netfilter: nft_numgen: move stateful fields out of expression data

In preparation for the rule blob representation.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_numgen.c b/net/netfilter/nft_numgen.c
index 722cac1..1d378ef 100644 (file)
--- a/net/netfilter/nft_numgen.c
+++ b/net/netfilter/nft_numgen.c
@@ -18,7 +18,7 @@ static DEFINE_PER_CPU(struct rnd_state, nft_numgen_prandom_state);
 struct nft_ng_inc {
        u8                      dreg;
        u32                     modulus;
-       atomic_t                counter;
+       atomic_t                *counter;
        u32                     offset;
 };
 
@@ -27,9 +27,9 @@ static u32 nft_ng_inc_gen(struct nft_ng_inc *priv)
        u32 nval, oval;
 
        do {
-               oval = atomic_read(&priv->counter);
+               oval = atomic_read(priv->counter);
                nval = (oval + 1 < priv->modulus) ? oval + 1 : 0;
-       } while (atomic_cmpxchg(&priv->counter, oval, nval) != oval);
+       } while (atomic_cmpxchg(priv->counter, oval, nval) != oval);
 
        return nval + priv->offset;
 }
@@ -55,6 +55,7 @@ static int nft_ng_inc_init(const struct nft_ctx *ctx,
                           const struct nlattr * const tb[])
 {
        struct nft_ng_inc *priv = nft_expr_priv(expr);
+       int err;
 
        if (tb[NFTA_NG_OFFSET])
                priv->offset = ntohl(nla_get_be32(tb[NFTA_NG_OFFSET]));
@@ -66,10 +67,22 @@ static int nft_ng_inc_init(const struct nft_ctx *ctx,
        if (priv->offset + priv->modulus - 1 < priv->offset)
                return -EOVERFLOW;
 
-       atomic_set(&priv->counter, priv->modulus - 1);
+       priv->counter = kmalloc(sizeof(*priv->counter), GFP_KERNEL);
+       if (!priv->counter)
+               return -ENOMEM;
 
-       return nft_parse_register_store(ctx, tb[NFTA_NG_DREG], &priv->dreg,
-                                       NULL, NFT_DATA_VALUE, sizeof(u32));
+       atomic_set(priv->counter, priv->modulus - 1);
+
+       err = nft_parse_register_store(ctx, tb[NFTA_NG_DREG], &priv->dreg,
+                                      NULL, NFT_DATA_VALUE, sizeof(u32));
+       if (err < 0)
+               goto err;
+
+       return 0;
+err:
+       kfree(priv->counter);
+
+       return err;
 }
 
 static int nft_ng_dump(struct sk_buff *skb, enum nft_registers dreg,
@@ -98,6 +111,14 @@ static int nft_ng_inc_dump(struct sk_buff *skb, const struct nft_expr *expr)
                           priv->offset);
 }
 
+static void nft_ng_inc_destroy(const struct nft_ctx *ctx,
+                              const struct nft_expr *expr)
+{
+       const struct nft_ng_inc *priv = nft_expr_priv(expr);
+
+       kfree(priv->counter);
+}
+
 struct nft_ng_random {
        u8                      dreg;
        u32                     modulus;
@@ -157,6 +178,7 @@ static const struct nft_expr_ops nft_ng_inc_ops = {
        .size           = NFT_EXPR_SIZE(sizeof(struct nft_ng_inc)),
        .eval           = nft_ng_inc_eval,
        .init           = nft_ng_inc_init,
+       .destroy        = nft_ng_inc_destroy,
        .dump           = nft_ng_inc_dump,
 };