct nft_ctx *ctx,
3222 			     struct nft_base_chain *basechain,
3223 			     struct netlink_ext_ack *extack)
3224 {
3225 	const struct nft_chain *chain = &basechain->chain;
3226 	const struct nlattr * const *nla = ctx->nla;
3227 	struct nft_chain_hook chain_hook = {};
3228 	struct nft_hook *this, *hook;
3229 	LIST_HEAD(chain_del_list);
3230 	struct nft_trans *trans;
3231 	int err;
3232 
3233 	if (ctx->table->flags & __NFT_TABLE_F_UPDATE)
3234 		return -EOPNOTSUPP;
3235 
3236 	err = nft_chain_parse_hook(ctx->net, basechain, nla, &chain_hook,
3237 				   ctx->family, chain->flags, extack);
3238 	if (err < 0)
3239 		return err;
3240 
3241 	list_for_each_entry(this, &chain_hook.list, list) {
3242 		hook = nft_hook_list_find(&basechain->hook_list, this);
3243 		if (!hook) {
3244 			err = -ENOENT;
3245 			goto err_chain_del_hook;
3246 		}
3247 		if (nft_trans_delhook(hook, &chain_del_list) < 0) {
3248 			err = -ENOMEM;
3249 			goto err_chain_del_hook;
3250 		}
3251 	}
3252 
3253 	trans = nft_trans_alloc_chain(ctx, NFT_MSG_DELCHAIN);
3254 	if (!trans) {
3255 		err = -ENOMEM;
3256 		goto err_chain_del_hook;
3257 	}
3258 
3259 	nft_trans_basechain(trans) = basechain;
3260 	nft_trans_chain_update(trans) = true;
3261 	INIT_LIST_HEAD(&nft_trans_chain_hooks(trans));
3262 	list_splice(&chain_del_list, &nft_trans_chain_hooks(trans));
3263 	nft_chain_release_hook(&chain_hook);
3264 
3265 	nft_trans_commit_list_add_tail(ctx->net, trans);
3266 
3267 	return 0;
3268 
3269 err_chain_del_hook:
3270 	nft_trans_delhook_abort(&chain_del_list);
3271 	nft_chain_release_hook(&chain_hook);
3272 
3273 	return err;
3274 }
3275 
3276 static int nf_tables_delchain(struct sk_buff *skb, const struct nfnl_info *info,
3277 			      const struct nlattr * const nla[])
3278 {
3279 	struct netlink_ext_ack *extack = info->extack;
3280 	u8 genmask = nft_genmask_next(info->net);
3281 	u8 family = info->nfmsg->nfgen_family;
3282 	struct net *net = info->net;
3283 	const struct nlattr *attr;
3284 	struct nft_table *table;
3285 	struct nft_chain *chain;
3286 	struct nft_rule *rule;
3287 	struct nft_ctx ctx;
3288 	u64 handle;
3289 	u32 use;
3290 	int err;
3291 
3292 	table = nft_table_lookup(net, nla[NFTA_CHAIN_TABLE], family, genmask,
3293 				 NETLINK_CB(skb).portid);
3294 	if (IS_ERR(table)) {
3295 		NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_TABLE]);
3296 		return PTR_ERR(table);
3297 	}
3298 
3299 	if (nla[NFTA_CHAIN_HANDLE]) {
3300 		attr = nla[NFTA_CHAIN_HANDLE];
3301 		handle = be64_to_cpu(nla_get_be64(attr));
3302 		chain = nft_chain_lookup_byhandle(table, handle, genmask);
3303 	} else {
3304 		attr = nla[NFTA_CHAIN_NAME];
3305 		chain = nft_chain_lookup(net, table, attr, genmask);
3306 	}
3307 	if (IS_ERR(chain)) {
3308 		if (PTR_ERR(chain) == -ENOENT &&
3309 		    NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_DESTROYCHAIN)
3310 			return 0;
3311 
3312 		NL_SET_BAD_ATTR(extack, attr);
3313 		return PTR_ERR(chain);
3314 	}
3315 
3316 	if (nft_chain_binding(chain))
3317 		return -EOPNOTSUPP;
3318 
3319 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, chain, nla);
3320 
3321 	if (nla[NFTA_CHAIN_HOOK]) {
3322 		if (NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_DESTROYCHAIN ||
3323 		    chain->flags & NFT_CHAIN_HW_OFFLOAD)
3324 			return -EOPNOTSUPP;
3325 
3326 		if (nft_is_base_chain(chain)) {
3327 			struct nft_base_chain *basechain = nft_base_chain(chain);
3328 
3329 			if (nft_base_chain_netdev(table->family, basechain->ops.hooknum))
3330 				return nft_delchain_hook(&ctx, basechain, extack);
3331 		}
3332 	}
3333 
3334 	if (info->nlh->nlmsg_flags & NLM_F_NONREC &&
3335 	    chain->use > 0)
3336 		return -EBUSY;
3337 
3338 	use = chain->use;
3339 	list_for_each_entry(rule, &chain->rules, list) {
3340 		if (!nft_is_active_next(net, rule))
3341 			continue;
3342 		use--;
3343 
3344 		err = nft_delrule(&ctx, rule);
3345 		if (err < 0)
3346 			return err;
3347 	}
3348 
3349 	/* There are rules and elements that are still holding references to us,
3350 	 * we cannot do a recursive removal in this case.
3351 	 */
3352 	if (use > 0) {
3353 		NL_SET_BAD_ATTR(extack, attr);
3354 		return -EBUSY;
3355 	}
3356 
3357 	return nft_delchain(&ctx);
3358 }
3359 
3360 /*
3361  * Expressions
3362  */
3363 
3364 /**
3365  *	nft_register_expr - register nf_tables expr type
3366  *	@type: expr type
3367  *
3368  *	Registers the expr type for use with nf_tables. Returns zero on
3369  *	success or a negative errno code otherwise.
3370  */
3371 int nft_register_expr(struct nft_expr_type *type)
3372 {
3373 	if (WARN_ON_ONCE(type->maxattr > NFT_EXPR_MAXATTR))
3374 		return -ENOMEM;
3375 
3376 	nfnl_lock(NFNL_SUBSYS_NFTABLES);
3377 	if (type->family == NFPROTO_UNSPEC)
3378 		list_add_tail_rcu(&type->list, &nf_tables_expressions);
3379 	else
3380 		list_add_rcu(&type->list, &nf_tables_expressions);
3381 	nfnl_unlock(NFNL_SUBSYS_NFTABLES);
3382 	return 0;
3383 }
3384 EXPORT_SYMBOL_GPL(nft_register_expr);
3385 
3386 /**
3387  *	nft_unregister_expr - unregister nf_tables expr type
3388  *	@type: expr type
3389  *
3390  * 	Unregisters the expr typefor use with nf_tables.
3391  */
3392 void nft_unregister_expr(struct nft_expr_type *type)
3393 {
3394 	nfnl_lock(NFNL_SUBSYS_NFTABLES);
3395 	list_del_rcu(&type->list);
3396 	nfnl_unlock(NFNL_SUBSYS_NFTABLES);
3397 }
3398 EXPORT_SYMBOL_GPL(nft_unregister_expr);
3399 
3400 static const struct nft_expr_type *__nft_expr_type_get(u8 family,
3401 						       struct nlattr *nla)
3402 {
3403 	const struct nft_expr_type *type, *candidate = NULL;
3404 
3405 	list_for_each_entry_rcu(type, &nf_tables_expressions, list) {
3406 		if (!nla_strcmp(nla, type->name)) {
3407 			if (!type->family && !candidate)
3408 				candidate = type;
3409 			else if (type->family == family)
3410 				candidate = type;
3411 		}
3412 	}
3413 	return candidate;
3414 }
3415 
3416 #ifdef CONFIG_MODULES
3417 static int nft_expr_type_request_module(struct net *net, u8 family,
3418 					struct nlattr *nla)
3419 {
3420 	if (nft_request_module(net, "nft-expr-%u-%.*s", family,
3421 			       nla_len(nla), (char *)nla_data(nla)) == -EAGAIN)
3422 		return -EAGAIN;
3423 
3424 	return 0;
3425 }
3426 #endif
3427 
3428 static const struct nft_expr_type *nft_expr_type_get(struct net *net,
3429 						     u8 family,
3430 						     struct nlattr *nla)
3431 {
3432 	const struct nft_expr_type *type;
3433 
3434 	if (nla == NULL)
3435 		return ERR_PTR(-EINVAL);
3436 
3437 	rcu_read_lock();
3438 	type = __nft_expr_type_get(family, nla);
3439 	if (type != NULL && try_module_get(type->owner)) {
3440 		rcu_read_unlock();
3441 		return type;
3442 	}
3443 	rcu_read_unlock();
3444 
3445 	lockdep_nfnl_nft_mutex_not_held();
3446 #ifdef CONFIG_MODULES
3447 	if (type == NULL) {
3448 		if (nft_expr_type_request_module(net, family, nla) == -EAGAIN)
3449 			return ERR_PTR(-EAGAIN);
3450 
3451 		if (nft_request_module(net, "nft-expr-%.*s",
3452 				       nla_len(nla),
3453 				       (char *)nla_data(nla)) == -EAGAIN)
3454 			return ERR_PTR(-EAGAIN);
3455 	}
3456 #endif
3457 	return ERR_PTR(-ENOENT);
3458 }
3459 
3460 static const struct nla_policy nft_expr_policy[NFTA_EXPR_MAX + 1] = {
3461 	[NFTA_EXPR_NAME]	= { .type = NLA_STRING,
3462 				    .len = NFT_MODULE_AUTOLOAD_LIMIT },
3463 	[NFTA_EXPR_DATA]	= { .type = NLA_NESTED },
3464 };
3465 
3466 static int nf_tables_fill_expr_info(struct sk_buff *skb,
3467 				    const struct nft_expr *expr, bool reset)
3468 {
3469 	if (nla_put_string(skb, NFTA_EXPR_NAME, expr->ops->type->name))
3470 		goto nla_put_failure;
3471 
3472 	if (expr->ops->dump) {
3473 		struct nlattr *data = nla_nest_start_noflag(skb,
3474 							    NFTA_EXPR_DATA);
3475 		if (data == NULL)
3476 			goto nla_put_failure;
3477 		if (expr->ops->dump(skb, expr, reset) < 0)
3478 			goto nla_put_failure;
3479 		nla_nest_end(skb, data);
3480 	}
3481 
3482 	return skb->len;
3483 
3484 nla_put_failure:
3485 	return -1;
3486 };
3487 
3488 int nft_expr_dump(struct sk_buff *skb, unsigned int attr,
3489 		  const struct nft_expr *expr, bool reset)
3490 {
3491 	struct nlattr *nest;
3492 
3493 	nest = nla_nest_start_noflag(skb, attr);
3494 	if (!nest)
3495 		goto nla_put_failure;
3496 	if (nf_tables_fill_expr_info(skb, expr, reset) < 0)
3497 		goto nla_put_failure;
3498 	nla_nest_end(skb, nest);
3499 	return 0;
3500 
3501 nla_put_failure:
3502 	return -1;
3503 }
3504 
3505 struct nft_expr_info {
3506 	const struct nft_expr_ops	*ops;
3507 	const struct nlattr		*attr;
3508 	struct nlattr			*tb[NFT_EXPR_MAXATTR + 1];
3509 };
3510 
3511 static int nf_tables_expr_parse(const struct nft_ctx *ctx,
3512 				const struct nlattr *nla,
3513 				struct nft_expr_info *info)
3514 {
3515 	const struct nft_expr_type *type;
3516 	const struct nft_expr_ops *ops;
3517 	struct nlattr *tb[NFTA_EXPR_MAX + 1];
3518 	int err;
3519 
3520 	err = nla_parse_nested_deprecated(tb, NFTA_EXPR_MAX, nla,
3521 					  nft_expr_policy, NULL);
3522 	if (err < 0)
3523 		return err;
3524 
3525 	type = nft_expr_type_get(ctx->net, ctx->family, tb[NFTA_EXPR_NAME]);
3526 	if (IS_ERR(type))
3527 		return PTR_ERR(type);
3528 
3529 	if (tb[NFTA_EXPR_DATA]) {
3530 		err = nla_parse_nested_deprecated(info->tb, type->maxattr,
3531 						  tb[NFTA_EXPR_DATA],
3532 						  type->policy, NULL);
3533 		if (err < 0)
3534 			goto err1;
3535 	} else
3536 		memset(info->tb, 0, sizeof(info->tb[0]) * (type->maxattr + 1));
3537 
3538 	if (type->select_ops != NULL) {
3539 		ops = type->select_ops(ctx,
3540 				       (const struct nlattr * const *)info->tb);
3541 		if (IS_ERR(ops)) {
3542 			err = PTR_ERR(ops);
3543 #ifdef CONFIG_MODULES
3544 			if (err == -EAGAIN)
3545 				if (nft_expr_type_request_module(ctx->net,
3546 								 ctx->family,
3547 								 tb[NFTA_EXPR_NAME]) != -EAGAIN)
3548 					err = -ENOENT;
3549 #endif
3550 			goto err1;
3551 		}
3552 	} else
3553 		ops = type->ops;
3554 
3555 	info->attr = nla;
3556 	info->ops = ops;
3557 
3558 	return 0;
3559 
3560 err1:
3561 	module_put(type->owner);
3562 	return err;
3563 }
3564 
3565 int nft_expr_inner_parse(const struct nft_ctx *ctx, const struct nlattr *nla,
3566 			 struct nft_expr_info *info)
3567 {
3568 	struct nlattr *tb[NFTA_EXPR_MAX + 1];
3569 	const struct nft_expr_type *type;
3570 	int err;
3571 
3572 	err = nla_parse_nested_deprecated(tb, NFTA_EXPR_MAX, nla,
3573 					  nft_expr_policy, NULL);
3574 	if (err < 0)
3575 		return err;
3576 
3577 	if (!tb[NFTA_EXPR_DATA] || !tb[NFTA_EXPR_NAME])
3578 		return -EINVAL;
3579 
3580 	rcu_read_lock();
3581 
3582 	type = __nft_expr_type_get(ctx->family, tb[NFTA_EXPR_NAME]);
3583 	if (!type) {
3584 		err = -ENOENT;
3585 		goto out_unlock;
3586 	}
3587 
3588 	if (!type->inner_ops) {
3589 		err = -EOPNOTSUPP;
3590 		goto out_unlock;
3591 	}
3592 
3593 	err = nla_parse_nested_deprecated(info->tb, type->maxattr,
3594 					  tb[NFTA_EXPR_DATA],
3595 					  type->policy, NULL);
3596 	if (err < 0)
3597 		goto out_unlock;
3598 
3599 	info->attr = nla;
3600 	info->ops = type->inner_ops;
3601 
3602 	/* No module reference will be taken on type->owner.
3603 	 * Presence of type->inner_ops implies that the expression
3604 	 * is builtin, so it cannot go away.
3605 	 */
3606 	rcu_read_unlock();
3607 	return 0;
3608 
3609 out_unlock:
3610 	rcu_read_unlock();
3611 	return err;
3612 }
3613 
3614 static int nf_tables_newexpr(const struct nft_ctx *ctx,
3615 			     const struct nft_expr_info *expr_info,
3616 			     struct nft_expr *expr)
3617 {
3618 	const struct nft_expr_ops *ops = expr_info->ops;
3619 	int err;
3620 
3621 	expr->ops = ops;
3622 	if (ops->init) {
3623 		err = ops->init(ctx, expr, (const struct nlattr **)expr_info->tb);
3624 		if (err < 0)
3625 			goto err1;
3626 	}
3627 
3628 	return 0;
3629 err1:
3630 	expr->ops = NULL;
3631 	return err;
3632 }
3633 
3634 static void nf_tables_expr_destroy(const struct nft_ctx *ctx,
3635 				   struct nft_expr *expr)
3636 {
3637 	const struct nft_expr_type *type = expr->ops->type;
3638 
3639 	if (expr->ops->destroy)
3640 		expr->ops->destroy(ctx, expr);
3641 	module_put(type->owner);
3642 }
3643 
3644 static struct nft_expr *nft_expr_init(const struct nft_ctx *ctx,
3645 				      const struct nlattr *nla)
3646 {
3647 	struct nft_expr_info expr_info;
3648 	struct nft_expr *expr;
3649 	struct module *owner;
3650 	int err;
3651 
3652 	err = nf_tables_expr_parse(ctx, nla, &expr_info);
3653 	if (err < 0)
3654 		goto err_expr_parse;
3655 
3656 	err = -EOPNOTSUPP;
3657 	if (!(expr_info.ops->type->flags & NFT_EXPR_STATEFUL))
3658 		goto err_expr_stateful;
3659 
3660 	err = -ENOMEM;
3661 	expr = kzalloc(expr_info.ops->size, GFP_KERNEL_ACCOUNT);
3662 	if (expr == NULL)
3663 		goto err_expr_stateful;
3664 
3665 	err = nf_tables_newexpr(ctx, &expr_info, expr);
3666 	if (err < 0)
3667 		goto err_expr_new;
3668 
3669 	return expr;
3670 err_expr_new:
3671 	kfree(expr);
3672 err_expr_stateful:
3673 	owner = expr_info.ops->type->owner;
3674 	if (expr_info.ops->type->release_ops)
3675 		expr_info.ops->type->release_ops(expr_info.ops);
3676 
3677 	module_put(owner);
3678 err_expr_parse:
3679 	return ERR_PTR(err);
3680 }
3681 
3682 int nft_expr_clone(struct nft_expr *dst, struct nft_expr *src, gfp_t gfp)
3683 {
3684 	int err;
3685 
3686 	if (WARN_ON_ONCE(!src->ops->clone))
3687 		return -EINVAL;
3688 
3689 	dst->ops = src->ops;
3690 	err = src->ops->clone(dst, src, gfp);
3691 	if (err < 0)
3692 		return err;
3693 
3694 	__module_get(src->ops->type->owner);
3695 
3696 	return 0;
3697 }
3698 
3699 void nft_expr_destroy(const struct nft_ctx *ctx, struct nft_expr *expr)
3700 {
3701 	nf_tables_expr_destroy(ctx, expr);
3702 	kfree(expr);
3703 }
3704 
3705 /*
3706  * Rules
3707  */
3708 
3709 static struct nft_rule *__nft_rule_lookup(const struct net *net,
3710 					  const struct nft_chain *chain,
3711 					  u64 handle)
3712 {
3713 	struct nft_rule *rule;
3714 
3715 	// FIXME: this sucks
3716 	list_for_each_entry_rcu(rule, &chain->rules, list,
3717 				lockdep_commit_lock_is_held(net)) {
3718 		if (handle == rule->handle)
3719 			return rule;
3720 	}
3721 
3722 	return ERR_PTR(-ENOENT);
3723 }
3724 
3725 static struct nft_rule *nft_rule_lookup(const struct net *net,
3726 					const struct nft_chain *chain,
3727 					const struct nlattr *nla)
3728 {
3729 	if (nla == NULL)
3730 		return ERR_PTR(-EINVAL);
3731 
3732 	return __nft_rule_lookup(net, chain, be64_to_cpu(nla_get_be64(nla)));
3733 }
3734 
3735 static const struct nla_policy nft_rule_policy[NFTA_RULE_MAX + 1] = {
3736 	[NFTA_RULE_TABLE]	= { .type = NLA_STRING,
3737 				    .len = NFT_TABLE_MAXNAMELEN - 1 },
3738 	[NFTA_RULE_CHAIN]	= { .type = NLA_STRING,
3739 				    .len = NFT_CHAIN_MAXNAMELEN - 1 },
3740 	[NFTA_RULE_HANDLE]	= { .type = NLA_U64 },
3741 	[NFTA_RULE_EXPRESSIONS]	= NLA_POLICY_NESTED_ARRAY(nft_expr_policy),
3742 	[NFTA_RULE_COMPAT]	= { .type = NLA_NESTED },
3743 	[NFTA_RULE_POSITION]	= { .type = NLA_U64 },
3744 	[NFTA_RULE_USERDATA]	= { .type = NLA_BINARY,
3745 				    .len = NFT_USERDATA_MAXLEN },
3746 	[NFTA_RULE_ID]		= { .type = NLA_U32 },
3747 	[NFTA_RULE_POSITION_ID]	= { .type = NLA_U32 },
3748 	[NFTA_RULE_CHAIN_ID]	= { .type = NLA_U32 },
3749 };
3750 
3751 static int nf_tables_fill_rule_info(struct sk_buff *skb, struct net *net,
3752 				    u32 portid, u32 seq, int event,
3753 				    u32 flags, int family,
3754 				    const struct nft_table *table,
3755 				    const struct nft_chain *chain,
3756 				    const struct nft_rule *rule, u64 handle,
3757 				    bool reset)
3758 {
3759 	struct nlmsghdr *nlh;
3760 	const struct nft_expr *expr, *next;
3761 	struct nlattr *list;
3762 	u16 type = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);
3763 
3764 	nlh = nfnl_msg_put(skb, portid, seq, type, flags, family, NFNETLINK_V0,
3765 			   nft_base_seq_be16(net));
3766 	if (!nlh)
3767 		goto nla_put_failure;
3768 
3769 	if (nla_put_string(skb, NFTA_RULE_TABLE, table->name))
3770 		goto nla_put_failure;
3771 	if (nla_put_string(skb, NFTA_RULE_CHAIN, chain->name))
3772 		goto nla_put_failure;
3773 	if (nla_put_be64(skb, NFTA_RULE_HANDLE, cpu_to_be64(rule->handle),
3774 			 NFTA_RULE_PAD))
3775 		goto nla_put_failure;
3776 
3777 	if (event != NFT_MSG_DELRULE && handle) {
3778 		if (nla_put_be64(skb, NFTA_RULE_POSITION, cpu_to_be64(handle),
3779 				 NFTA_RULE_PAD))
3780 			goto nla_put_failure;
3781 	}
3782 
3783 	if (chain->flags & NFT_CHAIN_HW_OFFLOAD)
3784 		nft_flow_rule_stats(chain, rule);
3785 
3786 	list = nla_nest_start_noflag(skb, NFTA_RULE_EXPRESSIONS);
3787 	if (list == NULL)
3788 		goto nla_put_failure;
3789 	nft_rule_for_each_expr(expr, next, rule) {
3790 		if (nft_expr_dump(skb, NFTA_LIST_ELEM, expr, reset) < 0)
3791 			goto nla_put_failure;
3792 	}
3793 	nla_nest_end(skb, list);
3794 
3795 	if (rule->udata) {
3796 		struct nft_userdata *udata = nft_userdata(rule);
3797 		if (nla_put(skb, NFTA_RULE_USERDATA, udata->len + 1,
3798 			    udata->data) < 0)
3799 			goto nla_put_failure;
3800 	}
3801 
3802 	nlmsg_end(skb, nlh);
3803 	return 0;
3804 
3805 nla_put_failure:
3806 	nlmsg_trim(skb, nlh);
3807 	return -1;
3808 }
3809 
3810 static void nf_tables_rule_notify(const struct nft_ctx *ctx,
3811 				  const struct nft_rule *rule, int event)
3812 {
3813 	struct nftables_pernet *nft_net = nft_pernet(ctx->net);
3814 	const struct nft_rule *prule;
3815 	struct sk_buff *skb;
3816 	u64 handle = 0;
3817 	u16 flags = 0;
3818 	int err;
3819 
3820 	if (!ctx->report &&
3821 	    !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES))
3822 		return;
3823 
3824 	skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
3825 	if (skb == NULL)
3826 		goto err;
3827 
3828 	if (event == NFT_MSG_NEWRULE &&
3829 	    !list_is_first(&rule->list, &ctx->chain->rules) &&
3830 	    !list_is_last(&rule->list, &ctx->chain->rules)) {
3831 		prule = list_prev_entry(rule, list);
3832 		handle = prule->handle;
3833 	}
3834 	if (ctx->flags & (NLM_F_APPEND | NLM_F_REPLACE))
3835 		flags |= NLM_F_APPEND;
3836 	if (ctx->flags & (NLM_F_CREATE | NLM_F_EXCL))
3837 		flags |= ctx->flags & (NLM_F_CREATE | NLM_F_EXCL);
3838 
3839 	err = nf_tables_fill_rule_info(skb, ctx->net, ctx->portid, ctx->seq,
3840 				       event, flags, ctx->family, ctx->table,
3841 				       ctx->chain, rule, handle, false);
3842 	if (err < 0) {
3843 		kfree_skb(skb);
3844 		goto err;
3845 	}
3846 
3847 	nft_notify_enqueue(skb, ctx->report, &nft_net->notify_list);
3848 	return;
3849 err:
3850 	nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
3851 }
3852 
3853 static void audit_log_rule_reset(const struct nft_table *table,
3854 				 unsigned int base_seq,
3855 				 unsigned int nentries)
3856 {
3857 	char *buf = kasprintf(GFP_ATOMIC, "%s:%u",
3858 			      table->name, base_seq);
3859 
3860 	audit_log_nfcfg(buf, table->family, nentries,
3861 			AUDIT_NFT_OP_RULE_RESET, GFP_ATOMIC);
3862 	kfree(buf);
3863 }
3864 
3865 struct nft_rule_dump_ctx {
3866 	unsigned int s_idx;
3867 	char *table;
3868 	char *chain;
3869 	bool reset;
3870 };
3871 
3872 static int __nf_tables_dump_rules(struct sk_buff *skb,
3873 				  unsigned int *idx,
3874 				  struct netlink_callback *cb,
3875 				  const struct nft_table *table,
3876 				  const struct nft_chain *chain)
3877 {
3878 	struct nft_rule_dump_ctx *ctx = (void *)cb->ctx;
3879 	struct net *net = sock_net(skb->sk);
3880 	const struct nft_rule *rule, *prule;
3881 	unsigned int entries = 0;
3882 	int ret = 0;
3883 	u64 handle;
3884 
3885 	prule = NULL;
3886 	list_for_each_entry_rcu(rule, &chain->rules, list) {
3887 		if (!nft_is_active(net, rule))
3888 			goto cont_skip;
3889 		if (*idx < ctx->s_idx)
3890 			goto cont;
3891 		if (prule)
3892 			handle = prule->handle;
3893 		else
3894 			handle = 0;
3895 
3896 		if (nf_tables_fill_rule_info(skb, net, NETLINK_CB(cb->skb).portid,
3897 					cb->nlh->nlmsg_seq,
3898 					NFT_MSG_NEWRULE,
3899 					NLM_F_MULTI | NLM_F_APPEND,
3900 					table->family,
3901 					table, chain, rule, handle, ctx->reset) < 0) {
3902 			ret = 1;
3903 			break;
3904 		}
3905 		entries++;
3906 		nl_dump_check_consistent(cb, nlmsg_hdr(skb));
3907 cont:
3908 		prule = rule;
3909 cont_skip:
3910 		(*idx)++;
3911 	}
3912 
3913 	if (ctx->reset && entries)
3914 		audit_log_rule_reset(table, cb->seq, entries);
3915 
3916 	return ret;
3917 }
3918 
3919 static int nf_tables_dump_rules(struct sk_buff *skb,
3920 				struct netlink_callback *cb)
3921 {
3922 	const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
3923 	struct nft_rule_dump_ctx *ctx = (void *)cb->ctx;
3924 	struct nft_table *table;
3925 	const struct nft_chain *chain;
3926 	unsigned int idx = 0;
3927 	struct net *net = sock_net(skb->sk);
3928 	int family = nfmsg->nfgen_family;
3929 	struct nftables_pernet *nft_net;
3930 
3931 	rcu_read_lock();
3932 	nft_net = nft_pernet(net);
3933 	cb->seq = nft_base_seq(net);
3934 
3935 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
3936 		if (family != NFPROTO_UNSPEC && family != table->family)
3937 			continue;
3938 
3939 		if (ctx->table && strcmp(ctx->table, table->name) != 0)
3940 			continue;
3941 
3942 		if (ctx->table && ctx->chain) {
3943 			struct rhlist_head *list, *tmp;
3944 
3945 			list = rhltable_lookup(&table->chains_ht, ctx->chain,
3946 					       nft_chain_ht_params);
3947 			if (!list)
3948 				goto done;
3949 
3950 			rhl_for_each_entry_rcu(chain, tmp, list, rhlhead) {
3951 				if (!nft_is_active(net, chain))
3952 					continue;
3953 				__nf_tables_dump_rules(skb, &idx,
3954 						       cb, table, chain);
3955 				break;
3956 			}
3957 			goto done;
3958 		}
3959 
3960 		list_for_each_entry_rcu(chain, &table->chains, list) {
3961 			if (__nf_tables_dump_rules(skb, &idx,
3962 						   cb, table, chain))
3963 				goto done;
3964 		}
3965 
3966 		if (ctx->table)
3967 			break;
3968 	}
3969 done:
3970 	rcu_read_unlock();
3971 
3972 	ctx->s_idx = idx;
3973 	return skb->len;
3974 }
3975 
3976 static int nf_tables_dump_rules_start(struct netlink_callback *cb)
3977 {
3978 	struct nft_rule_dump_ctx *ctx = (void *)cb->ctx;
3979 	const struct nlattr * const *nla = cb->data;
3980 
3981 	BUILD_BUG_ON(sizeof(*ctx) > sizeof(cb->ctx));
3982 
3983 	if (nla[NFTA_RULE_TABLE]) {
3984 		ctx->table = nla_strdup(nla[NFTA_RULE_TABLE], GFP_ATOMIC);
3985 		if (!ctx->table)
3986 			return -ENOMEM;
3987 	}
3988 	if (nla[NFTA_RULE_CHAIN]) {
3989 		ctx->chain = nla_strdup(nla[NFTA_RULE_CHAIN], GFP_ATOMIC);
3990 		if (!ctx->chain) {
3991 			kfree(ctx->table);
3992 			return -ENOMEM;
3993 		}
3994 	}
3995 	if (NFNL_MSG_TYPE(cb->nlh->nlmsg_type) == NFT_MSG_GETRULE_RESET)
3996 		ctx->reset = true;
3997 
3998 	return 0;
3999 }
4000 
4001 static int nf_tables_dump_rules_done(struct netlink_callback *cb)
4002 {
4003 	struct nft_rule_dump_ctx *ctx = (void *)cb->ctx;
4004 
4005 	kfree(ctx->table);
4006 	kfree(ctx->chain);
4007 	return 0;
4008 }
4009 
4010 /* Caller must hold rcu read lock or transaction mutex */
4011 static struct sk_buff *
4012 nf_tables_getrule_single(u32 portid, const struct nfnl_info *info,
4013 			 const struct nlattr * const nla[], bool reset)
4014 {
4015 	struct netlink_ext_ack *extack = info->extack;
4016 	u8 genmask = nft_genmask_cur(info->net);
4017 	u8 family = info->nfmsg->nfgen_family;
4018 	const struct nft_chain *chain;
4019 	const struct nft_rule *rule;
4020 	struct net *net = info->net;
4021 	struct nft_table *table;
4022 	struct sk_buff *skb2;
4023 	int err;
4024 
4025 	table = nft_table_lookup(net, nla[NFTA_RULE_TABLE], family, genmask, 0);
4026 	if (IS_ERR(table)) {
4027 		NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_TABLE]);
4028 		return ERR_CAST(table);
4029 	}
4030 
4031 	chain = nft_chain_lookup(net, table, nla[NFTA_RULE_CHAIN], genmask);
4032 	if (IS_ERR(chain)) {
4033 		NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_CHAIN]);
4034 		return ERR_CAST(chain);
4035 	}
4036 
4037 	rule = nft_rule_lookup(net, chain, nla[NFTA_RULE_HANDLE]);
4038 	if (IS_ERR(rule)) {
4039 		NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_HANDLE]);
4040 		return ERR_CAST(rule);
4041 	}
4042 
4043 	skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
4044 	if (!skb2)
4045 		return ERR_PTR(-ENOMEM);
4046 
4047 	err = nf_tables_fill_rule_info(skb2, net, portid,
4048 				       info->nlh->nlmsg_seq, NFT_MSG_NEWRULE, 0,
4049 				       family, table, chain, rule, 0, reset);
4050 	if (err < 0) {
4051 		kfree_skb(skb2);
4052 		return ERR_PTR(err);
4053 	}
4054 
4055 	return skb2;
4056 }
4057 
4058 static int nf_tables_getrule(struct sk_buff *skb, const struct nfnl_info *info,
4059 			     const struct nlattr * const nla[])
4060 {
4061 	u32 portid = NETLINK_CB(skb).portid;
4062 	struct net *net = info->net;
4063 	struct sk_buff *skb2;
4064 	bool reset = false;
4065 	char *buf;
4066 
4067 	if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
4068 		struct netlink_dump_control c = {
4069 			.start= nf_tables_dump_rules_start,
4070 			.dump = nf_tables_dump_rules,
4071 			.done = nf_tables_dump_rules_done,
4072 			.module = THIS_MODULE,
4073 			.data = (void *)nla,
4074 		};
4075 
4076 		return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
4077 	}
4078 
4079 	if (NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_GETRULE_RESET)
4080 		reset = true;
4081 
4082 	skb2 = nf_tables_getrule_single(portid, info, nla, reset);
4083 	if (IS_ERR(skb2))
4084 		return PTR_ERR(skb2);
4085 
4086 	if (!reset)
4087 		return nfnetlink_unicast(skb2, net, portid);
4088 
4089 	buf = kasprintf(GFP_ATOMIC, "%.*s:%u",
4090 			nla_len(nla[NFTA_RULE_TABLE]),
4091 			(char *)nla_data(nla[NFTA_RULE_TABLE]),
4092 			nft_base_seq(net));
4093 	audit_log_nfcfg(buf, info->nfmsg->nfgen_family, 1,
4094 			AUDIT_NFT_OP_RULE_RESET, GFP_ATOMIC);
4095 	kfree(buf);
4096 
4097 	return nfnetlink_unicast(skb2, net, portid);
4098 }
4099 
4100 void nf_tables_rule_destroy(const struct nft_ctx *ctx, struct nft_rule *rule)
4101 {
4102 	struct nft_expr *expr, *next;
4103 
4104 	/*
4105 	 * Careful: some expressions might not be initialized in case this
4106 	 * is called on error from nf_tables_newrule().
4107 	 */
4108 	expr = nft_expr_first(rule);
4109 	while (nft_expr_more(rule, expr)) {
4110 		next = nft_expr_next(expr);
4111 		nf_tables_expr_destroy(ctx, expr);
4112 		expr = next;
4113 	}
4114 	kfree(rule);
4115 }
4116 
4117 /* can only be used if rule is no longer visible to dumps */
4118 static void nf_tables_rule_release(const struct nft_ctx *ctx, struct nft_rule *rule)
4119 {
4120 	WARN_ON_ONCE(!lockdep_commit_lock_is_held(ctx->net));
4121 
4122 	nft_rule_expr_deactivate(ctx, rule, NFT_TRANS_RELEASE);
4123 	nf_tables_rule_destroy(ctx, rule);
4124 }
4125 
4126 static void nft_chain_vstate_update(const struct nft_ctx *ctx, struct nft_chain *chain)
4127 {
4128 	const struct nft_base_chain *base_chain;
4129 	enum nft_chain_types type;
4130 	u8 hooknum;
4131 
4132 	/* ctx->chain must hold the calling base chain. */
4133 	if (WARN_ON_ONCE(!nft_is_base_chain(ctx->chain))) {
4134 		memset(&chain->vstate, 0, sizeof(chain->vstate));
4135 		return;
4136 	}
4137 
4138 	base_chain = nft_base_chain(ctx->chain);
4139 	hooknum = base_chain->ops.hooknum;
4140 	type = base_chain->type->type;
4141 
4142 	BUILD_BUG_ON(BIT(NF_INET_NUMHOOKS) > U8_MAX);
4143 
4144 	chain->vstate.hook_mask[type] |= BIT(hooknum);
4145 	if (chain->vstate.depth < ctx->level)
4146 		chain->vstate.depth = ctx->level;
4147 }
4148 
4149 /** nft_chain_validate - loop detection and hook validation
4150  *
4151  * @ctx: context containing call depth and base chain
4152  * @chain: chain to validate
4153  *
4154  * Walk through the rules of the given chain and chase all jumps/gotos
4155  * and set lookups until either the jump limit is hit or all reachable
4156  * chains have been validated.
4157  */
4158 int nft_chain_validate(const struct nft_ctx *ctx, struct nft_chain *chain)
4159 {
4160 	struct nft_expr *expr, *last;
4161 	struct nft_rule *rule;
4162 	int err;
4163 
4164 	BUILD_BUG_ON(NFT_JUMP_STACK_SIZE > 255);
4165 	if (ctx->level == NFT_JUMP_STACK_SIZE)
4166 		return -EMLINK;
4167 
4168 	if (ctx->level > 0) {
4169 		/* jumps to base chains are not allowed. */
4170 		if (nft_is_base_chain(chain))
4171 			return -ELOOP;
4172 
4173 		if (nft_chain_vstate_valid(ctx, chain))
4174 			return 0;
4175 	}
4176 
4177 	list_for_each_entry(rule, &chain->rules, list) {
4178 		if (fatal_signal_pending(current))
4179 			return -EINTR;
4180 
4181 		if (!nft_is_active_next(ctx->net, rule))
4182 			continue;
4183 
4184 		nft_rule_for_each_expr(expr, last, rule) {
4185 			if (!expr->ops->validate)
4186 				continue;
4187 
4188 			/* This may call nft_chain_validate() recursively,
4189 			 * callers that do so must increment ctx->level.
4190 			 */
4191 			err = expr->ops->validate(ctx, expr);
4192 			if (err < 0)
4193 				return err;
4194 		}
4195 
4196 		cond_resched();
4197 	}
4198 
4199 	nft_chain_vstate_update(ctx, chain);
4200 	return 0;
4201 }
4202 
4203 static int nft_table_validate(struct net *net, const struct nft_table *table)
4204 {
4205 	struct nft_chain *chain;
4206 	struct nft_ctx ctx = {
4207 		.net	= net,
4208 		.family	= table->family,
4209 	};
4210 	int err = 0;
4211 
4212 	list_for_each_entry(chain, &table->chains, list) {
4213 		if (!nft_is_base_chain(chain))
4214 			continue;
4215 
4216 		ctx.chain = chain;
4217 		err = nft_chain_validate(&ctx, chain);
4218 		if (err < 0)
4219 			goto err;
4220 	}
4221 
4222 err:
4223 	list_for_each_entry(chain, &table->chains, list)
4224 		memset(&chain->vstate, 0, sizeof(chain->vstate));
4225 
4226 	return err;
4227 }
4228 
4229 int nft_setelem_validate(const struct nft_ctx *ctx, struct nft_set *set,
4230 			 const struct nft_set_iter *iter,
4231 			 struct nft_elem_priv *elem_priv)
4232 {
4233 	const struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
4234 	struct nft_ctx *pctx = (struct nft_ctx *)ctx;
4235 	const struct nft_data *data;
4236 	int err;
4237 
4238 	if (!nft_set_elem_active(ext, iter->genmask))
4239 		return 0;
4240 
4241 	if (nft_set_ext_exists(ext, NFT_SET_EXT_FLAGS) &&
4242 	    *nft_set_ext_flags(ext) & NFT_SET_ELEM_INTERVAL_END)
4243 		return 0;
4244 
4245 	data = nft_set_ext_data(ext);
4246 	switch (data->verdict.code) {
4247 	case NFT_JUMP:
4248 	case NFT_GOTO:
4249 		pctx->level++;
4250 		err = nft_chain_validate(ctx, data->verdict.chain);
4251 		if (err < 0)
4252 			return err;
4253 		pctx->level--;
4254 		break;
4255 	default:
4256 		break;
4257 	}
4258 
4259 	return 0;
4260 }
4261 
4262 int nft_set_catchall_validate(const struct nft_ctx *ctx, struct nft_set *set)
4263 {
4264 	struct nft_set_iter dummy_iter = {
4265 		.genmask	= nft_genmask_next(ctx->net),
4266 	};
4267 	struct nft_set_elem_catchall *catchall;
4268 
4269 	struct nft_set_ext *ext;
4270 	int ret = 0;
4271 
4272 	list_for_each_entry_rcu(catchall, &set->catchall_list, list,
4273 				lockdep_commit_lock_is_held(ctx->net)) {
4274 		ext = nft_set_elem_ext(set, catchall->elem);
4275 		if (!nft_set_elem_active(ext, dummy_iter.genmask))
4276 			continue;
4277 
4278 		ret = nft_setelem_validate(ctx, set, &dummy_iter, catchall->elem);
4279 		if (ret < 0)
4280 			return ret;
4281 	}
4282 
4283 	return ret;
4284 }
4285 
4286 static struct nft_rule *nft_rule_lookup_byid(const struct net *net,
4287 					     const struct nft_chain *chain,
4288 					     const struct nlattr *nla);
4289 
4290 #define NFT_RULE_MAXEXPRS	128
4291 
4292 static int nf_tables_newrule(struct sk_buff *skb, const struct nfnl_info *info,
4293 			     const struct nlattr * const nla[])
4294 {
4295 	struct nftables_pernet *nft_net = nft_pernet(info->net);
4296 	struct netlink_ext_ack *extack = info->extack;
4297 	unsigned int size, i, n, ulen = 0, usize = 0;
4298 	u8 genmask = nft_genmask_next(info->net);
4299 	struct nft_rule *rule, *old_rule = NULL;
4300 	struct nft_expr_info *expr_info = NULL;
4301 	u8 family = info->nfmsg->nfgen_family;
4302 	struct nft_flow_rule *flow = NULL;
4303 	struct net *net = info->net;
4304 	struct nft_userdata *udata;
4305 	struct nft_table *table;
4306 	struct nft_chain *chain;
4307 	struct nft_trans *trans;
4308 	u64 handle, pos_handle;
4309 	struct nft_expr *expr;
4310 	struct nft_ctx ctx;
4311 	struct nlattr *tmp;
4312 	int err, rem;
4313 
4314 	lockdep_assert_held(&nft_net->commit_mutex);
4315 
4316 	table = nft_table_lookup(net, nla[NFTA_RULE_TABLE], family, genmask,
4317 				 NETLINK_CB(skb).portid);
4318 	if (IS_ERR(table)) {
4319 		NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_TABLE]);
4320 		return PTR_ERR(table);
4321 	}
4322 
4323 	if (nla[NFTA_RULE_CHAIN]) {
4324 		chain = nft_chain_lookup(net, table, nla[NFTA_RULE_CHAIN],
4325 					 genmask);
4326 		if (IS_ERR(chain)) {
4327 			NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_CHAIN]);
4328 			return PTR_ERR(chain);
4329 		}
4330 
4331 	} else if (nla[NFTA_RULE_CHAIN_ID]) {
4332 		chain = nft_chain_lookup_byid(net, table, nla[NFTA_RULE_CHAIN_ID],
4333 					      genmask);
4334 		if (IS_ERR(chain)) {
4335 			NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_CHAIN_ID]);
4336 			return PTR_ERR(chain);
4337 		}
4338 	} else {
4339 		return -EINVAL;
4340 	}
4341 
4342 	if (nft_chain_is_bound(chain))
4343 		return -EOPNOTSUPP;
4344 
4345 	if (nla[NFTA_RULE_HANDLE]) {
4346 		handle = be64_to_cpu(nla_get_be64(nla[NFTA_RULE_HANDLE]));
4347 		rule = __nft_rule_lookup(net, chain, handle);
4348 		if (IS_ERR(rule)) {
4349 			NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_HANDLE]);
4350 			return PTR_ERR(rule);
4351 		}
4352 
4353 		if (info->nlh->nlmsg_flags & NLM_F_EXCL) {
4354 			NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_HANDLE]);
4355 			return -EEXIST;
4356 		}
4357 		if (info->nlh->nlmsg_flags & NLM_F_REPLACE)
4358 			old_rule = rule;
4359 		else
4360 			return -EOPNOTSUPP;
4361 	} else {
4362 		if (!(info->nlh->nlmsg_flags & NLM_F_CREATE) ||
4363 		    info->nlh->nlmsg_flags & NLM_F_REPLACE)
4364 			return -EINVAL;
4365 		handle = nf_tables_alloc_handle(table);
4366 
4367 		if (nla[NFTA_RULE_POSITION]) {
4368 			pos_handle = be64_to_cpu(nla_get_be64(nla[NFTA_RULE_POSITION]));
4369 			old_rule = __nft_rule_lookup(net, chain, pos_handle);
4370 			if (IS_ERR(old_rule)) {
4371 				NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_POSITION]);
4372 				return PTR_ERR(old_rule);
4373 			}
4374 		} else if (nla[NFTA_RULE_POSITION_ID]) {
4375 			old_rule = nft_rule_lookup_byid(net, chain, nla[NFTA_RULE_POSITION_ID]);
4376 			if (IS_ERR(old_rule)) {
4377 				NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_POSITION_ID]);
4378 				return PTR_ERR(old_rule);
4379 			}
4380 		}
4381 	}
4382 
4383 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, chain, nla);
4384 
4385 	n = 0;
4386 	size = 0;
4387 	if (nla[NFTA_RULE_EXPRESSIONS]) {
4388 		expr_info = kvmalloc_objs(struct nft_expr_info,
4389 					  NFT_RULE_MAXEXPRS);
4390 		if (!expr_info)
4391 			return -ENOMEM;
4392 
4393 		nla_for_each_nested(tmp, nla[NFTA_RULE_EXPRESSIONS], rem) {
4394 			err = -EINVAL;
4395 			if (nla_type(tmp) != NFTA_LIST_ELEM)
4396 				goto err_release_expr;
4397 			if (n == NFT_RULE_MAXEXPRS)
4398 				goto err_release_expr;
4399 			err = nf_tables_expr_parse(&ctx, tmp, &expr_info[n]);
4400 			if (err < 0) {
4401 				NL_SET_BAD_ATTR(extack, tmp);
4402 				goto err_release_expr;
4403 			}
4404 			size += expr_info[n].ops->size;
4405 			n++;
4406 		}
4407 	}
4408 	/* Check for overflow of dlen field */
4409 	err = -EFBIG;
4410 	if (size >= 1 << 12)
4411 		goto err_release_expr;
4412 
4413 	if (nla[NFTA_RULE_USERDATA]) {
4414 		ulen = nla_len(nla[NFTA_RULE_USERDATA]);
4415 		if (ulen > 0)
4416 			usize = sizeof(struct nft_userdata) + ulen;
4417 	}
4418 
4419 	err = -ENOMEM;
4420 	rule = kzalloc(sizeof(*rule) + size + usize, GFP_KERNEL_ACCOUNT);
4421 	if (rule == NULL)
4422 		goto err_release_expr;
4423 
4424 	nft_activate_next(net, rule);
4425 
4426 	rule->handle = handle;
4427 	rule->dlen   = size;
4428 	rule->udata  = ulen ? 1 : 0;
4429 
4430 	if (ulen) {
4431 		udata = nft_userdata(rule);
4432 		udata->len = ulen - 1;
4433 		nla_memcpy(udata->data, nla[NFTA_RULE_USERDATA], ulen);
4434 	}
4435 
4436 	expr = nft_expr_first(rule);
4437 	for (i = 0; i < n; i++) {
4438 		err = nf_tables_newexpr(&ctx, &expr_info[i], expr);
4439 		if (err < 0) {
4440 			NL_SET_BAD_ATTR(extack, expr_info[i].attr);
4441 			goto err_release_rule;
4442 		}
4443 
4444 		if (expr_info[i].ops->validate)
4445 			nft_validate_state_update(table, NFT_VALIDATE_NEED);
4446 
4447 		expr_info[i].ops = NULL;
4448 		expr = nft_expr_next(expr);
4449 	}
4450 
4451 	if (chain->flags & NFT_CHAIN_HW_OFFLOAD) {
4452 		flow = nft_flow_rule_create(net, rule);
4453 		if (IS_ERR(flow)) {
4454 			err = PTR_ERR(flow);
4455 			goto err_release_rule;
4456 		}
4457 	}
4458 
4459 	if (!nft_use_inc(&chain->use)) {
4460 		err = -EMFILE;
4461 		goto err_destroy_flow;
4462 	}
4463 
4464 	if (info->nlh->nlmsg_flags & NLM_F_REPLACE) {
4465 		if (nft_chain_binding(chain)) {
4466 			err = -EOPNOTSUPP;
4467 			goto err_destroy_flow_rule;
4468 		}
4469 
4470 		err = nft_delrule(&ctx, old_rule);
4471 		if (err < 0)
4472 			goto err_destroy_flow_rule;
4473 
4474 		trans = nft_trans_rule_add(&ctx, NFT_MSG_NEWRULE, rule);
4475 		if (trans == NULL) {
4476 			err = -ENOMEM;
4477 			goto err_destroy_flow_rule;
4478 		}
4479 		list_add_tail_rcu(&rule->list, &old_rule->list);
4480 	} else {
4481 		trans = nft_trans_rule_add(&ctx, NFT_MSG_NEWRULE, rule);
4482 		if (!trans) {
4483 			err = -ENOMEM;
4484 			goto err_destroy_flow_rule;
4485 		}
4486 
4487 		if (info->nlh->nlmsg_flags & NLM_F_APPEND) {
4488 			if (old_rule)
4489 				list_add_rcu(&rule->list, &old_rule->list);
4490 			else
4491 				list_add_tail_rcu(&rule->list, &chain->rules);
4492 		 } else {
4493 			if (old_rule)
4494 				list_add_tail_rcu(&rule->list, &old_rule->list);
4495 			else
4496 				list_add_rcu(&rule->list, &chain->rules);
4497 		}
4498 	}
4499 	kvfree(expr_info);
4500 
4501 	if (flow)
4502 		nft_trans_flow_rule(trans) = flow;
4503 
4504 	if (table->validate_state == NFT_VALIDATE_DO)
4505 		return nft_table_validate(net, table);
4506 
4507 	return 0;
4508 
4509 err_destroy_flow_rule:
4510 	nft_use_dec_restore(&chain->use);
4511 err_destroy_flow:
4512 	if (flow)
4513 		nft_flow_rule_destroy(flow);
4514 err_release_rule:
4515 	nft_rule_expr_deactivate(&ctx, rule, NFT_TRANS_PREPARE_ERROR);
4516 	nf_tables_rule_destroy(&ctx, rule);
4517 err_release_expr:
4518 	for (i = 0; i < n; i++) {
4519 		if (expr_info[i].ops) {
4520 			module_put(expr_info[i].ops->type->owner);
4521 			if (expr_info[i].ops->type->release_ops)
4522 				expr_info[i].ops->type->release_ops(expr_info[i].ops);
4523 		}
4524 	}
4525 	kvfree(expr_info);
4526 
4527 	return err;
4528 }
4529 
4530 static struct nft_rule *nft_rule_lookup_byid(const struct net *net,
4531 					     const struct nft_chain *chain,
4532 					     const struct nlattr *nla)
4533 {
4534 	struct nftables_pernet *nft_net = nft_pernet(net);
4535 	u32 id = ntohl(nla_get_be32(nla));
4536 	struct nft_trans *trans;
4537 
4538 	list_for_each_entry(trans, &nft_net->commit_list, list) {
4539 		if (trans->msg_type == NFT_MSG_NEWRULE &&
4540 		    nft_trans_rule_chain(trans) == chain &&
4541 		    id == nft_trans_rule_id(trans))
4542 			return nft_trans_rule(trans);
4543 	}
4544 	return ERR_PTR(-ENOENT);
4545 }
4546 
4547 static int nf_tables_delrule(struct sk_buff *skb, const struct nfnl_info *info,
4548 			     const struct nlattr * const nla[])
4549 {
4550 	struct netlink_ext_ack *extack = info->extack;
4551 	u8 genmask = nft_genmask_next(info->net);
4552 	u8 family = info->nfmsg->nfgen_family;
4553 	struct nft_chain *chain = NULL;
4554 	struct net *net = info->net;
4555 	struct nft_table *table;
4556 	struct nft_rule *rule;
4557 	struct nft_ctx ctx;
4558 	int err = 0;
4559 
4560 	table = nft_table_lookup(net, nla[NFTA_RULE_TABLE], family, genmask,
4561 				 NETLINK_CB(skb).portid);
4562 	if (IS_ERR(table)) {
4563 		NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_TABLE]);
4564 		return PTR_ERR(table);
4565 	}
4566 
4567 	if (nla[NFTA_RULE_CHAIN]) {
4568 		chain = nft_chain_lookup(net, table, nla[NFTA_RULE_CHAIN],
4569 					 genmask);
4570 		if (IS_ERR(chain)) {
4571 			if (PTR_ERR(chain) == -ENOENT &&
4572 			    NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_DESTROYRULE)
4573 				return 0;
4574 
4575 			NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_CHAIN]);
4576 			return PTR_ERR(chain);
4577 		}
4578 		if (nft_chain_binding(chain))
4579 			return -EOPNOTSUPP;
4580 	}
4581 
4582 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, chain, nla);
4583 
4584 	if (chain) {
4585 		if (nla[NFTA_RULE_HANDLE]) {
4586 			rule = nft_rule_lookup(info->net, chain, nla[NFTA_RULE_HANDLE]);
4587 			if (IS_ERR(rule)) {
4588 				if (PTR_ERR(rule) == -ENOENT &&
4589 				    NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_DESTROYRULE)
4590 					return 0;
4591 
4592 				NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_HANDLE]);
4593 				return PTR_ERR(rule);
4594 			}
4595 
4596 			err = nft_delrule(&ctx, rule);
4597 		} else if (nla[NFTA_RULE_ID]) {
4598 			rule = nft_rule_lookup_byid(net, chain, nla[NFTA_RULE_ID]);
4599 			if (IS_ERR(rule)) {
4600 				NL_SET_BAD_ATTR(extack, nla[NFTA_RULE_ID]);
4601 				return PTR_ERR(rule);
4602 			}
4603 
4604 			err = nft_delrule(&ctx, rule);
4605 		} else {
4606 			err = nft_delrule_by_chain(&ctx);
4607 		}
4608 	} else {
4609 		list_for_each_entry(chain, &table->chains, list) {
4610 			if (!nft_is_active_next(net, chain))
4611 				continue;
4612 			if (nft_chain_binding(chain))
4613 				continue;
4614 
4615 			ctx.chain = chain;
4616 			err = nft_delrule_by_chain(&ctx);
4617 			if (err < 0)
4618 				break;
4619 		}
4620 	}
4621 
4622 	return err;
4623 }
4624 
4625 /*
4626  * Sets
4627  */
4628 static const struct nft_set_type *nft_set_types[] = {
4629 	&nft_set_hash_fast_type,
4630 	&nft_set_hash_type,
4631 	&nft_set_rhash_type,
4632 	&nft_set_bitmap_type,
4633 	&nft_set_rbtree_type,
4634 #if defined(CONFIG_X86_64) && !defined(CONFIG_UML)
4635 	&nft_set_pipapo_avx2_type,
4636 #endif
4637 	&nft_set_pipapo_type,
4638 };
4639 
4640 #define NFT_SET_FEATURES	(NFT_SET_INTERVAL | NFT_SET_MAP | \
4641 				 NFT_SET_TIMEOUT | NFT_SET_OBJECT | \
4642 				 NFT_SET_EVAL)
4643 
4644 static bool nft_set_ops_candidate(const struct nft_set_type *type, u32 flags)
4645 {
4646 	return (flags & type->features) == (flags & NFT_SET_FEATURES);
4647 }
4648 
4649 /*
4650  * Select a set implementation based on the data characteristics and the
4651  * given policy. The total memory use might not be known if no size is
4652  * given, in that case the amount of memory per element is used.
4653  */
4654 static const struct nft_set_ops *
4655 nft_select_set_ops(const struct nft_ctx *ctx, u32 flags,
4656 		   const struct nft_set_desc *desc)
4657 {
4658 	struct nftables_pernet *nft_net = nft_pernet(ctx->net);
4659 	const struct nft_set_ops *ops, *bops;
4660 	struct nft_set_estimate est, best;
4661 	const struct nft_set_type *type;
4662 	int i;
4663 
4664 	lockdep_assert_held(&nft_net->commit_mutex);
4665 	lockdep_nfnl_nft_mutex_not_held();
4666 
4667 	bops	    = NULL;
4668 	best.size   = ~0;
4669 	best.lookup = ~0;
4670 	best.space  = ~0;
4671 
4672 	for (i = 0; i < ARRAY_SIZE(nft_set_types); i++) {
4673 		type = nft_set_types[i];
4674 		ops = &type->ops;
4675 
4676 		if (!nft_set_ops_candidate(type, flags))
4677 			continue;
4678 		if (!ops->estimate(desc, flags, &est))
4679 			continue;
4680 
4681 		switch (desc->policy) {
4682 		case NFT_SET_POL_PERFORMANCE:
4683 			if (est.lookup < best.lookup)
4684 				break;
4685 			if (est.lookup == best.lookup &&
4686 			    est.space < best.space)
4687 				break;
4688 			continue;
4689 		case NFT_SET_POL_MEMORY:
4690 			if (!desc->size) {
4691 				if (est.space < best.space)
4692 					break;
4693 				if (est.space == best.space &&
4694 				    est.lookup < best.lookup)
4695 					break;
4696 			} else if (est.size < best.size || !bops) {
4697 				break;
4698 			}
4699 			continue;
4700 		default:
4701 			break;
4702 		}
4703 
4704 		bops = ops;
4705 		best = est;
4706 	}
4707 
4708 	if (bops != NULL)
4709 		return bops;
4710 
4711 	return ERR_PTR(-EOPNOTSUPP);
4712 }
4713 
4714 static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] = {
4715 	[NFTA_SET_TABLE]		= { .type = NLA_STRING,
4716 					    .len = NFT_TABLE_MAXNAMELEN - 1 },
4717 	[NFTA_SET_NAME]			= { .type = NLA_STRING,
4718 					    .len = NFT_SET_MAXNAMELEN - 1 },
4719 	[NFTA_SET_FLAGS]		= NLA_POLICY_MASK(NLA_BE32,
4720 							  NFT_SET_ANONYMOUS |
4721 							  NFT_SET_CONSTANT |
4722 							  NFT_SET_INTERVAL |
4723 							  NFT_SET_MAP |
4724 							  NFT_SET_TIMEOUT |
4725 							  NFT_SET_EVAL |
4726 							  NFT_SET_OBJECT |
4727 							  NFT_SET_CONCAT |
4728 							  NFT_SET_EXPR),
4729 	[NFTA_SET_KEY_TYPE]		= { .type = NLA_U32 },
4730 	[NFTA_SET_KEY_LEN]		= { .type = NLA_U32 },
4731 	[NFTA_SET_DATA_TYPE]		= { .type = NLA_U32 },
4732 	[NFTA_SET_DATA_LEN]		= { .type = NLA_U32 },
4733 	[NFTA_SET_POLICY]		= { .type = NLA_U32 },
4734 	[NFTA_SET_DESC]			= { .type = NLA_NESTED },
4735 	[NFTA_SET_ID]			= { .type = NLA_U32 },
4736 	[NFTA_SET_TIMEOUT]		= { .type = NLA_U64 },
4737 	[NFTA_SET_GC_INTERVAL]		= { .type = NLA_U32 },
4738 	[NFTA_SET_USERDATA]		= { .type = NLA_BINARY,
4739 					    .len  = NFT_USERDATA_MAXLEN },
4740 	[NFTA_SET_OBJ_TYPE]		= { .type = NLA_U32 },
4741 	[NFTA_SET_HANDLE]		= { .type = NLA_U64 },
4742 	[NFTA_SET_EXPR]			= { .type = NLA_NESTED },
4743 	[NFTA_SET_EXPRESSIONS]		= NLA_POLICY_NESTED_ARRAY(nft_expr_policy),
4744 	[NFTA_SET_TYPE]			= { .type = NLA_REJECT },
4745 	[NFTA_SET_COUNT]		= { .type = NLA_REJECT },
4746 };
4747 
4748 static const struct nla_policy nft_concat_policy[NFTA_SET_FIELD_MAX + 1] = {
4749 	[NFTA_SET_FIELD_LEN]	= { .type = NLA_U32 },
4750 };
4751 
4752 static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] = {
4753 	[NFTA_SET_DESC_SIZE]		= { .type = NLA_U32 },
4754 	[NFTA_SET_DESC_CONCAT]		= NLA_POLICY_NESTED_ARRAY(nft_concat_policy),
4755 };
4756 
4757 static struct nft_set *nft_set_lookup(const struct net *net,
4758 				      const struct nft_table *table,
4759 				      const struct nlattr *nla, u8 genmask)
4760 {
4761 	struct nft_set *set;
4762 
4763 	if (nla == NULL)
4764 		return ERR_PTR(-EINVAL);
4765 
4766 	list_for_each_entry_rcu(set, &table->sets, list,
4767 				lockdep_commit_lock_is_held(net)) {
4768 		if (!nla_strcmp(nla, set->name) &&
4769 		    nft_active_genmask(set, genmask))
4770 			return set;
4771 	}
4772 	return ERR_PTR(-ENOENT);
4773 }
4774 
4775 static struct nft_set *nft_set_lookup_byhandle(const struct nft_table *table,
4776 					       const struct nlattr *nla,
4777 					       u8 genmask)
4778 {
4779 	struct nft_set *set;
4780 
4781 	list_for_each_entry(set, &table->sets, list) {
4782 		if (be64_to_cpu(nla_get_be64(nla)) == set->handle &&
4783 		    nft_active_genmask(set, genmask))
4784 			return set;
4785 	}
4786 	return ERR_PTR(-ENOENT);
4787 }
4788 
4789 static struct nft_set *nft_set_lookup_byid(const struct net *net,
4790 					   const struct nft_table *table,
4791 					   const struct nlattr *nla, u8 genmask)
4792 {
4793 	struct nftables_pernet *nft_net = nft_pernet(net);
4794 	u32 id = ntohl(nla_get_be32(nla));
4795 	struct nft_trans_set *trans;
4796 
4797 	/* its likely the id we need is at the tail, not at start */
4798 	list_for_each_entry_reverse(trans, &nft_net->commit_set_list, list_trans_newset) {
4799 		struct nft_set *set = trans->set;
4800 
4801 		if (id == trans->set_id &&
4802 		    set->table == table &&
4803 		    nft_active_genmask(set, genmask))
4804 			return set;
4805 	}
4806 	return ERR_PTR(-ENOENT);
4807 }
4808 
4809 struct nft_set *nft_set_lookup_global(const struct net *net,
4810 				      const struct nft_table *table,
4811 				      const struct nlattr *nla_set_name,
4812 				      const struct nlattr *nla_set_id,
4813 				      u8 genmask)
4814 {
4815 	struct nft_set *set;
4816 
4817 	set = nft_set_lookup(net, table, nla_set_name, genmask);
4818 	if (IS_ERR(set)) {
4819 		if (!nla_set_id)
4820 			return set;
4821 
4822 		set = nft_set_lookup_byid(net, table, nla_set_id, genmask);
4823 	}
4824 	return set;
4825 }
4826 
4827 static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set,
4828 				    const char *name)
4829 {
4830 	const struct nft_set *i;
4831 	const char *p;
4832 	unsigned long *inuse;
4833 	unsigned int n = 0, min = 0;
4834 
4835 	p = strchr(name, '%');
4836 	if (p != NULL) {
4837 		if (p[1] != 'd' || strchr(p + 2, '%'))
4838 			return -EINVAL;
4839 
4840 		if (strnlen(name, NFT_SET_MAX_ANONLEN) >= NFT_SET_MAX_ANONLEN)
4841 			return -EINVAL;
4842 
4843 		inuse = (unsigned long *)get_zeroed_page(GFP_KERNEL);
4844 		if (inuse == NULL)
4845 			return -ENOMEM;
4846 cont:
4847 		list_for_each_entry(i, &ctx->table->sets, list) {
4848 			int tmp;
4849 
4850 			if (!nft_is_active_next(ctx->net, i))
4851 				continue;
4852 			if (!sscanf(i->name, name, &tmp))
4853 				continue;
4854 			if (tmp < min || tmp >= min + BITS_PER_BYTE * PAGE_SIZE)
4855 				continue;
4856 
4857 			set_bit(tmp - min, inuse);
4858 		}
4859 
4860 		n = find_first_zero_bit(inuse, BITS_PER_BYTE * PAGE_SIZE);
4861 		if (n >= BITS_PER_BYTE * PAGE_SIZE) {
4862 			min += BITS_PER_BYTE * PAGE_SIZE;
4863 			memset(inuse, 0, PAGE_SIZE);
4864 			goto cont;
4865 		}
4866 		free_page((unsigned long)inuse);
4867 	}
4868 
4869 	set->name = kasprintf(GFP_KERNEL_ACCOUNT, name, min + n);
4870 	if (!set->name)
4871 		return -ENOMEM;
4872 
4873 	list_for_each_entry(i, &ctx->table->sets, list) {
4874 		if (!nft_is_active_next(ctx->net, i))
4875 			continue;
4876 		if (!strcmp(set->name, i->name)) {
4877 			kfree(set->name);
4878 			set->name = NULL;
4879 			return -ENFILE;
4880 		}
4881 	}
4882 	return 0;
4883 }
4884 
4885 int nf_msecs_to_jiffies64(const struct nlattr *nla, u64 *result)
4886 {
4887 	u64 ms = be64_to_cpu(nla_get_be64(nla));
4888 	u64 max = (u64)(~((u64)0));
4889 
4890 	max = div_u64(max, NSEC_PER_MSEC);
4891 	if (ms >= max)
4892 		return -ERANGE;
4893 
4894 	ms *= NSEC_PER_MSEC;
4895 	*result = nsecs_to_jiffies64(ms) ? : !!ms;
4896 	return 0;
4897 }
4898 
4899 __be64 nf_jiffies64_to_msecs(u64 input)
4900 {
4901 	return cpu_to_be64(jiffies64_to_msecs(input));
4902 }
4903 
4904 static int nf_tables_fill_set_concat(struct sk_buff *skb,
4905 				     const struct nft_set *set)
4906 {
4907 	struct nlattr *concat, *field;
4908 	int i;
4909 
4910 	concat = nla_nest_start_noflag(skb, NFTA_SET_DESC_CONCAT);
4911 	if (!concat)
4912 		return -ENOMEM;
4913 
4914 	for (i = 0; i < set->field_count; i++) {
4915 		field = nla_nest_start_noflag(skb, NFTA_LIST_ELEM);
4916 		if (!field)
4917 			return -ENOMEM;
4918 
4919 		if (nla_put_be32(skb, NFTA_SET_FIELD_LEN,
4920 				 htonl(set->field_len[i])))
4921 			return -ENOMEM;
4922 
4923 		nla_nest_end(skb, field);
4924 	}
4925 
4926 	nla_nest_end(skb, concat);
4927 
4928 	return 0;
4929 }
4930 
4931 static u32 nft_set_userspace_size(const struct nft_set_ops *ops, u32 size)
4932 {
4933 	if (ops->usize)
4934 		return ops->usize(size);
4935 
4936 	return size;
4937 }
4938 
4939 static noinline_for_stack int
4940 nf_tables_fill_set_info(struct sk_buff *skb, const struct nft_set *set)
4941 {
4942 	unsigned int nelems;
4943 	char str[40];
4944 	int ret;
4945 
4946 	ret = snprintf(str, sizeof(str), "%ps", set->ops);
4947 
4948 	/* Not expected to happen and harmless: NFTA_SET_TYPE is dumped
4949 	 * to userspace purely for informational/debug purposes.
4950 	 */
4951 	DEBUG_NET_WARN_ON_ONCE(ret >= sizeof(str));
4952 
4953 	if (nla_put_string(skb, NFTA_SET_TYPE, str))
4954 		return -EMSGSIZE;
4955 
4956 	nelems = nft_set_userspace_size(set->ops, atomic_read(&set->nelems));
4957 	return nla_put_be32(skb, NFTA_SET_COUNT, htonl(nelems));
4958 }
4959 
4960 static int nf_tables_fill_set(struct sk_buff *skb, const struct nft_ctx *ctx,
4961 			      const struct nft_set *set, u16 event, u16 flags)
4962 {
4963 	u64 timeout = READ_ONCE(set->timeout);
4964 	u32 gc_int = READ_ONCE(set->gc_int);
4965 	u32 portid = ctx->portid;
4966 	struct nlmsghdr *nlh;
4967 	struct nlattr *nest;
4968 	u32 seq = ctx->seq;
4969 	int i;
4970 
4971 	nlh = nfnl_msg_put(skb, portid, seq,
4972 			   nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event),
4973 			   flags, ctx->family, NFNETLINK_V0,
4974 			   nft_base_seq_be16(ctx->net));
4975 	if (!nlh)
4976 		goto nla_put_failure;
4977 
4978 	if (nla_put_string(skb, NFTA_SET_TABLE, ctx->table->name))
4979 		goto nla_put_failure;
4980 	if (nla_put_string(skb, NFTA_SET_NAME, set->name))
4981 		goto nla_put_failure;
4982 	if (nla_put_be64(skb, NFTA_SET_HANDLE, cpu_to_be64(set->handle),
4983 			 NFTA_SET_PAD))
4984 		goto nla_put_failure;
4985 
4986 	if (event == NFT_MSG_DELSET ||
4987 	    event == NFT_MSG_DESTROYSET) {
4988 		nlmsg_end(skb, nlh);
4989 		return 0;
4990 	}
4991 
4992 	if (set->flags != 0)
4993 		if (nla_put_be32(skb, NFTA_SET_FLAGS, htonl(set->flags)))
4994 			goto nla_put_failure;
4995 
4996 	if (nla_put_be32(skb, NFTA_SET_KEY_TYPE, htonl(set->ktype)))
4997 		goto nla_put_failure;
4998 	if (nla_put_be32(skb, NFTA_SET_KEY_LEN, htonl(set->klen)))
4999 		goto nla_put_failure;
5000 	if (set->flags & NFT_SET_MAP) {
5001 		if (nla_put_be32(skb, NFTA_SET_DATA_TYPE, htonl(set->dtype)))
5002 			goto nla_put_failure;
5003 		if (nla_put_be32(skb, NFTA_SET_DATA_LEN, htonl(set->dlen)))
5004 			goto nla_put_failure;
5005 	}
5006 	if (set->flags & NFT_SET_OBJECT &&
5007 	    nla_put_be32(skb, NFTA_SET_OBJ_TYPE, htonl(set->objtype)))
5008 		goto nla_put_failure;
5009 
5010 	if (timeout &&
5011 	    nla_put_be64(skb, NFTA_SET_TIMEOUT,
5012 			 nf_jiffies64_to_msecs(timeout),
5013 			 NFTA_SET_PAD))
5014 		goto nla_put_failure;
5015 	if (gc_int &&
5016 	    nla_put_be32(skb, NFTA_SET_GC_INTERVAL, htonl(gc_int)))
5017 		goto nla_put_failure;
5018 
5019 	if (set->policy != NFT_SET_POL_PERFORMANCE) {
5020 		if (nla_put_be32(skb, NFTA_SET_POLICY, htonl(set->policy)))
5021 			goto nla_put_failure;
5022 	}
5023 
5024 	if (set->udata &&
5025 	    nla_put(skb, NFTA_SET_USERDATA, set->udlen, set->udata))
5026 		goto nla_put_failure;
5027 
5028 	nest = nla_nest_start_noflag(skb, NFTA_SET_DESC);
5029 	if (!nest)
5030 		goto nla_put_failure;
5031 	if (set->size &&
5032 	    nla_put_be32(skb, NFTA_SET_DESC_SIZE,
5033 			 htonl(nft_set_userspace_size(set->ops, set->size))))
5034 		goto nla_put_failure;
5035 
5036 	if (set->field_count > 1 &&
5037 	    nf_tables_fill_set_concat(skb, set))
5038 		goto nla_put_failure;
5039 
5040 	nla_nest_end(skb, nest);
5041 
5042 	if (nf_tables_fill_set_info(skb, set))
5043 		goto nla_put_failure;
5044 
5045 	if (set->num_exprs == 1) {
5046 		nest = nla_nest_start_noflag(skb, NFTA_SET_EXPR);
5047 		if (nf_tables_fill_expr_info(skb, set->exprs[0], false) < 0)
5048 			goto nla_put_failure;
5049 
5050 		nla_nest_end(skb, nest);
5051 	} else if (set->num_exprs > 1) {
5052 		nest = nla_nest_start_noflag(skb, NFTA_SET_EXPRESSIONS);
5053 		if (nest == NULL)
5054 			goto nla_put_failure;
5055 
5056 		for (i = 0; i < set->num_exprs; i++) {
5057 			if (nft_expr_dump(skb, NFTA_LIST_ELEM,
5058 					  set->exprs[i], false) < 0)
5059 				goto nla_put_failure;
5060 		}
5061 		nla_nest_end(skb, nest);
5062 	}
5063 
5064 	nlmsg_end(skb, nlh);
5065 	return 0;
5066 
5067 nla_put_failure:
5068 	nlmsg_trim(skb, nlh);
5069 	return -1;
5070 }
5071 
5072 static void nf_tables_set_notify(const struct nft_ctx *ctx,
5073 				 const struct nft_set *set, int event,
5074 			         gfp_t gfp_flags)
5075 {
5076 	struct nftables_pernet *nft_net = nft_pernet(ctx->net);
5077 	u32 portid = ctx->portid;
5078 	struct sk_buff *skb;
5079 	u16 flags = 0;
5080 	int err;
5081 
5082 	if (!ctx->report &&
5083 	    !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES))
5084 		return;
5085 
5086 	skb = nlmsg_new(NLMSG_GOODSIZE, gfp_flags);
5087 	if (skb == NULL)
5088 		goto err;
5089 
5090 	if (ctx->flags & (NLM_F_CREATE | NLM_F_EXCL))
5091 		flags |= ctx->flags & (NLM_F_CREATE | NLM_F_EXCL);
5092 
5093 	err = nf_tables_fill_set(skb, ctx, set, event, flags);
5094 	if (err < 0) {
5095 		kfree_skb(skb);
5096 		goto err;
5097 	}
5098 
5099 	nft_notify_enqueue(skb, ctx->report, &nft_net->notify_list);
5100 	return;
5101 err:
5102 	nfnetlink_set_err(ctx->net, portid, NFNLGRP_NFTABLES, -ENOBUFS);
5103 }
5104 
5105 static int nf_tables_dump_sets(struct sk_buff *skb, struct netlink_callback *cb)
5106 {
5107 	const struct nft_set *set;
5108 	unsigned int idx, s_idx = cb->args[0];
5109 	struct nft_table *table, *cur_table = (struct nft_table *)cb->args[2];
5110 	struct net *net = sock_net(skb->sk);
5111 	struct nft_ctx *ctx = cb->data, ctx_set;
5112 	struct nftables_pernet *nft_net;
5113 
5114 	if (cb->args[1])
5115 		return skb->len;
5116 
5117 	rcu_read_lock();
5118 	nft_net = nft_pernet(net);
5119 	cb->seq = nft_base_seq(net);
5120 
5121 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
5122 		if (ctx->family != NFPROTO_UNSPEC &&
5123 		    ctx->family != table->family)
5124 			continue;
5125 
5126 		if (ctx->table && ctx->table != table)
5127 			continue;
5128 
5129 		if (cur_table) {
5130 			if (cur_table != table)
5131 				continue;
5132 
5133 			cur_table = NULL;
5134 		}
5135 		idx = 0;
5136 		list_for_each_entry_rcu(set, &table->sets, list) {
5137 			if (idx < s_idx)
5138 				goto cont;
5139 			if (!nft_is_active(net, set))
5140 				goto cont;
5141 
5142 			ctx_set = *ctx;
5143 			ctx_set.table = table;
5144 			ctx_set.family = table->family;
5145 
5146 			if (nf_tables_fill_set(skb, &ctx_set, set,
5147 					       NFT_MSG_NEWSET,
5148 					       NLM_F_MULTI) < 0) {
5149 				cb->args[0] = idx;
5150 				cb->args[2] = (unsigned long) table;
5151 				goto done;
5152 			}
5153 			nl_dump_check_consistent(cb, nlmsg_hdr(skb));
5154 cont:
5155 			idx++;
5156 		}
5157 		if (s_idx)
5158 			s_idx = 0;
5159 	}
5160 	cb->args[1] = 1;
5161 done:
5162 	rcu_read_unlock();
5163 	return skb->len;
5164 }
5165 
5166 static int nf_tables_dump_sets_start(struct netlink_callback *cb)
5167 {
5168 	struct nft_ctx *ctx_dump = NULL;
5169 
5170 	ctx_dump = kmemdup(cb->data, sizeof(*ctx_dump), GFP_ATOMIC);
5171 	if (ctx_dump == NULL)
5172 		return -ENOMEM;
5173 
5174 	cb->data = ctx_dump;
5175 	return 0;
5176 }
5177 
5178 static int nf_tables_dump_sets_done(struct netlink_callback *cb)
5179 {
5180 	kfree(cb->data);
5181 	return 0;
5182 }
5183 
5184 /* called with rcu_read_lock held */
5185 static int nf_tables_getset(struct sk_buff *skb, const struct nfnl_info *info,
5186 			    const struct nlattr * const nla[])
5187 {
5188 	struct netlink_ext_ack *extack = info->extack;
5189 	u8 genmask = nft_genmask_cur(info->net);
5190 	u8 family = info->nfmsg->nfgen_family;
5191 	struct nft_table *table = NULL;
5192 	struct net *net = info->net;
5193 	const struct nft_set *set;
5194 	struct sk_buff *skb2;
5195 	struct nft_ctx ctx;
5196 	int err;
5197 
5198 	if (nla[NFTA_SET_TABLE]) {
5199 		table = nft_table_lookup(net, nla[NFTA_SET_TABLE], family,
5200 					 genmask, 0);
5201 		if (IS_ERR(table)) {
5202 			NL_SET_BAD_ATTR(extack, nla[NFTA_SET_TABLE]);
5203 			return PTR_ERR(table);
5204 		}
5205 	}
5206 
5207 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
5208 
5209 	if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
5210 		struct netlink_dump_control c = {
5211 			.start = nf_tables_dump_sets_start,
5212 			.dump = nf_tables_dump_sets,
5213 			.done = nf_tables_dump_sets_done,
5214 			.data = &ctx,
5215 			.module = THIS_MODULE,
5216 		};
5217 
5218 		return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
5219 	}
5220 
5221 	/* Only accept unspec with dump */
5222 	if (info->nfmsg->nfgen_family == NFPROTO_UNSPEC)
5223 		return -EAFNOSUPPORT;
5224 	if (!nla[NFTA_SET_TABLE])
5225 		return -EINVAL;
5226 
5227 	set = nft_set_lookup(net, table, nla[NFTA_SET_NAME], genmask);
5228 	if (IS_ERR(set)) {
5229 		NL_SET_BAD_ATTR(extack, nla[NFTA_SET_NAME]);
5230 		return PTR_ERR(set);
5231 	}
5232 
5233 	skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
5234 	if (skb2 == NULL)
5235 		return -ENOMEM;
5236 
5237 	err = nf_tables_fill_set(skb2, &ctx, set, NFT_MSG_NEWSET, 0);
5238 	if (err < 0)
5239 		goto err_fill_set_info;
5240 
5241 	return nfnetlink_unicast(skb2, net, NETLINK_CB(skb).portid);
5242 
5243 err_fill_set_info:
5244 	kfree_skb(skb2);
5245 	return err;
5246 }
5247 
5248 static int nft_set_desc_concat_parse(const struct nlattr *attr,
5249 				     struct nft_set_desc *desc)
5250 {
5251 	struct nlattr *tb[NFTA_SET_FIELD_MAX + 1];
5252 	u32 len;
5253 	int err;
5254 
5255 	if (desc->field_count >= ARRAY_SIZE(desc->field_len))
5256 		return -E2BIG;
5257 
5258 	err = nla_parse_nested_deprecated(tb, NFTA_SET_FIELD_MAX, attr,
5259 					  nft_concat_policy, NULL);
5260 	if (err < 0)
5261 		return err;
5262 
5263 	if (!tb[NFTA_SET_FIELD_LEN])
5264 		return -EINVAL;
5265 
5266 	len = ntohl(nla_get_be32(tb[NFTA_SET_FIELD_LEN]));
5267 	if (!len || len > U8_MAX)
5268 		return -EINVAL;
5269 
5270 	desc->field_len[desc->field_count++] = len;
5271 
5272 	return 0;
5273 }
5274 
5275 static int nft_set_desc_concat(struct nft_set_desc *desc,
5276 			       const struct nlattr *nla)
5277 {
5278 	u32 len = 0, num_regs;
5279 	struct nlattr *attr;
5280 	int rem, err, i;
5281 
5282 	nla_for_each_nested(attr, nla, rem) {
5283 		if (nla_type(attr) != NFTA_LIST_ELEM)
5284 			return -EINVAL;
5285 
5286 		err = nft_set_desc_concat_parse(attr, desc);
5287 		if (err < 0)
5288 			return err;
5289 	}
5290 
5291 	for (i = 0; i < desc->field_count; i++)
5292 		len += round_up(desc->field_len[i], sizeof(u32));
5293 
5294 	if (len != desc->klen)
5295 		return -EINVAL;
5296 
5297 	num_regs = DIV_ROUND_UP(desc->klen, sizeof(u32));
5298 	if (num_regs > NFT_REG32_COUNT)
5299 		return -E2BIG;
5300 
5301 	return 0;
5302 }
5303 
5304 static int nf_tables_set_desc_parse(struct nft_set_desc *desc,
5305 				    const struct nlattr *nla)
5306 {
5307 	struct nlattr *da[NFTA_SET_DESC_MAX + 1];
5308 	int err;
5309 
5310 	err = nla_parse_nested_deprecated(da, NFTA_SET_DESC_MAX, nla,
5311 					  nft_set_desc_policy, NULL);
5312 	if (err < 0)
5313 		return err;
5314 
5315 	if (da[NFTA_SET_DESC_SIZE] != NULL)
5316 		desc->size = ntohl(nla_get_be32(da[NFTA_SET_DESC_SIZE]));
5317 	if (da[NFTA_SET_DESC_CONCAT])
5318 		err = nft_set_desc_concat(desc, da[NFTA_SET_DESC_CONCAT]);
5319 
5320 	return err;
5321 }
5322 
5323 static int nft_set_expr_alloc(struct nft_ctx *ctx, struct nft_set *set,
5324 			      const struct nlattr * const *nla,
5325 			      struct nft_expr **exprs, int *num_exprs,
5326 			      u32 flags)
5327 {
5328 	struct nft_expr *expr;
5329 	int err, i;
5330 
5331 	if (nla[NFTA_SET_EXPR]) {
5332 		expr = nft_set_elem_expr_alloc(ctx, set, nla[NFTA_SET_EXPR]);
5333 		if (IS_ERR(expr)) {
5334 			err = PTR_ERR(expr);
5335 			goto err_set_expr_alloc;
5336 		}
5337 		exprs[0] = expr;
5338 		(*num_exprs)++;
5339 	} else if (nla[NFTA_SET_EXPRESSIONS]) {
5340 		struct nlattr *tmp;
5341 		int left;
5342 
5343 		if (!(flags & NFT_SET_EXPR)) {
5344 			err = -EINVAL;
5345 			goto err_set_expr_alloc;
5346 		}
5347 		i = 0;
5348 		nla_for_each_nested(tmp, nla[NFTA_SET_EXPRESSIONS], left) {
5349 			if (i == NFT_SET_EXPR_MAX) {
5350 				err = -E2BIG;
5351 				goto err_set_expr_alloc;
5352 			}
5353 			if (nla_type(tmp) != NFTA_LIST_ELEM) {
5354 				err = -EINVAL;
5355 				goto err_set_expr_alloc;
5356 			}
5357 			expr = nft_set_elem_expr_alloc(ctx, set, tmp);
5358 			if (IS_ERR(expr)) {
5359 				err = PTR_ERR(expr);
5360 				goto err_set_expr_alloc;
5361 			}
5362 			exprs[i++] = expr;
5363 			(*num_exprs)++;
5364 		}
5365 	}
5366 
5367 	return 0;
5368 
5369 err_set_expr_alloc:
5370 	for (i = 0; i < *num_exprs; i++)
5371 		nft_expr_destroy(ctx, exprs[i]);
5372 
5373 	return err;
5374 }
5375 
5376 static bool nft_set_is_same(const struct nft_set *set,
5377 			    const struct nft_set_desc *desc,
5378 			    struct nft_expr *exprs[], u32 num_exprs, u32 flags)
5379 {
5380 	int i;
5381 
5382 	if (set->ktype != desc->ktype ||
5383 	    set->dtype != desc->dtype ||
5384 	    set->flags != flags ||
5385 	    set->klen != desc->klen ||
5386 	    set->dlen != desc->dlen ||
5387 	    set->field_count != desc->field_count ||
5388 	    set->num_exprs != num_exprs)
5389 		return false;
5390 
5391 	for (i = 0; i < desc->field_count; i++) {
5392 		if (set->field_len[i] != desc->field_len[i])
5393 			return false;
5394 	}
5395 
5396 	for (i = 0; i < num_exprs; i++) {
5397 		if (set->exprs[i]->ops != exprs[i]->ops)
5398 			return false;
5399 	}
5400 
5401 	return true;
5402 }
5403 
5404 static u32 nft_set_kernel_size(const struct nft_set_ops *ops,
5405 			       const struct nft_set_desc *desc)
5406 {
5407 	if (ops->ksize)
5408 		return ops->ksize(desc->size);
5409 
5410 	return desc->size;
5411 }
5412 
5413 static int nf_tables_newset(struct sk_buff *skb, const struct nfnl_info *info,
5414 			    const struct nlattr * const nla[])
5415 {
5416 	struct netlink_ext_ack *extack = info->extack;
5417 	u8 genmask = nft_genmask_next(info->net);
5418 	u8 family = info->nfmsg->nfgen_family;
5419 	const struct nft_set_ops *ops;
5420 	struct net *net = info->net;
5421 	struct nft_set_desc desc;
5422 	struct nft_table *table;
5423 	unsigned char *udata;
5424 	struct nft_set *set;
5425 	struct nft_ctx ctx;
5426 	size_t alloc_size;
5427 	int num_exprs = 0;
5428 	char *name;
5429 	int err, i;
5430 	u16 udlen;
5431 	u32 flags;
5432 	u64 size;
5433 
5434 	if (nla[NFTA_SET_TABLE] == NULL ||
5435 	    nla[NFTA_SET_NAME] == NULL ||
5436 	    nla[NFTA_SET_KEY_LEN] == NULL ||
5437 	    nla[NFTA_SET_ID] == NULL)
5438 		return -EINVAL;
5439 
5440 	memset(&desc, 0, sizeof(desc));
5441 
5442 	desc.ktype = NFT_DATA_VALUE;
5443 	if (nla[NFTA_SET_KEY_TYPE] != NULL) {
5444 		desc.ktype = ntohl(nla_get_be32(nla[NFTA_SET_KEY_TYPE]));
5445 		if ((desc.ktype & NFT_DATA_RESERVED_MASK) == NFT_DATA_RESERVED_MASK)
5446 			return -EINVAL;
5447 	}
5448 
5449 	desc.klen = ntohl(nla_get_be32(nla[NFTA_SET_KEY_LEN]));
5450 	if (desc.klen == 0 || desc.klen > NFT_DATA_VALUE_MAXLEN)
5451 		return -EINVAL;
5452 
5453 	flags = 0;
5454 	if (nla[NFTA_SET_FLAGS] != NULL) {
5455 		flags = ntohl(nla_get_be32(nla[NFTA_SET_FLAGS]));
5456 		if (flags & ~(NFT_SET_ANONYMOUS | NFT_SET_CONSTANT |
5457 			      NFT_SET_INTERVAL | NFT_SET_TIMEOUT |
5458 			      NFT_SET_MAP | NFT_SET_EVAL |
5459 			      NFT_SET_OBJECT | NFT_SET_CONCAT | NFT_SET_EXPR))
5460 			return -EOPNOTSUPP;
5461 		/* Only one of these operations is supported */
5462 		if ((flags & (NFT_SET_MAP | NFT_SET_OBJECT)) ==
5463 			     (NFT_SET_MAP | NFT_SET_OBJECT))
5464 			return -EOPNOTSUPP;
5465 		if ((flags & (NFT_SET_EVAL | NFT_SET_OBJECT)) ==
5466 			     (NFT_SET_EVAL | NFT_SET_OBJECT))
5467 			return -EOPNOTSUPP;
5468 		if ((flags & (NFT_SET_ANONYMOUS | NFT_SET_TIMEOUT | NFT_SET_EVAL)) ==
5469 			     (NFT_SET_ANONYMOUS | NFT_SET_TIMEOUT))
5470 			return -EOPNOTSUPP;
5471 		if ((flags & (NFT_SET_CONSTANT | NFT_SET_TIMEOUT)) ==
5472 			     (NFT_SET_CONSTANT | NFT_SET_TIMEOUT))
5473 			return -EOPNOTSUPP;
5474 	}
5475 
5476 	desc.dtype = 0;
5477 	if (nla[NFTA_SET_DATA_TYPE] != NULL) {
5478 		if (!(flags & NFT_SET_MAP))
5479 			return -EINVAL;
5480 
5481 		desc.dtype = ntohl(nla_get_be32(nla[NFTA_SET_DATA_TYPE]));
5482 		if ((desc.dtype & NFT_DATA_RESERVED_MASK) == NFT_DATA_RESERVED_MASK &&
5483 		    desc.dtype != NFT_DATA_VERDICT)
5484 			return -EINVAL;
5485 
5486 		if (desc.dtype != NFT_DATA_VERDICT) {
5487 			if (nla[NFTA_SET_DATA_LEN] == NULL)
5488 				return -EINVAL;
5489 			desc.dlen = ntohl(nla_get_be32(nla[NFTA_SET_DATA_LEN]));
5490 			if (desc.dlen == 0 || desc.dlen > NFT_DATA_VALUE_MAXLEN)
5491 				return -EINVAL;
5492 		} else
5493 			desc.dlen = sizeof(struct nft_verdict);
5494 	} else if (flags & NFT_SET_MAP)
5495 		return -EINVAL;
5496 
5497 	if (nla[NFTA_SET_OBJ_TYPE] != NULL) {
5498 		if (!(flags & NFT_SET_OBJECT))
5499 			return -EINVAL;
5500 
5501 		desc.objtype = ntohl(nla_get_be32(nla[NFTA_SET_OBJ_TYPE]));
5502 		if (desc.objtype == NFT_OBJECT_UNSPEC ||
5503 		    desc.objtype > NFT_OBJECT_MAX)
5504 			return -EOPNOTSUPP;
5505 	} else if (flags & NFT_SET_OBJECT)
5506 		return -EINVAL;
5507 	else
5508 		desc.objtype = NFT_OBJECT_UNSPEC;
5509 
5510 	desc.timeout = 0;
5511 	if (nla[NFTA_SET_TIMEOUT] != NULL) {
5512 		if (!(flags & NFT_SET_TIMEOUT))
5513 			return -EINVAL;
5514 
5515 		if (flags & NFT_SET_ANONYMOUS)
5516 			return -EOPNOTSUPP;
5517 
5518 		err = nf_msecs_to_jiffies64(nla[NFTA_SET_TIMEOUT], &desc.timeout);
5519 		if (err)
5520 			return err;
5521 	}
5522 	desc.gc_int = 0;
5523 	if (nla[NFTA_SET_GC_INTERVAL] != NULL) {
5524 		if (!(flags & NFT_SET_TIMEOUT))
5525 			return -EINVAL;
5526 
5527 		if (flags & NFT_SET_ANONYMOUS)
5528 			return -EOPNOTSUPP;
5529 
5530 		desc.gc_int = ntohl(nla_get_be32(nla[NFTA_SET_GC_INTERVAL]));
5531 	}
5532 
5533 	desc.policy = NFT_SET_POL_PERFORMANCE;
5534 	if (nla[NFTA_SET_POLICY] != NULL) {
5535 		desc.policy = ntohl(nla_get_be32(nla[NFTA_SET_POLICY]));
5536 		switch (desc.policy) {
5537 		case NFT_SET_POL_PERFORMANCE:
5538 		case NFT_SET_POL_MEMORY:
5539 			break;
5540 		default:
5541 			return -EOPNOTSUPP;
5542 		}
5543 	}
5544 
5545 	if (nla[NFTA_SET_DESC] != NULL) {
5546 		err = nf_tables_set_desc_parse(&desc, nla[NFTA_SET_DESC]);
5547 		if (err < 0)
5548 			return err;
5549 
5550 		if (desc.field_count > 1) {
5551 			if (!(flags & NFT_SET_CONCAT))
5552 				return -EINVAL;
5553 		} else if (flags & NFT_SET_CONCAT) {
5554 			return -EINVAL;
5555 		}
5556 	} else if (flags & NFT_SET_CONCAT) {
5557 		return -EINVAL;
5558 	}
5559 
5560 	if (nla[NFTA_SET_EXPR] || nla[NFTA_SET_EXPRESSIONS])
5561 		desc.expr = true;
5562 
5563 	table = nft_table_lookup(net, nla[NFTA_SET_TABLE], family, genmask,
5564 				 NETLINK_CB(skb).portid);
5565 	if (IS_ERR(table)) {
5566 		NL_SET_BAD_ATTR(extack, nla[NFTA_SET_TABLE]);
5567 		return PTR_ERR(table);
5568 	}
5569 
5570 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
5571 
5572 	set = nft_set_lookup(net, table, nla[NFTA_SET_NAME], genmask);
5573 	if (IS_ERR(set)) {
5574 		if (PTR_ERR(set) != -ENOENT) {
5575 			NL_SET_BAD_ATTR(extack, nla[NFTA_SET_NAME]);
5576 			return PTR_ERR(set);
5577 		}
5578 	} else {
5579 		struct nft_expr *exprs[NFT_SET_EXPR_MAX] = {};
5580 
5581 		if (info->nlh->nlmsg_flags & NLM_F_EXCL) {
5582 			NL_SET_BAD_ATTR(extack, nla[NFTA_SET_NAME]);
5583 			return -EEXIST;
5584 		}
5585 		if (info->nlh->nlmsg_flags & NLM_F_REPLACE)
5586 			return -EOPNOTSUPP;
5587 
5588 		if (nft_set_is_anonymous(set))
5589 			return -EOPNOTSUPP;
5590 
5591 		err = nft_set_expr_alloc(&ctx, set, nla, exprs, &num_exprs, flags);
5592 		if (err < 0)
5593 			return err;
5594 
5595 		if (desc.size)
5596 			desc.size = nft_set_kernel_size(set->ops, &desc);
5597 
5598 		err = 0;
5599 		if (!nft_set_is_same(set, &desc, exprs, num_exprs, flags)) {
5600 			NL_SET_BAD_ATTR(extack, nla[NFTA_SET_NAME]);
5601 			err = -EEXIST;
5602 		}
5603 
5604 		for (i = 0; i < num_exprs; i++)
5605 			nft_expr_destroy(&ctx, exprs[i]);
5606 
5607 		if (err < 0)
5608 			return err;
5609 
5610 		return __nft_trans_set_add(&ctx, NFT_MSG_NEWSET, set, &desc);
5611 	}
5612 
5613 	if (!(info->nlh->nlmsg_flags & NLM_F_CREATE))
5614 		return -ENOENT;
5615 
5616 	ops = nft_select_set_ops(&ctx, flags, &desc);
5617 	if (IS_ERR(ops))
5618 		return PTR_ERR(ops);
5619 
5620 	if (desc.size)
5621 		desc.size = nft_set_kernel_size(ops, &desc);
5622 
5623 	udlen = 0;
5624 	if (nla[NFTA_SET_USERDATA])
5625 		udlen = nla_len(nla[NFTA_SET_USERDATA]);
5626 
5627 	size = 0;
5628 	if (ops->privsize != NULL)
5629 		size = ops->privsize(nla, &desc);
5630 	alloc_size = sizeof(*set) + size + udlen;
5631 	if (alloc_size < size || alloc_size > INT_MAX)
5632 		return -ENOMEM;
5633 
5634 	if (!nft_use_inc(&table->use))
5635 		return -EMFILE;
5636 
5637 	set = kvzalloc(alloc_size, GFP_KERNEL_ACCOUNT);
5638 	if (!set) {
5639 		err = -ENOMEM;
5640 		goto err_alloc;
5641 	}
5642 
5643 	name = nla_strdup(nla[NFTA_SET_NAME], GFP_KERNEL_ACCOUNT);
5644 	if (!name) {
5645 		err = -ENOMEM;
5646 		goto err_set_name;
5647 	}
5648 
5649 	err = nf_tables_set_alloc_name(&ctx, set, name);
5650 	kfree(name);
5651 	if (err < 0)
5652 		goto err_set_name;
5653 
5654 	udata = NULL;
5655 	if (udlen) {
5656 		udata = set->data + size;
5657 		nla_memcpy(udata, nla[NFTA_SET_USERDATA], udlen);
5658 	}
5659 
5660 	INIT_LIST_HEAD(&set->bindings);
5661 	INIT_LIST_HEAD(&set->catchall_list);
5662 	refcount_set(&set->refs, 1);
5663 	set->table = table;
5664 	write_pnet(&set->net, net);
5665 	set->ops = ops;
5666 	set->ktype = desc.ktype;
5667 	set->klen = desc.klen;
5668 	set->dtype = desc.dtype;
5669 	set->objtype = desc.objtype;
5670 	set->dlen = desc.dlen;
5671 	set->flags = flags;
5672 	set->size = desc.size;
5673 	set->policy = desc.policy;
5674 	set->udlen = udlen;
5675 	set->udata = udata;
5676 	set->timeout = desc.timeout;
5677 	set->gc_int = desc.gc_int;
5678 
5679 	set->field_count = desc.field_count;
5680 	for (i = 0; i < desc.field_count; i++)
5681 		set->field_len[i] = desc.field_len[i];
5682 
5683 	err = ops->init(set, &desc, nla);
5684 	if (err < 0)
5685 		goto err_set_init;
5686 
5687 	err = nft_set_expr_alloc(&ctx, set, nla, set->exprs, &num_exprs, flags);
5688 	if (err < 0)
5689 		goto err_set_destroy;
5690 
5691 	set->num_exprs = num_exprs;
5692 	set->handle = nf_tables_alloc_handle(table);
5693 	INIT_LIST_HEAD(&set->pending_update);
5694 
5695 	err = nft_trans_set_add(&ctx, NFT_MSG_NEWSET, set);
5696 	if (err < 0)
5697 		goto err_set_expr_alloc;
5698 
5699 	list_add_tail_rcu(&set->list, &table->sets);
5700 
5701 	return 0;
5702 
5703 err_set_expr_alloc:
5704 	for (i = 0; i < set->num_exprs; i++)
5705 		nft_expr_destroy(&ctx, set->exprs[i]);
5706 err_set_destroy:
5707 	ops->destroy(&ctx, set);
5708 err_set_init:
5709 	kfree(set->name);
5710 err_set_name:
5711 	kvfree(set);
5712 err_alloc:
5713 	nft_use_dec_restore(&table->use);
5714 
5715 	return err;
5716 }
5717 
5718 static void nft_set_catchall_destroy(const struct nft_ctx *ctx,
5719 				     struct nft_set *set)
5720 {
5721 	struct nft_set_elem_catchall *next, *catchall;
5722 
5723 	list_for_each_entry_safe(catchall, next, &set->catchall_list, list) {
5724 		list_del_rcu(&catchall->list);
5725 		nf_tables_set_elem_destroy(ctx, set, catchall->elem);
5726 		kfree_rcu(catchall, rcu);
5727 	}
5728 }
5729 
5730 static void nft_set_put(struct nft_set *set)
5731 {
5732 	if (refcount_dec_and_test(&set->refs)) {
5733 		kfree(set->name);
5734 		kvfree(set);
5735 	}
5736 }
5737 
5738 static void nft_set_destroy(const struct nft_ctx *ctx, struct nft_set *set)
5739 {
5740 	int i;
5741 
5742 	if (WARN_ON(set->use > 0))
5743 		return;
5744 
5745 	for (i = 0; i < set->num_exprs; i++)
5746 		nft_expr_destroy(ctx, set->exprs[i]);
5747 
5748 	set->ops->destroy(ctx, set);
5749 	nft_set_catchall_destroy(ctx, set);
5750 	nft_set_put(set);
5751 }
5752 
5753 static int nf_tables_delset(struct sk_buff *skb, const struct nfnl_info *info,
5754 			    const struct nlattr * const nla[])
5755 {
5756 	struct netlink_ext_ack *extack = info->extack;
5757 	u8 genmask = nft_genmask_next(info->net);
5758 	u8 family = info->nfmsg->nfgen_family;
5759 	struct net *net = info->net;
5760 	const struct nlattr *attr;
5761 	struct nft_table *table;
5762 	struct nft_set *set;
5763 	struct nft_ctx ctx;
5764 
5765 	if (info->nfmsg->nfgen_family == NFPROTO_UNSPEC)
5766 		return -EAFNOSUPPORT;
5767 
5768 	table = nft_table_lookup(net, nla[NFTA_SET_TABLE], family,
5769 				 genmask, NETLINK_CB(skb).portid);
5770 	if (IS_ERR(table)) {
5771 		NL_SET_BAD_ATTR(extack, nla[NFTA_SET_TABLE]);
5772 		return PTR_ERR(table);
5773 	}
5774 
5775 	if (nla[NFTA_SET_HANDLE]) {
5776 		attr = nla[NFTA_SET_HANDLE];
5777 		set = nft_set_lookup_byhandle(table, attr, genmask);
5778 	} else {
5779 		attr = nla[NFTA_SET_NAME];
5780 		set = nft_set_lookup(net, table, attr, genmask);
5781 	}
5782 
5783 	if (IS_ERR(set)) {
5784 		if (PTR_ERR(set) == -ENOENT &&
5785 		    NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_DESTROYSET)
5786 			return 0;
5787 
5788 		NL_SET_BAD_ATTR(extack, attr);
5789 		return PTR_ERR(set);
5790 	}
5791 	if (set->use ||
5792 	    (info->nlh->nlmsg_flags & NLM_F_NONREC &&
5793 	     atomic_read(&set->nelems) > 0)) {
5794 		NL_SET_BAD_ATTR(extack, attr);
5795 		return -EBUSY;
5796 	}
5797 
5798 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
5799 
5800 	return nft_delset(&ctx, set);
5801 }
5802 
5803 static int nft_validate_register_store(const struct nft_ctx *ctx,
5804 				       enum nft_registers reg,
5805 				       const struct nft_data *data,
5806 				       enum nft_data_types type,
5807 				       unsigned int len);
5808 
5809 static int nft_setelem_data_validate(const struct nft_ctx *ctx,
5810 				     struct nft_set *set,
5811 				     struct nft_elem_priv *elem_priv)
5812 {
5813 	const struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
5814 	enum nft_registers dreg;
5815 
5816 	dreg = nft_type_to_reg(set->dtype);
5817 	return nft_validate_register_store(ctx, dreg, nft_set_ext_data(ext),
5818 					   set->dtype == NFT_DATA_VERDICT ?
5819 					   NFT_DATA_VERDICT : NFT_DATA_VALUE,
5820 					   set->dlen);
5821 }
5822 
5823 static int nf_tables_bind_check_setelem(const struct nft_ctx *ctx,
5824 					struct nft_set *set,
5825 					const struct nft_set_iter *iter,
5826 					struct nft_elem_priv *elem_priv)
5827 {
5828 	const struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
5829 
5830 	if (!nft_set_elem_active(ext, iter->genmask))
5831 		return 0;
5832 
5833 	return nft_setelem_data_validate(ctx, set, elem_priv);
5834 }
5835 
5836 static int nft_set_catchall_bind_check(const struct nft_ctx *ctx,
5837 				       struct nft_set *set)
5838 {
5839 	u8 genmask = nft_genmask_next(ctx->net);
5840 	struct nft_set_elem_catchall *catchall;
5841 	struct nft_set_ext *ext;
5842 	int ret = 0;
5843 
5844 	list_for_each_entry_rcu(catchall, &set->catchall_list, list,
5845 				lockdep_commit_lock_is_held(ctx->net)) {
5846 		ext = nft_set_elem_ext(set, catchall->elem);
5847 		if (!nft_set_elem_active(ext, genmask))
5848 			continue;
5849 
5850 		ret = nft_setelem_data_validate(ctx, set, catchall->elem);
5851 		if (ret < 0)
5852 			break;
5853 	}
5854 
5855 	return ret;
5856 }
5857 
5858 int nf_tables_bind_set(const struct nft_ctx *ctx, struct nft_set *set,
5859 		       struct nft_set_binding *binding)
5860 {
5861 	struct nft_set_binding *i;
5862 	struct nft_set_iter iter = {
5863 		.genmask	= nft_genmask_next(ctx->net),
5864 		.type		= NFT_ITER_UPDATE,
5865 		.fn		= nf_tables_bind_check_setelem,
5866 	};
5867 
5868 	if (!list_empty(&set->bindings) && nft_set_is_anonymous(set))
5869 		return -EBUSY;
5870 
5871 	if (binding->flags & NFT_SET_MAP) {
5872 		/* If the set is already bound to the same chain all
5873 		 * jumps are already validated for that chain.
5874 		 */
5875 		list_for_each_entry(i, &set->bindings, list) {
5876 			if (i->flags & NFT_SET_MAP &&
5877 			    i->chain == binding->chain)
5878 				goto bind;
5879 		}
5880 
5881 		set->ops->walk(ctx, set, &iter);
5882 		if (!iter.err)
5883 			iter.err = nft_set_catchall_bind_check(ctx, set);
5884 
5885 		if (iter.err < 0)
5886 			return iter.err;
5887 	}
5888 bind:
5889 	if (!nft_use_inc(&set->use))
5890 		return -EMFILE;
5891 
5892 	binding->chain = ctx->chain;
5893 	list_add_tail_rcu(&binding->list, &set->bindings);
5894 	nft_set_trans_bind(ctx, set);
5895 
5896 	return 0;
5897 }
5898 
5899 static void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set,
5900 				 struct nft_set_binding *binding, bool event)
5901 {
5902 	list_del_rcu(&binding->list);
5903 
5904 	if (list_empty(&set->bindings) && nft_set_is_anonymous(set)) {
5905 		list_del_rcu(&set->list);
5906 		set->dead = 1;
5907 		if (event)
5908 			nf_tables_set_notify(ctx, set, NFT_MSG_DELSET,
5909 					     GFP_KERNEL);
5910 	}
5911 }
5912 
5913 static void nft_setelem_data_activate(const struct net *net,
5914 				      const struct nft_set *set,
5915 				      struct nft_elem_priv *elem_priv);
5916 
5917 static int nft_mapelem_activate(const struct nft_ctx *ctx,
5918 				struct nft_set *set,
5919 				const struct nft_set_iter *iter,
5920 				struct nft_elem_priv *elem_priv)
5921 {
5922 	struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
5923 
5924 	/* called from abort path, reverse check to undo changes. */
5925 	if (nft_set_elem_active(ext, iter->genmask))
5926 		return 0;
5927 
5928 	nft_clear(ctx->net, ext);
5929 	nft_setelem_data_activate(ctx->net, set, elem_priv);
5930 
5931 	return 0;
5932 }
5933 
5934 static void nft_map_catchall_activate(const struct nft_ctx *ctx,
5935 				      struct nft_set *set)
5936 {
5937 	u8 genmask = nft_genmask_next(ctx->net);
5938 	struct nft_set_elem_catchall *catchall;
5939 	struct nft_set_ext *ext;
5940 
5941 	list_for_each_entry(catchall, &set->catchall_list, list) {
5942 		ext = nft_set_elem_ext(set, catchall->elem);
5943 		if (nft_set_elem_active(ext, genmask))
5944 			continue;
5945 
5946 		nft_clear(ctx->net, ext);
5947 		nft_setelem_data_activate(ctx->net, set, catchall->elem);
5948 	}
5949 }
5950 
5951 static void nft_map_activate(const struct nft_ctx *ctx, struct nft_set *set)
5952 {
5953 	struct nft_set_iter iter = {
5954 		.genmask	= nft_genmask_next(ctx->net),
5955 		.type		= NFT_ITER_UPDATE,
5956 		.fn		= nft_mapelem_activate,
5957 	};
5958 
5959 	set->ops->walk(ctx, set, &iter);
5960 	WARN_ON_ONCE(iter.err);
5961 
5962 	nft_map_catchall_activate(ctx, set);
5963 }
5964 
5965 void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set)
5966 {
5967 	if (nft_set_is_anonymous(set)) {
5968 		if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT))
5969 			nft_map_activate(ctx, set);
5970 
5971 		nft_clear(ctx->net, set);
5972 	}
5973 
5974 	nft_use_inc_restore(&set->use);
5975 }
5976 
5977 void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
5978 			      struct nft_set_binding *binding,
5979 			      enum nft_trans_phase phase)
5980 {
5981 	WARN_ON_ONCE(!lockdep_commit_lock_is_held(ctx->net));
5982 
5983 	switch (phase) {
5984 	case NFT_TRANS_PREPARE_ERROR:
5985 		nft_set_trans_unbind(ctx, set);
5986 		if (nft_set_is_anonymous(set))
5987 			nft_deactivate_next(ctx->net, set);
5988 		else
5989 			list_del_rcu(&binding->list);
5990 
5991 		nft_use_dec(&set->use);
5992 		break;
5993 	case NFT_TRANS_PREPARE:
5994 		if (nft_set_is_anonymous(set)) {
5995 			if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT))
5996 				nft_map_deactivate(ctx, set);
5997 
5998 			nft_deactivate_next(ctx->net, set);
5999 		}
6000 		nft_use_dec(&set->use);
6001 		return;
6002 	case NFT_TRANS_ABORT:
6003 	case NFT_TRANS_RELEASE:
6004 		if (nft_set_is_anonymous(set) &&
6005 		    set->flags & (NFT_SET_MAP | NFT_SET_OBJECT))
6006 			nft_map_deactivate(ctx, set);
6007 
6008 		nft_use_dec(&set->use);
6009 		fallthrough;
6010 	default:
6011 		nf_tables_unbind_set(ctx, set, binding,
6012 				     phase == NFT_TRANS_COMMIT);
6013 	}
6014 }
6015 
6016 void nf_tables_destroy_set(const struct nft_ctx *ctx, struct nft_set *set)
6017 {
6018 	if (list_empty(&set->bindings) && nft_set_is_anonymous(set))
6019 		nft_set_destroy(ctx, set);
6020 }
6021 
6022 const struct nft_set_ext_type nft_set_ext_types[] = {
6023 	[NFT_SET_EXT_KEY]		= {
6024 		.align	= __alignof__(u32),
6025 	},
6026 	[NFT_SET_EXT_DATA]		= {
6027 		.align	= __alignof__(u32),
6028 	},
6029 	[NFT_SET_EXT_EXPRESSIONS]	= {
6030 		.align	= __alignof__(struct nft_set_elem_expr),
6031 	},
6032 	[NFT_SET_EXT_OBJREF]		= {
6033 		.len	= sizeof(struct nft_object *),
6034 		.align	= __alignof__(struct nft_object *),
6035 	},
6036 	[NFT_SET_EXT_FLAGS]		= {
6037 		.len	= sizeof(u8),
6038 		.align	= __alignof__(u8),
6039 	},
6040 	[NFT_SET_EXT_TIMEOUT]		= {
6041 		.len	= sizeof(struct nft_timeout),
6042 		.align	= __alignof__(struct nft_timeout),
6043 	},
6044 	[NFT_SET_EXT_USERDATA]		= {
6045 		.len	= sizeof(struct nft_userdata),
6046 		.align	= __alignof__(struct nft_userdata),
6047 	},
6048 	[NFT_SET_EXT_KEY_END]		= {
6049 		.align	= __alignof__(u32),
6050 	},
6051 };
6052 
6053 /*
6054  * Set elements
6055  */
6056 
6057 static const struct nla_policy nft_set_elem_policy[NFTA_SET_ELEM_MAX + 1] = {
6058 	[NFTA_SET_ELEM_KEY]		= { .type = NLA_NESTED },
6059 	[NFTA_SET_ELEM_DATA]		= { .type = NLA_NESTED },
6060 	[NFTA_SET_ELEM_FLAGS]		= NLA_POLICY_MASK(NLA_BE32, NFT_SET_ELEM_INTERVAL_END |
6061 								    NFT_SET_ELEM_CATCHALL),
6062 	[NFTA_SET_ELEM_TIMEOUT]		= { .type = NLA_U64 },
6063 	[NFTA_SET_ELEM_EXPIRATION]	= { .type = NLA_U64 },
6064 	[NFTA_SET_ELEM_USERDATA]	= { .type = NLA_BINARY,
6065 					    .len = NFT_USERDATA_MAXLEN },
6066 	[NFTA_SET_ELEM_EXPR]		= { .type = NLA_NESTED },
6067 	[NFTA_SET_ELEM_OBJREF]		= { .type = NLA_STRING,
6068 					    .len = NFT_OBJ_MAXNAMELEN - 1 },
6069 	[NFTA_SET_ELEM_KEY_END]		= { .type = NLA_NESTED },
6070 	[NFTA_SET_ELEM_EXPRESSIONS]	= NLA_POLICY_NESTED_ARRAY(nft_expr_policy),
6071 };
6072 
6073 static const struct nla_policy nft_set_elem_list_policy[NFTA_SET_ELEM_LIST_MAX + 1] = {
6074 	[NFTA_SET_ELEM_LIST_TABLE]	= { .type = NLA_STRING,
6075 					    .len = NFT_TABLE_MAXNAMELEN - 1 },
6076 	[NFTA_SET_ELEM_LIST_SET]	= { .type = NLA_STRING,
6077 					    .len = NFT_SET_MAXNAMELEN - 1 },
6078 	[NFTA_SET_ELEM_LIST_ELEMENTS]	= NLA_POLICY_NESTED_ARRAY(nft_set_elem_policy),
6079 	[NFTA_SET_ELEM_LIST_SET_ID]	= { .type = NLA_U32 },
6080 };
6081 
6082 static int nft_set_elem_expr_dump(struct sk_buff *skb,
6083 				  const struct nft_set *set,
6084 				  const struct nft_set_ext *ext,
6085 				  bool reset)
6086 {
6087 	struct nft_set_elem_expr *elem_expr;
6088 	u32 size, num_exprs = 0;
6089 	struct nft_expr *expr;
6090 	struct nlattr *nest;
6091 
6092 	elem_expr = nft_set_ext_expr(ext);
6093 	nft_setelem_expr_foreach(expr, elem_expr, size)
6094 		num_exprs++;
6095 
6096 	if (num_exprs == 1) {
6097 		expr = nft_setelem_expr_at(elem_expr, 0);
6098 		if (nft_expr_dump(skb, NFTA_SET_ELEM_EXPR, expr, reset) < 0)
6099 			return -1;
6100 
6101 		return 0;
6102 	} else if (num_exprs > 1) {
6103 		nest = nla_nest_start_noflag(skb, NFTA_SET_ELEM_EXPRESSIONS);
6104 		if (nest == NULL)
6105 			goto nla_put_failure;
6106 
6107 		nft_setelem_expr_foreach(expr, elem_expr, size) {
6108 			expr = nft_setelem_expr_at(elem_expr, size);
6109 			if (nft_expr_dump(skb, NFTA_LIST_ELEM, expr, reset) < 0)
6110 				goto nla_put_failure;
6111 		}
6112 		nla_nest_end(skb, nest);
6113 	}
6114 	return 0;
6115 
6116 nla_put_failure:
6117 	return -1;
6118 }
6119 
6120 static int nf_tables_fill_setelem(struct sk_buff *skb,
6121 				  const struct nft_set *set,
6122 				  const struct nft_elem_priv *elem_priv,
6123 				  bool reset)
6124 {
6125 	const struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
6126 	unsigned char *b = skb_tail_pointer(skb);
6127 	struct nlattr *nest;
6128 
6129 	nest = nla_nest_start_noflag(skb, NFTA_LIST_ELEM);
6130 	if (nest == NULL)
6131 		goto nla_put_failure;
6132 
6133 	if (nft_set_ext_exists(ext, NFT_SET_EXT_KEY) &&
6134 	    nft_data_dump(skb, NFTA_SET_ELEM_KEY, nft_set_ext_key(ext),
6135 			  NFT_DATA_VALUE, set->klen) < 0)
6136 		goto nla_put_failure;
6137 
6138 	if (nft_set_ext_exists(ext, NFT_SET_EXT_KEY_END) &&
6139 	    nft_data_dump(skb, NFTA_SET_ELEM_KEY_END, nft_set_ext_key_end(ext),
6140 			  NFT_DATA_VALUE, set->klen) < 0)
6141 		goto nla_put_failure;
6142 
6143 	if (nft_set_ext_exists(ext, NFT_SET_EXT_DATA) &&
6144 	    nft_data_dump(skb, NFTA_SET_ELEM_DATA, nft_set_ext_data(ext),
6145 			  nft_set_datatype(set), set->dlen) < 0)
6146 		goto nla_put_failure;
6147 
6148 	if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPRESSIONS) &&
6149 	    nft_set_elem_expr_dump(skb, set, ext, reset))
6150 		goto nla_put_failure;
6151 
6152 	if (nft_set_ext_exists(ext, NFT_SET_EXT_OBJREF) &&
6153 	    nla_put_string(skb, NFTA_SET_ELEM_OBJREF,
6154 			   (*nft_set_ext_obj(ext))->key.name) < 0)
6155 		goto nla_put_failure;
6156 
6157 	if (nft_set_ext_exists(ext, NFT_SET_EXT_FLAGS) &&
6158 	    nla_put_be32(skb, NFTA_SET_ELEM_FLAGS,
6159 		         htonl(*nft_set_ext_flags(ext))))
6160 		goto nla_put_failure;
6161 
6162 	if (nft_set_ext_exists(ext, NFT_SET_EXT_TIMEOUT)) {
6163 		u64 timeout = READ_ONCE(nft_set_ext_timeout(ext)->timeout);
6164 		u64 set_timeout = READ_ONCE(set->timeout);
6165 		__be64 msecs = 0;
6166 
6167 		if (set_timeout != timeout) {
6168 			msecs = nf_jiffies64_to_msecs(timeout);
6169 			if (nla_put_be64(skb, NFTA_SET_ELEM_TIMEOUT, msecs,
6170 					 NFTA_SET_ELEM_PAD))
6171 				goto nla_put_failure;
6172 		}
6173 
6174 		if (timeout > 0) {
6175 			u64 expires, now = get_jiffies_64();
6176 
6177 			expires = READ_ONCE(nft_set_ext_timeout(ext)->expiration);
6178 			if (time_before64(now, expires))
6179 				expires -= now;
6180 			else
6181 				expires = 0;
6182 
6183 			if (nla_put_be64(skb, NFTA_SET_ELEM_EXPIRATION,
6184 					 nf_jiffies64_to_msecs(expires),
6185 					 NFTA_SET_ELEM_PAD))
6186 				goto nla_put_failure;
6187 		}
6188 	}
6189 
6190 	if (nft_set_ext_exists(ext, NFT_SET_EXT_USERDATA)) {
6191 		struct nft_userdata *udata;
6192 
6193 		udata = nft_set_ext_userdata(ext);
6194 		if (nla_put(skb, NFTA_SET_ELEM_USERDATA,
6195 			    udata->len + 1, udata->data))
6196 			goto nla_put_failure;
6197 	}
6198 
6199 	nla_nest_end(skb, nest);
6200 	return 0;
6201 
6202 nla_put_failure:
6203 	nlmsg_trim(skb, b);
6204 	return -EMSGSIZE;
6205 }
6206 
6207 struct nft_set_dump_args {
6208 	const struct netlink_callback	*cb;
6209 	struct nft_set_iter		iter;
6210 	struct sk_buff			*skb;
6211 	bool				reset;
6212 };
6213 
6214 static int nf_tables_dump_setelem(const struct nft_ctx *ctx,
6215 				  struct nft_set *set,
6216 				  const struct nft_set_iter *iter,
6217 				  struct nft_elem_priv *elem_priv)
6218 {
6219 	const struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
6220 	struct nft_set_dump_args *args;
6221 
6222 	if (!nft_set_elem_active(ext, iter->genmask))
6223 		return 0;
6224 
6225 	if (nft_set_elem_expired(ext) || nft_set_elem_is_dead(ext))
6226 		return 0;
6227 
6228 	args = container_of(iter, struct nft_set_dump_args, iter);
6229 	return nf_tables_fill_setelem(args->skb, set, elem_priv, args->reset);
6230 }
6231 
6232 static void audit_log_nft_set_reset(const struct nft_table *table,
6233 				    unsigned int base_seq,
6234 				    unsigned int nentries)
6235 {
6236 	char *buf = kasprintf(GFP_ATOMIC, "%s:%u", table->name, base_seq);
6237 
6238 	audit_log_nfcfg(buf, table->family, nentries,
6239 			AUDIT_NFT_OP_SETELEM_RESET, GFP_ATOMIC);
6240 	kfree(buf);
6241 }
6242 
6243 struct nft_set_dump_ctx {
6244 	const struct nft_set	*set;
6245 	struct nft_ctx		ctx;
6246 	bool			reset;
6247 };
6248 
6249 static int nft_set_catchall_dump(struct net *net, struct sk_buff *skb,
6250 				 const struct nft_set *set, bool reset,
6251 				 unsigned int base_seq)
6252 {
6253 	struct nft_set_elem_catchall *catchall;
6254 	u8 genmask = nft_genmask_cur(net);
6255 	struct nft_set_ext *ext;
6256 	int ret = 0;
6257 
6258 	list_for_each_entry_rcu(catchall, &set->catchall_list, list) {
6259 		ext = nft_set_elem_ext(set, catchall->elem);
6260 		if (!nft_set_elem_active(ext, genmask) ||
6261 		    nft_set_elem_expired(ext))
6262 			continue;
6263 
6264 		ret = nf_tables_fill_setelem(skb, set, catchall->elem, reset);
6265 		if (reset && !ret)
6266 			audit_log_nft_set_reset(set->table, base_seq, 1);
6267 		break;
6268 	}
6269 
6270 	return ret;
6271 }
6272 
6273 static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb)
6274 {
6275 	struct nft_set_dump_ctx *dump_ctx = cb->data;
6276 	struct net *net = sock_net(skb->sk);
6277 	struct nftables_pernet *nft_net;
6278 	struct nft_table *table;
6279 	struct nft_set *set;
6280 	struct nft_set_dump_args args = {
6281 		.cb = cb,
6282 		.skb = skb,
6283 		.reset = dump_ctx->reset,
6284 		.iter = {
6285 			.genmask = nft_genmask_cur(net),
6286 			.type = NFT_ITER_READ,
6287 			.skip = cb->args[0],
6288 			.fn = nf_tables_dump_setelem,
6289 		},
6290 	};
6291 	bool set_found = false;
6292 	struct nlmsghdr *nlh;
6293 	struct nlattr *nest;
6294 	u32 portid, seq;
6295 	int event;
6296 
6297 	rcu_read_lock();
6298 	nft_net = nft_pernet(net);
6299 	cb->seq = nft_base_seq(net);
6300 
6301 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
6302 		if (dump_ctx->ctx.family != NFPROTO_UNSPEC &&
6303 		    dump_ctx->ctx.family != table->family)
6304 			continue;
6305 
6306 		if (table != dump_ctx->ctx.table)
6307 			continue;
6308 
6309 		list_for_each_entry_rcu(set, &table->sets, list) {
6310 			if (set == dump_ctx->set) {
6311 				set_found = true;
6312 				break;
6313 			}
6314 		}
6315 		break;
6316 	}
6317 
6318 	if (!set_found) {
6319 		rcu_read_unlock();
6320 		return -ENOENT;
6321 	}
6322 
6323 	event  = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, NFT_MSG_NEWSETELEM);
6324 	portid = NETLINK_CB(cb->skb).portid;
6325 	seq    = cb->nlh->nlmsg_seq;
6326 
6327 	nlh = nfnl_msg_put(skb, portid, seq, event, NLM_F_MULTI,
6328 			   table->family, NFNETLINK_V0, nft_base_seq_be16(net));
6329 	if (!nlh)
6330 		goto nla_put_failure;
6331 
6332 	if (nla_put_string(skb, NFTA_SET_ELEM_LIST_TABLE, table->name))
6333 		goto nla_put_failure;
6334 	if (nla_put_string(skb, NFTA_SET_ELEM_LIST_SET, set->name))
6335 		goto nla_put_failure;
6336 
6337 	nest = nla_nest_start_noflag(skb, NFTA_SET_ELEM_LIST_ELEMENTS);
6338 	if (nest == NULL)
6339 		goto nla_put_failure;
6340 
6341 	set->ops->walk(&dump_ctx->ctx, set, &args.iter);
6342 
6343 	if (!args.iter.err && args.iter.count == cb->args[0])
6344 		args.iter.err = nft_set_catchall_dump(net, skb, set,
6345 						      dump_ctx->reset, cb->seq);
6346 	nla_nest_end(skb, nest);
6347 	nlmsg_end(skb, nlh);
6348 
6349 	if (dump_ctx->reset && args.iter.count > args.iter.skip)
6350 		audit_log_nft_set_reset(table, cb->seq,
6351 					args.iter.count - args.iter.skip);
6352 
6353 	rcu_read_unlock();
6354 
6355 	if (args.iter.err && args.iter.err != -EMSGSIZE)
6356 		return args.iter.err;
6357 	if (args.iter.count == cb->args[0])
6358 		return 0;
6359 
6360 	cb->args[0] = args.iter.count;
6361 	return skb->len;
6362 
6363 nla_put_failure:
6364 	rcu_read_unlock();
6365 	return -ENOSPC;
6366 }
6367 
6368 static int nf_tables_dump_set_start(struct netlink_callback *cb)
6369 {
6370 	struct nft_set_dump_ctx *dump_ctx = cb->data;
6371 
6372 	cb->data = kmemdup(dump_ctx, sizeof(*dump_ctx), GFP_ATOMIC);
6373 
6374 	return cb->data ? 0 : -ENOMEM;
6375 }
6376 
6377 static int nf_tables_dump_set_done(struct netlink_callback *cb)
6378 {
6379 	kfree(cb->data);
6380 	return 0;
6381 }
6382 
6383 static int nf_tables_fill_setelem_info(struct sk_buff *skb,
6384 				       const struct nft_ctx *ctx, u32 seq,
6385 				       u32 portid, int event, u16 flags,
6386 				       const struct nft_set *set,
6387 				       const struct nft_elem_priv *elem_priv,
6388 				       bool reset)
6389 {
6390 	struct nlmsghdr *nlh;
6391 	struct nlattr *nest;
6392 	int err;
6393 
6394 	event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event);
6395 	nlh = nfnl_msg_put(skb, portid, seq, event, flags, ctx->family,
6396 			   NFNETLINK_V0, nft_base_seq_be16(ctx->net));
6397 	if (!nlh)
6398 		goto nla_put_failure;
6399 
6400 	if (nla_put_string(skb, NFTA_SET_TABLE, ctx->table->name))
6401 		goto nla_put_failure;
6402 	if (nla_put_string(skb, NFTA_SET_NAME, set->name))
6403 		goto nla_put_failure;
6404 
6405 	nest = nla_nest_start_noflag(skb, NFTA_SET_ELEM_LIST_ELEMENTS);
6406 	if (nest == NULL)
6407 		goto nla_put_failure;
6408 
6409 	err = nf_tables_fill_setelem(skb, set, elem_priv, reset);
6410 	if (err < 0)
6411 		goto nla_put_failure;
6412 
6413 	nla_nest_end(skb, nest);
6414 
6415 	nlmsg_end(skb, nlh);
6416 	return 0;
6417 
6418 nla_put_failure:
6419 	nlmsg_trim(skb, nlh);
6420 	return -1;
6421 }
6422 
6423 static int nft_setelem_parse_flags(const struct nft_set *set,
6424 				   const struct nlattr *attr, u32 *flags)
6425 {
6426 	if (attr == NULL)
6427 		return 0;
6428 
6429 	*flags = ntohl(nla_get_be32(attr));
6430 	if (*flags & ~(NFT_SET_ELEM_INTERVAL_END | NFT_SET_ELEM_CATCHALL))
6431 		return -EOPNOTSUPP;
6432 	if (!(set->flags & NFT_SET_INTERVAL) &&
6433 	    *flags & NFT_SET_ELEM_INTERVAL_END)
6434 		return -EINVAL;
6435 	if ((*flags & (NFT_SET_ELEM_INTERVAL_END | NFT_SET_ELEM_CATCHALL)) ==
6436 	    (NFT_SET_ELEM_INTERVAL_END | NFT_SET_ELEM_CATCHALL))
6437 		return -EINVAL;
6438 
6439 	return 0;
6440 }
6441 
6442 static int nft_setelem_parse_key(struct nft_ctx *ctx, const struct nft_set *set,
6443 				 struct nft_data *key, struct nlattr *attr)
6444 {
6445 	struct nft_data_desc desc = {
6446 		.type	= NFT_DATA_VALUE,
6447 		.size	= NFT_DATA_VALUE_MAXLEN,
6448 		.len	= set->klen,
6449 	};
6450 
6451 	return nft_data_init(ctx, key, &desc, attr);
6452 }
6453 
6454 static int nft_setelem_parse_data(struct nft_ctx *ctx, struct nft_set *set,
6455 				  struct nft_data_desc *desc,
6456 				  struct nft_data *data,
6457 				  struct nlattr *attr)
6458 {
6459 	u32 dtype;
6460 
6461 	if (set->dtype == NFT_DATA_VERDICT)
6462 		dtype = NFT_DATA_VERDICT;
6463 	else
6464 		dtype = NFT_DATA_VALUE;
6465 
6466 	desc->type = dtype;
6467 	desc->size = NFT_DATA_VALUE_MAXLEN;
6468 	desc->len = set->dlen;
6469 	desc->flags = NFT_DATA_DESC_SETELEM;
6470 
6471 	return nft_data_init(ctx, data, desc, attr);
6472 }
6473 
6474 static void *nft_setelem_catchall_get(const struct net *net,
6475 				      const struct nft_set *set)
6476 {
6477 	struct nft_set_elem_catchall *catchall;
6478 	u8 genmask = nft_genmask_cur(net);
6479 	struct nft_set_ext *ext;
6480 	void *priv = NULL;
6481 
6482 	list_for_each_entry_rcu(catchall, &set->catchall_list, list) {
6483 		ext = nft_set_elem_ext(set, catchall->elem);
6484 		if (!nft_set_elem_active(ext, genmask) ||
6485 		    nft_set_elem_expired(ext))
6486 			continue;
6487 
6488 		priv = catchall->elem;
6489 		break;
6490 	}
6491 
6492 	return priv;
6493 }
6494 
6495 static int nft_setelem_get(struct nft_ctx *ctx, const struct nft_set *set,
6496 			   struct nft_set_elem *elem, u32 flags)
6497 {
6498 	void *priv;
6499 
6500 	if (!(flags & NFT_SET_ELEM_CATCHALL)) {
6501 		priv = set->ops->get(ctx->net, set, elem, flags);
6502 		if (IS_ERR(priv))
6503 			return PTR_ERR(priv);
6504 	} else {
6505 		priv = nft_setelem_catchall_get(ctx->net, set);
6506 		if (!priv)
6507 			return -ENOENT;
6508 	}
6509 	elem->priv = priv;
6510 
6511 	return 0;
6512 }
6513 
6514 static int nft_get_set_elem(struct nft_ctx *ctx, const struct nft_set *set,
6515 			    const struct nlattr *attr, bool reset)
6516 {
6517 	struct nlattr *nla[NFTA_SET_ELEM_MAX + 1];
6518 	struct nft_set_elem elem;
6519 	struct sk_buff *skb;
6520 	uint32_t flags = 0;
6521 	int err;
6522 
6523 	err = nla_parse_nested_deprecated(nla, NFTA_SET_ELEM_MAX, attr,
6524 					  nft_set_elem_policy, NULL);
6525 	if (err < 0)
6526 		return err;
6527 
6528 	err = nft_setelem_parse_flags(set, nla[NFTA_SET_ELEM_FLAGS], &flags);
6529 	if (err < 0)
6530 		return err;
6531 
6532 	if (!nla[NFTA_SET_ELEM_KEY] && !(flags & NFT_SET_ELEM_CATCHALL))
6533 		return -EINVAL;
6534 
6535 	if (nla[NFTA_SET_ELEM_KEY]) {
6536 		err = nft_setelem_parse_key(ctx, set, &elem.key.val,
6537 					    nla[NFTA_SET_ELEM_KEY]);
6538 		if (err < 0)
6539 			return err;
6540 	}
6541 
6542 	if (nla[NFTA_SET_ELEM_KEY_END]) {
6543 		err = nft_setelem_parse_key(ctx, set, &elem.key_end.val,
6544 					    nla[NFTA_SET_ELEM_KEY_END]);
6545 		if (err < 0)
6546 			return err;
6547 	}
6548 
6549 	err = nft_setelem_get(ctx, set, &elem, flags);
6550 	if (err < 0)
6551 		return err;
6552 
6553 	err = -ENOMEM;
6554 	skb = nlmsg_new(NLMSG_GOODSIZE, GFP_ATOMIC);
6555 	if (skb == NULL)
6556 		return err;
6557 
6558 	err = nf_tables_fill_setelem_info(skb, ctx, ctx->seq, ctx->portid,
6559 					  NFT_MSG_NEWSETELEM, 0, set, elem.priv,
6560 					  reset);
6561 	if (err < 0)
6562 		goto err_fill_setelem;
6563 
6564 	return nfnetlink_unicast(skb, ctx->net, ctx->portid);
6565 
6566 err_fill_setelem:
6567 	kfree_skb(skb);
6568 	return err;
6569 }
6570 
6571 static int nft_set_dump_ctx_init(struct nft_set_dump_ctx *dump_ctx,
6572 				 const struct sk_buff *skb,
6573 				 const struct nfnl_info *info,
6574 				 const struct nlattr * const nla[],
6575 				 bool reset)
6576 {
6577 	struct netlink_ext_ack *extack = info->extack;
6578 	u8 genmask = nft_genmask_cur(info->net);
6579 	u8 family = info->nfmsg->nfgen_family;
6580 	struct net *net = info->net;
6581 	struct nft_table *table;
6582 	struct nft_set *set;
6583 
6584 	table = nft_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE], family,
6585 				 genmask, 0);
6586 	if (IS_ERR(table)) {
6587 		NL_SET_BAD_ATTR(extack, nla[NFTA_SET_ELEM_LIST_TABLE]);
6588 		return PTR_ERR(table);
6589 	}
6590 
6591 	set = nft_set_lookup(net, table, nla[NFTA_SET_ELEM_LIST_SET], genmask);
6592 	if (IS_ERR(set)) {
6593 		NL_SET_BAD_ATTR(extack, nla[NFTA_SET_ELEM_LIST_SET]);
6594 		return PTR_ERR(set);
6595 	}
6596 
6597 	nft_ctx_init(&dump_ctx->ctx, net, skb,
6598 		     info->nlh, family, table, NULL, nla);
6599 	dump_ctx->set = set;
6600 	dump_ctx->reset = reset;
6601 	return 0;
6602 }
6603 
6604 /* called with rcu_read_lock held */
6605 static int nf_tables_getsetelem(struct sk_buff *skb,
6606 				const struct nfnl_info *info,
6607 				const struct nlattr * const nla[])
6608 {
6609 	struct netlink_ext_ack *extack = info->extack;
6610 	struct nft_set_dump_ctx dump_ctx;
6611 	int rem, err = 0, nelems = 0;
6612 	struct net *net = info->net;
6613 	struct nlattr *attr;
6614 	bool reset = false;
6615 
6616 	if (NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_GETSETELEM_RESET)
6617 		reset = true;
6618 
6619 	if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
6620 		struct netlink_dump_control c = {
6621 			.start = nf_tables_dump_set_start,
6622 			.dump = nf_tables_dump_set,
6623 			.done = nf_tables_dump_set_done,
6624 			.module = THIS_MODULE,
6625 		};
6626 
6627 		err = nft_set_dump_ctx_init(&dump_ctx, skb, info, nla, reset);
6628 		if (err)
6629 			return err;
6630 
6631 		c.data = &dump_ctx;
6632 		return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
6633 	}
6634 
6635 	if (!nla[NFTA_SET_ELEM_LIST_ELEMENTS])
6636 		return -EINVAL;
6637 
6638 	err = nft_set_dump_ctx_init(&dump_ctx, skb, info, nla, reset);
6639 	if (err)
6640 		return err;
6641 
6642 	nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
6643 		err = nft_get_set_elem(&dump_ctx.ctx, dump_ctx.set, attr, reset);
6644 		if (err < 0) {
6645 			NL_SET_BAD_ATTR(extack, attr);
6646 			break;
6647 		}
6648 		nelems++;
6649 	}
6650 	if (reset)
6651 		audit_log_nft_set_reset(dump_ctx.ctx.table, nft_base_seq(net),
6652 					nelems);
6653 
6654 	return err;
6655 }
6656 
6657 static void nf_tables_setelem_notify(const struct nft_ctx *ctx,
6658 				     const struct nft_set *set,
6659 				     const struct nft_elem_priv *elem_priv,
6660 				     int event)
6661 {
6662 	struct nftables_pernet *nft_net;
6663 	struct net *net = ctx->net;
6664 	u32 portid = ctx->portid;
6665 	struct sk_buff *skb;
6666 	u16 flags = 0;
6667 	int err;
6668 
6669 	if (!ctx->report && !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
6670 		return;
6671 
6672 	skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
6673 	if (skb == NULL)
6674 		goto err;
6675 
6676 	if (ctx->flags & (NLM_F_CREATE | NLM_F_EXCL))
6677 		flags |= ctx->flags & (NLM_F_CREATE | NLM_F_EXCL);
6678 
6679 	err = nf_tables_fill_setelem_info(skb, ctx, 0, portid, event, flags,
6680 					  set, elem_priv, false);
6681 	if (err < 0) {
6682 		kfree_skb(skb);
6683 		goto err;
6684 	}
6685 
6686 	nft_net = nft_pernet(net);
6687 	nft_notify_enqueue(skb, ctx->report, &nft_net->notify_list);
6688 	return;
6689 err:
6690 	nfnetlink_set_err(net, portid, NFNLGRP_NFTABLES, -ENOBUFS);
6691 }
6692 
6693 static struct nft_trans *nft_trans_elem_alloc(const struct nft_ctx *ctx,
6694 					      int msg_type,
6695 					      struct nft_set *set)
6696 {
6697 	struct nft_trans_elem *te;
6698 	struct nft_trans *trans;
6699 
6700 	trans = nft_trans_alloc(ctx, msg_type, struct_size(te, elems, 1));
6701 	if (trans == NULL)
6702 		return NULL;
6703 
6704 	te = nft_trans_container_elem(trans);
6705 	te->nelems = 1;
6706 	te->set = set;
6707 
6708 	return trans;
6709 }
6710 
6711 struct nft_expr *nft_set_elem_expr_alloc(const struct nft_ctx *ctx,
6712 					 const struct nft_set *set,
6713 					 const struct nlattr *attr)
6714 {
6715 	struct nft_expr *expr;
6716 	int err;
6717 
6718 	expr = nft_expr_init(ctx, attr);
6719 	if (IS_ERR(expr))
6720 		return expr;
6721 
6722 	err = -EOPNOTSUPP;
6723 	if (expr->ops->type->flags & NFT_EXPR_GC) {
6724 		if (set->flags & NFT_SET_TIMEOUT)
6725 			goto err_set_elem_expr;
6726 		if (!set->ops->gc_init)
6727 			goto err_set_elem_expr;
6728 		set->ops->gc_init(set);
6729 	}
6730 
6731 	return expr;
6732 
6733 err_set_elem_expr:
6734 	nft_expr_destroy(ctx, expr);
6735 	return ERR_PTR(err);
6736 }
6737 
6738 static int nft_set_ext_check(const struct nft_set_ext_tmpl *tmpl, u8 id, u32 len)
6739 {
6740 	len += nft_set_ext_types[id].len;
6741 	if (len > tmpl->ext_len[id] ||
6742 	    len > U8_MAX)
6743 		return -1;
6744 
6745 	return 0;
6746 }
6747 
6748 static int nft_set_ext_memcpy(const struct nft_set_ext_tmpl *tmpl, u8 id,
6749 			      void *to, const void *from, u32 len)
6750 {
6751 	if (nft_set_ext_check(tmpl, id, len) < 0)
6752 		return -1;
6753 
6754 	memcpy(to, from, len);
6755 
6756 	return 0;
6757 }
6758 
6759 struct nft_elem_priv *nft_set_elem_init(const struct nft_set *set,
6760 					const struct nft_set_ext_tmpl *tmpl,
6761 					const u32 *key, const u32 *key_end,
6762 					const u32 *data,
6763 					u64 timeout, u64 expiration, gfp_t gfp)
6764 {
6765 	struct nft_set_ext *ext;
6766 	void *elem;
6767 
6768 	elem = kzalloc(set->ops->elemsize + tmpl->len, gfp);
6769 	if (elem == NULL)
6770 		return ERR_PTR(-ENOMEM);
6771 
6772 	ext = nft_set_elem_ext(set, elem);
6773 	nft_set_ext_init(ext, tmpl);
6774 
6775 	if (nft_set_ext_exists(ext, NFT_SET_EXT_KEY) &&
6776 	    nft_set_ext_memcpy(tmpl, NFT_SET_EXT_KEY,
6777 			       nft_set_ext_key(ext), key, set->klen) < 0)
6778 		goto err_ext_check;
6779 
6780 	if (nft_set_ext_exists(ext, NFT_SET_EXT_KEY_END) &&
6781 	    nft_set_ext_memcpy(tmpl, NFT_SET_EXT_KEY_END,
6782 			       nft_set_ext_key_end(ext), key_end, set->klen) < 0)
6783 		goto err_ext_check;
6784 
6785 	if (nft_set_ext_exists(ext, NFT_SET_EXT_DATA) &&
6786 	    nft_set_ext_memcpy(tmpl, NFT_SET_EXT_DATA,
6787 			       nft_set_ext_data(ext), data, set->dlen) < 0)
6788 		goto err_ext_check;
6789 
6790 	if (nft_set_ext_exists(ext, NFT_SET_EXT_TIMEOUT)) {
6791 		nft_set_ext_timeout(ext)->timeout = timeout;
6792 
6793 		if (expiration == 0)
6794 			expiration = timeout;
6795 
6796 		nft_set_ext_timeout(ext)->expiration = get_jiffies_64() + expiration;
6797 	}
6798 
6799 	return elem;
6800 
6801 err_ext_check:
6802 	kfree(elem);
6803 
6804 	return ERR_PTR(-EINVAL);
6805 }
6806 
6807 static void __nft_set_elem_expr_destroy(const struct nft_ctx *ctx,
6808 					struct nft_expr *expr)
6809 {
6810 	if (expr->ops->destroy_clone) {
6811 		expr->ops->destroy_clone(ctx, expr);
6812 		module_put(expr->ops->type->owner);
6813 	} else {
6814 		nf_tables_expr_destroy(ctx, expr);
6815 	}
6816 }
6817 
6818 void nft_set_elem_expr_destroy(const struct nft_ctx *ctx,
6819 			       struct nft_set_elem_expr *elem_expr)
6820 {
6821 	struct nft_expr *expr;
6822 	u32 size;
6823 
6824 	nft_setelem_expr_foreach(expr, elem_expr, size)
6825 		__nft_set_elem_expr_destroy(ctx, expr);
6826 }
6827 
6828 /* Drop references and destroy. Called from gc, dynset and abort path. */
6829 static void __nft_set_elem_destroy(const struct nft_ctx *ctx,
6830 				   const struct nft_set *set,
6831 				   const struct nft_elem_priv *elem_priv,
6832 				   bool destroy_expr)
6833 {
6834 	struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
6835 
6836 	nft_data_release(nft_set_ext_key(ext), NFT_DATA_VALUE);
6837 	if (nft_set_ext_exists(ext, NFT_SET_EXT_DATA))
6838 		nft_data_release(nft_set_ext_data(ext), set->dtype);
6839 	if (destroy_expr && nft_set_ext_exists(ext, NFT_SET_EXT_EXPRESSIONS))
6840 		nft_set_elem_expr_destroy(ctx, nft_set_ext_expr(ext));
6841 	if (nft_set_ext_exists(ext, NFT_SET_EXT_OBJREF))
6842 		nft_use_dec(&(*nft_set_ext_obj(ext))->use);
6843 
6844 	kfree(elem_priv);
6845 }
6846 
6847 /* Drop references and destroy. Called from gc and dynset. */
6848 void nft_set_elem_destroy(const struct nft_set *set,
6849 			  const struct nft_elem_priv *elem_priv,
6850 			  bool destroy_expr)
6851 {
6852 	struct nft_ctx ctx = {
6853 		.net	= read_pnet(&set->net),
6854 		.family	= set->table->family,
6855 	};
6856 
6857 	__nft_set_elem_destroy(&ctx, set, elem_priv, destroy_expr);
6858 }
6859 
6860 /* Drop references and destroy. Called from abort path. */
6861 static void nft_trans_set_elem_destroy(const struct nft_ctx *ctx, struct nft_trans_elem *te)
6862 {
6863 	int i;
6864 
6865 	for (i = 0; i < te->nelems; i++) {
6866 		/* skip update request, see nft_trans_elems_new_abort() */
6867 		if (!te->elems[i].priv)
6868 			continue;
6869 
6870 		__nft_set_elem_destroy(ctx, te->set, te->elems[i].priv, true);
6871 	}
6872 }
6873 
6874 /* Destroy element. References have been already dropped in the preparation
6875  * path via nft_setelem_data_deactivate().
6876  */
6877 void nf_tables_set_elem_destroy(const struct nft_ctx *ctx,
6878 				const struct nft_set *set,
6879 				const struct nft_elem_priv *elem_priv)
6880 {
6881 	struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
6882 
6883 	if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPRESSIONS))
6884 		nft_set_elem_expr_destroy(ctx, nft_set_ext_expr(ext));
6885 
6886 	kfree(elem_priv);
6887 }
6888 
6889 static void nft_trans_elems_destroy(const struct nft_ctx *ctx,
6890 				    const struct nft_trans_elem *te)
6891 {
6892 	int i;
6893 
6894 	for (i = 0; i < te->nelems; i++)
6895 		nf_tables_set_elem_destroy(ctx, te->set, te->elems[i].priv);
6896 }
6897 
6898 int nft_set_elem_expr_clone(const struct nft_ctx *ctx, struct nft_set *set,
6899 			    struct nft_expr *expr_array[])
6900 {
6901 	struct nft_expr *expr;
6902 	int err, i, k;
6903 
6904 	for (i = 0; i < set->num_exprs; i++) {
6905 		expr = kzalloc(set->exprs[i]->ops->size, GFP_KERNEL_ACCOUNT);
6906 		if (!expr)
6907 			goto err_expr;
6908 
6909 		err = nft_expr_clone(expr, set->exprs[i], GFP_KERNEL_ACCOUNT);
6910 		if (err < 0) {
6911 			kfree(expr);
6912 			goto err_expr;
6913 		}
6914 		expr_array[i] = expr;
6915 	}
6916 
6917 	return 0;
6918 
6919 err_expr:
6920 	for (k = i - 1; k >= 0; k--)
6921 		nft_expr_destroy(ctx, expr_array[k]);
6922 
6923 	return -ENOMEM;
6924 }
6925 
6926 static int nft_set_elem_expr_setup(struct nft_ctx *ctx,
6927 				   const struct nft_set_ext_tmpl *tmpl,
6928 				   const struct nft_set_ext *ext,
6929 				   struct nft_expr *expr_array[],
6930 				   u32 num_exprs)
6931 {
6932 	struct nft_set_elem_expr *elem_expr = nft_set_ext_expr(ext);
6933 	u32 len = sizeof(struct nft_set_elem_expr);
6934 	struct nft_expr *expr;
6935 	int i, err;
6936 
6937 	if (num_exprs == 0)
6938 		return 0;
6939 
6940 	for (i = 0; i < num_exprs; i++)
6941 		len += expr_array[i]->ops->size;
6942 
6943 	if (nft_set_ext_check(tmpl, NFT_SET_EXT_EXPRESSIONS, len) < 0)
6944 		return -EINVAL;
6945 
6946 	for (i = 0; i < num_exprs; i++) {
6947 		expr = nft_setelem_expr_at(elem_expr, elem_expr->size);
6948 		err = nft_expr_clone(expr, expr_array[i], GFP_KERNEL_ACCOUNT);
6949 		if (err < 0)
6950 			goto err_elem_expr_setup;
6951 
6952 		elem_expr->size += expr_array[i]->ops->size;
6953 		nft_expr_destroy(ctx, expr_array[i]);
6954 		expr_array[i] = NULL;
6955 	}
6956 
6957 	return 0;
6958 
6959 err_elem_expr_setup:
6960 	for (; i < num_exprs; i++) {
6961 		nft_expr_destroy(ctx, expr_array[i]);
6962 		expr_array[i] = NULL;
6963 	}
6964 
6965 	return -ENOMEM;
6966 }
6967 
6968 struct nft_set_ext *nft_set_catchall_lookup(const struct net *net,
6969 					    const struct nft_set *set)
6970 {
6971 	struct nft_set_elem_catchall *catchall;
6972 	u8 genmask = nft_genmask_cur(net);
6973 	struct nft_set_ext *ext;
6974 
6975 	list_for_each_entry_rcu(catchall, &set->catchall_list, list) {
6976 		ext = nft_set_elem_ext(set, catchall->elem);
6977 		if (nft_set_elem_active(ext, genmask) &&
6978 		    !nft_set_elem_expired(ext) &&
6979 		    !nft_set_elem_is_dead(ext))
6980 			return ext;
6981 	}
6982 
6983 	return NULL;
6984 }
6985 
6986 static int nft_setelem_catchall_insert(const struct net *net,
6987 				       struct nft_set *set,
6988 				       const struct nft_set_elem *elem,
6989 				       struct nft_elem_priv **priv)
6990 {
6991 	struct nft_set_elem_catchall *catchall;
6992 	u8 genmask = nft_genmask_next(net);
6993 	struct nft_set_ext *ext;
6994 
6995 	list_for_each_entry(catchall, &set->catchall_list, list) {
6996 		ext = nft_set_elem_ext(set, catchall->elem);
6997 		if (nft_set_elem_active(ext, genmask)) {
6998 			*priv = catchall->elem;
6999 			return -EEXIST;
7000 		}
7001 	}
7002 
7003 	catchall = kmalloc_obj(*catchall, GFP_KERNEL_ACCOUNT);
7004 	if (!catchall)
7005 		return -ENOMEM;
7006 
7007 	catchall->elem = elem->priv;
7008 	list_add_tail_rcu(&catchall->list, &set->catchall_list);
7009 
7010 	return 0;
7011 }
7012 
7013 static int nft_setelem_insert(const struct net *net,
7014 			      struct nft_set *set,
7015 			      const struct nft_set_elem *elem,
7016 			      struct nft_elem_priv **elem_priv,
7017 			      unsigned int flags)
7018 {
7019 	int ret;
7020 
7021 	if (flags & NFT_SET_ELEM_CATCHALL)
7022 		ret = nft_setelem_catchall_insert(net, set, elem, elem_priv);
7023 	else
7024 		ret = set->ops->insert(net, set, elem, elem_priv);
7025 
7026 	return ret;
7027 }
7028 
7029 static bool nft_setelem_is_catchall(const struct nft_set *set,
7030 				    const struct nft_elem_priv *elem_priv)
7031 {
7032 	struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
7033 
7034 	if (nft_set_ext_exists(ext, NFT_SET_EXT_FLAGS) &&
7035 	    *nft_set_ext_flags(ext) & NFT_SET_ELEM_CATCHALL)
7036 		return true;
7037 
7038 	return false;
7039 }
7040 
7041 static void nft_setelem_activate(struct net *net, struct nft_set *set,
7042 				 struct nft_elem_priv *elem_priv)
7043 {
7044 	struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
7045 
7046 	if (nft_setelem_is_catchall(set, elem_priv)) {
7047 		nft_clear(net, ext);
7048 	} else {
7049 		set->ops->activate(net, set, elem_priv);
7050 	}
7051 }
7052 
7053 static void nft_trans_elem_update(const struct nft_set *set,
7054 				  const struct nft_trans_one_elem *elem)
7055 {
7056 	const struct nft_set_ext *ext = nft_set_elem_ext(set, elem->priv);
7057 	const struct nft_elem_update *update = elem->update;
7058 
7059 	if (update->flags & NFT_TRANS_UPD_TIMEOUT)
7060 		WRITE_ONCE(nft_set_ext_timeout(ext)->timeout, update->timeout);
7061 
7062 	if (update->flags & NFT_TRANS_UPD_EXPIRATION)
7063 		WRITE_ONCE(nft_set_ext_timeout(ext)->expiration, get_jiffies_64() + update->expiration);
7064 }
7065 
7066 static void nft_trans_elems_add(const struct nft_ctx *ctx,
7067 				struct nft_trans_elem *te)
7068 {
7069 	int i;
7070 
7071 	for (i = 0; i < te->nelems; i++) {
7072 		struct nft_trans_one_elem *elem = &te->elems[i];
7073 
7074 		if (elem->update)
7075 			nft_trans_elem_update(te->set, elem);
7076 		else
7077 			nft_setelem_activate(ctx->net, te->set, elem->priv);
7078 
7079 		nf_tables_setelem_notify(ctx, te->set, elem->priv,
7080 					 NFT_MSG_NEWSETELEM);
7081 		kfree(elem->update);
7082 	}
7083 }
7084 
7085 static int nft_setelem_catchall_deactivate(const struct net *net,
7086 					   struct nft_set *set,
7087 					   struct nft_set_elem *elem)
7088 {
7089 	struct nft_set_elem_catchall *catchall;
7090 	struct nft_set_ext *ext;
7091 
7092 	list_for_each_entry(catchall, &set->catchall_list, list) {
7093 		ext = nft_set_elem_ext(set, catchall->elem);
7094 		if (!nft_is_active_next(net, ext))
7095 			continue;
7096 
7097 		kfree(elem->priv);
7098 		elem->priv = catchall->elem;
7099 		nft_set_elem_change_active(net, set, ext);
7100 		return 0;
7101 	}
7102 
7103 	return -ENOENT;
7104 }
7105 
7106 static int __nft_setelem_deactivate(const struct net *net,
7107 				    struct nft_set *set,
7108 				    struct nft_set_elem *elem)
7109 {
7110 	void *priv;
7111 
7112 	priv = set->ops->deactivate(net, set, elem);
7113 	if (!priv)
7114 		return -ENOENT;
7115 
7116 	kfree(elem->priv);
7117 	elem->priv = priv;
7118 	set->ndeact++;
7119 
7120 	return 0;
7121 }
7122 
7123 static int nft_setelem_deactivate(const struct net *net,
7124 				  struct nft_set *set,
7125 				  struct nft_set_elem *elem, u32 flags)
7126 {
7127 	int ret;
7128 
7129 	if (flags & NFT_SET_ELEM_CATCHALL)
7130 		ret = nft_setelem_catchall_deactivate(net, set, elem);
7131 	else
7132 		ret = __nft_setelem_deactivate(net, set, elem);
7133 
7134 	return ret;
7135 }
7136 
7137 static void nft_setelem_catchall_destroy(struct nft_set_elem_catchall *catchall)
7138 {
7139 	list_del_rcu(&catchall->list);
7140 	kfree_rcu(catchall, rcu);
7141 }
7142 
7143 static void nft_setelem_catchall_remove(const struct net *net,
7144 					const struct nft_set *set,
7145 					struct nft_elem_priv *elem_priv)
7146 {
7147 	struct nft_set_elem_catchall *catchall, *next;
7148 
7149 	list_for_each_entry_safe(catchall, next, &set->catchall_list, list) {
7150 		if (catchall->elem == elem_priv) {
7151 			nft_setelem_catchall_destroy(catchall);
7152 			break;
7153 		}
7154 	}
7155 }
7156 
7157 static void nft_setelem_remove(const struct net *net,
7158 			       const struct nft_set *set,
7159 			       struct nft_elem_priv *elem_priv)
7160 {
7161 	if (nft_setelem_is_catchall(set, elem_priv))
7162 		nft_setelem_catchall_remove(net, set, elem_priv);
7163 	else
7164 		set->ops->remove(net, set, elem_priv);
7165 }
7166 
7167 static void nft_trans_elems_remove(const struct nft_ctx *ctx,
7168 				   const struct nft_trans_elem *te)
7169 {
7170 	int i;
7171 
7172 	for (i = 0; i < te->nelems; i++) {
7173 		WARN_ON_ONCE(te->elems[i].update);
7174 
7175 		nf_tables_setelem_notify(ctx, te->set,
7176 					 te->elems[i].priv,
7177 					 te->nft_trans.msg_type);
7178 
7179 		nft_setelem_remove(ctx->net, te->set, te->elems[i].priv);
7180 		if (!nft_setelem_is_catchall(te->set, te->elems[i].priv)) {
7181 			atomic_dec(&te->set->nelems);
7182 			te->set->ndeact--;
7183 		}
7184 	}
7185 }
7186 
7187 static bool nft_setelem_valid_key_end(const struct nft_set *set,
7188 				      struct nlattr **nla, u32 flags)
7189 {
7190 	if ((set->flags & (NFT_SET_CONCAT | NFT_SET_INTERVAL)) ==
7191 			  (NFT_SET_CONCAT | NFT_SET_INTERVAL)) {
7192 		if (flags & NFT_SET_ELEM_INTERVAL_END)
7193 			return false;
7194 
7195 		if (nla[NFTA_SET_ELEM_KEY_END] &&
7196 		    flags & NFT_SET_ELEM_CATCHALL)
7197 			return false;
7198 	} else {
7199 		if (nla[NFTA_SET_ELEM_KEY_END])
7200 			return false;
7201 	}
7202 
7203 	return true;
7204 }
7205 
7206 static u32 nft_set_maxsize(const struct nft_set *set)
7207 {
7208 	u32 maxsize, delta;
7209 
7210 	if (!set->size)
7211 		return UINT_MAX;
7212 
7213 	if (set->ops->adjust_maxsize)
7214 		delta = set->ops->adjust_maxsize(set);
7215 	else
7216 		delta = 0;
7217 
7218 	if (check_add_overflow(set->size, set->ndeact, &maxsize))
7219 		return UINT_MAX;
7220 
7221 	if (check_add_overflow(maxsize, delta, &maxsize))
7222 		return UINT_MAX;
7223 
7224 	return maxsize;
7225 }
7226 
7227 static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set,
7228 			    const struct nlattr *attr, u32 nlmsg_flags)
7229 {
7230 	struct nft_expr *expr_array[NFT_SET_EXPR_MAX] = {};
7231 	struct nlattr *nla[NFTA_SET_ELEM_MAX + 1];
7232 	u8 genmask = nft_genmask_next(ctx->net);
7233 	u32 flags = 0, size = 0, num_exprs = 0;
7234 	struct nft_set_ext_tmpl tmpl;
7235 	struct nft_set_ext *ext, *ext2;
7236 	struct nft_set_elem elem;
7237 	struct nft_set_binding *binding;
7238 	struct nft_elem_priv *elem_priv;
7239 	struct nft_object *obj = NULL;
7240 	struct nft_userdata *udata;
7241 	struct nft_data_desc desc;
7242 	enum nft_registers dreg;
7243 	struct nft_trans *trans;
7244 	bool set_full = false;
7245 	u64 expiration;
7246 	u64 timeout;
7247 	int err, i;
7248 	u8 ulen;
7249 
7250 	err = nla_parse_nested_deprecated(nla, NFTA_SET_ELEM_MAX, attr,
7251 					  nft_set_elem_policy, NULL);
7252 	if (err < 0)
7253 		return err;
7254 
7255 	nft_set_ext_prepare(&tmpl);
7256 
7257 	err = nft_setelem_parse_flags(set, nla[NFTA_SET_ELEM_FLAGS], &flags);
7258 	if (err < 0)
7259 		return err;
7260 
7261 	if (((flags & NFT_SET_ELEM_CATCHALL) && nla[NFTA_SET_ELEM_KEY]) ||
7262 	    (!(flags & NFT_SET_ELEM_CATCHALL) && !nla[NFTA_SET_ELEM_KEY]))
7263 		return -EINVAL;
7264 
7265 	if (flags != 0) {
7266 		err = nft_set_ext_add(&tmpl, NFT_SET_EXT_FLAGS);
7267 		if (err < 0)
7268 			return err;
7269 	}
7270 
7271 	if (set->flags & NFT_SET_MAP) {
7272 		if (nla[NFTA_SET_ELEM_DATA] == NULL &&
7273 		    !(flags & NFT_SET_ELEM_INTERVAL_END))
7274 			return -EINVAL;
7275 	} else {
7276 		if (nla[NFTA_SET_ELEM_DATA] != NULL)
7277 			return -EINVAL;
7278 	}
7279 
7280 	if (set->flags & NFT_SET_OBJECT) {
7281 		if (!nla[NFTA_SET_ELEM_OBJREF] &&
7282 		    !(flags & NFT_SET_ELEM_INTERVAL_END))
7283 			return -EINVAL;
7284 	} else {
7285 		if (nla[NFTA_SET_ELEM_OBJREF])
7286 			return -EINVAL;
7287 	}
7288 
7289 	if (!nft_setelem_valid_key_end(set, nla, flags))
7290 		return -EINVAL;
7291 
7292 	if ((flags & NFT_SET_ELEM_INTERVAL_END) &&
7293 	     (nla[NFTA_SET_ELEM_DATA] ||
7294 	      nla[NFTA_SET_ELEM_OBJREF] ||
7295 	      nla[NFTA_SET_ELEM_TIMEOUT] ||
7296 	      nla[NFTA_SET_ELEM_EXPIRATION] ||
7297 	      nla[NFTA_SET_ELEM_USERDATA] ||
7298 	      nla[NFTA_SET_ELEM_EXPR] ||
7299 	      nla[NFTA_SET_ELEM_KEY_END] ||
7300 	      nla[NFTA_SET_ELEM_EXPRESSIONS]))
7301 		return -EINVAL;
7302 
7303 	timeout = 0;
7304 	if (nla[NFTA_SET_ELEM_TIMEOUT] != NULL) {
7305 		if (!(set->flags & NFT_SET_TIMEOUT))
7306 			return -EINVAL;
7307 		err = nf_msecs_to_jiffies64(nla[NFTA_SET_ELEM_TIMEOUT],
7308 					    &timeout);
7309 		if (err)
7310 			return err;
7311 	} else if (set->flags & NFT_SET_TIMEOUT &&
7312 		   !(flags & NFT_SET_ELEM_INTERVAL_END)) {
7313 		timeout = set->timeout;
7314 	}
7315 
7316 	expiration = 0;
7317 	if (nla[NFTA_SET_ELEM_EXPIRATION] != NULL) {
7318 		if (!(set->flags & NFT_SET_TIMEOUT))
7319 			return -EINVAL;
7320 		if (timeout == 0)
7321 			return -EOPNOTSUPP;
7322 
7323 		err = nf_msecs_to_jiffies64(nla[NFTA_SET_ELEM_EXPIRATION],
7324 					    &expiration);
7325 		if (err)
7326 			return err;
7327 
7328 		if (expiration > timeout)
7329 			return -ERANGE;
7330 	}
7331 
7332 	if (nla[NFTA_SET_ELEM_EXPR]) {
7333 		struct nft_expr *expr;
7334 
7335 		if (set->num_exprs && set->num_exprs != 1)
7336 			return -EOPNOTSUPP;
7337 
7338 		expr = nft_set_elem_expr_alloc(ctx, set,
7339 					       nla[NFTA_SET_ELEM_EXPR]);
7340 		if (IS_ERR(expr))
7341 			return PTR_ERR(expr);
7342 
7343 		expr_array[0] = expr;
7344 		num_exprs = 1;
7345 
7346 		if (set->num_exprs && set->exprs[0]->ops != expr->ops) {
7347 			err = -EOPNOTSUPP;
7348 			goto err_set_elem_expr;
7349 		}
7350 	} else if (nla[NFTA_SET_ELEM_EXPRESSIONS]) {
7351 		struct nft_expr *expr;
7352 		struct nlattr *tmp;
7353 		int left;
7354 
7355 		i = 0;
7356 		nla_for_each_nested(tmp, nla[NFTA_SET_ELEM_EXPRESSIONS], left) {
7357 			if (i == NFT_SET_EXPR_MAX ||
7358 			    (set->num_exprs && set->num_exprs == i)) {
7359 				err = -E2BIG;
7360 				goto err_set_elem_expr;
7361 			}
7362 			if (nla_type(tmp) != NFTA_LIST_ELEM) {
7363 				err = -EINVAL;
7364 				goto err_set_elem_expr;
7365 			}
7366 			expr = nft_set_elem_expr_alloc(ctx, set, tmp);
7367 			if (IS_ERR(expr)) {
7368 				err = PTR_ERR(expr);
7369 				goto err_set_elem_expr;
7370 			}
7371 			expr_array[i] = expr;
7372 			num_exprs++;
7373 
7374 			if (set->num_exprs && expr->ops != set->exprs[i]->ops) {
7375 				err = -EOPNOTSUPP;
7376 				goto err_set_elem_expr;
7377 			}
7378 			i++;
7379 		}
7380 		if (set->num_exprs && set->num_exprs != i) {
7381 			err = -EOPNOTSUPP;
7382 			goto err_set_elem_expr;
7383 		}
7384 	} else if (set->num_exprs > 0 &&
7385 		   !(flags & NFT_SET_ELEM_INTERVAL_END)) {
7386 		err = nft_set_elem_expr_clone(ctx, set, expr_array);
7387 		if (err < 0)
7388 			goto err_set_elem_expr_clone;
7389 
7390 		num_exprs = set->num_exprs;
7391 	}
7392 
7393 	if (nla[NFTA_SET_ELEM_KEY]) {
7394 		err = nft_setelem_parse_key(ctx, set, &elem.key.val,
7395 					    nla[NFTA_SET_ELEM_KEY]);
7396 		if (err < 0)
7397 			goto err_set_elem_expr;
7398 
7399 		err = nft_set_ext_add_length(&tmpl, NFT_SET_EXT_KEY, set->klen);
7400 		if (err < 0)
7401 			goto err_parse_key;
7402 	}
7403 
7404 	if (nla[NFTA_SET_ELEM_KEY_END]) {
7405 		err = nft_setelem_parse_key(ctx, set, &elem.key_end.val,
7406 					    nla[NFTA_SET_ELEM_KEY_END]);
7407 		if (err < 0)
7408 			goto err_parse_key;
7409 
7410 		err = nft_set_ext_add_length(&tmpl, NFT_SET_EXT_KEY_END, set->klen);
7411 		if (err < 0)
7412 			goto err_parse_key_end;
7413 	}
7414 
7415 	if (set->flags & NFT_SET_TIMEOUT) {
7416 		err = nft_set_ext_add(&tmpl, NFT_SET_EXT_TIMEOUT);
7417 		if (err < 0)
7418 			goto err_parse_key_end;
7419 	}
7420 
7421 	if (num_exprs) {
7422 		for (i = 0; i < num_exprs; i++)
7423 			size += expr_array[i]->ops->size;
7424 
7425 		err = nft_set_ext_add_length(&tmpl, NFT_SET_EXT_EXPRESSIONS,
7426 					     sizeof(struct nft_set_elem_expr) + size);
7427 		if (err < 0)
7428 			goto err_parse_key_end;
7429 	}
7430 
7431 	if (nla[NFTA_SET_ELEM_OBJREF] != NULL) {
7432 		obj = nft_obj_lookup(ctx->net, ctx->table,
7433 				     nla[NFTA_SET_ELEM_OBJREF],
7434 				     set->objtype, genmask);
7435 		if (IS_ERR(obj)) {
7436 			err = PTR_ERR(obj);
7437 			obj = NULL;
7438 			goto err_parse_key_end;
7439 		}
7440 
7441 		if (!nft_use_inc(&obj->use)) {
7442 			err = -EMFILE;
7443 			obj = NULL;
7444 			goto err_parse_key_end;
7445 		}
7446 
7447 		err = nft_set_ext_add(&tmpl, NFT_SET_EXT_OBJREF);
7448 		if (err < 0)
7449 			goto err_parse_key_end;
7450 	}
7451 
7452 	if (nla[NFTA_SET_ELEM_DATA] != NULL) {
7453 		err = nft_setelem_parse_data(ctx, set, &desc, &elem.data.val,
7454 					     nla[NFTA_SET_ELEM_DATA]);
7455 		if (err < 0)
7456 			goto err_parse_key_end;
7457 
7458 		dreg = nft_type_to_reg(set->dtype);
7459 		list_for_each_entry(binding, &set->bindings, list) {
7460 			struct nft_ctx bind_ctx = {
7461 				.net	= ctx->net,
7462 				.family	= ctx->family,
7463 				.table	= ctx->table,
7464 				.chain	= (struct nft_chain *)binding->chain,
7465 			};
7466 
7467 			if (!(binding->flags & NFT_SET_MAP))
7468 				continue;
7469 
7470 			err = nft_validate_register_store(&bind_ctx, dreg,
7471 							  &elem.data.val,
7472 							  desc.type, desc.len);
7473 			if (err < 0)
7474 				goto err_parse_data;
7475 
7476 			if (desc.type == NFT_DATA_VERDICT &&
7477 			    (elem.data.val.verdict.code == NFT_GOTO ||
7478 			     elem.data.val.verdict.code == NFT_JUMP))
7479 				nft_validate_state_update(ctx->table,
7480 							  NFT_VALIDATE_NEED);
7481 		}
7482 
7483 		err = nft_set_ext_add_length(&tmpl, NFT_SET_EXT_DATA, desc.len);
7484 		if (err < 0)
7485 			goto err_parse_data;
7486 	}
7487 
7488 	/* The full maximum length of userdata can exceed the maximum
7489 	 * offset value (U8_MAX) for following extensions, therefor it
7490 	 * must be the last extension added.
7491 	 */
7492 	ulen = 0;
7493 	if (nla[NFTA_SET_ELEM_USERDATA] != NULL) {
7494 		ulen = nla_len(nla[NFTA_SET_ELEM_USERDATA]);
7495 		if (ulen > 0) {
7496 			err = nft_set_ext_add_length(&tmpl, NFT_SET_EXT_USERDATA,
7497 						     ulen);
7498 			if (err < 0)
7499 				goto err_parse_data;
7500 		}
7501 	}
7502 
7503 	elem.priv = nft_set_elem_init(set, &tmpl, elem.key.val.data,
7504 				      elem.key_end.val.data, elem.data.val.data,
7505 				      timeout, expiration, GFP_KERNEL_ACCOUNT);
7506 	if (IS_ERR(elem.priv)) {
7507 		err = PTR_ERR(elem.priv);
7508 		goto err_parse_data;
7509 	}
7510 
7511 	ext = nft_set_elem_ext(set, elem.priv);
7512 	if (flags)
7513 		*nft_set_ext_flags(ext) = flags;
7514 
7515 	if (obj)
7516 		*nft_set_ext_obj(ext) = obj;
7517 
7518 	if (ulen > 0) {
7519 		if (nft_set_ext_check(&tmpl, NFT_SET_EXT_USERDATA, ulen) < 0) {
7520 			err = -EINVAL;
7521 			goto err_elem_free;
7522 		}
7523 		udata = nft_set_ext_userdata(ext);
7524 		udata->len = ulen - 1;
7525 		nla_memcpy(&udata->data, nla[NFTA_SET_ELEM_USERDATA], ulen);
7526 	}
7527 	err = nft_set_elem_expr_setup(ctx, &tmpl, ext, expr_array, num_exprs);
7528 	if (err < 0)
7529 		goto err_elem_free;
7530 
7531 	if (!(flags & NFT_SET_ELEM_CATCHALL)) {
7532 		unsigned int max = nft_set_maxsize(set), nelems;
7533 
7534 		nelems = atomic_inc_return(&set->nelems);
7535 		if (nelems > max)
7536 			set_full = true;
7537 	}
7538 
7539 	trans = nft_trans_elem_alloc(ctx, NFT_MSG_NEWSETELEM, set);
7540 	if (trans == NULL) {
7541 		err = -ENOMEM;
7542 		goto err_set_size;
7543 	}
7544 
7545 	ext->genmask = nft_genmask_cur(ctx->net);
7546 
7547 	err = nft_setelem_insert(ctx->net, set, &elem, &elem_priv, flags);
7548 	if (err) {
7549 		if (err == -EEXIST) {
7550 			ext2 = nft_set_elem_ext(set, elem_priv);
7551 			if (nft_set_ext_exists(ext, NFT_SET_EXT_DATA) ^
7552 			    nft_set_ext_exists(ext2, NFT_SET_EXT_DATA) ||
7553 			    nft_set_ext_exists(ext, NFT_SET_EXT_OBJREF) ^
7554 			    nft_set_ext_exists(ext2, NFT_SET_EXT_OBJREF))
7555 				goto err_element_clash;
7556 			if ((nft_set_ext_exists(ext, NFT_SET_EXT_DATA) &&
7557 			     nft_set_ext_exists(ext2, NFT_SET_EXT_DATA) &&
7558 			     memcmp(nft_set_ext_data(ext),
7559 				    nft_set_ext_data(ext2), set->dlen) != 0) ||
7560 			    (nft_set_ext_exists(ext, NFT_SET_EXT_OBJREF) &&
7561 			     nft_set_ext_exists(ext2, NFT_SET_EXT_OBJREF) &&
7562 			     *nft_set_ext_obj(ext) != *nft_set_ext_obj(ext2)))
7563 				goto err_element_clash;
7564 			else if (!(nlmsg_flags & NLM_F_EXCL)) {
7565 				err = 0;
7566 				if (nft_set_ext_exists(ext2, NFT_SET_EXT_TIMEOUT)) {
7567 					struct nft_elem_update update = { };
7568 
7569 					if (timeout != nft_set_ext_timeout(ext2)->timeout) {
7570 						update.timeout = timeout;
7571 						if (expiration == 0)
7572 							expiration = timeout;
7573 
7574 						update.flags |= NFT_TRANS_UPD_TIMEOUT;
7575 					}
7576 					if (expiration) {
7577 						update.expiration = expiration;
7578 						update.flags |= NFT_TRANS_UPD_EXPIRATION;
7579 					}
7580 
7581 					if (update.flags) {
7582 						struct nft_trans_one_elem *ue;
7583 
7584 						ue = &nft_trans_container_elem(trans)->elems[0];
7585 
7586 						ue->update = kmemdup(&update, sizeof(update), GFP_KERNEL);
7587 						if (!ue->update) {
7588 							err = -ENOMEM;
7589 							goto err_element_clash;
7590 						}
7591 
7592 						ue->priv = elem_priv;
7593 						nft_trans_commit_list_add_elem(ctx->net, trans);
7594 						goto err_set_size;
7595 					}
7596 				}
7597 			}
7598 		} else if (err == -ENOTEMPTY) {
7599 			/* ENOTEMPTY reports overlapping between this element
7600 			 * and an existing one.
7601 			 */
7602 			err = -EEXIST;
7603 		} else if (err == -ECANCELED) {
7604 			/* ECANCELED reports an existing nul-element in
7605 			 * interval sets.
7606 			 */
7607 			err = 0;
7608 		}
7609 		goto err_element_clash;
7610 	}
7611 
7612 	nft_trans_container_elem(trans)->elems[0].priv = elem.priv;
7613 	nft_trans_commit_list_add_elem(ctx->net, trans);
7614 
7615 	return set_full ? -ENFILE : 0;
7616 
7617 err_element_clash:
7618 	kfree(trans);
7619 err_set_size:
7620 	if (!(flags & NFT_SET_ELEM_CATCHALL))
7621 		atomic_dec(&set->nelems);
7622 err_elem_free:
7623 	nf_tables_set_elem_destroy(ctx, set, elem.priv);
7624 err_parse_data:
7625 	if (nla[NFTA_SET_ELEM_DATA] != NULL)
7626 		nft_data_release(&elem.data.val, desc.type);
7627 err_parse_key_end:
7628 	if (obj)
7629 		nft_use_dec_restore(&obj->use);
7630 
7631 	nft_data_release(&elem.key_end.val, NFT_DATA_VALUE);
7632 err_parse_key:
7633 	nft_data_release(&elem.key.val, NFT_DATA_VALUE);
7634 err_set_elem_expr:
7635 	for (i = 0; i < num_exprs && expr_array[i]; i++)
7636 		nft_expr_destroy(ctx, expr_array[i]);
7637 err_set_elem_expr_clone:
7638 	return err;
7639 }
7640 
7641 static int nf_tables_newsetelem(struct sk_buff *skb,
7642 				const struct nfnl_info *info,
7643 				const struct nlattr * const nla[])
7644 {
7645 	struct netlink_ext_ack *extack = info->extack;
7646 	u8 genmask = nft_genmask_next(info->net);
7647 	u8 family = info->nfmsg->nfgen_family;
7648 	struct net *net = info->net;
7649 	const struct nlattr *attr;
7650 	struct nft_table *table;
7651 	struct nft_set *set;
7652 	struct nft_ctx ctx;
7653 	int rem, err;
7654 
7655 	if (nla[NFTA_SET_ELEM_LIST_ELEMENTS] == NULL)
7656 		return -EINVAL;
7657 
7658 	table = nft_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE], family,
7659 				 genmask, NETLINK_CB(skb).portid);
7660 	if (IS_ERR(table)) {
7661 		NL_SET_BAD_ATTR(extack, nla[NFTA_SET_ELEM_LIST_TABLE]);
7662 		return PTR_ERR(table);
7663 	}
7664 
7665 	set = nft_set_lookup_global(net, table, nla[NFTA_SET_ELEM_LIST_SET],
7666 				    nla[NFTA_SET_ELEM_LIST_SET_ID], genmask);
7667 	if (IS_ERR(set)) {
7668 		NL_SET_BAD_ATTR(extack, nla[NFTA_SET_ELEM_LIST_SET]);
7669 		return PTR_ERR(set);
7670 	}
7671 
7672 	if (!list_empty(&set->bindings) &&
7673 	    (set->flags & (NFT_SET_CONSTANT | NFT_SET_ANONYMOUS)))
7674 		return -EBUSY;
7675 
7676 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
7677 
7678 	nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
7679 		err = nft_add_set_elem(&ctx, set, attr, info->nlh->nlmsg_flags);
7680 		if (err < 0) {
7681 			NL_SET_BAD_ATTR(extack, attr);
7682 			return err;
7683 		}
7684 	}
7685 
7686 	if (table->validate_state == NFT_VALIDATE_DO)
7687 		return nft_table_validate(net, table);
7688 
7689 	return 0;
7690 }
7691 
7692 /**
7693  *	nft_data_hold - hold a nft_data item
7694  *
7695  *	@data: struct nft_data to release
7696  *	@type: type of data
7697  *
7698  *	Hold a nft_data item. NFT_DATA_VALUE types can be silently discarded,
7699  *	NFT_DATA_VERDICT bumps the reference to chains in case of NFT_JUMP and
7700  *	NFT_GOTO verdicts. This function must be called on active data objects
7701  *	from the second phase of the commit protocol.
7702  */
7703 void nft_data_hold(const struct nft_data *data, enum nft_data_types type)
7704 {
7705 	struct nft_chain *chain;
7706 
7707 	if (type == NFT_DATA_VERDICT) {
7708 		switch (data->verdict.code) {
7709 		case NFT_JUMP:
7710 		case NFT_GOTO:
7711 			chain = data->verdict.chain;
7712 			nft_use_inc_restore(&chain->use);
7713 			break;
7714 		}
7715 	}
7716 }
7717 
7718 static int nft_setelem_active_next(const struct net *net,
7719 				   const struct nft_set *set,
7720 				   struct nft_elem_priv *elem_priv)
7721 {
7722 	const struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
7723 	u8 genmask = nft_genmask_next(net);
7724 
7725 	return nft_set_elem_active(ext, genmask);
7726 }
7727 
7728 static void nft_setelem_data_activate(const struct net *net,
7729 				      const struct nft_set *set,
7730 				      struct nft_elem_priv *elem_priv)
7731 {
7732 	const struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
7733 
7734 	if (nft_set_ext_exists(ext, NFT_SET_EXT_DATA))
7735 		nft_data_hold(nft_set_ext_data(ext), set->dtype);
7736 	if (nft_set_ext_exists(ext, NFT_SET_EXT_OBJREF))
7737 		nft_use_inc_restore(&(*nft_set_ext_obj(ext))->use);
7738 }
7739 
7740 void nft_setelem_data_deactivate(const struct net *net,
7741 				 const struct nft_set *set,
7742 				 struct nft_elem_priv *elem_priv)
7743 {
7744 	const struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
7745 
7746 	if (nft_set_ext_exists(ext, NFT_SET_EXT_DATA))
7747 		nft_data_release(nft_set_ext_data(ext), set->dtype);
7748 	if (nft_set_ext_exists(ext, NFT_SET_EXT_OBJREF))
7749 		nft_use_dec(&(*nft_set_ext_obj(ext))->use);
7750 }
7751 
7752 /* similar to nft_trans_elems_remove, but called from abort path to undo newsetelem.
7753  * No notifications and no ndeact changes.
7754  *
7755  * Returns true if set had been added to (i.e., elements need to be removed again).
7756  */
7757 static bool nft_trans_elems_new_abort(const struct nft_ctx *ctx,
7758 				      struct nft_trans_elem *te)
7759 {
7760 	bool removed = false;
7761 	int i;
7762 
7763 	for (i = 0; i < te->nelems; i++) {
7764 		if (te->elems[i].update) {
7765 			kfree(te->elems[i].update);
7766 			te->elems[i].update = NULL;
7767 			/* Update request, so do not release this element */
7768 			te->elems[i].priv = NULL;
7769 			continue;
7770 		}
7771 
7772 		if (!te->set->ops->abort_skip_removal ||
7773 		    nft_setelem_is_catchall(te->set, te->elems[i].priv))
7774 			nft_setelem_remove(ctx->net, te->set, te->elems[i].priv);
7775 
7776 		if (!nft_setelem_is_catchall(te->set, te->elems[i].priv))
7777 			atomic_dec(&te->set->nelems);
7778 
7779 		removed = true;
7780 	}
7781 
7782 	return removed;
7783 }
7784 
7785 /* Called from abort path to undo DELSETELEM/DESTROYSETELEM. */
7786 static void nft_trans_elems_destroy_abort(const struct nft_ctx *ctx,
7787 					  const struct nft_trans_elem *te)
7788 {
7789 	int i;
7790 
7791 	for (i = 0; i < te->nelems; i++) {
7792 		if (!nft_setelem_active_next(ctx->net, te->set, te->elems[i].priv)) {
7793 			nft_setelem_data_activate(ctx->net, te->set, te->elems[i].priv);
7794 			nft_setelem_activate(ctx->net, te->set, te->elems[i].priv);
7795 		}
7796 
7797 		if (!nft_setelem_is_catchall(te->set, te->elems[i].priv))
7798 			te->set->ndeact--;
7799 	}
7800 }
7801 
7802 static int nft_del_setelem(struct nft_ctx *ctx, struct nft_set *set,
7803 			   const struct nlattr *attr)
7804 {
7805 	struct nlattr *nla[NFTA_SET_ELEM_MAX + 1];
7806 	struct nft_set_ext_tmpl tmpl;
7807 	struct nft_set_elem elem;
7808 	struct nft_set_ext *ext;
7809 	struct nft_trans *trans;
7810 	u32 flags = 0;
7811 	int err;
7812 
7813 	err = nla_parse_nested_deprecated(nla, NFTA_SET_ELEM_MAX, attr,
7814 					  nft_set_elem_policy, NULL);
7815 	if (err < 0)
7816 		return err;
7817 
7818 	err = nft_setelem_parse_flags(set, nla[NFTA_SET_ELEM_FLAGS], &flags);
7819 	if (err < 0)
7820 		return err;
7821 
7822 	if (!nla[NFTA_SET_ELEM_KEY] && !(flags & NFT_SET_ELEM_CATCHALL))
7823 		return -EINVAL;
7824 
7825 	if (!nft_setelem_valid_key_end(set, nla, flags))
7826 		return -EINVAL;
7827 
7828 	nft_set_ext_prepare(&tmpl);
7829 
7830 	if (flags != 0) {
7831 		err = nft_set_ext_add(&tmpl, NFT_SET_EXT_FLAGS);
7832 		if (err < 0)
7833 			return err;
7834 	}
7835 
7836 	if (nla[NFTA_SET_ELEM_KEY]) {
7837 		err = nft_setelem_parse_key(ctx, set, &elem.key.val,
7838 					    nla[NFTA_SET_ELEM_KEY]);
7839 		if (err < 0)
7840 			return err;
7841 
7842 		err = nft_set_ext_add_length(&tmpl, NFT_SET_EXT_KEY, set->klen);
7843 		if (err < 0)
7844 			goto fail_elem;
7845 	}
7846 
7847 	if (nla[NFTA_SET_ELEM_KEY_END]) {
7848 		err = nft_setelem_parse_key(ctx, set, &elem.key_end.val,
7849 					    nla[NFTA_SET_ELEM_KEY_END]);
7850 		if (err < 0)
7851 			goto fail_elem;
7852 
7853 		err = nft_set_ext_add_length(&tmpl, NFT_SET_EXT_KEY_END, set->klen);
7854 		if (err < 0)
7855 			goto fail_elem_key_end;
7856 	}
7857 
7858 	err = -ENOMEM;
7859 	elem.priv = nft_set_elem_init(set, &tmpl, elem.key.val.data,
7860 				      elem.key_end.val.data, NULL, 0, 0,
7861 				      GFP_KERNEL_ACCOUNT);
7862 	if (IS_ERR(elem.priv)) {
7863 		err = PTR_ERR(elem.priv);
7864 		goto fail_elem_key_end;
7865 	}
7866 
7867 	ext = nft_set_elem_ext(set, elem.priv);
7868 	if (flags)
7869 		*nft_set_ext_flags(ext) = flags;
7870 
7871 	trans = nft_trans_elem_alloc(ctx, NFT_MSG_DELSETELEM, set);
7872 	if (trans == NULL)
7873 		goto fail_trans;
7874 
7875 	err = nft_setelem_deactivate(ctx->net, set, &elem, flags);
7876 	if (err < 0)
7877 		goto fail_ops;
7878 
7879 	nft_setelem_data_deactivate(ctx->net, set, elem.priv);
7880 
7881 	nft_trans_container_elem(trans)->elems[0].priv = elem.priv;
7882 	nft_trans_commit_list_add_elem(ctx->net, trans);
7883 	return 0;
7884 
7885 fail_ops:
7886 	kfree(trans);
7887 fail_trans:
7888 	kfree(elem.priv);
7889 fail_elem_key_end:
7890 	nft_data_release(&elem.key_end.val, NFT_DATA_VALUE);
7891 fail_elem:
7892 	nft_data_release(&elem.key.val, NFT_DATA_VALUE);
7893 	return err;
7894 }
7895 
7896 static int nft_setelem_flush(const struct nft_ctx *ctx,
7897 			     struct nft_set *set,
7898 			     const struct nft_set_iter *iter,
7899 			     struct nft_elem_priv *elem_priv)
7900 {
7901 	const struct nft_set_ext *ext = nft_set_elem_ext(set, elem_priv);
7902 	struct nft_trans *trans;
7903 
7904 	if (!nft_set_elem_active(ext, iter->genmask))
7905 		return 0;
7906 
7907 	trans = nft_trans_alloc(ctx, NFT_MSG_DELSETELEM,
7908 				struct_size_t(struct nft_trans_elem, elems, 1));
7909 	if (!trans)
7910 		return -ENOMEM;
7911 
7912 	set->ops->flush(ctx->net, set, elem_priv);
7913 	set->ndeact++;
7914 
7915 	nft_setelem_data_deactivate(ctx->net, set, elem_priv);
7916 	nft_trans_elem_set(trans) = set;
7917 	nft_trans_container_elem(trans)->nelems = 1;
7918 	nft_trans_container_elem(trans)->elems[0].priv = elem_priv;
7919 	nft_trans_commit_list_add_elem(ctx->net, trans);
7920 
7921 	return 0;
7922 }
7923 
7924 static int __nft_set_catchall_flush(const struct nft_ctx *ctx,
7925 				    struct nft_set *set,
7926 				    struct nft_elem_priv *elem_priv)
7927 {
7928 	struct nft_trans *trans;
7929 
7930 	trans = nft_trans_elem_alloc(ctx, NFT_MSG_DELSETELEM, set);
7931 	if (!trans)
7932 		return -ENOMEM;
7933 
7934 	nft_setelem_data_deactivate(ctx->net, set, elem_priv);
7935 	nft_trans_container_elem(trans)->elems[0].priv = elem_priv;
7936 	nft_trans_commit_list_add_elem(ctx->net, trans);
7937 
7938 	return 0;
7939 }
7940 
7941 static int nft_set_catchall_flush(const struct nft_ctx *ctx,
7942 				  struct nft_set *set)
7943 {
7944 	u8 genmask = nft_genmask_next(ctx->net);
7945 	struct nft_set_elem_catchall *catchall;
7946 	struct nft_set_ext *ext;
7947 	int ret = 0;
7948 
7949 	list_for_each_entry_rcu(catchall, &set->catchall_list, list,
7950 				lockdep_commit_lock_is_held(ctx->net)) {
7951 		ext = nft_set_elem_ext(set, catchall->elem);
7952 		if (!nft_set_elem_active(ext, genmask))
7953 			continue;
7954 
7955 		ret = __nft_set_catchall_flush(ctx, set, catchall->elem);
7956 		if (ret < 0)
7957 			break;
7958 		nft_set_elem_change_active(ctx->net, set, ext);
7959 	}
7960 
7961 	return ret;
7962 }
7963 
7964 static int nft_set_flush(struct nft_ctx *ctx, struct nft_set *set, u8 genmask)
7965 {
7966 	/* The set backend might need to clone the set, do it now from the
7967 	 * preparation phase, use NFT_ITER_UPDATE_CLONE iterator type.
7968 	 */
7969 	struct nft_set_iter iter = {
7970 		.genmask	= genmask,
7971 		.type		= NFT_ITER_UPDATE_CLONE,
7972 		.fn		= nft_setelem_flush,
7973 	};
7974 
7975 	set->ops->walk(ctx, set, &iter);
7976 	if (!iter.err)
7977 		iter.err = nft_set_catchall_flush(ctx, set);
7978 
7979 	return iter.err;
7980 }
7981 
7982 static int nf_tables_delsetelem(struct sk_buff *skb,
7983 				const struct nfnl_info *info,
7984 				const struct nlattr * const nla[])
7985 {
7986 	struct netlink_ext_ack *extack = info->extack;
7987 	u8 genmask = nft_genmask_next(info->net);
7988 	u8 family = info->nfmsg->nfgen_family;
7989 	struct net *net = info->net;
7990 	const struct nlattr *attr;
7991 	struct nft_table *table;
7992 	struct nft_set *set;
7993 	struct nft_ctx ctx;
7994 	int rem, err = 0;
7995 
7996 	table = nft_table_lookup(net, nla[NFTA_SET_ELEM_LIST_TABLE], family,
7997 				 genmask, NETLINK_CB(skb).portid);
7998 	if (IS_ERR(table)) {
7999 		NL_SET_BAD_ATTR(extack, nla[NFTA_SET_ELEM_LIST_TABLE]);
8000 		return PTR_ERR(table);
8001 	}
8002 
8003 	set = nft_set_lookup(net, table, nla[NFTA_SET_ELEM_LIST_SET], genmask);
8004 	if (IS_ERR(set)) {
8005 		NL_SET_BAD_ATTR(extack, nla[NFTA_SET_ELEM_LIST_SET]);
8006 		return PTR_ERR(set);
8007 	}
8008 
8009 	if (nft_set_is_anonymous(set))
8010 		return -EOPNOTSUPP;
8011 
8012 	if (!list_empty(&set->bindings) && (set->flags & NFT_SET_CONSTANT))
8013 		return -EBUSY;
8014 
8015 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
8016 
8017 	if (!nla[NFTA_SET_ELEM_LIST_ELEMENTS])
8018 		return nft_set_flush(&ctx, set, genmask);
8019 
8020 	nla_for_each_nested(attr, nla[NFTA_SET_ELEM_LIST_ELEMENTS], rem) {
8021 		err = nft_del_setelem(&ctx, set, attr);
8022 		if (err == -ENOENT &&
8023 		    NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_DESTROYSETELEM)
8024 			continue;
8025 
8026 		if (err < 0) {
8027 			NL_SET_BAD_ATTR(extack, attr);
8028 			return err;
8029 		}
8030 	}
8031 
8032 	return 0;
8033 }
8034 
8035 /*
8036  * Stateful objects
8037  */
8038 
8039 /**
8040  *	nft_register_obj- register nf_tables stateful object type
8041  *	@obj_type: object type
8042  *
8043  *	Registers the object type for use with nf_tables. Returns zero on
8044  *	success or a negative errno code otherwise.
8045  */
8046 int nft_register_obj(struct nft_object_type *obj_type)
8047 {
8048 	if (obj_type->type == NFT_OBJECT_UNSPEC)
8049 		return -EINVAL;
8050 
8051 	nfnl_lock(NFNL_SUBSYS_NFTABLES);
8052 	list_add_rcu(&obj_type->list, &nf_tables_objects);
8053 	nfnl_unlock(NFNL_SUBSYS_NFTABLES);
8054 	return 0;
8055 }
8056 EXPORT_SYMBOL_GPL(nft_register_obj);
8057 
8058 /**
8059  *	nft_unregister_obj - unregister nf_tables object type
8060  *	@obj_type: object type
8061  *
8062  * 	Unregisters the object type for use with nf_tables.
8063  */
8064 void nft_unregister_obj(struct nft_object_type *obj_type)
8065 {
8066 	nfnl_lock(NFNL_SUBSYS_NFTABLES);
8067 	list_del_rcu(&obj_type->list);
8068 	nfnl_unlock(NFNL_SUBSYS_NFTABLES);
8069 }
8070 EXPORT_SYMBOL_GPL(nft_unregister_obj);
8071 
8072 struct nft_object *nft_obj_lookup(const struct net *net,
8073 				  const struct nft_table *table,
8074 				  const struct nlattr *nla, u32 objtype,
8075 				  u8 genmask)
8076 {
8077 	struct nft_object_hash_key k = { .table = table };
8078 	char search[NFT_OBJ_MAXNAMELEN];
8079 	struct rhlist_head *tmp, *list;
8080 	struct nft_object *obj;
8081 
8082 	nla_strscpy(search, nla, sizeof(search));
8083 	k.name = search;
8084 
8085 	WARN_ON_ONCE(!rcu_read_lock_held() &&
8086 		     !lockdep_commit_lock_is_held(net));
8087 
8088 	rcu_read_lock();
8089 	list = rhltable_lookup(&nft_objname_ht, &k, nft_objname_ht_params);
8090 	if (!list)
8091 		goto out;
8092 
8093 	rhl_for_each_entry_rcu(obj, tmp, list, rhlhead) {
8094 		if (objtype == obj->ops->type->type &&
8095 		    nft_active_genmask(obj, genmask)) {
8096 			rcu_read_unlock();
8097 			return obj;
8098 		}
8099 	}
8100 out:
8101 	rcu_read_unlock();
8102 	return ERR_PTR(-ENOENT);
8103 }
8104 
8105 static struct nft_object *nft_obj_lookup_byhandle(const struct nft_table *table,
8106 						  const struct nlattr *nla,
8107 						  u32 objtype, u8 genmask)
8108 {
8109 	struct nft_object *obj;
8110 
8111 	list_for_each_entry(obj, &table->objects, list) {
8112 		if (be64_to_cpu(nla_get_be64(nla)) == obj->handle &&
8113 		    objtype == obj->ops->type->type &&
8114 		    nft_active_genmask(obj, genmask))
8115 			return obj;
8116 	}
8117 	return ERR_PTR(-ENOENT);
8118 }
8119 
8120 static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] = {
8121 	[NFTA_OBJ_TABLE]	= { .type = NLA_STRING,
8122 				    .len = NFT_TABLE_MAXNAMELEN - 1 },
8123 	[NFTA_OBJ_NAME]		= { .type = NLA_STRING,
8124 				    .len = NFT_OBJ_MAXNAMELEN - 1 },
8125 	[NFTA_OBJ_TYPE]		= { .type = NLA_U32 },
8126 	[NFTA_OBJ_DATA]		= { .type = NLA_NESTED },
8127 	[NFTA_OBJ_HANDLE]	= { .type = NLA_U64},
8128 	[NFTA_OBJ_USERDATA]	= { .type = NLA_BINARY,
8129 				    .len = NFT_USERDATA_MAXLEN },
8130 };
8131 
8132 static struct nft_object *nft_obj_init(const struct nft_ctx *ctx,
8133 				       const struct nft_object_type *type,
8134 				       const struct nlattr *attr)
8135 {
8136 	struct nlattr **tb;
8137 	const struct nft_object_ops *ops;
8138 	struct nft_object *obj;
8139 	int err = -ENOMEM;
8140 
8141 	tb = kmalloc_objs(*tb, type->maxattr + 1);
8142 	if (!tb)
8143 		goto err1;
8144 
8145 	if (attr) {
8146 		err = nla_parse_nested_deprecated(tb, type->maxattr, attr,
8147 						  type->policy, NULL);
8148 		if (err < 0)
8149 			goto err2;
8150 	} else {
8151 		memset(tb, 0, sizeof(tb[0]) * (type->maxattr + 1));
8152 	}
8153 
8154 	if (type->select_ops) {
8155 		ops = type->select_ops(ctx, (const struct nlattr * const *)tb);
8156 		if (IS_ERR(ops)) {
8157 			err = PTR_ERR(ops);
8158 			goto err2;
8159 		}
8160 	} else {
8161 		ops = type->ops;
8162 	}
8163 
8164 	err = -ENOMEM;
8165 	obj = kzalloc(sizeof(*obj) + ops->size, GFP_KERNEL_ACCOUNT);
8166 	if (!obj)
8167 		goto err2;
8168 
8169 	err = ops->init(ctx, (const struct nlattr * const *)tb, obj);
8170 	if (err < 0)
8171 		goto err3;
8172 
8173 	obj->ops = ops;
8174 
8175 	kfree(tb);
8176 	return obj;
8177 err3:
8178 	kfree(obj);
8179 err2:
8180 	kfree(tb);
8181 err1:
8182 	return ERR_PTR(err);
8183 }
8184 
8185 static int nft_object_dump(struct sk_buff *skb, unsigned int attr,
8186 			   struct nft_object *obj, bool reset)
8187 {
8188 	struct nlattr *nest;
8189 
8190 	nest = nla_nest_start_noflag(skb, attr);
8191 	if (!nest)
8192 		goto nla_put_failure;
8193 	if (obj->ops->dump(skb, obj, reset) < 0)
8194 		goto nla_put_failure;
8195 	nla_nest_end(skb, nest);
8196 	return 0;
8197 
8198 nla_put_failure:
8199 	return -1;
8200 }
8201 
8202 static const struct nft_object_type *__nft_obj_type_get(u32 objtype, u8 family)
8203 {
8204 	const struct nft_object_type *type;
8205 
8206 	list_for_each_entry_rcu(type, &nf_tables_objects, list) {
8207 		if (type->family != NFPROTO_UNSPEC &&
8208 		    type->family != family)
8209 			continue;
8210 
8211 		if (objtype == type->type)
8212 			return type;
8213 	}
8214 	return NULL;
8215 }
8216 
8217 static const struct nft_object_type *
8218 nft_obj_type_get(struct net *net, u32 objtype, u8 family)
8219 {
8220 	const struct nft_object_type *type;
8221 
8222 	rcu_read_lock();
8223 	type = __nft_obj_type_get(objtype, family);
8224 	if (type != NULL && try_module_get(type->owner)) {
8225 		rcu_read_unlock();
8226 		return type;
8227 	}
8228 	rcu_read_unlock();
8229 
8230 	lockdep_nfnl_nft_mutex_not_held();
8231 #ifdef CONFIG_MODULES
8232 	if (type == NULL) {
8233 		if (nft_request_module(net, "nft-obj-%u", objtype) == -EAGAIN)
8234 			return ERR_PTR(-EAGAIN);
8235 	}
8236 #endif
8237 	return ERR_PTR(-ENOENT);
8238 }
8239 
8240 static int nf_tables_updobj(const struct nft_ctx *ctx,
8241 			    const struct nft_object_type *type,
8242 			    const struct nlattr *attr,
8243 			    struct nft_object *obj)
8244 {
8245 	struct nft_object *newobj;
8246 	struct nft_trans *trans;
8247 	int err = -ENOMEM;
8248 
8249 	/* caller must have obtained type->owner reference. */
8250 	trans = nft_trans_alloc(ctx, NFT_MSG_NEWOBJ,
8251 				sizeof(struct nft_trans_obj));
8252 	if (!trans)
8253 		goto err_trans;
8254 
8255 	newobj = nft_obj_init(ctx, type, attr);
8256 	if (IS_ERR(newobj)) {
8257 		err = PTR_ERR(newobj);
8258 		goto err_free_trans;
8259 	}
8260 
8261 	nft_trans_obj(trans) = obj;
8262 	nft_trans_obj_update(trans) = true;
8263 	nft_trans_obj_newobj(trans) = newobj;
8264 	nft_trans_commit_list_add_tail(ctx->net, trans);
8265 
8266 	return 0;
8267 
8268 err_free_trans:
8269 	kfree(trans);
8270 err_trans:
8271 	module_put(type->owner);
8272 	return err;
8273 }
8274 
8275 static int nf_tables_newobj(struct sk_buff *skb, const struct nfnl_info *info,
8276 			    const struct nlattr * const nla[])
8277 {
8278 	struct netlink_ext_ack *extack = info->extack;
8279 	u8 genmask = nft_genmask_next(info->net);
8280 	u8 family = info->nfmsg->nfgen_family;
8281 	const struct nft_object_type *type;
8282 	struct net *net = info->net;
8283 	struct nft_table *table;
8284 	struct nft_object *obj;
8285 	struct nft_ctx ctx;
8286 	u32 objtype;
8287 	int err;
8288 
8289 	if (!nla[NFTA_OBJ_TYPE] ||
8290 	    !nla[NFTA_OBJ_NAME] ||
8291 	    !nla[NFTA_OBJ_DATA])
8292 		return -EINVAL;
8293 
8294 	table = nft_table_lookup(net, nla[NFTA_OBJ_TABLE], family, genmask,
8295 				 NETLINK_CB(skb).portid);
8296 	if (IS_ERR(table)) {
8297 		NL_SET_BAD_ATTR(extack, nla[NFTA_OBJ_TABLE]);
8298 		return PTR_ERR(table);
8299 	}
8300 
8301 	objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
8302 	obj = nft_obj_lookup(net, table, nla[NFTA_OBJ_NAME], objtype, genmask);
8303 	if (IS_ERR(obj)) {
8304 		err = PTR_ERR(obj);
8305 		if (err != -ENOENT) {
8306 			NL_SET_BAD_ATTR(extack, nla[NFTA_OBJ_NAME]);
8307 			return err;
8308 		}
8309 	} else {
8310 		if (info->nlh->nlmsg_flags & NLM_F_EXCL) {
8311 			NL_SET_BAD_ATTR(extack, nla[NFTA_OBJ_NAME]);
8312 			return -EEXIST;
8313 		}
8314 		if (info->nlh->nlmsg_flags & NLM_F_REPLACE)
8315 			return -EOPNOTSUPP;
8316 
8317 		if (!obj->ops->update)
8318 			return 0;
8319 
8320 		type = nft_obj_type_get(net, objtype, family);
8321 		if (WARN_ON_ONCE(IS_ERR(type)))
8322 			return PTR_ERR(type);
8323 
8324 		nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
8325 
8326 		/* type->owner reference is put when transaction object is released. */
8327 		return nf_tables_updobj(&ctx, type, nla[NFTA_OBJ_DATA], obj);
8328 	}
8329 
8330 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
8331 
8332 	if (!nft_use_inc(&table->use))
8333 		return -EMFILE;
8334 
8335 	type = nft_obj_type_get(net, objtype, family);
8336 	if (IS_ERR(type)) {
8337 		err = PTR_ERR(type);
8338 		goto err_type;
8339 	}
8340 
8341 	obj = nft_obj_init(&ctx, type, nla[NFTA_OBJ_DATA]);
8342 	if (IS_ERR(obj)) {
8343 		err = PTR_ERR(obj);
8344 		goto err_init;
8345 	}
8346 	obj->key.table = table;
8347 	obj->handle = nf_tables_alloc_handle(table);
8348 
8349 	obj->key.name = nla_strdup(nla[NFTA_OBJ_NAME], GFP_KERNEL_ACCOUNT);
8350 	if (!obj->key.name) {
8351 		err = -ENOMEM;
8352 		goto err_strdup;
8353 	}
8354 
8355 	if (nla[NFTA_OBJ_USERDATA]) {
8356 		obj->udata = nla_memdup(nla[NFTA_OBJ_USERDATA], GFP_KERNEL_ACCOUNT);
8357 		if (obj->udata == NULL)
8358 			goto err_userdata;
8359 
8360 		obj->udlen = nla_len(nla[NFTA_OBJ_USERDATA]);
8361 	}
8362 
8363 	err = nft_trans_obj_add(&ctx, NFT_MSG_NEWOBJ, obj);
8364 	if (err < 0)
8365 		goto err_trans;
8366 
8367 	err = rhltable_insert(&nft_objname_ht, &obj->rhlhead,
8368 			      nft_objname_ht_params);
8369 	if (err < 0)
8370 		goto err_obj_ht;
8371 
8372 	list_add_tail_rcu(&obj->list, &table->objects);
8373 
8374 	return 0;
8375 err_obj_ht:
8376 	/* queued in transaction log */
8377 	INIT_LIST_HEAD(&obj->list);
8378 	return err;
8379 err_trans:
8380 	kfree(obj->udata);
8381 err_userdata:
8382 	kfree(obj->key.name);
8383 err_strdup:
8384 	if (obj->ops->destroy)
8385 		obj->ops->destroy(&ctx, obj);
8386 	kfree(obj);
8387 err_init:
8388 	module_put(type->owner);
8389 err_type:
8390 	nft_use_dec_restore(&table->use);
8391 
8392 	return err;
8393 }
8394 
8395 static int nf_tables_fill_obj_info(struct sk_buff *skb, struct net *net,
8396 				   u32 portid, u32 seq, int event, u32 flags,
8397 				   int family, const struct nft_table *table,
8398 				   struct nft_object *obj, bool reset)
8399 {
8400 	struct nlmsghdr *nlh;
8401 
8402 	nlh = nfnl_msg_put(skb, portid, seq,
8403 			   nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event),
8404 			   flags, family, NFNETLINK_V0, nft_base_seq_be16(net));
8405 	if (!nlh)
8406 		goto nla_put_failure;
8407 
8408 	if (nla_put_string(skb, NFTA_OBJ_TABLE, table->name) ||
8409 	    nla_put_string(skb, NFTA_OBJ_NAME, obj->key.name) ||
8410 	    nla_put_be32(skb, NFTA_OBJ_TYPE, htonl(obj->ops->type->type)) ||
8411 	    nla_put_be64(skb, NFTA_OBJ_HANDLE, cpu_to_be64(obj->handle),
8412 			 NFTA_OBJ_PAD))
8413 		goto nla_put_failure;
8414 
8415 	if (event == NFT_MSG_DELOBJ ||
8416 	    event == NFT_MSG_DESTROYOBJ) {
8417 		nlmsg_end(skb, nlh);
8418 		return 0;
8419 	}
8420 
8421 	if (nla_put_be32(skb, NFTA_OBJ_USE, htonl(obj->use)) ||
8422 	    nft_object_dump(skb, NFTA_OBJ_DATA, obj, reset))
8423 		goto nla_put_failure;
8424 
8425 	if (obj->udata &&
8426 	    nla_put(skb, NFTA_OBJ_USERDATA, obj->udlen, obj->udata))
8427 		goto nla_put_failure;
8428 
8429 	nlmsg_end(skb, nlh);
8430 	return 0;
8431 
8432 nla_put_failure:
8433 	nlmsg_trim(skb, nlh);
8434 	return -1;
8435 }
8436 
8437 static void audit_log_obj_reset(const struct nft_table *table,
8438 				unsigned int base_seq, unsigned int nentries)
8439 {
8440 	char *buf = kasprintf(GFP_ATOMIC, "%s:%u", table->name, base_seq);
8441 
8442 	audit_log_nfcfg(buf, table->family, nentries,
8443 			AUDIT_NFT_OP_OBJ_RESET, GFP_ATOMIC);
8444 	kfree(buf);
8445 }
8446 
8447 struct nft_obj_dump_ctx {
8448 	unsigned int	s_idx;
8449 	char		*table;
8450 	u32		type;
8451 	bool		reset;
8452 };
8453 
8454 static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
8455 {
8456 	const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
8457 	struct nft_obj_dump_ctx *ctx = (void *)cb->ctx;
8458 	struct net *net = sock_net(skb->sk);
8459 	int family = nfmsg->nfgen_family;
8460 	struct nftables_pernet *nft_net;
8461 	const struct nft_table *table;
8462 	unsigned int entries = 0;
8463 	struct nft_object *obj;
8464 	unsigned int idx = 0;
8465 	int rc = 0;
8466 
8467 	rcu_read_lock();
8468 	nft_net = nft_pernet(net);
8469 	cb->seq = nft_base_seq(net);
8470 
8471 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
8472 		if (family != NFPROTO_UNSPEC && family != table->family)
8473 			continue;
8474 
8475 		entries = 0;
8476 		list_for_each_entry_rcu(obj, &table->objects, list) {
8477 			if (!nft_is_active(net, obj))
8478 				goto cont;
8479 			if (idx < ctx->s_idx)
8480 				goto cont;
8481 			if (ctx->table && strcmp(ctx->table, table->name))
8482 				goto cont;
8483 			if (ctx->type != NFT_OBJECT_UNSPEC &&
8484 			    obj->ops->type->type != ctx->type)
8485 				goto cont;
8486 
8487 			rc = nf_tables_fill_obj_info(skb, net,
8488 						     NETLINK_CB(cb->skb).portid,
8489 						     cb->nlh->nlmsg_seq,
8490 						     NFT_MSG_NEWOBJ,
8491 						     NLM_F_MULTI | NLM_F_APPEND,
8492 						     table->family, table,
8493 						     obj, ctx->reset);
8494 			if (rc < 0)
8495 				break;
8496 
8497 			entries++;
8498 			nl_dump_check_consistent(cb, nlmsg_hdr(skb));
8499 cont:
8500 			idx++;
8501 		}
8502 		if (ctx->reset && entries)
8503 			audit_log_obj_reset(table, nft_base_seq(net), entries);
8504 		if (rc < 0)
8505 			break;
8506 	}
8507 	rcu_read_unlock();
8508 
8509 	ctx->s_idx = idx;
8510 	return skb->len;
8511 }
8512 
8513 static int nf_tables_dump_obj_start(struct netlink_callback *cb)
8514 {
8515 	struct nft_obj_dump_ctx *ctx = (void *)cb->ctx;
8516 	const struct nlattr * const *nla = cb->data;
8517 
8518 	BUILD_BUG_ON(sizeof(*ctx) > sizeof(cb->ctx));
8519 
8520 	if (nla[NFTA_OBJ_TABLE]) {
8521 		ctx->table = nla_strdup(nla[NFTA_OBJ_TABLE], GFP_ATOMIC);
8522 		if (!ctx->table)
8523 			return -ENOMEM;
8524 	}
8525 
8526 	if (nla[NFTA_OBJ_TYPE])
8527 		ctx->type = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
8528 
8529 	if (NFNL_MSG_TYPE(cb->nlh->nlmsg_type) == NFT_MSG_GETOBJ_RESET)
8530 		ctx->reset = true;
8531 
8532 	return 0;
8533 }
8534 
8535 static int nf_tables_dump_obj_done(struct netlink_callback *cb)
8536 {
8537 	struct nft_obj_dump_ctx *ctx = (void *)cb->ctx;
8538 
8539 	kfree(ctx->table);
8540 
8541 	return 0;
8542 }
8543 
8544 /* Caller must hold rcu read lock or transaction mutex */
8545 static struct sk_buff *
8546 nf_tables_getobj_single(u32 portid, const struct nfnl_info *info,
8547 			const struct nlattr * const nla[], bool reset)
8548 {
8549 	struct netlink_ext_ack *extack = info->extack;
8550 	u8 genmask = nft_genmask_cur(info->net);
8551 	u8 family = info->nfmsg->nfgen_family;
8552 	const struct nft_table *table;
8553 	struct net *net = info->net;
8554 	struct nft_object *obj;
8555 	struct sk_buff *skb2;
8556 	u32 objtype;
8557 	int err;
8558 
8559 	if (!nla[NFTA_OBJ_NAME] ||
8560 	    !nla[NFTA_OBJ_TYPE])
8561 		return ERR_PTR(-EINVAL);
8562 
8563 	table = nft_table_lookup(net, nla[NFTA_OBJ_TABLE], family, genmask, 0);
8564 	if (IS_ERR(table)) {
8565 		NL_SET_BAD_ATTR(extack, nla[NFTA_OBJ_TABLE]);
8566 		return ERR_CAST(table);
8567 	}
8568 
8569 	objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
8570 	obj = nft_obj_lookup(net, table, nla[NFTA_OBJ_NAME], objtype, genmask);
8571 	if (IS_ERR(obj)) {
8572 		NL_SET_BAD_ATTR(extack, nla[NFTA_OBJ_NAME]);
8573 		return ERR_CAST(obj);
8574 	}
8575 
8576 	skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
8577 	if (!skb2)
8578 		return ERR_PTR(-ENOMEM);
8579 
8580 	err = nf_tables_fill_obj_info(skb2, net, portid,
8581 				      info->nlh->nlmsg_seq, NFT_MSG_NEWOBJ, 0,
8582 				      family, table, obj, reset);
8583 	if (err < 0) {
8584 		kfree_skb(skb2);
8585 		return ERR_PTR(err);
8586 	}
8587 
8588 	return skb2;
8589 }
8590 
8591 static int nf_tables_getobj(struct sk_buff *skb, const struct nfnl_info *info,
8592 			    const struct nlattr * const nla[])
8593 {
8594 	u32 portid = NETLINK_CB(skb).portid;
8595 	struct net *net = info->net;
8596 	struct sk_buff *skb2;
8597 	bool reset = false;
8598 	char *buf;
8599 
8600 	if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
8601 		struct netlink_dump_control c = {
8602 			.start = nf_tables_dump_obj_start,
8603 			.dump = nf_tables_dump_obj,
8604 			.done = nf_tables_dump_obj_done,
8605 			.module = THIS_MODULE,
8606 			.data = (void *)nla,
8607 		};
8608 
8609 		return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
8610 	}
8611 
8612 	if (NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_GETOBJ_RESET)
8613 		reset = true;
8614 
8615 	skb2 = nf_tables_getobj_single(portid, info, nla, reset);
8616 	if (IS_ERR(skb2))
8617 		return PTR_ERR(skb2);
8618 
8619 	if (!reset)
8620 		return nfnetlink_unicast(skb2, net, NETLINK_CB(skb).portid);
8621 
8622 	buf = kasprintf(GFP_ATOMIC, "%.*s:%u",
8623 			nla_len(nla[NFTA_OBJ_TABLE]),
8624 			(char *)nla_data(nla[NFTA_OBJ_TABLE]),
8625 			nft_base_seq(net));
8626 	audit_log_nfcfg(buf, info->nfmsg->nfgen_family, 1,
8627 			AUDIT_NFT_OP_OBJ_RESET, GFP_ATOMIC);
8628 	kfree(buf);
8629 
8630 	return nfnetlink_unicast(skb2, net, portid);
8631 }
8632 
8633 static void nft_obj_destroy(const struct nft_ctx *ctx, struct nft_object *obj)
8634 {
8635 	if (obj->ops->destroy)
8636 		obj->ops->destroy(ctx, obj);
8637 
8638 	module_put(obj->ops->type->owner);
8639 	kfree(obj->key.name);
8640 	kfree(obj->udata);
8641 	kfree(obj);
8642 }
8643 
8644 static int nf_tables_delobj(struct sk_buff *skb, const struct nfnl_info *info,
8645 			    const struct nlattr * const nla[])
8646 {
8647 	struct netlink_ext_ack *extack = info->extack;
8648 	u8 genmask = nft_genmask_next(info->net);
8649 	u8 family = info->nfmsg->nfgen_family;
8650 	struct net *net = info->net;
8651 	const struct nlattr *attr;
8652 	struct nft_table *table;
8653 	struct nft_object *obj;
8654 	struct nft_ctx ctx;
8655 	u32 objtype;
8656 
8657 	if (!nla[NFTA_OBJ_TYPE] ||
8658 	    (!nla[NFTA_OBJ_NAME] && !nla[NFTA_OBJ_HANDLE]))
8659 		return -EINVAL;
8660 
8661 	table = nft_table_lookup(net, nla[NFTA_OBJ_TABLE], family, genmask,
8662 				 NETLINK_CB(skb).portid);
8663 	if (IS_ERR(table)) {
8664 		NL_SET_BAD_ATTR(extack, nla[NFTA_OBJ_TABLE]);
8665 		return PTR_ERR(table);
8666 	}
8667 
8668 	objtype = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
8669 	if (nla[NFTA_OBJ_HANDLE]) {
8670 		attr = nla[NFTA_OBJ_HANDLE];
8671 		obj = nft_obj_lookup_byhandle(table, attr, objtype, genmask);
8672 	} else {
8673 		attr = nla[NFTA_OBJ_NAME];
8674 		obj = nft_obj_lookup(net, table, attr, objtype, genmask);
8675 	}
8676 
8677 	if (IS_ERR(obj)) {
8678 		if (PTR_ERR(obj) == -ENOENT &&
8679 		    NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_DESTROYOBJ)
8680 			return 0;
8681 
8682 		NL_SET_BAD_ATTR(extack, attr);
8683 		return PTR_ERR(obj);
8684 	}
8685 	if (obj->use > 0) {
8686 		NL_SET_BAD_ATTR(extack, attr);
8687 		return -EBUSY;
8688 	}
8689 
8690 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
8691 
8692 	return nft_delobj(&ctx, obj);
8693 }
8694 
8695 static void
8696 __nft_obj_notify(struct net *net, const struct nft_table *table,
8697 		 struct nft_object *obj, u32 portid, u32 seq, int event,
8698 		 u16 flags, int family, int report, gfp_t gfp)
8699 {
8700 	struct nftables_pernet *nft_net = nft_pernet(net);
8701 	struct sk_buff *skb;
8702 	int err;
8703 
8704 	if (!report &&
8705 	    !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
8706 		return;
8707 
8708 	skb = nlmsg_new(NLMSG_GOODSIZE, gfp);
8709 	if (skb == NULL)
8710 		goto err;
8711 
8712 	err = nf_tables_fill_obj_info(skb, net, portid, seq, event,
8713 				      flags & (NLM_F_CREATE | NLM_F_EXCL),
8714 				      family, table, obj, false);
8715 	if (err < 0) {
8716 		kfree_skb(skb);
8717 		goto err;
8718 	}
8719 
8720 	nft_notify_enqueue(skb, report, &nft_net->notify_list);
8721 	return;
8722 err:
8723 	nfnetlink_set_err(net, portid, NFNLGRP_NFTABLES, -ENOBUFS);
8724 }
8725 
8726 void nft_obj_notify(struct net *net, const struct nft_table *table,
8727 		    struct nft_object *obj, u32 portid, u32 seq, int event,
8728 		    u16 flags, int family, int report, gfp_t gfp)
8729 {
8730 	char *buf = kasprintf(gfp, "%s:%u",
8731 			      table->name, nft_base_seq(net));
8732 
8733 	audit_log_nfcfg(buf,
8734 			family,
8735 			obj->handle,
8736 			event == NFT_MSG_NEWOBJ ?
8737 				 AUDIT_NFT_OP_OBJ_REGISTER :
8738 				 AUDIT_NFT_OP_OBJ_UNREGISTER,
8739 			gfp);
8740 	kfree(buf);
8741 
8742 	__nft_obj_notify(net, table, obj, portid, seq, event,
8743 			 flags, family, report, gfp);
8744 }
8745 EXPORT_SYMBOL_GPL(nft_obj_notify);
8746 
8747 static void nf_tables_obj_notify(const struct nft_ctx *ctx,
8748 				 struct nft_object *obj, int event)
8749 {
8750 	__nft_obj_notify(ctx->net, ctx->table, obj, ctx->portid,
8751 			 ctx->seq, event, ctx->flags, ctx->family,
8752 			 ctx->report, GFP_KERNEL);
8753 }
8754 
8755 /*
8756  * Flow tables
8757  */
8758 void nft_register_flowtable_type(struct nf_flowtable_type *type)
8759 {
8760 	nfnl_lock(NFNL_SUBSYS_NFTABLES);
8761 	list_add_tail_rcu(&type->list, &nf_tables_flowtables);
8762 	nfnl_unlock(NFNL_SUBSYS_NFTABLES);
8763 }
8764 EXPORT_SYMBOL_GPL(nft_register_flowtable_type);
8765 
8766 void nft_unregister_flowtable_type(struct nf_flowtable_type *type)
8767 {
8768 	nfnl_lock(NFNL_SUBSYS_NFTABLES);
8769 	list_del_rcu(&type->list);
8770 	nfnl_unlock(NFNL_SUBSYS_NFTABLES);
8771 }
8772 EXPORT_SYMBOL_GPL(nft_unregister_flowtable_type);
8773 
8774 static const struct nla_policy nft_flowtable_policy[NFTA_FLOWTABLE_MAX + 1] = {
8775 	[NFTA_FLOWTABLE_TABLE]		= { .type = NLA_STRING,
8776 					    .len = NFT_NAME_MAXLEN - 1 },
8777 	[NFTA_FLOWTABLE_NAME]		= { .type = NLA_STRING,
8778 					    .len = NFT_NAME_MAXLEN - 1 },
8779 	[NFTA_FLOWTABLE_HOOK]		= { .type = NLA_NESTED },
8780 	[NFTA_FLOWTABLE_HANDLE]		= { .type = NLA_U64 },
8781 	[NFTA_FLOWTABLE_FLAGS]		= NLA_POLICY_MASK(NLA_BE32, NFT_FLOWTABLE_MASK),
8782 };
8783 
8784 struct nft_flowtable *nft_flowtable_lookup(const struct net *net,
8785 					   const struct nft_table *table,
8786 					   const struct nlattr *nla, u8 genmask)
8787 {
8788 	struct nft_flowtable *flowtable;
8789 
8790 	list_for_each_entry_rcu(flowtable, &table->flowtables, list,
8791 				lockdep_commit_lock_is_held(net)) {
8792 		if (!nla_strcmp(nla, flowtable->name) &&
8793 		    nft_active_genmask(flowtable, genmask))
8794 			return flowtable;
8795 	}
8796 	return ERR_PTR(-ENOENT);
8797 }
8798 EXPORT_SYMBOL_GPL(nft_flowtable_lookup);
8799 
8800 void nf_tables_deactivate_flowtable(const struct nft_ctx *ctx,
8801 				    struct nft_flowtable *flowtable,
8802 				    enum nft_trans_phase phase)
8803 {
8804 	switch (phase) {
8805 	case NFT_TRANS_PREPARE_ERROR:
8806 	case NFT_TRANS_PREPARE:
8807 	case NFT_TRANS_ABORT:
8808 	case NFT_TRANS_RELEASE:
8809 		nft_use_dec(&flowtable->use);
8810 		fallthrough;
8811 	default:
8812 		return;
8813 	}
8814 }
8815 EXPORT_SYMBOL_GPL(nf_tables_deactivate_flowtable);
8816 
8817 static struct nft_flowtable *
8818 nft_flowtable_lookup_byhandle(const struct nft_table *table,
8819 			      const struct nlattr *nla, u8 genmask)
8820 {
8821        struct nft_flowtable *flowtable;
8822 
8823        list_for_each_entry(flowtable, &table->flowtables, list) {
8824                if (be64_to_cpu(nla_get_be64(nla)) == flowtable->handle &&
8825                    nft_active_genmask(flowtable, genmask))
8826                        return flowtable;
8827        }
8828        return ERR_PTR(-ENOENT);
8829 }
8830 
8831 struct nft_flowtable_hook {
8832 	u32			num;
8833 	int			priority;
8834 	struct list_head	list;
8835 };
8836 
8837 static const struct nla_policy nft_flowtable_hook_policy[NFTA_FLOWTABLE_HOOK_MAX + 1] = {
8838 	[NFTA_FLOWTABLE_HOOK_NUM]	= { .type = NLA_U32 },
8839 	[NFTA_FLOWTABLE_HOOK_PRIORITY]	= { .type = NLA_U32 },
8840 	[NFTA_FLOWTABLE_HOOK_DEVS]	= { .type = NLA_NESTED },
8841 };
8842 
8843 static int nft_flowtable_parse_hook(const struct nft_ctx *ctx,
8844 				    const struct nlattr * const nla[],
8845 				    struct nft_flowtable_hook *flowtable_hook,
8846 				    struct nft_flowtable *flowtable,
8847 				    struct netlink_ext_ack *extack, bool add)
8848 {
8849 	struct nlattr *tb[NFTA_FLOWTABLE_HOOK_MAX + 1];
8850 	struct nf_hook_ops *ops;
8851 	struct nft_hook *hook;
8852 	int hooknum, priority;
8853 	int err;
8854 
8855 	INIT_LIST_HEAD(&flowtable_hook->list);
8856 
8857 	err = nla_parse_nested_deprecated(tb, NFTA_FLOWTABLE_HOOK_MAX,
8858 					  nla[NFTA_FLOWTABLE_HOOK],
8859 					  nft_flowtable_hook_policy, NULL);
8860 	if (err < 0)
8861 		return err;
8862 
8863 	if (add) {
8864 		if (!tb[NFTA_FLOWTABLE_HOOK_NUM] ||
8865 		    !tb[NFTA_FLOWTABLE_HOOK_PRIORITY]) {
8866 			NL_SET_BAD_ATTR(extack, nla[NFTA_FLOWTABLE_NAME]);
8867 			return -ENOENT;
8868 		}
8869 
8870 		hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));
8871 		if (hooknum != NF_NETDEV_INGRESS)
8872 			return -EOPNOTSUPP;
8873 
8874 		priority = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_PRIORITY]));
8875 
8876 		flowtable_hook->priority	= priority;
8877 		flowtable_hook->num		= hooknum;
8878 	} else {
8879 		if (tb[NFTA_FLOWTABLE_HOOK_NUM]) {
8880 			hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));
8881 			if (hooknum != flowtable->hooknum)
8882 				return -EOPNOTSUPP;
8883 		}
8884 
8885 		if (tb[NFTA_FLOWTABLE_HOOK_PRIORITY]) {
8886 			priority = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_PRIORITY]));
8887 			if (priority != flowtable->data.priority)
8888 				return -EOPNOTSUPP;
8889 		}
8890 
8891 		flowtable_hook->priority	= flowtable->data.priority;
8892 		flowtable_hook->num		= flowtable->hooknum;
8893 	}
8894 
8895 	if (tb[NFTA_FLOWTABLE_HOOK_DEVS]) {
8896 		err = nf_tables_parse_netdev_hooks(ctx->net,
8897 						   tb[NFTA_FLOWTABLE_HOOK_DEVS],
8898 						   &flowtable_hook->list,
8899 						   extack);
8900 		if (err < 0)
8901 			return err;
8902 	}
8903 
8904 	list_for_each_entry(hook, &flowtable_hook->list, list) {
8905 		list_for_each_entry(ops, &hook->ops_list, list) {
8906 			ops->pf			= NFPROTO_NETDEV;
8907 			ops->hooknum		= flowtable_hook->num;
8908 			ops->priority		= flowtable_hook->priority;
8909 			ops->priv		= &flowtable->data;
8910 			ops->hook		= flowtable->data.type->hook;
8911 			ops->hook_ops_type	= NF_HOOK_OP_NFT_FT;
8912 		}
8913 	}
8914 
8915 	return err;
8916 }
8917 
8918 /* call under rcu_read_lock */
8919 static const struct nf_flowtable_type *__nft_flowtable_type_get(u8 family)
8920 {
8921 	const struct nf_flowtable_type *type;
8922 
8923 	list_for_each_entry_rcu(type, &nf_tables_flowtables, list) {
8924 		if (family == type->family)
8925 			return type;
8926 	}
8927 	return NULL;
8928 }
8929 
8930 static const struct nf_flowtable_type *
8931 nft_flowtable_type_get(struct net *net, u8 family)
8932 {
8933 	const struct nf_flowtable_type *type;
8934 
8935 	rcu_read_lock();
8936 	type = __nft_flowtable_type_get(family);
8937 	if (type != NULL && try_module_get(type->owner)) {
8938 		rcu_read_unlock();
8939 		return type;
8940 	}
8941 	rcu_read_unlock();
8942 
8943 	lockdep_nfnl_nft_mutex_not_held();
8944 #ifdef CONFIG_MODULES
8945 	if (type == NULL) {
8946 		if (nft_request_module(net, "nf-flowtable-%u", family) == -EAGAIN)
8947 			return ERR_PTR(-EAGAIN);
8948 	}
8949 #endif
8950 	return ERR_PTR(-ENOENT);
8951 }
8952 
8953 /* Only called from error and netdev event paths. */
8954 static void nft_unregister_flowtable_ops(struct net *net,
8955 					 struct nft_flowtable *flowtable,
8956 					 struct nf_hook_ops *ops)
8957 {
8958 	nf_unregister_net_hook(net, ops);
8959 	flowtable->data.type->setup(&flowtable->data, ops->dev,
8960 				    FLOW_BLOCK_UNBIND);
8961 }
8962 
8963 static void __nft_unregister_flowtable_net_hooks(struct net *net,
8964 						 struct nft_flowtable *flowtable,
8965 						 struct list_head *hook_list,
8966 					         bool release_netdev)
8967 {
8968 	struct nft_hook *hook, *next;
8969 	struct nf_hook_ops *ops;
8970 
8971 	list_for_each_entry_safe(hook, next, hook_list, list) {
8972 		list_for_each_entry(ops, &hook->ops_list, list)
8973 			nft_unregister_flowtable_ops(net, flowtable, ops);
8974 		if (release_netdev)
8975 			nft_netdev_hook_unlink_free_rcu(hook);
8976 	}
8977 }
8978 
8979 static void nft_unregister_flowtable_net_hooks(struct net *net,
8980 					       struct nft_flowtable *flowtable,
8981 					       struct list_head *hook_list)
8982 {
8983 	__nft_unregister_flowtable_net_hooks(net, flowtable, hook_list, false);
8984 }
8985 
8986 static int nft_register_flowtable_ops(struct net *net,
8987 				      struct nft_flowtable *flowtable,
8988 				      struct nf_hook_ops *ops)
8989 {
8990 	int err;
8991 
8992 	err = flowtable->data.type->setup(&flowtable->data,
8993 					  ops->dev, FLOW_BLOCK_BIND);
8994 	if (err < 0)
8995 		return err;
8996 
8997 	err = nf_register_net_hook(net, ops);
8998 	if (!err)
8999 		return 0;
9000 
9001 	flowtable->data.type->setup(&flowtable->data,
9002 				    ops->dev, FLOW_BLOCK_UNBIND);
9003 	return err;
9004 }
9005 
9006 static int nft_register_flowtable_net_hooks(struct net *net,
9007 					    struct nft_table *table,
9008 					    struct list_head *hook_list,
9009 					    struct nft_flowtable *flowtable)
9010 {
9011 	struct nft_hook *hook, *next;
9012 	struct nft_flowtable *ft;
9013 	struct nf_hook_ops *ops;
9014 	int err, i = 0;
9015 
9016 	list_for_each_entry(hook, hook_list, list) {
9017 		list_for_each_entry(ft, &table->flowtables, list) {
9018 			if (!nft_is_active_next(net, ft))
9019 				continue;
9020 
9021 			if (nft_hook_list_find(&ft->hook_list, hook)) {
9022 				err = -EEXIST;
9023 				goto err_unregister_net_hooks;
9024 			}
9025 		}
9026 
9027 		list_for_each_entry(ops, &hook->ops_list, list) {
9028 			err = nft_register_flowtable_ops(net, flowtable, ops);
9029 			if (err < 0)
9030 				goto err_unregister_net_hooks;
9031 
9032 			i++;
9033 		}
9034 	}
9035 
9036 	return 0;
9037 
9038 err_unregister_net_hooks:
9039 	list_for_each_entry_safe(hook, next, hook_list, list) {
9040 		list_for_each_entry(ops, &hook->ops_list, list) {
9041 			if (i-- <= 0)
9042 				break;
9043 
9044 			nft_unregister_flowtable_ops(net, flowtable, ops);
9045 		}
9046 		nft_netdev_hook_unlink_free_rcu(hook);
9047 	}
9048 
9049 	return err;
9050 }
9051 
9052 static void nft_hooks_destroy(struct list_head *hook_list)
9053 {
9054 	struct nft_hook *hook, *next;
9055 
9056 	list_for_each_entry_safe(hook, next, hook_list, list)
9057 		nft_netdev_hook_unlink_free_rcu(hook);
9058 }
9059 
9060 static void nft_flowtable_unregister_trans_hook(struct net *net,
9061 						struct nft_flowtable *flowtable,
9062 						struct list_head *hook_list)
9063 {
9064 	struct nft_trans_hook *trans_hook, *next;
9065 	struct nf_hook_ops *ops;
9066 	struct nft_hook *hook;
9067 
9068 	list_for_each_entry_safe(trans_hook, next, hook_list, list) {
9069 		hook = trans_hook->hook;
9070 		list_for_each_entry(ops, &hook->ops_list, list)
9071 			nft_unregister_flowtable_ops(net, flowtable, ops);
9072 
9073 		nft_netdev_hook_unlink_free_rcu(hook);
9074 		nft_trans_hook_destroy(trans_hook);
9075 	}
9076 }
9077 
9078 static int nft_flowtable_update(struct nft_ctx *ctx, const struct nlmsghdr *nlh,
9079 				struct nft_flowtable *flowtable,
9080 				struct netlink_ext_ack *extack)
9081 {
9082 	const struct nlattr * const *nla = ctx->nla;
9083 	struct nft_flowtable_hook flowtable_hook;
9084 	struct nftables_pernet *nft_net;
9085 	struct nft_hook *hook, *next;
9086 	struct nf_hook_ops *ops;
9087 	struct nft_trans *trans;
9088 	bool unregister = false;
9089 	u32 flags;
9090 	int err;
9091 
9092 	err = nft_flowtable_parse_hook(ctx, nla, &flowtable_hook, flowtable,
9093 				       extack, false);
9094 	if (err < 0)
9095 		return err;
9096 
9097 	list_for_each_entry_safe(hook, next, &flowtable_hook.list, list) {
9098 		if (nft_hook_list_find(&flowtable->hook_list, hook)) {
9099 			list_del(&hook->list);
9100 			nft_netdev_hook_free(hook);
9101 			continue;
9102 		}
9103 
9104 		nft_net = nft_pernet(ctx->net);
9105 		list_for_each_entry(trans, &nft_net->commit_list, list) {
9106 			if (trans->msg_type != NFT_MSG_NEWFLOWTABLE ||
9107 			    trans->table != ctx->table ||
9108 			    !nft_trans_flowtable_update(trans))
9109 				continue;
9110 
9111 			if (nft_hook_list_find(&nft_trans_flowtable_hooks(trans), hook)) {
9112 				err = -EEXIST;
9113 				goto err_flowtable_update_hook;
9114 			}
9115 		}
9116 	}
9117 
9118 	if (nla[NFTA_FLOWTABLE_FLAGS]) {
9119 		flags = ntohl(nla_get_be32(nla[NFTA_FLOWTABLE_FLAGS]));
9120 		if (flags & ~NFT_FLOWTABLE_MASK) {
9121 			err = -EOPNOTSUPP;
9122 			goto err_flowtable_update_hook;
9123 		}
9124 		if ((flowtable->data.flags & NFT_FLOWTABLE_HW_OFFLOAD) ^
9125 		    (flags & NFT_FLOWTABLE_HW_OFFLOAD)) {
9126 			err = -EOPNOTSUPP;
9127 			goto err_flowtable_update_hook;
9128 		}
9129 	} else {
9130 		flags = flowtable->data.flags;
9131 	}
9132 
9133 	err = nft_register_flowtable_net_hooks(ctx->net, ctx->table,
9134 					       &flowtable_hook.list, flowtable);
9135 	if (err < 0)
9136 		goto err_flowtable_update_hook;
9137 
9138 	trans = nft_trans_alloc(ctx, NFT_MSG_NEWFLOWTABLE,
9139 				sizeof(struct nft_trans_flowtable));
9140 	if (!trans) {
9141 		unregister = true;
9142 		err = -ENOMEM;
9143 		goto err_flowtable_update_hook;
9144 	}
9145 
9146 	nft_trans_flowtable_flags(trans) = flags;
9147 	nft_trans_flowtable(trans) = flowtable;
9148 	nft_trans_flowtable_update(trans) = true;
9149 	INIT_LIST_HEAD(&nft_trans_flowtable_hooks(trans));
9150 	list_splice(&flowtable_hook.list, &nft_trans_flowtable_hooks(trans));
9151 
9152 	nft_trans_commit_list_add_tail(ctx->net, trans);
9153 
9154 	return 0;
9155 
9156 err_flowtable_update_hook:
9157 	list_for_each_entry_safe(hook, next, &flowtable_hook.list, list) {
9158 		if (unregister) {
9159 			list_for_each_entry(ops, &hook->ops_list, list)
9160 				nft_unregister_flowtable_ops(ctx->net,
9161 							     flowtable, ops);
9162 		}
9163 		nft_netdev_hook_unlink_free_rcu(hook);
9164 	}
9165 
9166 	return err;
9167 
9168 }
9169 
9170 static int nf_tables_newflowtable(struct sk_buff *skb,
9171 				  const struct nfnl_info *info,
9172 				  const struct nlattr * const nla[])
9173 {
9174 	struct netlink_ext_ack *extack = info->extack;
9175 	struct nft_flowtable_hook flowtable_hook;
9176 	u8 genmask = nft_genmask_next(info->net);
9177 	u8 family = info->nfmsg->nfgen_family;
9178 	const struct nf_flowtable_type *type;
9179 	struct nft_flowtable *flowtable;
9180 	struct net *net = info->net;
9181 	struct nft_table *table;
9182 	struct nft_trans *trans;
9183 	struct nft_ctx ctx;
9184 	int err;
9185 
9186 	if (!nla[NFTA_FLOWTABLE_TABLE] ||
9187 	    !nla[NFTA_FLOWTABLE_NAME] ||
9188 	    !nla[NFTA_FLOWTABLE_HOOK])
9189 		return -EINVAL;
9190 
9191 	table = nft_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], family,
9192 				 genmask, NETLINK_CB(skb).portid);
9193 	if (IS_ERR(table)) {
9194 		NL_SET_BAD_ATTR(extack, nla[NFTA_FLOWTABLE_TABLE]);
9195 		return PTR_ERR(table);
9196 	}
9197 
9198 	flowtable = nft_flowtable_lookup(net, table, nla[NFTA_FLOWTABLE_NAME],
9199 					 genmask);
9200 	if (IS_ERR(flowtable)) {
9201 		err = PTR_ERR(flowtable);
9202 		if (err != -ENOENT) {
9203 			NL_SET_BAD_ATTR(extack, nla[NFTA_FLOWTABLE_NAME]);
9204 			return err;
9205 		}
9206 	} else {
9207 		if (info->nlh->nlmsg_flags & NLM_F_EXCL) {
9208 			NL_SET_BAD_ATTR(extack, nla[NFTA_FLOWTABLE_NAME]);
9209 			return -EEXIST;
9210 		}
9211 
9212 		nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
9213 
9214 		return nft_flowtable_update(&ctx, info->nlh, flowtable, extack);
9215 	}
9216 
9217 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
9218 
9219 	if (!nft_use_inc(&table->use))
9220 		return -EMFILE;
9221 
9222 	flowtable = kzalloc_obj(*flowtable, GFP_KERNEL_ACCOUNT);
9223 	if (!flowtable) {
9224 		err = -ENOMEM;
9225 		goto flowtable_alloc;
9226 	}
9227 
9228 	flowtable->table = table;
9229 	flowtable->handle = nf_tables_alloc_handle(table);
9230 	INIT_LIST_HEAD(&flowtable->hook_list);
9231 
9232 	flowtable->name = nla_strdup(nla[NFTA_FLOWTABLE_NAME], GFP_KERNEL_ACCOUNT);
9233 	if (!flowtable->name) {
9234 		err = -ENOMEM;
9235 		goto err1;
9236 	}
9237 
9238 	type = nft_flowtable_type_get(net, family);
9239 	if (IS_ERR(type)) {
9240 		err = PTR_ERR(type);
9241 		goto err2;
9242 	}
9243 
9244 	if (nla[NFTA_FLOWTABLE_FLAGS]) {
9245 		flowtable->data.flags =
9246 			ntohl(nla_get_be32(nla[NFTA_FLOWTABLE_FLAGS]));
9247 		if (flowtable->data.flags & ~NFT_FLOWTABLE_MASK) {
9248 			err = -EOPNOTSUPP;
9249 			goto err3;
9250 		}
9251 	}
9252 
9253 	write_pnet(&flowtable->data.net, net);
9254 	flowtable->data.type = type;
9255 	err = type->init(&flowtable->data);
9256 	if (err < 0)
9257 		goto err3;
9258 
9259 	err = nft_flowtable_parse_hook(&ctx, nla, &flowtable_hook, flowtable,
9260 				       extack, true);
9261 	if (err < 0)
9262 		goto err_flowtable_parse_hooks;
9263 
9264 	list_splice(&flowtable_hook.list, &flowtable->hook_list);
9265 	flowtable->data.priority = flowtable_hook.priority;
9266 	flowtable->hooknum = flowtable_hook.num;
9267 
9268 	trans = nft_trans_flowtable_add(&ctx, NFT_MSG_NEWFLOWTABLE, flowtable);
9269 	if (IS_ERR(trans)) {
9270 		err = PTR_ERR(trans);
9271 		goto err_flowtable_trans;
9272 	}
9273 
9274 	/* This must be LAST to ensure no packets are walking over this flowtable. */
9275 	err = nft_register_flowtable_net_hooks(ctx.net, table,
9276 					       &flowtable->hook_list,
9277 					       flowtable);
9278 	if (err < 0)
9279 		goto err_flowtable_hooks;
9280 
9281 	list_add_tail_rcu(&flowtable->list, &table->flowtables);
9282 
9283 	return 0;
9284 
9285 err_flowtable_hooks:
9286 	synchronize_rcu();
9287 	nft_trans_destroy(trans);
9288 err_flowtable_trans:
9289 	nft_hooks_destroy(&flowtable->hook_list);
9290 err_flowtable_parse_hooks:
9291 	flowtable->data.type->free(&flowtable->data);
9292 err3:
9293 	module_put(type->owner);
9294 err2:
9295 	kfree(flowtable->name);
9296 err1:
9297 	kfree(flowtable);
9298 flowtable_alloc:
9299 	nft_use_dec_restore(&table->use);
9300 
9301 	return err;
9302 }
9303 
9304 static void nft_flowtable_hook_release(struct nft_flowtable_hook *flowtable_hook)
9305 {
9306 	struct nft_hook *this, *next;
9307 
9308 	list_for_each_entry_safe(this, next, &flowtable_hook->list, list) {
9309 		list_del(&this->list);
9310 		nft_netdev_hook_free(this);
9311 	}
9312 }
9313 
9314 static int nft_delflowtable_hook(struct nft_ctx *ctx,
9315 				 struct nft_flowtable *flowtable,
9316 				 struct netlink_ext_ack *extack)
9317 {
9318 	const struct nlattr * const *nla = ctx->nla;
9319 	struct nft_flowtable_hook flowtable_hook;
9320 	LIST_HEAD(flowtable_del_list);
9321 	struct nft_hook *this, *hook;
9322 	struct nft_trans *trans;
9323 	int err;
9324 
9325 	err = nft_flowtable_parse_hook(ctx, nla, &flowtable_hook, flowtable,
9326 				       extack, false);
9327 	if (err < 0)
9328 		return err;
9329 
9330 	list_for_each_entry(this, &flowtable_hook.list, list) {
9331 		hook = nft_hook_list_find(&flowtable->hook_list, this);
9332 		if (!hook) {
9333 			err = -ENOENT;
9334 			goto err_flowtable_del_hook;
9335 		}
9336 		if (nft_trans_delhook(hook, &flowtable_del_list) < 0) {
9337 			err = -ENOMEM;
9338 			goto err_flowtable_del_hook;
9339 		}
9340 	}
9341 
9342 	trans = nft_trans_alloc(ctx, NFT_MSG_DELFLOWTABLE,
9343 				sizeof(struct nft_trans_flowtable));
9344 	if (!trans) {
9345 		err = -ENOMEM;
9346 		goto err_flowtable_del_hook;
9347 	}
9348 
9349 	nft_trans_flowtable(trans) = flowtable;
9350 	nft_trans_flowtable_update(trans) = true;
9351 	INIT_LIST_HEAD(&nft_trans_flowtable_hooks(trans));
9352 	list_splice(&flowtable_del_list, &nft_trans_flowtable_hooks(trans));
9353 	nft_flowtable_hook_release(&flowtable_hook);
9354 
9355 	nft_trans_commit_list_add_tail(ctx->net, trans);
9356 
9357 	return 0;
9358 
9359 err_flowtable_del_hook:
9360 	nft_trans_delhook_abort(&flowtable_del_list);
9361 	nft_flowtable_hook_release(&flowtable_hook);
9362 
9363 	return err;
9364 }
9365 
9366 static int nf_tables_delflowtable(struct sk_buff *skb,
9367 				  const struct nfnl_info *info,
9368 				  const struct nlattr * const nla[])
9369 {
9370 	struct netlink_ext_ack *extack = info->extack;
9371 	u8 genmask = nft_genmask_next(info->net);
9372 	u8 family = info->nfmsg->nfgen_family;
9373 	struct nft_flowtable *flowtable;
9374 	struct net *net = info->net;
9375 	const struct nlattr *attr;
9376 	struct nft_table *table;
9377 	struct nft_ctx ctx;
9378 
9379 	if (!nla[NFTA_FLOWTABLE_TABLE] ||
9380 	    (!nla[NFTA_FLOWTABLE_NAME] &&
9381 	     !nla[NFTA_FLOWTABLE_HANDLE]))
9382 		return -EINVAL;
9383 
9384 	table = nft_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], family,
9385 				 genmask, NETLINK_CB(skb).portid);
9386 	if (IS_ERR(table)) {
9387 		NL_SET_BAD_ATTR(extack, nla[NFTA_FLOWTABLE_TABLE]);
9388 		return PTR_ERR(table);
9389 	}
9390 
9391 	if (nla[NFTA_FLOWTABLE_HANDLE]) {
9392 		attr = nla[NFTA_FLOWTABLE_HANDLE];
9393 		flowtable = nft_flowtable_lookup_byhandle(table, attr, genmask);
9394 	} else {
9395 		attr = nla[NFTA_FLOWTABLE_NAME];
9396 		flowtable = nft_flowtable_lookup(net, table, attr, genmask);
9397 	}
9398 
9399 	if (IS_ERR(flowtable)) {
9400 		if (PTR_ERR(flowtable) == -ENOENT &&
9401 		    NFNL_MSG_TYPE(info->nlh->nlmsg_type) == NFT_MSG_DESTROYFLOWTABLE)
9402 			return 0;
9403 
9404 		NL_SET_BAD_ATTR(extack, attr);
9405 		return PTR_ERR(flowtable);
9406 	}
9407 
9408 	nft_ctx_init(&ctx, net, skb, info->nlh, family, table, NULL, nla);
9409 
9410 	if (nla[NFTA_FLOWTABLE_HOOK])
9411 		return nft_delflowtable_hook(&ctx, flowtable, extack);
9412 
9413 	if (flowtable->use > 0) {
9414 		NL_SET_BAD_ATTR(extack, attr);
9415 		return -EBUSY;
9416 	}
9417 
9418 	return nft_delflowtable(&ctx, flowtable);
9419 }
9420 
9421 static int nf_tables_fill_flowtable_info(struct sk_buff *skb, struct net *net,
9422 					 u32 portid, u32 seq, int event,
9423 					 u32 flags, int family,
9424 					 struct nft_flowtable *flowtable,
9425 					 struct list_head *hook_list,
9426 					 struct list_head *trans_hook_list)
9427 {
9428 	struct nft_trans_hook *trans_hook;
9429 	struct nlattr *nest, *nest_devs;
9430 	struct nft_hook *hook;
9431 	struct nlmsghdr *nlh;
9432 
9433 	nlh = nfnl_msg_put(skb, portid, seq,
9434 			   nfnl_msg_type(NFNL_SUBSYS_NFTABLES, event),
9435 			   flags, family, NFNETLINK_V0, nft_base_seq_be16(net));
9436 	if (!nlh)
9437 		goto nla_put_failure;
9438 
9439 	if (nla_put_string(skb, NFTA_FLOWTABLE_TABLE, flowtable->table->name) ||
9440 	    nla_put_string(skb, NFTA_FLOWTABLE_NAME, flowtable->name) ||
9441 	    nla_put_be64(skb, NFTA_FLOWTABLE_HANDLE, cpu_to_be64(flowtable->handle),
9442 			 NFTA_FLOWTABLE_PAD))
9443 		goto nla_put_failure;
9444 
9445 	if (!hook_list && !trans_hook_list &&
9446 	    (event == NFT_MSG_DELFLOWTABLE ||
9447 	     event == NFT_MSG_DESTROYFLOWTABLE)) {
9448 		nlmsg_end(skb, nlh);
9449 		return 0;
9450 	}
9451 
9452 	if (nla_put_be32(skb, NFTA_FLOWTABLE_USE, htonl(flowtable->use)) ||
9453 	    nla_put_be32(skb, NFTA_FLOWTABLE_FLAGS, htonl(flowtable->data.flags)))
9454 		goto nla_put_failure;
9455 
9456 	nest = nla_nest_start_noflag(skb, NFTA_FLOWTABLE_HOOK);
9457 	if (!nest)
9458 		goto nla_put_failure;
9459 	if (nla_put_be32(skb, NFTA_FLOWTABLE_HOOK_NUM, htonl(flowtable->hooknum)) ||
9460 	    nla_put_be32(skb, NFTA_FLOWTABLE_HOOK_PRIORITY, htonl(flowtable->data.priority)))
9461 		goto nla_put_failure;
9462 
9463 	nest_devs = nla_nest_start_noflag(skb, NFTA_FLOWTABLE_HOOK_DEVS);
9464 	if (!nest_devs)
9465 		goto nla_put_failure;
9466 
9467 	if (!hook_list && !trans_hook_list)
9468 		hook_list = &flowtable->hook_list;
9469 
9470 	if (hook_list) {
9471 		list_for_each_entry_rcu(hook, hook_list, list,
9472 					lockdep_commit_lock_is_held(net)) {
9473 			if (nft_nla_put_hook_dev(skb, hook))
9474 				goto nla_put_failure;
9475 		}
9476 	} else if (trans_hook_list) {
9477 		list_for_each_entry(trans_hook, trans_hook_list, list) {
9478 			if (nft_nla_put_hook_dev(skb, trans_hook->hook))
9479 				goto nla_put_failure;
9480 		}
9481 	}
9482 	nla_nest_end(skb, nest_devs);
9483 	nla_nest_end(skb, nest);
9484 
9485 	nlmsg_end(skb, nlh);
9486 	return 0;
9487 
9488 nla_put_failure:
9489 	nlmsg_trim(skb, nlh);
9490 	return -1;
9491 }
9492 
9493 struct nft_flowtable_filter {
9494 	char		*table;
9495 };
9496 
9497 static int nf_tables_dump_flowtable(struct sk_buff *skb,
9498 				    struct netlink_callback *cb)
9499 {
9500 	const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
9501 	struct nft_flowtable_filter *filter = cb->data;
9502 	unsigned int idx = 0, s_idx = cb->args[0];
9503 	struct net *net = sock_net(skb->sk);
9504 	int family = nfmsg->nfgen_family;
9505 	struct nft_flowtable *flowtable;
9506 	struct nftables_pernet *nft_net;
9507 	const struct nft_table *table;
9508 
9509 	rcu_read_lock();
9510 	nft_net = nft_pernet(net);
9511 	cb->seq = nft_base_seq(net);
9512 
9513 	list_for_each_entry_rcu(table, &nft_net->tables, list) {
9514 		if (family != NFPROTO_UNSPEC && family != table->family)
9515 			continue;
9516 
9517 		list_for_each_entry_rcu(flowtable, &table->flowtables, list) {
9518 			if (!nft_is_active(net, flowtable))
9519 				goto cont;
9520 			if (idx < s_idx)
9521 				goto cont;
9522 			if (idx > s_idx)
9523 				memset(&cb->args[1], 0,
9524 				       sizeof(cb->args) - sizeof(cb->args[0]));
9525 			if (filter && filter->table &&
9526 			    strcmp(filter->table, table->name))
9527 				goto cont;
9528 
9529 			if (nf_tables_fill_flowtable_info(skb, net, NETLINK_CB(cb->skb).portid,
9530 							  cb->nlh->nlmsg_seq,
9531 							  NFT_MSG_NEWFLOWTABLE,
9532 							  NLM_F_MULTI | NLM_F_APPEND,
9533 							  table->family,
9534 							  flowtable, NULL, NULL) < 0)
9535 				goto done;
9536 
9537 			nl_dump_check_consistent(cb, nlmsg_hdr(skb));
9538 cont:
9539 			idx++;
9540 		}
9541 	}
9542 done:
9543 	rcu_read_unlock();
9544 
9545 	cb->args[0] = idx;
9546 	return skb->len;
9547 }
9548 
9549 static int nf_tables_dump_flowtable_start(struct netlink_callback *cb)
9550 {
9551 	const struct nlattr * const *nla = cb->data;
9552 	struct nft_flowtable_filter *filter = NULL;
9553 
9554 	if (nla[NFTA_FLOWTABLE_TABLE]) {
9555 		filter = kzalloc_obj(*filter, GFP_ATOMIC);
9556 		if (!filter)
9557 			return -ENOMEM;
9558 
9559 		filter->table = nla_strdup(nla[NFTA_FLOWTABLE_TABLE],
9560 					   GFP_ATOMIC);
9561 		if (!filter->table) {
9562 			kfree(filter);
9563 			return -ENOMEM;
9564 		}
9565 	}
9566 
9567 	cb->data = filter;
9568 	return 0;
9569 }
9570 
9571 static int nf_tables_dump_flowtable_done(struct netlink_callback *cb)
9572 {
9573 	struct nft_flowtable_filter *filter = cb->data;
9574 
9575 	if (!filter)
9576 		return 0;
9577 
9578 	kfree(filter->table);
9579 	kfree(filter);
9580 
9581 	return 0;
9582 }
9583 
9584 /* called with rcu_read_lock held */
9585 static int nf_tables_getflowtable(struct sk_buff *skb,
9586 				  const struct nfnl_info *info,
9587 				  const struct nlattr * const nla[])
9588 {
9589 	struct netlink_ext_ack *extack = info->extack;
9590 	u8 genmask = nft_genmask_cur(info->net);
9591 	u8 family = info->nfmsg->nfgen_family;
9592 	struct nft_flowtable *flowtable;
9593 	const struct nft_table *table;
9594 	struct net *net = info->net;
9595 	struct sk_buff *skb2;
9596 	int err;
9597 
9598 	if (info->nlh->nlmsg_flags & NLM_F_DUMP) {
9599 		struct netlink_dump_control c = {
9600 			.start = nf_tables_dump_flowtable_start,
9601 			.dump = nf_tables_dump_flowtable,
9602 			.done = nf_tables_dump_flowtable_done,
9603 			.module = THIS_MODULE,
9604 			.data = (void *)nla,
9605 		};
9606 
9607 		return nft_netlink_dump_start_rcu(info->sk, skb, info->nlh, &c);
9608 	}
9609 
9610 	if (!nla[NFTA_FLOWTABLE_NAME])
9611 		return -EINVAL;
9612 
9613 	table = nft_table_lookup(net, nla[NFTA_FLOWTABLE_TABLE], family,
9614 				 genmask, 0);
9615 	if (IS_ERR(table)) {
9616 		NL_SET_BAD_ATTR(extack, nla[NFTA_FLOWTABLE_TABLE]);
9617 		return PTR_ERR(table);
9618 	}
9619 
9620 	flowtable = nft_flowtable_lookup(net, table, nla[NFTA_FLOWTABLE_NAME],
9621 					 genmask);
9622 	if (IS_ERR(flowtable)) {
9623 		NL_SET_BAD_ATTR(extack, nla[NFTA_FLOWTABLE_NAME]);
9624 		return PTR_ERR(flowtable);
9625 	}
9626 
9627 	skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
9628 	if (!skb2)
9629 		return -ENOMEM;
9630 
9631 	err = nf_tables_fill_flowtable_info(skb2, net, NETLINK_CB(skb).portid,
9632 					    info->nlh->nlmsg_seq,
9633 					    NFT_MSG_NEWFLOWTABLE, 0, family,
9634 					    flowtable, NULL, NULL);
9635 	if (err < 0)
9636 		goto err_fill_flowtable_info;
9637 
9638 	return nfnetlink_unicast(skb2, net, NETLINK_CB(skb).portid);
9639 
9640 err_fill_flowtable_info:
9641 	kfree_skb(skb2);
9642 	return err;
9643 }
9644 
9645 static void nf_tables_flowtable_notify(struct nft_ctx *ctx,
9646 				       struct nft_flowtable *flowtable,
9647 				       struct list_head *hook_list,
9648 				       struct list_head *trans_hook_list,
9649 				       int event)
9650 {
9651 	struct nftables_pernet *nft_net = nft_pernet(ctx->net);
9652 	struct sk_buff *skb;
9653 	u16 flags = 0;
9654 	int err;
9655 
9656 	if (!ctx->report &&
9657 	    !nfnetlink_has_listeners(ctx->net, NFNLGRP_NFTABLES))
9658 		return;
9659 
9660 	skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
9661 	if (skb == NULL)
9662 		goto err;
9663 
9664 	if (ctx->flags & (NLM_F_CREATE | NLM_F_EXCL))
9665 		flags |= ctx->flags & (NLM_F_CREATE | NLM_F_EXCL);
9666 
9667 	err = nf_tables_fill_flowtable_info(skb, ctx->net, ctx->portid,
9668 					    ctx->seq, event, flags,
9669 					    ctx->family, flowtable,
9670 					    hook_list, trans_hook_list);
9671 	if (err < 0) {
9672 		kfree_skb(skb);
9673 		goto err;
9674 	}
9675 
9676 	nft_notify_enqueue(skb, ctx->report, &nft_net->notify_list);
9677 	return;
9678 err:
9679 	nfnetlink_set_err(ctx->net, ctx->portid, NFNLGRP_NFTABLES, -ENOBUFS);
9680 }
9681 
9682 static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)
9683 {
9684 	flowtable->data.type->free(&flowtable->data);
9685 	nft_hooks_destroy(&flowtable->hook_list);
9686 	kfree(flowtable->name);
9687 	module_put(flowtable->data.type->owner);
9688 	kfree(flowtable);
9689 }
9690 
9691 static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
9692 				   u32 portid, u32 seq)
9693 {
9694 	struct nlmsghdr *nlh;
9695 	char buf[TASK_COMM_LEN];
9696 	int event = nfnl_msg_type(NFNL_SUBSYS_NFTABLES, NFT_MSG_NEWGEN);
9697 
9698 	nlh = nfnl_msg_put(skb, portid, seq, event, 0, AF_UNSPEC,
9699 			   NFNETLINK_V0, nft_base_seq_be16(net));
9700 	if (!nlh)
9701 		goto nla_put_failure;
9702 
9703 	if (nla_put_be32(skb, NFTA_GEN_ID, htonl(nft_base_seq(net))) ||
9704 	    nla_put_be32(skb, NFTA_GEN_PROC_PID, htonl(task_pid_nr(current))) ||
9705 	    nla_put_string(skb, NFTA_GEN_PROC_NAME, get_task_comm(buf, current)))
9706 		goto nla_put_failure;
9707 
9708 	nlmsg_end(skb, nlh);
9709 	return 0;
9710 
9711 nla_put_failure:
9712 	nlmsg_trim(skb, nlh);
9713 	return -EMSGSIZE;
9714 }
9715 
9716 struct nf_hook_ops *nft_hook_find_ops(const struct nft_hook *hook,
9717 				      const struct net_device *dev)
9718 {
9719 	struct nf_hook_ops *ops;
9720 
9721 	list_for_each_entry(ops, &hook->ops_list, list) {
9722 		if (ops->dev == dev)
9723 			return ops;
9724 	}
9725 	return NULL;
9726 }
9727 EXPORT_SYMBOL_GPL(nft_hook_find_ops);
9728 
9729 struct nf_hook_ops *nft_hook_find_ops_rcu(const struct nft_hook *hook,
9730 					  const struct net_device *dev)
9731 {
9732 	struct nf_hook_ops *ops;
9733 
9734 	list_for_each_entry_rcu(ops, &hook->ops_list, list) {
9735 		if (ops->dev == dev)
9736 			return ops;
9737 	}
9738 	return NULL;
9739 }
9740 EXPORT_SYMBOL_GPL(nft_hook_find_ops_rcu);
9741 
9742 static int nft_flowtable_event(unsigned long event, struct net_device *dev,
9743 			       struct nft_flowtable *flowtable, bool changename)
9744 {
9745 	struct nf_hook_ops *ops;
9746 	struct nft_hook *hook;
9747 	bool match;
9748 
9749 	list_for_each_entry(hook, &flowtable->hook_list, list) {
9750 		ops = nft_hook_find_ops(hook, dev);
9751 		match = !strncmp(hook->ifname, dev->name, hook->ifnamelen);
9752 
9753 		switch (event) {
9754 		case NETDEV_UNREGISTER:
9755 			/* NOP if not found or new name still matching */
9756 			if (!ops || (changename && match))
9757 				continue;
9758 
9759 			/* flow_offload_netdev_event() cleans up entries for us. */
9760 			nft_unregister_flowtable_ops(dev_net(dev),
9761 						     flowtable, ops);
9762 			list_del_rcu(&ops->list);
9763 			kfree_rcu(ops, rcu);
9764 			break;
9765 		case NETDEV_REGISTER:
9766 			/* NOP if not matching or already registered */
9767 			if (!match || ops)
9768 				continue;
9769 
9770 			ops = kzalloc_obj(struct nf_hook_ops,
9771 					  GFP_KERNEL_ACCOUNT);
9772 			if (!ops)
9773 				return 1;
9774 
9775 			ops->pf			= NFPROTO_NETDEV;
9776 			ops->hooknum		= flowtable->hooknum;
9777 			ops->priority		= flowtable->data.priority;
9778 			ops->priv		= &flowtable->data;
9779 			ops->hook		= flowtable->data.type->hook;
9780 			ops->hook_ops_type	= NF_HOOK_OP_NFT_FT;
9781 			ops->dev		= dev;
9782 			if (nft_register_flowtable_ops(dev_net(dev),
9783 						       flowtable, ops)) {
9784 				kfree(ops);
9785 				return 1;
9786 			}
9787 			list_add_tail_rcu(&ops->list, &hook->ops_list);
9788 			break;
9789 		}
9790 		break;
9791 	}
9792 	return 0;
9793 }
9794 
9795 static int __nf_tables_flowtable_event(unsigned long event,
9796 				       struct net_device *dev,
9797 				       bool changename)
9798 {
9799 	struct nftables_pernet *nft_net = nft_pernet(dev_net(dev));
9800 	struct nft_flowtable *flowtable;
9801 	struct nft_table *table;
9802 
9803 	list_for_each_entry(table, &nft_net->tables, list) {
9804 		list_for_each_entry(flowtable, &table->flowtables, list) {
9805 			if (nft_flowtable_event(event, dev,
9806 						flowtable, changename))
9807 				return 1;
9808 		}
9809 	}
9810 	return 0;
9811 }
9812 
9813 static int nf_tables_flowtable_event(struct notifier_block *this,
9814 				     unsigned long event, void *ptr)
9815 {
9816 	struct net_device *dev = netdev_notifier_info_to_dev(ptr);
9817 	struct nftables_pernet *nft_net;
9818 	int ret = NOTIFY_DONE;
9819 	struct net *net;
9820 
9821 	if (event != NETDEV_REGISTER &&
9822 	    event != NETDEV_UNREGISTER &&
9823 	    event != NETDEV_CHANGENAME)
9824 		return NOTIFY_DONE;
9825 
9826 	net = dev_net(dev);
9827 	nft_net = nft_pernet(net);
9828 	mutex_lock(&nft_net->commit_mutex);
9829 
9830 	if (event == NETDEV_CHANGENAME) {
9831 		if (__nf_tables_flowtable_event(NETDEV_REGISTER, dev, true)) {
9832 			ret = NOTIFY_BAD;
9833 			goto out_unlock;
9834 		}
9835 		__nf_tables_flowtable_event(NETDEV_UNREGISTER, dev, true);
9836 	} else if (__nf_tables_flowtable_event(event, dev, false)) {
9837 		ret = NOTIFY_BAD;
9838 	}
9839 out_unlock:
9840 	mutex_unlock(&nft_net->commit_mutex);
9841 	return ret;
9842 }
9843 
9844 static struct notifier_block nf_tables_flowtable_notifier = {
9845 	.notifier_call	= nf_tables_flowtable_event,
9846 };
9847 
9848 static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb,
9849 				 int event)
9850 {
9851 	struct nlmsghdr *nlh = nlmsg_hdr(skb);
9852 	struct sk_buff *skb2;
9853 	int err;
9854 
9855 	if (!nlmsg_report(nlh) &&
9856 	    !nfnetlink_has_listeners(net, NFNLGRP_NFTABLES))
9857 		return;
9858 
9859 	skb2 = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL);
9860 	if (skb2 == NULL)
9861 		goto err;
9862 
9863 	err = nf_tables_fill_gen_info(skb2, net, NETLINK_CB(skb).portid,
9864 				      nlh->nlmsg_seq);
9865 	if (err < 0) {
9866 		kfree_skb(skb2);
9867 		goto err;
9868 	}
9869 
9870 	nfnetlink_send(skb2, net, NETLINK_CB(skb).portid, NFNLGRP_NFTABLES,
9871 		       nlmsg_report(nlh), GFP_KERNEL);
9872 	return;
9873 err:
9874 	nfnetlink_set_err(net, NETLINK_CB(skb).portid, NFNLGRP_NFTABLES,
9875 			  -ENOBUFS);
9876 }
9877 
9878 static int nf_tables_getgen(struct sk_buff *skb, const struct nfnl_info *info,
9879 			    const struct nlattr * const nla[])
9880 {
9881 	struct sk_buff *skb2;
9882 	int err;
9883 
9884 	skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
9885 	if (skb2 == NULL)
9886 		return -ENOMEM;
9887 
9888 	err = nf_tables_fill_gen_info(skb2, info->net, NETLINK_CB(skb).portid,
9889 				      info->nlh->nlmsg_seq);
9890 	if (err < 0)
9891 		goto err_fill_gen_info;
9892 
9893 	return nfnetlink_unicast(skb2, info->net, NETLINK_CB(skb).portid);
9894 
9895 err_fill_gen_info:
9896 	kfree_skb(skb2);
9897 	return err;
9898 }
9899 
9900 static const struct nfnl_callback nf_tables_cb[NFT_MSG_MAX] = {
9901 	[NFT_MSG_NEWTABLE] = {
9902 		.call		= nf_tables_newtable,
9903 		.type		= NFNL_CB_BATCH,
9904 		.attr_count	= NFTA_TABLE_MAX,
9905 		.policy		= nft_table_policy,
9906 	},
9907 	[NFT_MSG_GETTABLE] = {
9908 		.call		= nf_tables_gettable,
9909 		.type		= NFNL_CB_RCU,
9910 		.attr_count	= NFTA_TABLE_MAX,
9911 		.policy		= nft_table_policy,
9912 	},
9913 	[NFT_MSG_DELTABLE] = {
9914 		.call		= nf_tables_deltable,
9915 		.type		= NFNL_CB_BATCH,
9916 		.attr_count	= NFTA_TABLE_MAX,
9917 		.policy		= nft_table_policy,
9918 	},
9919 	[NFT_MSG_DESTROYTABLE] = {
9920 		.call		= nf_tables_deltable,
9921 		.type		= NFNL_CB_BATCH,
9922 		.attr_count	= NFTA_TABLE_MAX,
9923 		.policy		= nft_table_policy,
9924 	},
9925 	[NFT_MSG_NEWCHAIN] = {
9926 		.call		= nf_tables_newchain,
9927 		.type		= NFNL_CB_BATCH,
9928 		.attr_count	= NFTA_CHAIN_MAX,
9929 		.policy		= nft_chain_policy,
9930 	},
9931 	[NFT_MSG_GETCHAIN] = {
9932 		.call		= nf_tables_getchain,
9933 		.type		= NFNL_CB_RCU,
9934 		.attr_count	= NFTA_CHAIN_MAX,
9935 		.policy		= nft_chain_policy,
9936 	},
9937 	[NFT_MSG_DELCHAIN] = {
9938 		.call		= nf_tables_delchain,
9939 		.type		= NFNL_CB_BATCH,
9940 		.attr_count	= NFTA_CHAIN_MAX,
9941 		.policy		= nft_chain_policy,
9942 	},
9943 	[NFT_MSG_DESTROYCHAIN] = {
9944 		.call		= nf_tables_delchain,
9945 		.type		= NFNL_CB_BATCH,
9946 		.attr_count	= NFTA_CHAIN_MAX,
9947 		.policy		= nft_chain_policy,
9948 	},
9949 	[NFT_MSG_NEWRULE] = {
9950 		.call		= nf_tables_newrule,
9951 		.type		= NFNL_CB_BATCH,
9952 		.attr_count	= NFTA_RULE_MAX,
9953 		.policy		= nft_rule_policy,
9954 	},
9955 	[NFT_MSG_GETRULE] = {
9956 		.call		= nf_tables_getrule,
9957 		.type		= NFNL_CB_RCU,
9958 		.attr_count	= NFTA_RULE_MAX,
9959 		.policy		= nft_rule_policy,
9960 	},
9961 	[NFT_MSG_GETRULE_RESET] = {
9962 		.call		= nf_tables_getrule,
9963 		.type		= NFNL_CB_RCU,
9964 		.attr_count	= NFTA_RULE_MAX,
9965 		.policy		= nft_rule_policy,
9966 	},
9967 	[NFT_MSG_DELRULE] = {
9968 		.call		= nf_tables_delrule,
9969 		.type		= NFNL_CB_BATCH,
9970 		.attr_count	= NFTA_RULE_MAX,
9971 		.policy		= nft_rule_policy,
9972 	},
9973 	[NFT_MSG_DESTROYRULE] = {
9974 		.call		= nf_tables_delrule,
9975 		.type		= NFNL_CB_BATCH,
9976 		.attr_count	= NFTA_RULE_MAX,
9977 		.policy		= nft_rule_policy,
9978 	},
9979 	[NFT_MSG_NEWSET] = {
9980 		.call		= nf_tables_newset,
9981 		.type		= NFNL_CB_BATCH,
9982 		.attr_count	= NFTA_SET_MAX,
9983 		.policy		= nft_set_policy,
9984 	},
9985 	[NFT_MSG_GETSET] = {
9986 		.call		= nf_tables_getset,
9987 		.type		= NFNL_CB_RCU,
9988 		.attr_count	= NFTA_SET_MAX,
9989 		.policy		= nft_set_policy,
9990 	},
9991 	[NFT_MSG_DELSET] = {
9992 		.call		= nf_tables_delset,
9993 		.type		= NFNL_CB_BATCH,
9994 		.attr_count	= NFTA_SET_MAX,
9995 		.policy		= nft_set_policy,
9996 	},
9997 	[NFT_MSG_DESTROYSET] = {
9998 		.call		= nf_tables_delset,
9999 		.type		= NFNL_CB_BATCH,
10000 		.attr_count	= NFTA_SET_MAX,
10001 		.policy		= nft_set_policy,
10002 	},
10003 	[NFT_MSG_NEWSETELEM] = {
10004 		.call		= nf_tables_newsetelem,
10005 		.type		= NFNL_CB_BATCH,
10006 		.attr_count	= NFTA_SET_ELEM_LIST_MAX,
10007 		.policy		= nft_set_elem_list_policy,
10008 	},
10009 	[NFT_MSG_GETSETELEM] = {
10010 		.call		= nf_tables_getsetelem,
10011 		.type		= NFNL_CB_RCU,
10012 		.attr_count	= NFTA_SET_ELEM_LIST_MAX,
10013 		.policy		= nft_set_elem_list_policy,
10014 	},
10015 	[NFT_MSG_GETSETELEM_RESET] = {
10016 		.call		= nf_tables_getsetelem,
10017 		.type		= NFNL_CB_RCU,
10018 		.attr_count	= NFTA_SET_ELEM_LIST_MAX,
10019 		.policy		= nft_set_elem_list_policy,
10020 	},
10021 	[NFT_MSG_DELSETELEM] = {
10022 		.call		= nf_tables_delsetelem,
10023 		.type		= NFNL_CB_BATCH,
10024 		.attr_count	= NFTA_SET_ELEM_LIST_MAX,
10025 		.policy		= nft_set_elem_list_policy,
10026 	},
10027 	[NFT_MSG_DESTROYSETELEM] = {
10028 		.call		= nf_tables_delsetelem,
10029 		.type		= NFNL_CB_BATCH,
10030 		.attr_count	= NFTA_SET_ELEM_LIST_MAX,
10031 		.policy		= nft_set_elem_list_policy,
10032 	},
10033 	[NFT_MSG_GETGEN] = {
10034 		.call		= nf_tables_getgen,
10035 		.type		= NFNL_CB_RCU,
10036 	},
10037 	[NFT_MSG_NEWOBJ] = {
10038 		.call		= nf_tables_newobj,
10039 		.type		= NFNL_CB_BATCH,
10040 		.attr_count	= NFTA_OBJ_MAX,
10041 		.policy		= nft_obj_policy,
10042 	},
10043 	[NFT_MSG_GETOBJ] = {
10044 		.call		= nf_tables_getobj,
10045 		.type		= NFNL_CB_RCU,
10046 		.attr_count	= NFTA_OBJ_MAX,
10047 		.policy		= nft_obj_policy,
10048 	},
10049 	[NFT_MSG_DELOBJ] = {
10050 		.call		= nf_tables_delobj,
10051 		.type		= NFNL_CB_BATCH,
10052 		.attr_count	= NFTA_OBJ_MAX,
10053 		.policy		= nft_obj_policy,
10054 	},
10055 	[NFT_MSG_DESTROYOBJ] = {
10056 		.call		= nf_tables_delobj,
10057 		.type		= NFNL_CB_BATCH,
10058 		.attr_count	= NFTA_OBJ_MAX,
10059 		.policy		= nft_obj_policy,
10060 	},
10061 	[NFT_MSG_GETOBJ_RESET] = {
10062 		.call		= nf_tables_getobj,
10063 		.type		= NFNL_CB_RCU,
10064 		.attr_count	= NFTA_OBJ_MAX,
10065 		.policy		= nft_obj_policy,
10066 	},
10067 	[NFT_MSG_NEWFLOWTABLE] = {
10068 		.call		= nf_tables_newflowtable,
10069 		.type		= NFNL_CB_BATCH,
10070 		.attr_count	= NFTA_FLOWTABLE_MAX,
10071 		.policy		= nft_flowtable_policy,
10072 	},
10073 	[NFT_MSG_GETFLOWTABLE] = {
10074 		.call		= nf_tables_getflowtable,
10075 		.type		= NFNL_CB_RCU,
10076 		.attr_count	= NFTA_FLOWTABLE_MAX,
10077 		.policy		= nft_flowtable_policy,
10078 	},
10079 	[NFT_MSG_DELFLOWTABLE] = {
10080 		.call		= nf_tables_delflowtable,
10081 		.type		= NFNL_CB_BATCH,
10082 		.attr_count	= NFTA_FLOWTABLE_MAX,
10083 		.policy		= nft_flowtable_policy,
10084 	},
10085 	[NFT_MSG_DESTROYFLOWTABLE] = {
10086 		.call		= nf_tables_delflowtable,
10087 		.type		= NFNL_CB_BATCH,
10088 		.attr_count	= NFTA_FLOWTABLE_MAX,
10089 		.policy		= nft_flowtable_policy,
10090 	},
10091 };
10092 
10093 static int nf_tables_validate(struct net *net)
10094 {
10095 	struct nftables_pernet *nft_net = nft_pernet(net);
10096 	struct nft_table *table;
10097 
10098 	list_for_each_entry(table, &nft_net->tables, list) {
10099 		switch (table->validate_state) {
10100 		case NFT_VALIDATE_SKIP:
10101 			continue;
10102 		case NFT_VALIDATE_NEED:
10103 			nft_validate_state_update(table, NFT_VALIDATE_DO);
10104 			fallthrough;
10105 		case NFT_VALIDATE_DO:
10106 			if (nft_table_validate(net, table) < 0)
10107 				return -EAGAIN;
10108 
10109 			nft_validate_state_update(table, NFT_VALIDATE_SKIP);
10110 			break;
10111 		}
10112 	}
10113 
10114 	return 0;
10115 }
10116 
10117 /* a drop policy has to be deferred until all rules have been activated,
10118  * otherwise a large ruleset that contains a drop-policy base chain will
10119  * cause all packets to get dropped until the full transaction has been
10120  * processed.
10121  *
10122  * We defer the drop policy until the transaction has been finalized.
10123  */
10124 static void nft_chain_commit_drop_policy(struct nft_trans_chain *trans)
10125 {
10126 	struct nft_base_chain *basechain;
10127 
10128 	if (trans->policy != NF_DROP)
10129 		return;
10130 
10131 	if (!nft_is_base_chain(trans->chain))
10132 		return;
10133 
10134 	basechain = nft_base_chain(trans->chain);
10135 	basechain->policy = NF_DROP;
10136 }
10137 
10138 static void nft_chain_commit_update(struct nft_trans_chain *trans)
10139 {
10140 	struct nft_table *table = trans->nft_trans_binding.nft_trans.table;
10141 	struct nft_base_chain *basechain;
10142 
10143 	if (trans->name) {
10144 		rhltable_remove(&table->chains_ht,
10145 				&trans->chain->rhlhead,
10146 				nft_chain_ht_params);
10147 		swap(trans->chain->name, trans->name);
10148 		rhltable_insert_key(&table->chains_ht,
10149 				    trans->chain->name,
10150 				    &trans->chain->rhlhead,
10151 				    nft_chain_ht_params);
10152 	}
10153 
10154 	if (!nft_is_base_chain(trans->chain))
10155 		return;
10156 
10157 	nft_chain_stats_replace(trans);
10158 
10159 	basechain = nft_base_chain(trans->chain);
10160 
10161 	switch (trans->policy) {
10162 	case NF_DROP:
10163 	case NF_ACCEPT:
10164 		basechain->policy = trans->policy;
10165 		break;
10166 	}
10167 }
10168 
10169 static void nft_obj_commit_update(const struct nft_ctx *ctx,
10170 				  struct nft_trans *trans)
10171 {
10172 	struct nft_object *newobj;
10173 	struct nft_object *obj;
10174 
10175 	obj = nft_trans_obj(trans);
10176 	newobj = nft_trans_obj_newobj(trans);
10177 
10178 	if (WARN_ON_ONCE(!obj->ops->update))
10179 		return;
10180 
10181 	obj->ops->update(obj, newobj);
10182 	nft_obj_destroy(ctx, newobj);
10183 }
10184 
10185 static void nft_commit_release(struct nft_trans *trans)
10186 {
10187 	struct nft_ctx ctx = {
10188 		.net = trans->net,
10189 	};
10190 
10191 	nft_ctx_update(&ctx, trans);
10192 
10193 	switch (trans->msg_type) {
10194 	case NFT_MSG_DELTABLE:
10195 	case NFT_MSG_DESTROYTABLE:
10196 		nf_tables_table_destroy(trans->table);
10197 		break;
10198 	case NFT_MSG_NEWCHAIN:
10199 		free_percpu(nft_trans_chain_stats(trans));
10200 		kfree(nft_trans_chain_name(trans));
10201 		break;
10202 	case NFT_MSG_DELCHAIN:
10203 	case NFT_MSG_DESTROYCHAIN:
10204 		if (!nft_trans_chain_update(trans))
10205 			nf_tables_chain_destroy(nft_trans_chain(trans));
10206 		break;
10207 	case NFT_MSG_DELRULE:
10208 	case NFT_MSG_DESTROYRULE:
10209 		nf_tables_rule_destroy(&ctx, nft_trans_rule(trans));
10210 		break;
10211 	case NFT_MSG_DELSET:
10212 	case NFT_MSG_DESTROYSET:
10213 		nft_set_destroy(&ctx, nft_trans_set(trans));
10214 		break;
10215 	case NFT_MSG_DELSETELEM:
10216 	case NFT_MSG_DESTROYSETELEM:
10217 		nft_trans_elems_destroy(&ctx, nft_trans_container_elem(trans));
10218 		break;
10219 	case NFT_MSG_DELOBJ:
10220 	case NFT_MSG_DESTROYOBJ:
10221 		nft_obj_destroy(&ctx, nft_trans_obj(trans));
10222 		break;
10223 	case NFT_MSG_DELFLOWTABLE:
10224 	case NFT_MSG_DESTROYFLOWTABLE:
10225 		if (!nft_trans_flowtable_update(trans))
10226 			nf_tables_flowtable_destroy(nft_trans_flowtable(trans));
10227 		break;
10228 	}
10229 
10230 	if (trans->put_net)
10231 		put_net(trans->net);
10232 
10233 	kfree(trans);
10234 }
10235 
10236 static void nf_tables_trans_destroy_work(struct work_struct *w)
10237 {
10238 	struct nftables_pernet *nft_net = container_of(w, struct nftables_pernet, destroy_work);
10239 	struct nft_trans *trans, *next;
10240 	LIST_HEAD(head);
10241 
10242 	spin_lock(&nf_tables_destroy_list_lock);
10243 	list_splice_init(&nft_net->destroy_list, &head);
10244 	spin_unlock(&nf_tables_destroy_list_lock);
10245 
10246 	if (list_empty(&head))
10247 		return;
10248 
10249 	synchronize_rcu();
10250 
10251 	list_for_each_entry_safe(trans, next, &head, list) {
10252 		nft_trans_list_del(trans);
10253 		nft_commit_release(trans);
10254 	}
10255 }
10256 
10257 void nf_tables_trans_destroy_flush_work(struct net *net)
10258 {
10259 	struct nftables_pernet *nft_net = nft_pernet(net);
10260 
10261 	flush_work(&nft_net->destroy_work);
10262 }
10263 EXPORT_SYMBOL_GPL(nf_tables_trans_destroy_flush_work);
10264 
10265 static int nf_tables_commit_chain_prepare(struct net *net, struct nft_chain *chain)
10266 {
10267 	const struct nft_expr *expr, *last;
10268 	unsigned int size, data_size;
10269 	void *data, *data_boundary;
10270 	struct nft_rule_dp *prule;
10271 	struct nft_rule *rule;
10272 
10273 	/* already handled or inactive chain? */
10274 	if (chain->blob_next || !nft_is_active_next(net, chain))
10275 		return 0;
10276 
10277 	data_size = 0;
10278 	list_for_each_entry(rule, &chain->rules, list) {
10279 		if (nft_is_active_next(net, rule)) {
10280 			data_size += sizeof(*prule) + rule->dlen;
10281 			if (data_size > INT_MAX)
10282 				return -ENOMEM;
10283 		}
10284 	}
10285 
10286 	chain->blob_next = nf_tables_chain_alloc_rules(chain, data_size);
10287 	if (!chain->blob_next)
10288 		return -ENOMEM;
10289 
10290 	data = (void *)chain->blob_next->data;
10291 	data_boundary = data + data_size;
10292 	size = 0;
10293 
10294 	list_for_each_entry(rule, &chain->rules, list) {
10295 		if (!nft_is_active_next(net, rule))
10296 			continue;
10297 
10298 		prule = (struct nft_rule_dp *)data;
10299 		data += offsetof(struct nft_rule_dp, data);
10300 		if (WARN_ON_ONCE(data > data_boundary))
10301 			return -ENOMEM;
10302 
10303 		size = 0;
10304 		nft_rule_for_each_expr(expr, last, rule) {
10305 			if (WARN_ON_ONCE(data + size + expr->ops->size > data_boundary))
10306 				return -ENOMEM;
10307 
10308 			memcpy(data + size, expr, expr->ops->size);
10309 			size += expr->ops->size;
10310 		}
10311 		if (WARN_ON_ONCE(size >= 1 << 12))
10312 			return -ENOMEM;
10313 
10314 		prule->handle = rule->handle;
10315 		prule->dlen = size;
10316 		prule->is_last = 0;
10317 
10318 		data += size;
10319 		size = 0;
10320 		chain->blob_next->size += (unsigned long)(data - (void *)prule);
10321 	}
10322 
10323 	if (WARN_ON_ONCE(data > data_boundary))
10324 		return -ENOMEM;
10325 
10326 	prule = (struct nft_rule_dp *)data;
10327 	nft_last_rule(chain, prule);
10328 
10329 	return 0;
10330 }
10331 
10332 static void nf_tables_commit_chain_prepare_cancel(struct net *net)
10333 {
10334 	struct nftables_pernet *nft_net = nft_pernet(net);
10335 	struct nft_trans *trans, *next;
10336 
10337 	list_for_each_entry_safe(trans, next, &nft_net->commit_list, list) {
10338 		if (trans->msg_type == NFT_MSG_NEWRULE ||
10339 		    trans->msg_type == NFT_MSG_DELRULE) {
10340 			struct nft_chain *chain = nft_trans_rule_chain(trans);
10341 
10342 			kvfree(chain->blob_next);
10343 			chain->blob_next = NULL;
10344 		}
10345 	}
10346 }
10347 
10348 static void __nf_tables_commit_chain_free_rules(struct rcu_head *h)
10349 {
10350 	struct nft_rule_dp_last *l = container_of(h, struct nft_rule_dp_last, h);
10351 
10352 	kvfree(l->blob);
10353 }
10354 
10355 static void nf_tables_commit_chain_free_rules_old(struct nft_rule_blob *blob)
10356 {
10357 	struct nft_rule_dp_last *last;
10358 
10359 	/* last rule trailer is after end marker */
10360 	last = (void *)blob + sizeof(*blob) + blob->size;
10361 	last->blob = blob;
10362 
10363 	call_rcu(&last->h, __nf_tables_commit_chain_free_rules);
10364 }
10365 
10366 static void nf_tables_commit_chain(struct net *net, struct nft_chain *chain)
10367 {
10368 	struct nft_rule_blob *g0, *g1;
10369 	bool next_genbit;
10370 
10371 	next_genbit = nft_gencursor_next(net);
10372 
10373 	g0 = rcu_dereference_protected(chain->blob_gen_0,
10374 				       lockdep_commit_lock_is_held(net));
10375 	g1 = rcu_dereference_protected(chain->blob_gen_1,
10376 				       lockdep_commit_lock_is_held(net));
10377 
10378 	/* No changes to this chain? */
10379 	if (chain->blob_next == NULL) {
10380 		/* chain had no change in last or next generation */
10381 		if (g0 == g1)
10382 			return;
10383 		/*
10384 		 * chain had no change in this generation; make sure next
10385 		 * one uses same rules as current generation.
10386 		 */
10387 		if (next_genbit) {
10388 			rcu_assign_pointer(chain->blob_gen_1, g0);
10389 			nf_tables_commit_chain_free_rules_old(g1);
10390 		} else {
10391 			rcu_assign_pointer(chain->blob_gen_0, g1);
10392 			nf_tables_commit_chain_free_rules_old(g0);
10393 		}
10394 
10395 		return;
10396 	}
10397 
10398 	if (next_genbit)
10399 		rcu_assign_pointer(chain->blob_gen_1, chain->blob_next);
10400 	else
10401 		rcu_assign_pointer(chain->blob_gen_0, chain->blob_next);
10402 
10403 	chain->blob_next = NULL;
10404 
10405 	if (g0 == g1)
10406 		return;
10407 
10408 	if (next_genbit)
10409 		nf_tables_commit_chain_free_rules_old(g1);
10410 	else
10411 		nf_tables_commit_chain_free_rules_old(g0);
10412 }
10413 
10414 static void nft_obj_del(struct nft_object *obj)
10415 {
10416 	rhltable_remove(&nft_objname_ht, &obj->rhlhead, nft_objname_ht_params);
10417 	list_del_rcu(&obj->list);
10418 }
10419 
10420 void nft_chain_del(struct nft_chain *chain)
10421 {
10422 	struct nft_table *table = chain->table;
10423 
10424 	WARN_ON_ONCE(rhltable_remove(&table->chains_ht, &chain->rhlhead,
10425 				     nft_chain_ht_params));
10426 	list_del_rcu(&chain->list);
10427 }
10428 
10429 static void nft_trans_gc_setelem_remove(struct nft_ctx *ctx,
10430 					struct nft_trans_gc *trans)
10431 {
10432 	struct nft_elem_priv **priv = trans->priv;
10433 	unsigned int i;
10434 
10435 	for (i = 0; i < trans->count; i++) {
10436 		nft_setelem_data_deactivate(ctx->net, trans->set, priv[i]);
10437 		nft_setelem_remove(ctx->net, trans->set, priv[i]);
10438 	}
10439 }
10440 
10441 void nft_trans_gc_destroy(struct nft_trans_gc *trans)
10442 {
10443 	nft_set_put(trans->set);
10444 	put_net(trans->net);
10445 	kfree(trans);
10446 }
10447 
10448 static void nft_trans_gc_trans_free(struct rcu_head *rcu)
10449 {
10450 	struct nft_elem_priv *elem_priv;
10451 	struct nft_trans_gc *trans;
10452 	struct nft_ctx ctx = {};
10453 	unsigned int i;
10454 
10455 	trans = container_of(rcu, struct nft_trans_gc, rcu);
10456 	ctx.net	= read_pnet(&trans->set->net);
10457 
10458 	for (i = 0; i < trans->count; i++) {
10459 		elem_priv = trans->priv[i];
10460 		if (!nft_setelem_is_catchall(trans->set, elem_priv))
10461 			atomic_dec(&trans->set->nelems);
10462 
10463 		nf_tables_set_elem_destroy(&ctx, trans->set, elem_priv);
10464 	}
10465 
10466 	nft_trans_gc_destroy(trans);
10467 }
10468 
10469 static bool nft_trans_gc_work_done(struct nft_trans_gc *trans)
10470 {
10471 	struct nftables_pernet *nft_net;
10472 	struct nft_ctx ctx = {};
10473 
10474 	nft_net = nft_pernet(trans->net);
10475 
10476 	mutex_lock(&nft_net->commit_mutex);
10477 
10478 	/* Check for race with transaction, otherwise this batch refers to
10479 	 * stale objects that might not be there anymore. Skip transaction if
10480 	 * set has been destroyed from control plane transaction in case gc
10481 	 * worker loses race.
10482 	 */
10483 	if (READ_ONCE(nft_net->gc_seq) != trans->seq || trans->set->dead) {
10484 		mutex_unlock(&nft_net->commit_mutex);
10485 		return false;
10486 	}
10487 
10488 	ctx.net = trans->net;
10489 	ctx.table = trans->set->table;
10490 
10491 	nft_trans_gc_setelem_remove(&ctx, trans);
10492 	mutex_unlock(&nft_net->commit_mutex);
10493 
10494 	return true;
10495 }
10496 
10497 static void nft_trans_gc_work(struct work_struct *work)
10498 {
10499 	struct nft_trans_gc *trans, *next;
10500 	LIST_HEAD(trans_gc_list);
10501 
10502 	spin_lock(&nf_tables_gc_list_lock);
10503 	list_splice_init(&nf_tables_gc_list, &trans_gc_list);
10504 	spin_unlock(&nf_tables_gc_list_lock);
10505 
10506 	list_for_each_entry_safe(trans, next, &trans_gc_list, list) {
10507 		list_del(&trans->list);
10508 		if (!nft_trans_gc_work_done(trans)) {
10509 			nft_trans_gc_destroy(trans);
10510 			continue;
10511 		}
10512 		call_rcu(&trans->rcu, nft_trans_gc_trans_free);
10513 	}
10514 }
10515 
10516 struct nft_trans_gc *nft_trans_gc_alloc(struct nft_set *set,
10517 					unsigned int gc_seq, gfp_t gfp)
10518 {
10519 	struct net *net = read_pnet(&set->net);
10520 	struct nft_trans_gc *trans;
10521 
10522 	trans = kzalloc_obj(*trans, gfp);
10523 	if (!trans)
10524 		return NULL;
10525 
10526 	trans->net = maybe_get_net(net);
10527 	if (!trans->net) {
10528 		kfree(trans);
10529 		return NULL;
10530 	}
10531 
10532 	refcount_inc(&set->refs);
10533 	trans->set = set;
10534 	trans->seq = gc_seq;
10535 
10536 	return trans;
10537 }
10538 
10539 void nft_trans_gc_elem_add(struct nft_trans_gc *trans, void *priv)
10540 {
10541 	trans->priv[trans->count++] = priv;
10542 }
10543 
10544 static void nft_trans_gc_queue_work(struct nft_trans_gc *trans)
10545 {
10546 	spin_lock(&nf_tables_gc_list_lock);
10547 	list_add_tail(&trans->list, &nf_tables_gc_list);
10548 	spin_unlock(&nf_tables_gc_list_lock);
10549 
10550 	schedule_work(&trans_gc_work);
10551 }
10552 
10553 struct nft_trans_gc *nft_trans_gc_queue_async(struct nft_trans_gc *gc,
10554 					      unsigned int gc_seq, gfp_t gfp)
10555 {
10556 	struct nft_set *set;
10557 
10558 	if (nft_trans_gc_space(gc))
10559 		return gc;
10560 
10561 	set = gc->set;
10562 	nft_trans_gc_queue_work(gc);
10563 
10564 	return nft_trans_gc_alloc(set, gc_seq, gfp);
10565 }
10566 
10567 void nft_trans_gc_queue_async_done(struct nft_trans_gc *trans)
10568 {
10569 	if (trans->count == 0) {
10570 		nft_trans_gc_destroy(trans);
10571 		return;
10572 	}
10573 
10574 	nft_trans_gc_queue_work(trans);
10575 }
10576 
10577 struct nft_trans_gc *nft_trans_gc_queue_sync(struct nft_trans_gc *gc, gfp_t gfp)
10578 {
10579 	struct nft_set *set;
10580 
10581 	if (WARN_ON_ONCE(!lockdep_commit_lock_is_held(gc->net)))
10582 		return NULL;
10583 
10584 	if (nft_trans_gc_space(gc))
10585 		return gc;
10586 
10587 	set = gc->set;
10588 	call_rcu(&gc->rcu, nft_trans_gc_trans_free);
10589 
10590 	return nft_trans_gc_alloc(set, 0, gfp);
10591 }
10592 
10593 void nft_trans_gc_queue_sync_done(struct nft_trans_gc *trans)
10594 {
10595 	WARN_ON_ONCE(!lockdep_commit_lock_is_held(trans->net));
10596 
10597 	if (trans->count == 0) {
10598 		nft_trans_gc_destroy(trans);
10599 		return;
10600 	}
10601 
10602 	call_rcu(&trans->rcu, nft_trans_gc_trans_free);
10603 }
10604 
10605 struct nft_trans_gc *nft_trans_gc_catchall_async(struct nft_trans_gc *gc,
10606 						 unsigned int gc_seq)
10607 {
10608 	struct nft_set_elem_catchall *catchall;
10609 	const struct nft_set *set = gc->set;
10610 	struct nft_set_ext *ext;
10611 
10612 	list_for_each_entry_rcu(catchall, &set->catchall_list, list) {
10613 		ext = nft_set_elem_ext(set, catchall->elem);
10614 
10615 		if (!nft_set_elem_expired(ext))
10616 			continue;
10617 		if (nft_set_elem_is_dead(ext))
10618 			goto dead_elem;
10619 
10620 		nft_set_elem_dead(ext);
10621 dead_elem:
10622 		gc = nft_trans_gc_queue_async(gc, gc_seq, GFP_ATOMIC);
10623 		if (!gc)
10624 			return NULL;
10625 
10626 		nft_trans_gc_elem_add(gc, catchall->elem);
10627 	}
10628 
10629 	return gc;
10630 }
10631 
10632 struct nft_trans_gc *nft_trans_gc_catchall_sync(struct nft_trans_gc *gc)
10633 {
10634 	struct nft_set_elem_catchall *catchall, *next;
10635 	u64 tstamp = nft_net_tstamp(gc->net);
10636 	const struct nft_set *set = gc->set;
10637 	struct nft_elem_priv *elem_priv;
10638 	struct nft_set_ext *ext;
10639 
10640 	WARN_ON_ONCE(!lockdep_commit_lock_is_held(gc->net));
10641 
10642 	list_for_each_entry_safe(catchall, next, &set->catchall_list, list) {
10643 		ext = nft_set_elem_ext(set, catchall->elem);
10644 
10645 		if (!__nft_set_elem_expired(ext, tstamp))
10646 			continue;
10647 
10648 		gc = nft_trans_gc_queue_sync(gc, GFP_KERNEL);
10649 		if (!gc)
10650 			return NULL;
10651 
10652 		elem_priv = catchall->elem;
10653 		nft_setelem_data_deactivate(gc->net, gc->set, elem_priv);
10654 		nft_setelem_catchall_destroy(catchall);
10655 		nft_trans_gc_elem_add(gc, elem_priv);
10656 	}
10657 
10658 	return gc;
10659 }
10660 
10661 static void nf_tables_module_autoload_cleanup(struct net *net)
10662 {
10663 	struct nftables_pernet *nft_net = nft_pernet(net);
10664 	struct nft_module_request *req, *next;
10665 
10666 	WARN_ON_ONCE(!list_empty(&nft_net->commit_list));
10667 	list_for_each_entry_safe(req, next, &nft_net->module_list, list) {
10668 		WARN_ON_ONCE(!req->done);
10669 		list_del(&req->list);
10670 		kfree(req);
10671 	}
10672 }
10673 
10674 static void nf_tables_commit_release(struct net *net)
10675 {
10676 	struct nftables_pernet *nft_net = nft_pernet(net);
10677 	struct nft_trans *trans;
10678 
10679 	/* all side effects have to be made visible.
10680 	 * For example, if a chain named 'foo' has been deleted, a
10681 	 * new transaction must not find it anymore.
10682 	 *
10683 	 * Memory reclaim happens asynchronously from work queue
10684 	 * to prevent expensive synchronize_rcu() in commit phase.
10685 	 */
10686 	if (list_empty(&nft_net->commit_list)) {
10687 		nf_tables_module_autoload_cleanup(net);
10688 		mutex_unlock(&nft_net->commit_mutex);
10689 		return;
10690 	}
10691 
10692 	trans = list_last_entry(&nft_net->commit_list,
10693 				struct nft_trans, list);
10694 	get_net(trans->net);
10695 	WARN_ON_ONCE(trans->put_net);
10696 
10697 	trans->put_net = true;
10698 	spin_lock(&nf_tables_destroy_list_lock);
10699 	list_splice_tail_init(&nft_net->commit_list, &nft_net->destroy_list);
10700 	spin_unlock(&nf_tables_destroy_list_lock);
10701 
10702 	nf_tables_module_autoload_cleanup(net);
10703 	schedule_work(&nft_net->destroy_work);
10704 
10705 	mutex_unlock(&nft_net->commit_mutex);
10706 }
10707 
10708 static void nft_commit_notify(struct net *net, u32 portid)
10709 {
10710 	struct nftables_pernet *nft_net = nft_pernet(net);
10711 	struct sk_buff *batch_skb = NULL, *nskb, *skb;
10712 	unsigned char *data;
10713 	int len;
10714 
10715 	list_for_each_entry_safe(skb, nskb, &nft_net->notify_list, list) {
10716 		if (!batch_skb) {
10717 new_batch:
10718 			batch_skb = skb;
10719 			len = NLMSG_GOODSIZE - skb->len;
10720 			list_del(&skb->list);
10721 			continue;
10722 		}
10723 		len -= skb->len;
10724 		if (len > 0 && NFT_CB(skb).report == NFT_CB(batch_skb).report) {
10725 			data = skb_put(batch_skb, skb->len);
10726 			memcpy(data, skb->data, skb->len);
10727 			list_del(&skb->list);
10728 			kfree_skb(skb);
10729 			continue;
10730 		}
10731 		nfnetlink_send(batch_skb, net, portid, NFNLGRP_NFTABLES,
10732 			       NFT_CB(batch_skb).report, GFP_KERNEL);
10733 		goto new_batch;
10734 	}
10735 
10736 	if (batch_skb) {
10737 		nfnetlink_send(batch_skb, net, portid, NFNLGRP_NFTABLES,
10738 			       NFT_CB(batch_skb).report, GFP_KERNEL);
10739 	}
10740 
10741 	WARN_ON_ONCE(!list_empty(&nft_net->notify_list));
10742 }
10743 
10744 static int nf_tables_commit_audit_alloc(struct list_head *adl,
10745 					struct nft_table *table)
10746 {
10747 	struct nft_audit_data *adp;
10748 
10749 	list_for_each_entry(adp, adl, list) {
10750 		if (adp->table == table)
10751 			return 0;
10752 	}
10753 	adp = kzalloc_obj(*adp);
10754 	if (!adp)
10755 		return -ENOMEM;
10756 	adp->table = table;
10757 	list_add(&adp->list, adl);
10758 	return 0;
10759 }
10760 
10761 static void nf_tables_commit_audit_free(struct list_head *adl)
10762 {
10763 	struct nft_audit_data *adp, *adn;
10764 
10765 	list_for_each_entry_safe(adp, adn, adl, list) {
10766 		list_del(&adp->list);
10767 		kfree(adp);
10768 	}
10769 }
10770 
10771 /* nft audit emits the number of elements that get added/removed/updated,
10772  * so NEW/DELSETELEM needs to increment based on the total elem count.
10773  */
10774 static unsigned int nf_tables_commit_audit_entrycount(const struct nft_trans *trans)
10775 {
10776 	switch (trans->msg_type) {
10777 	case NFT_MSG_NEWSETELEM:
10778 	case NFT_MSG_DELSETELEM:
10779 		return nft_trans_container_elem(trans)->nelems;
10780 	}
10781 
10782 	return 1;
10783 }
10784 
10785 static void nf_tables_commit_audit_collect(struct list_head *adl,
10786 					   const struct nft_trans *trans, u32 op)
10787 {
10788 	const struct nft_table *table = trans->table;
10789 	struct nft_audit_data *adp;
10790 
10791 	list_for_each_entry(adp, adl, list) {
10792 		if (adp->table == table)
10793 			goto found;
10794 	}
10795 	WARN_ONCE(1, "table=%s not expected in commit list", table->name);
10796 	return;
10797 found:
10798 	adp->entries += nf_tables_commit_audit_entrycount(trans);
10799 	if (!adp->op || adp->op > op)
10800 		adp->op = op;
10801 }
10802 
10803 #define AUNFTABLENAMELEN (NFT_TABLE_MAXNAMELEN + 22)
10804 
10805 static void nf_tables_commit_audit_log(struct list_head *adl, u32 generation)
10806 {
10807 	struct nft_audit_data *adp, *adn;
10808 	char aubuf[AUNFTABLENAMELEN];
10809 
10810 	list_for_each_entry_safe(adp, adn, adl, list) {
10811 		snprintf(aubuf, AUNFTABLENAMELEN, "%s:%u", adp->table->name,
10812 			 generation);
10813 		audit_log_nfcfg(aubuf, adp->table->family, adp->entries,
10814 				nft2audit_op[adp->op], GFP_KERNEL);
10815 		list_del(&adp->list);
10816 		kfree(adp);
10817 	}
10818 }
10819 
10820 static void nft_set_commit_update(struct list_head *set_update_list)
10821 {
10822 	struct nft_set *set, *next;
10823 
10824 	list_for_each_entry_safe(set, next, set_update_list, pending_update) {
10825 		list_del_init(&set->pending_update);
10826 
10827 		if (!set->ops->commit || set->dead)
10828 			continue;
10829 
10830 		set->ops->commit(set);
10831 	}
10832 }
10833 
10834 static unsigned int nft_gc_seq_begin(struct nftables_pernet *nft_net)
10835 {
10836 	unsigned int gc_seq;
10837 
10838 	/* Bump gc counter, it becomes odd, this is the busy mark. */
10839 	gc_seq = READ_ONCE(nft_net->gc_seq);
10840 	WRITE_ONCE(nft_net->gc_seq, ++gc_seq);
10841 
10842 	return gc_seq;
10843 }
10844 
10845 static void nft_gc_seq_end(struct nftables_pernet *nft_net, unsigned int gc_seq)
10846 {
10847 	WRITE_ONCE(nft_net->gc_seq, ++gc_seq);
10848 }
10849 
10850 static int nf_tables_commit(struct net *net, struct sk_buff *skb)
10851 {
10852 	struct nftables_pernet *nft_net = nft_pernet(net);
10853 	const struct nlmsghdr *nlh = nlmsg_hdr(skb);
10854 	struct nft_trans_binding *trans_binding;
10855 	struct nft_trans *trans, *next;
10856 	unsigned int base_seq, gc_seq;
10857 	LIST_HEAD(set_update_list);
10858 	struct nft_trans_elem *te;
10859 	struct nft_chain *chain;
10860 	struct nft_table *table;
10861 	struct nft_ctx ctx;
10862 	LIST_HEAD(adl);
10863 	int err;
10864 
10865 	if (list_empty(&nft_net->commit_list)) {
10866 		mutex_unlock(&nft_net->commit_mutex);
10867 		return 0;
10868 	}
10869 
10870 	nft_ctx_init(&ctx, net, skb, nlh, NFPROTO_UNSPEC, NULL, NULL, NULL);
10871 
10872 	list_for_each_entry(trans_binding, &nft_net->binding_list, binding_list) {
10873 		trans = &trans_binding->nft_trans;
10874 		switch (trans->msg_type) {
10875 		case NFT_MSG_NEWSET:
10876 			if (!nft_trans_set_update(trans) &&
10877 			    nft_set_is_anonymous(nft_trans_set(trans)) &&
10878 			    !nft_trans_set_bound(trans)) {
10879 				pr_warn_once("nftables ruleset with unbound set\n");
10880 				return -EINVAL;
10881 			}
10882 			break;
10883 		case NFT_MSG_NEWCHAIN:
10884 			if (!nft_trans_chain_update(trans) &&
10885 			    nft_chain_binding(nft_trans_chain(trans)) &&
10886 			    !nft_trans_chain_bound(trans)) {
10887 				pr_warn_once("nftables ruleset with unbound chain\n");
10888 				return -EINVAL;
10889 			}
10890 			break;
10891 		default:
10892 			WARN_ONCE(1, "Unhandled bind type %d", trans->msg_type);
10893 			break;
10894 		}
10895 	}
10896 
10897 	/* 0. Validate ruleset, otherwise roll back for error reporting. */
10898 	if (nf_tables_validate(net) < 0) {
10899 		nft_net->validate_state = NFT_VALIDATE_DO;
10900 		return -EAGAIN;
10901 	}
10902 
10903 	err = nft_flow_rule_offload_commit(net);
10904 	if (err < 0)
10905 		return err;
10906 
10907 	/* 1.  Allocate space for next generation rules_gen_X[] */
10908 	list_for_each_entry_safe(trans, next, &nft_net->commit_list, list) {
10909 		struct nft_table *table = trans->table;
10910 		int ret;
10911 
10912 		ret = nf_tables_commit_audit_alloc(&adl, table);
10913 		if (ret) {
10914 			nf_tables_commit_chain_prepare_cancel(net);
10915 			nf_tables_commit_audit_free(&adl);
10916 			return ret;
10917 		}
10918 		if (trans->msg_type == NFT_MSG_NEWRULE ||
10919 		    trans->msg_type == NFT_MSG_DELRULE) {
10920 			chain = nft_trans_rule_chain(trans);
10921 
10922 			ret = nf_tables_commit_chain_prepare(net, chain);
10923 			if (ret < 0) {
10924 				nf_tables_commit_chain_prepare_cancel(net);
10925 				nf_tables_commit_audit_free(&adl);
10926 				return ret;
10927 			}
10928 		}
10929 	}
10930 
10931 	/* step 2.  Make rules_gen_X visible to packet path */
10932 	list_for_each_entry(table, &nft_net->tables, list) {
10933 		list_for_each_entry(chain, &table->chains, list)
10934 			nf_tables_commit_chain(net, chain);
10935 	}
10936 
10937 	/*
10938 	 * Bump generation counter, invalidate any dump in progress.
10939 	 * Cannot fail after this point.
10940 	 */
10941 	base_seq = nft_base_seq(net);
10942 	while (++base_seq == 0)
10943 		;
10944 
10945 	/* pairs with smp_load_acquire in nft_lookup_eval */
10946 	smp_store_release(&net->nft.base_seq, base_seq);
10947 
10948 	gc_seq = nft_gc_seq_begin(nft_net);
10949 
10950 	/* step 3. Start new generation, rules_gen_X now in use. */
10951 	net->nft.gencursor = nft_gencursor_next(net);
10952 
10953 	list_for_each_entry_safe(trans, next, &nft_net->commit_list, list) {
10954 		struct nft_table *table = trans->table;
10955 
10956 		nft_ctx_update(&ctx, trans);
10957 
10958 		nf_tables_commit_audit_collect(&adl, trans, trans->msg_type);
10959 		switch (trans->msg_type) {
10960 		case NFT_MSG_NEWTABLE:
10961 			if (nft_trans_table_update(trans)) {
10962 				if (!(table->flags & __NFT_TABLE_F_UPDATE)) {
10963 					nft_trans_destroy(trans);
10964 					break;
10965 				}
10966 				if (table->flags & NFT_TABLE_F_DORMANT)
10967 					nf_tables_table_disable(net, table);
10968 
10969 				table->flags &= ~__NFT_TABLE_F_UPDATE;
10970 			} else {
10971 				nft_clear(net, table);
10972 			}
10973 			nf_tables_table_notify(&ctx, NFT_MSG_NEWTABLE);
10974 			nft_trans_destroy(trans);
10975 			break;
10976 		case NFT_MSG_DELTABLE:
10977 		case NFT_MSG_DESTROYTABLE:
10978 			list_del_rcu(&table->list);
10979 			nf_tables_table_notify(&ctx, trans->msg_type);
10980 			break;
10981 		case NFT_MSG_NEWCHAIN:
10982 			if (nft_trans_chain_update(trans)) {
10983 				nft_chain_commit_update(nft_trans_container_chain(trans));
10984 				nf_tables_chain_notify(&ctx, NFT_MSG_NEWCHAIN,
10985 						       &nft_trans_chain_hooks(trans), NULL);
10986 				list_splice_rcu(&nft_trans_chain_hooks(trans),
10987 						&nft_trans_basechain(trans)->hook_list);
10988 				/* trans destroyed after rcu grace period */
10989 			} else {
10990 				nft_chain_commit_drop_policy(nft_trans_container_chain(trans));
10991 				nft_clear(net, nft_trans_chain(trans));
10992 				nf_tables_chain_notify(&ctx, NFT_MSG_NEWCHAIN, NULL, NULL);
10993 				nft_trans_destroy(trans);
10994 			}
10995 			break;
10996 		case NFT_MSG_DELCHAIN:
10997 		case NFT_MSG_DESTROYCHAIN:
10998 			if (nft_trans_chain_update(trans)) {
10999 				nf_tables_chain_notify(&ctx, NFT_MSG_DELCHAIN, NULL,
11000 						       &nft_trans_chain_hooks(trans));
11001 				nft_netdev_unregister_trans_hook(net, table,
11002 								 &nft_trans_chain_hooks(trans));
11003 			} else {
11004 				nft_chain_del(nft_trans_chain(trans));
11005 				nf_tables_chain_notify(&ctx, NFT_MSG_DELCHAIN,
11006 						       NULL, NULL);
11007 				nf_tables_unregister_hook(ctx.net, ctx.table,
11008 							  nft_trans_chain(trans));
11009 			}
11010 			break;
11011 		case NFT_MSG_NEWRULE:
11012 			nft_clear(net, nft_trans_rule(trans));
11013 			nf_tables_rule_notify(&ctx, nft_trans_rule(trans),
11014 					      NFT_MSG_NEWRULE);
11015 			if (nft_trans_rule_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD)
11016 				nft_flow_rule_destroy(nft_trans_flow_rule(trans));
11017 
11018 			nft_trans_destroy(trans);
11019 			break;
11020 		case NFT_MSG_DELRULE:
11021 		case NFT_MSG_DESTROYRULE:
11022 			list_del_rcu(&nft_trans_rule(trans)->list);
11023 			nf_tables_rule_notify(&ctx, nft_trans_rule(trans),
11024 					      trans->msg_type);
11025 			nft_rule_expr_deactivate(&ctx, nft_trans_rule(trans),
11026 						 NFT_TRANS_COMMIT);
11027 
11028 			if (nft_trans_rule_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD)
11029 				nft_flow_rule_destroy(nft_trans_flow_rule(trans));
11030 			break;
11031 		case NFT_MSG_NEWSET:
11032 			list_del(&nft_trans_container_set(trans)->list_trans_newset);
11033 			if (nft_trans_set_update(trans)) {
11034 				struct nft_set *set = nft_trans_set(trans);
11035 
11036 				WRITE_ONCE(set->timeout, nft_trans_set_timeout(trans));
11037 				WRITE_ONCE(set->gc_int, nft_trans_set_gc_int(trans));
11038 
11039 				if (nft_trans_set_size(trans))
11040 					WRITE_ONCE(set->size, nft_trans_set_size(trans));
11041 			} else {
11042 				nft_clear(net, nft_trans_set(trans));
11043 				/* This avoids hitting -EBUSY when deleting the table
11044 				 * from the transaction.
11045 				 */
11046 				if (nft_set_is_anonymous(nft_trans_set(trans)) &&
11047 				    !list_empty(&nft_trans_set(trans)->bindings))
11048 					nft_use_dec(&table->use);
11049 			}
11050 			nf_tables_set_notify(&ctx, nft_trans_set(trans),
11051 					     NFT_MSG_NEWSET, GFP_KERNEL);
11052 			nft_trans_destroy(trans);
11053 			break;
11054 		case NFT_MSG_DELSET:
11055 		case NFT_MSG_DESTROYSET:
11056 			nft_trans_set(trans)->dead = 1;
11057 			list_del_rcu(&nft_trans_set(trans)->list);
11058 			nf_tables_set_notify(&ctx, nft_trans_set(trans),
11059 					     trans->msg_type, GFP_KERNEL);
11060 			break;
11061 		case NFT_MSG_NEWSETELEM:
11062 			te = nft_trans_container_elem(trans);
11063 
11064 			nft_trans_elems_add(&ctx, te);
11065 
11066 			if (te->set->ops->commit &&
11067 			    list_empty(&te->set->pending_update)) {
11068 				list_add_tail(&te->set->pending_update,
11069 					      &set_update_list);
11070 			}
11071 			nft_trans_destroy(trans);
11072 			break;
11073 		case NFT_MSG_DELSETELEM:
11074 		case NFT_MSG_DESTROYSETELEM:
11075 			te = nft_trans_container_elem(trans);
11076 
11077 			nft_trans_elems_remove(&ctx, te);
11078 
11079 			if (te->set->ops->commit &&
11080 			    list_empty(&te->set->pending_update)) {
11081 				list_add_tail(&te->set->pending_update,
11082 					      &set_update_list);
11083 			}
11084 			break;
11085 		case NFT_MSG_NEWOBJ:
11086 			if (nft_trans_obj_update(trans)) {
11087 				nft_obj_commit_update(&ctx, trans);
11088 				nf_tables_obj_notify(&ctx,
11089 						     nft_trans_obj(trans),
11090 						     NFT_MSG_NEWOBJ);
11091 			} else {
11092 				nft_clear(net, nft_trans_obj(trans));
11093 				nf_tables_obj_notify(&ctx,
11094 						     nft_trans_obj(trans),
11095 						     NFT_MSG_NEWOBJ);
11096 				nft_trans_destroy(trans);
11097 			}
11098 			break;
11099 		case NFT_MSG_DELOBJ:
11100 		case NFT_MSG_DESTROYOBJ:
11101 			nft_obj_del(nft_trans_obj(trans));
11102 			nf_tables_obj_notify(&ctx, nft_trans_obj(trans),
11103 					     trans->msg_type);
11104 			break;
11105 		case NFT_MSG_NEWFLOWTABLE:
11106 			if (nft_trans_flowtable_update(trans)) {
11107 				nft_trans_flowtable(trans)->data.flags =
11108 					nft_trans_flowtable_flags(trans);
11109 				nf_tables_flowtable_notify(&ctx,
11110 							   nft_trans_flowtable(trans),
11111 							   &nft_trans_flowtable_hooks(trans),
11112 							   NULL,
11113 							   NFT_MSG_NEWFLOWTABLE);
11114 				list_splice_rcu(&nft_trans_flowtable_hooks(trans),
11115 						&nft_trans_flowtable(trans)->hook_list);
11116 			} else {
11117 				nft_clear(net, nft_trans_flowtable(trans));
11118 				nf_tables_flowtable_notify(&ctx,
11119 							   nft_trans_flowtable(trans),
11120 							   NULL,
11121 							   NULL,
11122 							   NFT_MSG_NEWFLOWTABLE);
11123 			}
11124 			nft_trans_destroy(trans);
11125 			break;
11126 		case NFT_MSG_DELFLOWTABLE:
11127 		case NFT_MSG_DESTROYFLOWTABLE:
11128 			if (nft_trans_flowtable_update(trans)) {
11129 				nf_tables_flowtable_notify(&ctx,
11130 							   nft_trans_flowtable(trans),
11131 							   NULL,
11132 							   &nft_trans_flowtable_hooks(trans),
11133 							   trans->msg_type);
11134 				nft_flowtable_unregister_trans_hook(net,
11135 								    nft_trans_flowtable(trans),
11136 								    &nft_trans_flowtable_hooks(trans));
11137 			} else {
11138 				list_del_rcu(&nft_trans_flowtable(trans)->list);
11139 				nf_tables_flowtable_notify(&ctx,
11140 							   nft_trans_flowtable(trans),
11141 							   NULL,
11142 							   NULL,
11143 							   trans->msg_type);
11144 				nft_unregister_flowtable_net_hooks(net,
11145 						nft_trans_flowtable(trans),
11146 						&nft_trans_flowtable(trans)->hook_list);
11147 			}
11148 			break;
11149 		}
11150 	}
11151 
11152 	nft_set_commit_update(&set_update_list);
11153 
11154 	nft_commit_notify(net, NETLINK_CB(skb).portid);
11155 	nf_tables_gen_notify(net, skb, NFT_MSG_NEWGEN);
11156 	nf_tables_commit_audit_log(&adl, nft_base_seq(net));
11157 
11158 	nft_gc_seq_end(nft_net, gc_seq);
11159 	nft_net->validate_state = NFT_VALIDATE_SKIP;
11160 	nf_tables_commit_release(net);
11161 
11162 	return 0;
11163 }
11164 
11165 static void nf_tables_module_autoload(struct net *net)
11166 {
11167 	struct nftables_pernet *nft_net = nft_pernet(net);
11168 	struct nft_module_request *req, *next;
11169 	LIST_HEAD(module_list);
11170 
11171 	list_splice_init(&nft_net->module_list, &module_list);
11172 	mutex_unlock(&nft_net->commit_mutex);
11173 	list_for_each_entry_safe(req, next, &module_list, list) {
11174 		request_module("%s", req->module);
11175 		req->done = true;
11176 	}
11177 	mutex_lock(&nft_net->commit_mutex);
11178 	list_splice(&module_list, &nft_net->module_list);
11179 }
11180 
11181 static void nf_tables_abort_release(struct nft_trans *trans)
11182 {
11183 	struct nft_ctx ctx = { };
11184 
11185 	nft_ctx_update(&ctx, trans);
11186 
11187 	switch (trans->msg_type) {
11188 	case NFT_MSG_NEWTABLE:
11189 		nf_tables_table_destroy(trans->table);
11190 		break;
11191 	case NFT_MSG_NEWCHAIN:
11192 		if (nft_trans_chain_update(trans))
11193 			nft_hooks_destroy(&nft_trans_chain_hooks(trans));
11194 		else
11195 			nf_tables_chain_destroy(nft_trans_chain(trans));
11196 		break;
11197 	case NFT_MSG_NEWRULE:
11198 		nf_tables_rule_destroy(&ctx, nft_trans_rule(trans));
11199 		break;
11200 	case NFT_MSG_NEWSET:
11201 		nft_set_destroy(&ctx, nft_trans_set(trans));
11202 		break;
11203 	case NFT_MSG_NEWSETELEM:
11204 		nft_trans_set_elem_destroy(&ctx, nft_trans_container_elem(trans));
11205 		break;
11206 	case NFT_MSG_NEWOBJ:
11207 		nft_obj_destroy(&ctx, nft_trans_obj(trans));
11208 		break;
11209 	case NFT_MSG_NEWFLOWTABLE:
11210 		if (nft_trans_flowtable_update(trans))
11211 			nft_hooks_destroy(&nft_trans_flowtable_hooks(trans));
11212 		else
11213 			nf_tables_flowtable_destroy(nft_trans_flowtable(trans));
11214 		break;
11215 	}
11216 	kfree(trans);
11217 }
11218 
11219 static void nft_set_abort_update(struct list_head *set_update_list)
11220 {
11221 	struct nft_set *set, *next;
11222 
11223 	list_for_each_entry_safe(set, next, set_update_list, pending_update) {
11224 		list_del_init(&set->pending_update);
11225 
11226 		if (!set->ops->abort)
11227 			continue;
11228 
11229 		set->ops->abort(set);
11230 	}
11231 }
11232 
11233 static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
11234 {
11235 	struct nftables_pernet *nft_net = nft_pernet(net);
11236 	struct nft_trans *trans, *next;
11237 	LIST_HEAD(set_update_list);
11238 	struct nft_trans_elem *te;
11239 	struct nft_ctx ctx = {
11240 		.net = net,
11241 	};
11242 	int err = 0;
11243 
11244 	if (action == NFNL_ABORT_VALIDATE &&
11245 	    nf_tables_validate(net) < 0)
11246 		err = -EAGAIN;
11247 
11248 	list_for_each_entry_safe_reverse(trans, next, &nft_net->commit_list,
11249 					 list) {
11250 		struct nft_table *table = trans->table;
11251 
11252 		nft_ctx_update(&ctx, trans);
11253 
11254 		switch (trans->msg_type) {
11255 		case NFT_MSG_NEWTABLE:
11256 			if (nft_trans_table_update(trans)) {
11257 				if (!(table->flags & __NFT_TABLE_F_UPDATE)) {
11258 					nft_trans_destroy(trans);
11259 					break;
11260 				}
11261 				if (table->flags & __NFT_TABLE_F_WAS_DORMANT) {
11262 					nf_tables_table_disable(net, table);
11263 					table->flags |= NFT_TABLE_F_DORMANT;
11264 				} else if (table->flags & __NFT_TABLE_F_WAS_AWAKEN) {
11265 					table->flags &= ~NFT_TABLE_F_DORMANT;
11266 				}
11267 				if (table->flags & __NFT_TABLE_F_WAS_ORPHAN) {
11268 					table->flags &= ~NFT_TABLE_F_OWNER;
11269 					table->nlpid = 0;
11270 				}
11271 				table->flags &= ~__NFT_TABLE_F_UPDATE;
11272 				nft_trans_destroy(trans);
11273 			} else {
11274 				list_del_rcu(&table->list);
11275 			}
11276 			break;
11277 		case NFT_MSG_DELTABLE:
11278 		case NFT_MSG_DESTROYTABLE:
11279 			nft_clear(trans->net, table);
11280 			nft_trans_destroy(trans);
11281 			break;
11282 		case NFT_MSG_NEWCHAIN:
11283 			if (nft_trans_chain_update(trans)) {
11284 				if (!(table->flags & NFT_TABLE_F_DORMANT)) {
11285 					nft_netdev_unregister_hooks(net,
11286 								    &nft_trans_chain_hooks(trans),
11287 								    true);
11288 				}
11289 				free_percpu(nft_trans_chain_stats(trans));
11290 				kfree(nft_trans_chain_name(trans));
11291 				nft_trans_destroy(trans);
11292 			} else {
11293 				if (nft_trans_chain_bound(trans)) {
11294 					nft_trans_destroy(trans);
11295 					break;
11296 				}
11297 				nft_use_dec_restore(&table->use);
11298 				nft_chain_del(nft_trans_chain(trans));
11299 				nf_tables_unregister_hook(trans->net, table,
11300 							  nft_trans_chain(trans));
11301 			}
11302 			break;
11303 		case NFT_MSG_DELCHAIN:
11304 		case NFT_MSG_DESTROYCHAIN:
11305 			if (nft_trans_chain_update(trans)) {
11306 				nft_trans_delhook_abort(&nft_trans_chain_hooks(trans));
11307 			} else {
11308 				nft_use_inc_restore(&table->use);
11309 				nft_clear(trans->net, nft_trans_chain(trans));
11310 			}
11311 			nft_trans_destroy(trans);
11312 			break;
11313 		case NFT_MSG_NEWRULE:
11314 			if (nft_trans_rule_bound(trans)) {
11315 				nft_trans_destroy(trans);
11316 				break;
11317 			}
11318 			nft_use_dec_restore(&nft_trans_rule_chain(trans)->use);
11319 			list_del_rcu(&nft_trans_rule(trans)->list);
11320 			nft_rule_expr_deactivate(&ctx,
11321 						 nft_trans_rule(trans),
11322 						 NFT_TRANS_ABORT);
11323 			if (nft_trans_rule_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD)
11324 				nft_flow_rule_destroy(nft_trans_flow_rule(trans));
11325 			break;
11326 		case NFT_MSG_DELRULE:
11327 		case NFT_MSG_DESTROYRULE:
11328 			nft_use_inc_restore(&nft_trans_rule_chain(trans)->use);
11329 			nft_clear(trans->net, nft_trans_rule(trans));
11330 			nft_rule_expr_activate(&ctx, nft_trans_rule(trans));
11331 			if (nft_trans_rule_chain(trans)->flags & NFT_CHAIN_HW_OFFLOAD)
11332 				nft_flow_rule_destroy(nft_trans_flow_rule(trans));
11333 
11334 			nft_trans_destroy(trans);
11335 			break;
11336 		case NFT_MSG_NEWSET:
11337 			list_del(&nft_trans_container_set(trans)->list_trans_newset);
11338 			if (nft_trans_set_update(trans)) {
11339 				nft_trans_destroy(trans);
11340 				break;
11341 			}
11342 			nft_use_dec_restore(&table->use);
11343 			if (nft_trans_set_bound(trans)) {
11344 				nft_trans_destroy(trans);
11345 				break;
11346 			}
11347 			nft_trans_set(trans)->dead = 1;
11348 			list_del_rcu(&nft_trans_set(trans)->list);
11349 			break;
11350 		case NFT_MSG_DELSET:
11351 		case NFT_MSG_DESTROYSET:
11352 			nft_use_inc_restore(&table->use);
11353 			nft_clear(trans->net, nft_trans_set(trans));
11354 			if (nft_trans_set(trans)->flags & (NFT_SET_MAP | NFT_SET_OBJECT))
11355 				nft_map_activate(&ctx, nft_trans_set(trans));
11356 
11357 			nft_trans_destroy(trans);
11358 			break;
11359 		case NFT_MSG_NEWSETELEM:
11360 			if (nft_trans_elem_set_bound(trans)) {
11361 				nft_trans_destroy(trans);
11362 				break;
11363 			}
11364 			te = nft_trans_container_elem(trans);
11365 			if (!nft_trans_elems_new_abort(&ctx, te)) {
11366 				nft_trans_destroy(trans);
11367 				break;
11368 			}
11369 
11370 			if (te->set->ops->abort &&
11371 			    list_empty(&te->set->pending_update)) {
11372 				list_add_tail(&te->set->pending_update,
11373 					      &set_update_list);
11374 			}
11375 			break;
11376 		case NFT_MSG_DELSETELEM:
11377 		case NFT_MSG_DESTROYSETELEM:
11378 			te = nft_trans_container_elem(trans);
11379 
11380 			nft_trans_elems_destroy_abort(&ctx, te);
11381 
11382 			if (te->set->ops->abort &&
11383 			    list_empty(&te->set->pending_update)) {
11384 				list_add_tail(&te->set->pending_update,
11385 					      &set_update_list);
11386 			}
11387 			nft_trans_destroy(trans);
11388 			break;
11389 		case NFT_MSG_NEWOBJ:
11390 			if (nft_trans_obj_update(trans)) {
11391 				nft_obj_destroy(&ctx, nft_trans_obj_newobj(trans));
11392 				nft_trans_destroy(trans);
11393 			} else {
11394 				nft_use_dec_restore(&table->use);
11395 				nft_obj_del(nft_trans_obj(trans));
11396 			}
11397 			break;
11398 		case NFT_MSG_DELOBJ:
11399 		case NFT_MSG_DESTROYOBJ:
11400 			nft_use_inc_restore(&table->use);
11401 			nft_clear(trans->net, nft_trans_obj(trans));
11402 			nft_trans_destroy(trans);
11403 			break;
11404 		case NFT_MSG_NEWFLOWTABLE:
11405 			if (nft_trans_flowtable_update(trans)) {
11406 				nft_unregister_flowtable_net_hooks(net,
11407 						nft_trans_flowtable(trans),
11408 						&nft_trans_flowtable_hooks(trans));
11409 			} else {
11410 				nft_use_dec_restore(&table->use);
11411 				list_del_rcu(&nft_trans_flowtable(trans)->list);
11412 				nft_unregister_flowtable_net_hooks(net,
11413 						nft_trans_flowtable(trans),
11414 						&nft_trans_flowtable(trans)->hook_list);
11415 			}
11416 			break;
11417 		case NFT_MSG_DELFLOWTABLE:
11418 		case NFT_MSG_DESTROYFLOWTABLE:
11419 			if (nft_trans_flowtable_update(trans)) {
11420 				nft_trans_delhook_abort(&nft_trans_flowtable_hooks(trans));
11421 			} else {
11422 				nft_use_inc_restore(&table->use);
11423 				nft_clear(trans->net, nft_trans_flowtable(trans));
11424 			}
11425 			nft_trans_destroy(trans);
11426 			break;
11427 		}
11428 	}
11429 
11430 	WARN_ON_ONCE(!list_empty(&nft_net->commit_set_list));
11431 
11432 	nft_set_abort_update(&set_update_list);
11433 
11434 	synchronize_rcu();
11435 
11436 	list_for_each_entry_safe_reverse(trans, next,
11437 					 &nft_net->commit_list, list) {
11438 		nft_trans_list_del(trans);
11439 		nf_tables_abort_release(trans);
11440 	}
11441 
11442 	return err;
11443 }
11444 
11445 static int nf_tables_abort(struct net *net, struct sk_buff *skb,
11446 			   enum nfnl_abort_action action)
11447 {
11448 	struct nftables_pernet *nft_net = nft_pernet(net);
11449 	unsigned int gc_seq;
11450 	int ret;
11451 
11452 	gc_seq = nft_gc_seq_begin(nft_net);
11453 	ret = __nf_tables_abort(net, action);
11454 	nft_gc_seq_end(nft_net, gc_seq);
11455 
11456 	if (action == NFNL_ABORT_NONE) {
11457 		struct nft_table *table;
11458 
11459 		list_for_each_entry(table, &nft_net->tables, list)
11460 			table->validate_state = NFT_VALIDATE_SKIP;
11461 	}
11462 
11463 	WARN_ON_ONCE(!list_empty(&nft_net->commit_list));
11464 
11465 	/* module autoload needs to happen after GC sequence update because it
11466 	 * temporarily releases and grabs mutex again.
11467 	 */
11468 	if (action == NFNL_ABORT_AUTOLOAD)
11469 		nf_tables_module_autoload(net);
11470 	else
11471 		nf_tables_module_autoload_cleanup(net);
11472 
11473 	mutex_unlock(&nft_net->commit_mutex);
11474 
11475 	return ret;
11476 }
11477 
11478 static bool nf_tables_valid_genid(struct net *net, u32 genid)
11479 {
11480 	struct nftables_pernet *nft_net = nft_pernet(net);
11481 	bool genid_ok;
11482 
11483 	mutex_lock(&nft_net->commit_mutex);
11484 	nft_net->tstamp = get_jiffies_64();
11485 
11486 	genid_ok = genid == 0 || nft_base_seq(net) == genid;
11487 	if (!genid_ok)
11488 		mutex_unlock(&nft_net->commit_mutex);
11489 
11490 	/* else, commit mutex has to be released by commit or abort function */
11491 	return genid_ok;
11492 }
11493 
11494 static const struct nfnetlink_subsystem nf_tables_subsys = {
11495 	.name		= "nf_tables",
11496 	.subsys_id	= NFNL_SUBSYS_NFTABLES,
11497 	.cb_count	= NFT_MSG_MAX,
11498 	.cb		= nf_tables_cb,
11499 	.commit		= nf_tables_commit,
11500 	.abort		= nf_tables_abort,
11501 	.valid_genid	= nf_tables_valid_genid,
11502 	.owner		= THIS_MODULE,
11503 };
11504 
11505 int nft_chain_validate_dependency(const struct nft_chain *chain,
11506 				  enum nft_chain_types type)
11507 {
11508 	const struct nft_base_chain *basechain;
11509 
11510 	if (nft_is_base_chain(chain)) {
11511 		basechain = nft_base_chain(chain);
11512 		if (basechain->type->type != type)
11513 			return -EOPNOTSUPP;
11514 	}
11515 	return 0;
11516 }
11517 EXPORT_SYMBOL_GPL(nft_chain_validate_dependency);
11518 
11519 int nft_chain_validate_hooks(const struct nft_chain *chain,
11520 			     unsigned int hook_flags)
11521 {
11522 	struct nft_base_chain *basechain;
11523 
11524 	if (nft_is_base_chain(chain)) {
11525 		basechain = nft_base_chain(chain);
11526 
11527 		if ((1 << basechain->ops.hooknum) & hook_flags)
11528 			return 0;
11529 
11530 		return -EOPNOTSUPP;
11531 	}
11532 
11533 	return 0;
11534 }
11535 EXPORT_SYMBOL_GPL(nft_chain_validate_hooks);
11536 
11537 /**
11538  *	nft_parse_u32_check - fetch u32 attribute and check for maximum value
11539  *
11540  *	@attr: netlink attribute to fetch value from
11541  *	@max: maximum value to be stored in dest
11542  *	@dest: pointer to the variable
11543  *
11544  *	Parse, check and store a given u32 netlink attribute into variable.
11545  *	This function returns -ERANGE if the value goes over maximum value.
11546  *	Otherwise a 0 is returned and the attribute value is stored in the
11547  *	destination variable.
11548  */
11549 int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest)
11550 {
11551 	u32 val;
11552 
11553 	val = ntohl(nla_get_be32(attr));
11554 	if (val > max)
11555 		return -ERANGE;
11556 
11557 	*dest = val;
11558 	return 0;
11559 }
11560 EXPORT_SYMBOL_GPL(nft_parse_u32_check);
11561 
11562 static int nft_parse_register(const struct nlattr *attr, u32 *preg)
11563 {
11564 	unsigned int reg;
11565 
11566 	reg = ntohl(nla_get_be32(attr));
11567 	switch (reg) {
11568 	case NFT_REG_VERDICT...NFT_REG_4:
11569 		*preg = reg * NFT_REG_SIZE / NFT_REG32_SIZE;
11570 		break;
11571 	case NFT_REG32_00...NFT_REG32_15:
11572 		*preg = reg + NFT_REG_SIZE / NFT_REG32_SIZE - NFT_REG32_00;
11573 		break;
11574 	default:
11575 		return -ERANGE;
11576 	}
11577 
11578 	return 0;
11579 }
11580 
11581 /**
11582  *	nft_dump_register - dump a register value to a netlink attribute
11583  *
11584  *	@skb: socket buffer
11585  *	@attr: attribute number
11586  *	@reg: register number
11587  *
11588  *	Construct a netlink attribute containing the register number. For
11589  *	compatibility reasons, register numbers being a multiple of 4 are
11590  *	translated to the corresponding 128 bit register numbers.
11591  */
11592 int nft_dump_register(struct sk_buff *skb, unsigned int attr, unsigned int reg)
11593 {
11594 	if (reg % (NFT_REG_SIZE / NFT_REG32_SIZE) == 0)
11595 		reg = reg / (NFT_REG_SIZE / NFT_REG32_SIZE);
11596 	else
11597 		reg = reg - NFT_REG_SIZE / NFT_REG32_SIZE + NFT_REG32_00;
11598 
11599 	return nla_put_be32(skb, attr, htonl(reg));
11600 }
11601 EXPORT_SYMBOL_GPL(nft_dump_register);
11602 
11603 static int nft_validate_register_load(enum nft_registers reg, unsigned int len)
11604 {
11605 	if (reg < NFT_REG_1 * NFT_REG_SIZE / NFT_REG32_SIZE)
11606 		return -EINVAL;
11607 	if (len == 0)
11608 		return -EINVAL;
11609 	if (reg * NFT_REG32_SIZE + len > sizeof_field(struct nft_regs, data))
11610 		return -ERANGE;
11611 
11612 	return 0;
11613 }
11614 
11615 int nft_parse_register_load(const struct nft_ctx *ctx,
11616 			    const struct nlattr *attr, u8 *sreg, u32 len)
11617 {
11618 	int err, invalid_reg;
11619 	u32 reg, next_register;
11620 
11621 	err = nft_parse_register(attr, &reg);
11622 	if (err < 0)
11623 		return err;
11624 
11625 	err = nft_validate_register_load(reg, len);
11626 	if (err < 0)
11627 		return err;
11628 
11629 	next_register = DIV_ROUND_UP(len, NFT_REG32_SIZE) + reg;
11630 
11631 	/* Can't happen: nft_validate_register_load() should have failed */
11632 	if (WARN_ON_ONCE(next_register > NFT_REG32_NUM))
11633 		return -EINVAL;
11634 
11635 	/* find first register that did not see an earlier store. */
11636 	invalid_reg = find_next_zero_bit(ctx->reg_inited, NFT_REG32_NUM, reg);
11637 
11638 	/* invalid register within the range that we're loading from? */
11639 	if (invalid_reg < next_register)
11640 		return -ENODATA;
11641 
11642 	*sreg = reg;
11643 	return 0;
11644 }
11645 EXPORT_SYMBOL_GPL(nft_parse_register_load);
11646 
11647 static void nft_saw_register_store(const struct nft_ctx *__ctx,
11648 				   int reg, unsigned int len)
11649 {
11650 	unsigned int registers = DIV_ROUND_UP(len, NFT_REG32_SIZE);
11651 	struct nft_ctx *ctx = (struct nft_ctx *)__ctx;
11652 
11653 	if (WARN_ON_ONCE(len == 0 || reg < 0))
11654 		return;
11655 
11656 	bitmap_set(ctx->reg_inited, reg, registers);
11657 }
11658 
11659 static int nft_validate_register_store(const struct nft_ctx *ctx,
11660 				       enum nft_registers reg,
11661 				       const struct nft_data *data,
11662 				       enum nft_data_types type,
11663 				       unsigned int len)
11664 {
11665 	switch (reg) {
11666 	case NFT_REG_VERDICT:
11667 		if (type != NFT_DATA_VERDICT)
11668 			return -EINVAL;
11669 		break;
11670 	default:
11671 		if (type != NFT_DATA_VALUE)
11672 			return -EINVAL;
11673 
11674 		if (reg < NFT_REG_1 * NFT_REG_SIZE / NFT_REG32_SIZE)
11675 			return -EINVAL;
11676 		if (len == 0)
11677 			return -EINVAL;
11678 		if (reg * NFT_REG32_SIZE + len >
11679 		    sizeof_field(struct nft_regs, data))
11680 			return -ERANGE;
11681 
11682 		break;
11683 	}
11684 
11685 	nft_saw_register_store(ctx, reg, len);
11686 	return 0;
11687 }
11688 
11689 int nft_parse_register_store(const struct nft_ctx *ctx,
11690 			     const struct nlattr *attr, u8 *dreg,
11691 			     const struct nft_data *data,
11692 			     enum nft_data_types type, unsigned int len)
11693 {
11694 	int err;
11695 	u32 reg;
11696 
11697 	err = nft_parse_register(attr, &reg);
11698 	if (err < 0)
11699 		return err;
11700 
11701 	err = nft_validate_register_store(ctx, reg, data, type, len);
11702 	if (err < 0)
11703 		return err;
11704 
11705 	*dreg = reg;
11706 	return 0;
11707 }
11708 EXPORT_SYMBOL_GPL(nft_parse_register_store);
11709 
11710 static const struct nla_policy nft_verdict_policy[NFTA_VERDICT_MAX + 1] = {
11711 	[NFTA_VERDICT_CODE]	= { .type = NLA_U32 },
11712 	[NFTA_VERDICT_CHAIN]	= { .type = NLA_STRING,
11713 				    .len = NFT_CHAIN_MAXNAMELEN - 1 },
11714 	[NFTA_VERDICT_CHAIN_ID]	= { .type = NLA_U32 },
11715 };
11716 
11717 static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data,
11718 			    struct nft_data_desc *desc, const struct nlattr *nla)
11719 {
11720 	u8 genmask = nft_genmask_next(ctx->net);
11721 	struct nlattr *tb[NFTA_VERDICT_MAX + 1];
11722 	struct nft_chain *chain;
11723 	int err;
11724 
11725 	err = nla_parse_nested_deprecated(tb, NFTA_VERDICT_MAX, nla,
11726 					  nft_verdict_policy, NULL);
11727 	if (err < 0)
11728 		return err;
11729 
11730 	if (!tb[NFTA_VERDICT_CODE])
11731 		return -EINVAL;
11732 
11733 	/* zero padding hole for memcmp */
11734 	memset(data, 0, sizeof(*data));
11735 	data->verdict.code = ntohl(nla_get_be32(tb[NFTA_VERDICT_CODE]));
11736 
11737 	switch (data->verdict.code) {
11738 	case NF_ACCEPT:
11739 	case NF_DROP:
11740 	case NFT_CONTINUE:
11741 	case NFT_BREAK:
11742 	case NFT_RETURN:
11743 		break;
11744 	case NFT_JUMP:
11745 	case NFT_GOTO:
11746 		if (tb[NFTA_VERDICT_CHAIN]) {
11747 			chain = nft_chain_lookup(ctx->net, ctx->table,
11748 						 tb[NFTA_VERDICT_CHAIN],
11749 						 genmask);
11750 		} else if (tb[NFTA_VERDICT_CHAIN_ID]) {
11751 			chain = nft_chain_lookup_byid(ctx->net, ctx->table,
11752 						      tb[NFTA_VERDICT_CHAIN_ID],
11753 						      genmask);
11754 			if (IS_ERR(chain))
11755 				return PTR_ERR(chain);
11756 		} else {
11757 			return -EINVAL;
11758 		}
11759 
11760 		if (IS_ERR(chain))
11761 			return PTR_ERR(chain);
11762 		if (nft_is_base_chain(chain))
11763 			return -EOPNOTSUPP;
11764 		if (nft_chain_is_bound(chain))
11765 			return -EINVAL;
11766 		if (desc->flags & NFT_DATA_DESC_SETELEM &&
11767 		    chain->flags & NFT_CHAIN_BINDING)
11768 			return -EINVAL;
11769 		if (!nft_use_inc(&chain->use))
11770 			return -EMFILE;
11771 
11772 		data->verdict.chain = chain;
11773 		break;
11774 	case NF_QUEUE:
11775 		/* The nft_queue expression is used for this purpose, an
11776 		 * immediate NF_QUEUE verdict should not ever be seen here.
11777 		 */
11778 		fallthrough;
11779 	default:
11780 		return -EINVAL;
11781 	}
11782 
11783 	desc->len = sizeof(data->verdict);
11784 
11785 	return 0;
11786 }
11787 
11788 static void nft_verdict_uninit(const struct nft_data *data)
11789 {
11790 	struct nft_chain *chain;
11791 
11792 	switch (data->verdict.code) {
11793 	case NFT_JUMP:
11794 	case NFT_GOTO:
11795 		chain = data->verdict.chain;
11796 		nft_use_dec(&chain->use);
11797 		break;
11798 	}
11799 }
11800 
11801 int nft_verdict_dump(struct sk_buff *skb, int type, const struct nft_verdict *v)
11802 {
11803 	struct nlattr *nest;
11804 
11805 	nest = nla_nest_start_noflag(skb, type);
11806 	if (!nest)
11807 		goto nla_put_failure;
11808 
11809 	if (nla_put_be32(skb, NFTA_VERDICT_CODE, htonl(v->code)))
11810 		goto nla_put_failure;
11811 
11812 	switch (v->code) {
11813 	case NFT_JUMP:
11814 	case NFT_GOTO:
11815 		if (nla_put_string(skb, NFTA_VERDICT_CHAIN,
11816 				   v->chain->name))
11817 			goto nla_put_failure;
11818 	}
11819 	nla_nest_end(skb, nest);
11820 	return 0;
11821 
11822 nla_put_failure:
11823 	return -1;
11824 }
11825 
11826 static int nft_value_init(const struct nft_ctx *ctx,
11827 			  struct nft_data *data, struct nft_data_desc *desc,
11828 			  const struct nlattr *nla)
11829 {
11830 	unsigned int len;
11831 
11832 	len = nla_len(nla);
11833 	if (len == 0)
11834 		return -EINVAL;
11835 	if (len > desc->size)
11836 		return -EOVERFLOW;
11837 	if (desc->len) {
11838 		if (len != desc->len)
11839 			return -EINVAL;
11840 	} else {
11841 		desc->len = len;
11842 	}
11843 
11844 	nla_memcpy(data->data, nla, len);
11845 
11846 	return 0;
11847 }
11848 
11849 static int nft_value_dump(struct sk_buff *skb, const struct nft_data *data,
11850 			  unsigned int len)
11851 {
11852 	return nla_put(skb, NFTA_DATA_VALUE, len, data->data);
11853 }
11854 
11855 static const struct nla_policy nft_data_policy[NFTA_DATA_MAX + 1] = {
11856 	[NFTA_DATA_VALUE]	= { .type = NLA_BINARY },
11857 	[NFTA_DATA_VERDICT]	= { .type = NLA_NESTED },
11858 };
11859 
11860 /**
11861  *	nft_data_init - parse nf_tables data netlink attributes
11862  *
11863  *	@ctx: context of the expression using the data
11864  *	@data: destination struct nft_data
11865  *	@desc: data description
11866  *	@nla: netlink attribute containing data
11867  *
11868  *	Parse the netlink data attributes and initialize a struct nft_data.
11869  *	The type and length of data are returned in the data description.
11870  *
11871  *	The caller can indicate that it only wants to accept data of type
11872  *	NFT_DATA_VALUE by passing NULL for the ctx argument.
11873  */
11874 int nft_data_init(const struct nft_ctx *ctx, struct nft_data *data,
11875 		  struct nft_data_desc *desc, const struct nlattr *nla)
11876 {
11877 	struct nlattr *tb[NFTA_DATA_MAX + 1];
11878 	int err;
11879 
11880 	if (WARN_ON_ONCE(!desc->size))
11881 		return -EINVAL;
11882 
11883 	err = nla_parse_nested_deprecated(tb, NFTA_DATA_MAX, nla,
11884 					  nft_data_policy, NULL);
11885 	if (err < 0)
11886 		return err;
11887 
11888 	if (tb[NFTA_DATA_VALUE]) {
11889 		if (desc->type != NFT_DATA_VALUE)
11890 			return -EINVAL;
11891 
11892 		err = nft_value_init(ctx, data, desc, tb[NFTA_DATA_VALUE]);
11893 	} else if (tb[NFTA_DATA_VERDICT] && ctx != NULL) {
11894 		if (desc->type != NFT_DATA_VERDICT)
11895 			return -EINVAL;
11896 
11897 		err = nft_verdict_init(ctx, data, desc, tb[NFTA_DATA_VERDICT]);
11898 	} else {
11899 		err = -EINVAL;
11900 	}
11901 
11902 	return err;
11903 }
11904 EXPORT_SYMBOL_GPL(nft_data_init);
11905 
11906 /**
11907  *	nft_data_release - release a nft_data item
11908  *
11909  *	@data: struct nft_data to release
11910  *	@type: type of data
11911  *
11912  *	Release a nft_data item. NFT_DATA_VALUE types can be silently discarded,
11913  *	all others need to be released by calling this function.
11914  */
11915 void nft_data_release(const struct nft_data *data, enum nft_data_types type)
11916 {
11917 	if (type < NFT_DATA_VERDICT)
11918 		return;
11919 	switch (type) {
11920 	case NFT_DATA_VERDICT:
11921 		return nft_verdict_uninit(data);
11922 	default:
11923 		WARN_ON(1);
11924 	}
11925 }
11926 
11927 int nft_data_dump(struct sk_buff *skb, int attr, const struct nft_data *data,
11928 		  enum nft_data_types type, unsigned int len)
11929 {
11930 	struct nlattr *nest;
11931 	int err;
11932 
11933 	nest = nla_nest_start_noflag(skb, attr);
11934 	if (nest == NULL)
11935 		return -1;
11936 
11937 	switch (type) {
11938 	case NFT_DATA_VALUE:
11939 		err = nft_value_dump(skb, data, len);
11940 		break;
11941 	case NFT_DATA_VERDICT:
11942 		err = nft_verdict_dump(skb, NFTA_DATA_VERDICT, &data->verdict);
11943 		break;
11944 	default:
11945 		err = -EINVAL;
11946 		WARN_ON(1);
11947 	}
11948 
11949 	nla_nest_end(skb, nest);
11950 	return err;
11951 }
11952 
11953 static void __nft_release_hook(struct net *net, struct nft_table *table)
11954 {
11955 	struct nft_flowtable *flowtable;
11956 	struct nft_chain *chain;
11957 
11958 	list_for_each_entry(chain, &table->chains, list)
11959 		__nf_tables_unregister_hook(net, table, chain, true);
11960 	list_for_each_entry(flowtable, &table->flowtables, list)
11961 		__nft_unregister_flowtable_net_hooks(net, flowtable,
11962 						     &flowtable->hook_list,
11963 						     true);
11964 }
11965 
11966 static void __nft_release_hooks(struct net *net)
11967 {
11968 	struct nftables_pernet *nft_net = nft_pernet(net);
11969 	struct nft_table *table;
11970 
11971 	list_for_each_entry(table, &nft_net->tables, list) {
11972 		if (nft_table_has_owner(table))
11973 			continue;
11974 
11975 		__nft_release_hook(net, table);
11976 	}
11977 }
11978 
11979 static void __nft_release_table(struct net *net, struct nft_table *table)
11980 {
11981 	struct nft_flowtable *flowtable, *nf;
11982 	struct nft_chain *chain, *nc;
11983 	struct nft_object *obj, *ne;
11984 	struct nft_rule *rule, *nr;
11985 	struct nft_set *set, *ns;
11986 	struct nft_ctx ctx = {
11987 		.net	= net,
11988 		.family	= NFPROTO_NETDEV,
11989 	};
11990 
11991 	ctx.family = table->family;
11992 	ctx.table = table;
11993 	list_for_each_entry(chain, &table->chains, list) {
11994 		if (nft_chain_binding(chain))
11995 			continue;
11996 
11997 		ctx.chain = chain;
11998 		list_for_each_entry_safe(rule, nr, &chain->rules, list) {
11999 			list_del(&rule->list);
12000 			nft_use_dec(&chain->use);
12001 			nf_tables_rule_release(&ctx, rule);
12002 		}
12003 	}
12004 	list_for_each_entry_safe(flowtable, nf, &table->flowtables, list) {
12005 		list_del(&flowtable->list);
12006 		nft_use_dec(&table->use);
12007 		nf_tables_flowtable_destroy(flowtable);
12008 	}
12009 	list_for_each_entry_safe(set, ns, &table->sets, list) {
12010 		list_del(&set->list);
12011 		nft_use_dec(&table->use);
12012 		if (set->flags & (NFT_SET_MAP | NFT_SET_OBJECT))
12013 			nft_map_deactivate(&ctx, set);
12014 
12015 		nft_set_destroy(&ctx, set);
12016 	}
12017 	list_for_each_entry_safe(obj, ne, &table->objects, list) {
12018 		nft_obj_del(obj);
12019 		nft_use_dec(&table->use);
12020 		nft_obj_destroy(&ctx, obj);
12021 	}
12022 	list_for_each_entry_safe(chain, nc, &table->chains, list) {
12023 		nft_chain_del(chain);
12024 		nft_use_dec(&table->use);
12025 		nf_tables_chain_destroy(chain);
12026 	}
12027 	nf_tables_table_destroy(table);
12028 }
12029 
12030 static void __nft_release_tables(struct net *net)
12031 {
12032 	struct nftables_pernet *nft_net = nft_pernet(net);
12033 	struct nft_table *table, *nt;
12034 
12035 	list_for_each_entry_safe(table, nt, &nft_net->tables, list) {
12036 		if (nft_table_has_owner(table))
12037 			continue;
12038 
12039 		list_del(&table->list);
12040 
12041 		__nft_release_table(net, table);
12042 	}
12043 }
12044 
12045 static int nft_rcv_nl_event(struct notifier_block *this, unsigned long event,
12046 			    void *ptr)
12047 {
12048 	struct nft_table *table, *to_delete[8];
12049 	struct nftables_pernet *nft_net;
12050 	struct netlink_notify *n = ptr;
12051 	struct net *net = n->net;
12052 	unsigned int deleted;
12053 	bool restart = false;
12054 	unsigned int gc_seq;
12055 
12056 	if (event != NETLINK_URELEASE || n->protocol != NETLINK_NETFILTER)
12057 		return NOTIFY_DONE;
12058 
12059 	nft_net = nft_pernet(net);
12060 	deleted = 0;
12061 	mutex_lock(&nft_net->commit_mutex);
12062 
12063 	gc_seq = nft_gc_seq_begin(nft_net);
12064 
12065 	nf_tables_trans_destroy_flush_work(net);
12066 again:
12067 	list_for_each_entry(table, &nft_net->tables, list) {
12068 		if (nft_table_has_owner(table) &&
12069 		    n->portid == table->nlpid) {
12070 			if (table->flags & NFT_TABLE_F_PERSIST) {
12071 				table->flags &= ~NFT_TABLE_F_OWNER;
12072 				continue;
12073 			}
12074 			__nft_release_hook(net, table);
12075 			list_del_rcu(&table->list);
12076 			to_delete[deleted++] = table;
12077 			if (deleted >= ARRAY_SIZE(to_delete))
12078 				break;
12079 		}
12080 	}
12081 	if (deleted) {
12082 		restart = deleted >= ARRAY_SIZE(to_delete);
12083 		synchronize_rcu();
12084 		while (deleted)
12085 			__nft_release_table(net, to_delete[--deleted]);
12086 
12087 		if (restart)
12088 			goto again;
12089 	}
12090 	nft_gc_seq_end(nft_net, gc_seq);
12091 
12092 	mutex_unlock(&nft_net->commit_mutex);
12093 
12094 	return NOTIFY_DONE;
12095 }
12096 
12097 static struct notifier_block nft_nl_notifier = {
12098 	.notifier_call  = nft_rcv_nl_event,
12099 };
12100 
12101 static int __net_init nf_tables_init_net(struct net *net)
12102 {
12103 	struct nftables_pernet *nft_net = nft_pernet(net);
12104 
12105 	INIT_LIST_HEAD(&nft_net->tables);
12106 	INIT_LIST_HEAD(&nft_net->commit_list);
12107 	INIT_LIST_HEAD(&nft_net->destroy_list);
12108 	INIT_LIST_HEAD(&nft_net->commit_set_list);
12109 	INIT_LIST_HEAD(&nft_net->binding_list);
12110 	INIT_LIST_HEAD(&nft_net->module_list);
12111 	INIT_LIST_HEAD(&nft_net->notify_list);
12112 	mutex_init(&nft_net->commit_mutex);
12113 	net->nft.base_seq = 1;
12114 	nft_net->gc_seq = 0;
12115 	nft_net->validate_state = NFT_VALIDATE_SKIP;
12116 	INIT_WORK(&nft_net->destroy_work, nf_tables_trans_destroy_work);
12117 
12118 	return 0;
12119 }
12120 
12121 static void __net_exit nf_tables_pre_exit_net(struct net *net)
12122 {
12123 	struct nftables_pernet *nft_net = nft_pernet(net);
12124 
12125 	mutex_lock(&nft_net->commit_mutex);
12126 	__nft_release_hooks(net);
12127 	mutex_unlock(&nft_net->commit_mutex);
12128 }
12129 
12130 static void __net_exit nf_tables_exit_net(struct net *net)
12131 {
12132 	struct nftables_pernet *nft_net = nft_pernet(net);
12133 	unsigned int gc_seq;
12134 
12135 	mutex_lock(&nft_net->commit_mutex);
12136 
12137 	gc_seq = nft_gc_seq_begin(nft_net);
12138 
12139 	WARN_ON_ONCE(!list_empty(&nft_net->commit_list));
12140 	WARN_ON_ONCE(!list_empty(&nft_net->commit_set_list));
12141 
12142 	if (!list_empty(&nft_net->module_list))
12143 		nf_tables_module_autoload_cleanup(net);
12144 
12145 	cancel_work_sync(&nft_net->destroy_work);
12146 	__nft_release_tables(net);
12147 
12148 	nft_gc_seq_end(nft_net, gc_seq);
12149 
12150 	mutex_unlock(&nft_net->commit_mutex);
12151 
12152 	WARN_ON_ONCE(!list_empty(&nft_net->tables));
12153 	WARN_ON_ONCE(!list_empty(&nft_net->module_list));
12154 	WARN_ON_ONCE(!list_empty(&nft_net->notify_list));
12155 	WARN_ON_ONCE(!list_empty(&nft_net->destroy_list));
12156 }
12157 
12158 static void nf_tables_exit_batch(struct list_head *net_exit_list)
12159 {
12160 	flush_work(&trans_gc_work);
12161 }
12162 
12163 static struct pernet_operations nf_tables_net_ops = {
12164 	.init		= nf_tables_init_net,
12165 	.pre_exit	= nf_tables_pre_exit_net,
12166 	.exit		= nf_tables_exit_net,
12167 	.exit_batch	= nf_tables_exit_batch,
12168 	.id		= &nf_tables_net_id,
12169 	.size		= sizeof(struct nftables_pernet),
12170 };
12171 
12172 static int __init nf_tables_module_init(void)
12173 {
12174 	int err;
12175 
12176 	BUILD_BUG_ON(offsetof(struct nft_trans_table, nft_trans) != 0);
12177 	BUILD_BUG_ON(offsetof(struct nft_trans_chain, nft_trans_binding.nft_trans) != 0);
12178 	BUILD_BUG_ON(offsetof(struct nft_trans_rule, nft_trans) != 0);
12179 	BUILD_BUG_ON(offsetof(struct nft_trans_set, nft_trans_binding.nft_trans) != 0);
12180 	BUILD_BUG_ON(offsetof(struct nft_trans_elem, nft_trans) != 0);
12181 	BUILD_BUG_ON(offsetof(struct nft_trans_obj, nft_trans) != 0);
12182 	BUILD_BUG_ON(offsetof(struct nft_trans_flowtable, nft_trans) != 0);
12183 
12184 	err = register_pernet_subsys(&nf_tables_net_ops);
12185 	if (err < 0)
12186 		return err;
12187 
12188 	err = nft_chain_filter_init();
12189 	if (err < 0)
12190 		goto err_chain_filter;
12191 
12192 	err = nf_tables_core_module_init();
12193 	if (err < 0)
12194 		goto err_core_module;
12195 
12196 	err = register_netdevice_notifier(&nf_tables_flowtable_notifier);
12197 	if (err < 0)
12198 		goto err_netdev_notifier;
12199 
12200 	err = rhltable_init(&nft_objname_ht, &nft_objname_ht_params);
12201 	if (err < 0)
12202 		goto err_rht_objname;
12203 
12204 	err = nft_offload_init();
12205 	if (err < 0)
12206 		goto err_offload;
12207 
12208 	err = netlink_register_notifier(&nft_nl_notifier);
12209 	if (err < 0)
12210 		goto err_netlink_notifier;
12211 
12212 	/* must be last */
12213 	err = nfnetlink_subsys_register(&nf_tables_subsys);
12214 	if (err < 0)
12215 		goto err_nfnl_subsys;
12216 
12217 	nft_chain_route_init();
12218 
12219 	return err;
12220 
12221 err_nfnl_subsys:
12222 	netlink_unregister_notifier(&nft_nl_notifier);
12223 err_netlink_notifier:
12224 	nft_offload_exit();
12225 err_offload:
12226 	rhltable_destroy(&nft_objname_ht);
12227 err_rht_objname:
12228 	unregister_netdevice_notifier(&nf_tables_flowtable_notifier);
12229 err_netdev_notifier:
12230 	nf_tables_core_module_exit();
12231 err_core_module:
12232 	nft_chain_filter_fini();
12233 err_chain_filter:
12234 	unregister_pernet_subsys(&nf_tables_net_ops);
12235 	return err;
12236 }
12237 
12238 static void __exit nf_tables_module_exit(void)
12239 {
12240 	nfnetlink_subsys_unregister(&nf_tables_subsys);
12241 	netlink_unregister_notifier(&nft_nl_notifier);
12242 	nft_offload_exit();
12243 	unregister_netdevice_notifier(&nf_tables_flowtable_notifier);
12244 	nft_chain_filter_fini();
12245 	nft_chain_route_fini();
12246 	unregister_pernet_subsys(&nf_tables_net_ops);
12247 	cancel_work_sync(&trans_gc_work);
12248 	rcu_barrier();
12249 	rhltable_destroy(&nft_objname_ht);
12250 	nf_tables_core_module_exit();
12251 }
12252 
12253 module_init(nf_tables_module_init);
12254 module_exit(nf_tables_module_exit);
12255 
12256 MODULE_LICENSE("GPL");
12257 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
12258 MODULE_DESCRIPTION("Framework for packet filtering and classification");
12259 MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_NFTABLES);
12260