[thirdparty/kernel/stable-queue.git] / releases / 5.0.5 / netfilter-ebtables-remove-bugprint-messages.patch

From d824548dae220820bdf69b2d1561b7c4b072783f Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Tue, 19 Feb 2019 00:37:21 +0100
Subject: netfilter: ebtables: remove BUGPRINT messages

From: Florian Westphal <fw@strlen.de>

commit d824548dae220820bdf69b2d1561b7c4b072783f upstream.

They are however frequently triggered by syzkaller, so remove them.

ebtables userspace should never trigger any of these, so there is little
value in making them pr_debug (or ratelimited).

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/bridge/netfilter/ebtables.c |  131 +++++++++++-----------------------------
 1 file changed, 39 insertions(+), 92 deletions(-)

--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -31,10 +31,6 @@
 /* needed for logical [in,out]-dev filtering */
 #include "../br_private.h"
 
-#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
-					 "report to author: "format, ## args)
-/* #define BUGPRINT(format, args...) */
-
 /* Each cpu has its own set of counters, so there is no need for write_lock in
  * the softirq
  * For reading or updating the counters, the user context needs to
@@ -466,8 +462,6 @@ static int ebt_verify_pointers(const str
 				/* we make userspace set this right,
 				 * so there is no misunderstanding
 				 */
-				BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
-					 "in distinguisher\n");
 				return -EINVAL;
 			}
 			if (i != NF_BR_NUMHOOKS)
@@ -485,18 +479,14 @@ static int ebt_verify_pointers(const str
 			offset += e->next_offset;
 		}
 	}
-	if (offset != limit) {
-		BUGPRINT("entries_size too small\n");
+	if (offset != limit)
 		return -EINVAL;
-	}
 
 	/* check if all valid hooks have a chain */
 	for (i = 0; i < NF_BR_NUMHOOKS; i++) {
 		if (!newinfo->hook_entry[i] &&
-		   (valid_hooks & (1 << i))) {
-			BUGPRINT("Valid hook without chain\n");
+		   (valid_hooks & (1 << i)))
 			return -EINVAL;
-		}
 	}
 	return 0;
 }
@@ -523,26 +513,20 @@ ebt_check_entry_size_and_hooks(const str
 		/* this checks if the previous chain has as many entries
 		 * as it said it has
 		 */
-		if (*n != *cnt) {
-			BUGPRINT("nentries does not equal the nr of entries "
-				 "in the chain\n");
+		if (*n != *cnt)
 			return -EINVAL;
-		}
+
 		if (((struct ebt_entries *)e)->policy != EBT_DROP &&
 		   ((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
 			/* only RETURN from udc */
 			if (i != NF_BR_NUMHOOKS ||
-			   ((struct ebt_entries *)e)->policy != EBT_RETURN) {
-				BUGPRINT("bad policy\n");
+			   ((struct ebt_entries *)e)->policy != EBT_RETURN)
 				return -EINVAL;
-			}
 		}
 		if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
 			(*udc_cnt)++;
-		if (((struct ebt_entries *)e)->counter_offset != *totalcnt) {
-			BUGPRINT("counter_offset != totalcnt");
+		if (((struct ebt_entries *)e)->counter_offset != *totalcnt)
 			return -EINVAL;
-		}
 		*n = ((struct ebt_entries *)e)->nentries;
 		*cnt = 0;
 		return 0;
@@ -550,15 +534,13 @@ ebt_check_entry_size_and_hooks(const str
 	/* a plain old entry, heh */
 	if (sizeof(struct ebt_entry) > e->watchers_offset ||
 	   e->watchers_offset > e->target_offset ||
-	   e->target_offset >= e->next_offset) {
-		BUGPRINT("entry offsets not in right order\n");
+	   e->target_offset >= e->next_offset)
 		return -EINVAL;
-	}
+
 	/* this is not checked anywhere else */
-	if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
-		BUGPRINT("target size too small\n");
+	if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target))
 		return -EINVAL;
-	}
+
 	(*cnt)++;
 	(*totalcnt)++;
 	return 0;
@@ -678,18 +660,15 @@ ebt_check_entry(struct ebt_entry *e, str
 	if (e->bitmask == 0)
 		return 0;
 
-	if (e->bitmask & ~EBT_F_MASK) {
-		BUGPRINT("Unknown flag for bitmask\n");
+	if (e->bitmask & ~EBT_F_MASK)
 		return -EINVAL;
-	}
-	if (e->invflags & ~EBT_INV_MASK) {
-		BUGPRINT("Unknown flag for inv bitmask\n");
+
+	if (e->invflags & ~EBT_INV_MASK)
 		return -EINVAL;
-	}
-	if ((e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3)) {
-		BUGPRINT("NOPROTO & 802_3 not allowed\n");
+
+	if ((e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3))
 		return -EINVAL;
-	}
+
 	/* what hook do we belong to? */
 	for (i = 0; i < NF_BR_NUMHOOKS; i++) {
 		if (!newinfo->hook_entry[i])
@@ -748,13 +727,11 @@ ebt_check_entry(struct ebt_entry *e, str
 	t->u.target = target;
 	if (t->u.target == &ebt_standard_target) {
 		if (gap < sizeof(struct ebt_standard_target)) {
-			BUGPRINT("Standard target size too big\n");
 			ret = -EFAULT;
 			goto cleanup_watchers;
 		}
 		if (((struct ebt_standard_target *)t)->verdict <
 		   -NUM_STANDARD_TARGETS) {
-			BUGPRINT("Invalid standard target\n");
 			ret = -EFAULT;
 			goto cleanup_watchers;
 		}
@@ -813,10 +790,9 @@ static int check_chainloops(const struct
 		if (strcmp(t->u.name, EBT_STANDARD_TARGET))
 			goto letscontinue;
 		if (e->target_offset + sizeof(struct ebt_standard_target) >
-		   e->next_offset) {
-			BUGPRINT("Standard target size too big\n");
+		   e->next_offset)
 			return -1;
-		}
+
 		verdict = ((struct ebt_standard_target *)t)->verdict;
 		if (verdict >= 0) { /* jump to another chain */
 			struct ebt_entries *hlp2 =
@@ -825,14 +801,12 @@ static int check_chainloops(const struct
 				if (hlp2 == cl_s[i].cs.chaininfo)
 					break;
 			/* bad destination or loop */
-			if (i == udc_cnt) {
-				BUGPRINT("bad destination\n");
+			if (i == udc_cnt)
 				return -1;
-			}
-			if (cl_s[i].cs.n) {
-				BUGPRINT("loop\n");
+
+			if (cl_s[i].cs.n)
 				return -1;
-			}
+
 			if (cl_s[i].hookmask & (1 << hooknr))
 				goto letscontinue;
 			/* this can't be 0, so the loop test is correct */
@@ -865,24 +839,21 @@ static int translate_table(struct net *n
 	i = 0;
 	while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
 		i++;
-	if (i == NF_BR_NUMHOOKS) {
-		BUGPRINT("No valid hooks specified\n");
+	if (i == NF_BR_NUMHOOKS)
 		return -EINVAL;
-	}
-	if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
-		BUGPRINT("Chains don't start at beginning\n");
+
+	if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries)
 		return -EINVAL;
-	}
+
 	/* make sure chains are ordered after each other in same order
 	 * as their corresponding hooks
 	 */
 	for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
 		if (!newinfo->hook_entry[j])
 			continue;
-		if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
-			BUGPRINT("Hook order must be followed\n");
+		if (newinfo->hook_entry[j] <= newinfo->hook_entry[i])
 			return -EINVAL;
-		}
+
 		i = j;
 	}
 
@@ -900,15 +871,11 @@ static int translate_table(struct net *n
 	if (ret != 0)
 		return ret;
 
-	if (i != j) {
-		BUGPRINT("nentries does not equal the nr of entries in the "
-			 "(last) chain\n");
+	if (i != j)
 		return -EINVAL;
-	}
-	if (k != newinfo->nentries) {
-		BUGPRINT("Total nentries is wrong\n");
+
+	if (k != newinfo->nentries)
 		return -EINVAL;
-	}
 
 	/* get the location of the udc, put them in an array
 	 * while we're at it, allocate the chainstack
@@ -942,7 +909,6 @@ static int translate_table(struct net *n
 		   ebt_get_udc_positions, newinfo, &i, cl_s);
 		/* sanity check */
 		if (i != udc_cnt) {
-			BUGPRINT("i != udc_cnt\n");
 			vfree(cl_s);
 			return -EFAULT;
 		}
@@ -1042,7 +1008,6 @@ static int do_replace_finish(struct net
 		goto free_unlock;
 
 	if (repl->num_counters && repl->num_counters != t->private->nentries) {
-		BUGPRINT("Wrong nr. of counters requested\n");
 		ret = -EINVAL;
 		goto free_unlock;
 	}
@@ -1118,15 +1083,12 @@ static int do_replace(struct net *net, c
 	if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
 		return -EFAULT;
 
-	if (len != sizeof(tmp) + tmp.entries_size) {
-		BUGPRINT("Wrong len argument\n");
+	if (len != sizeof(tmp) + tmp.entries_size)
 		return -EINVAL;
-	}
 
-	if (tmp.entries_size == 0) {
-		BUGPRINT("Entries_size never zero\n");
+	if (tmp.entries_size == 0)
 		return -EINVAL;
-	}
+
 	/* overflow check */
 	if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) /
 			NR_CPUS - SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
@@ -1153,7 +1115,6 @@ static int do_replace(struct net *net, c
 	}
 	if (copy_from_user(
 	   newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
-		BUGPRINT("Couldn't copy entries from userspace\n");
 		ret = -EFAULT;
 		goto free_entries;
 	}
@@ -1194,10 +1155,8 @@ int ebt_register_table(struct net *net,
 
 	if (input_table == NULL || (repl = input_table->table) == NULL ||
 	    repl->entries == NULL || repl->entries_size == 0 ||
-	    repl->counters != NULL || input_table->private != NULL) {
-		BUGPRINT("Bad table data for ebt_register_table!!!\n");
+	    repl->counters != NULL || input_table->private != NULL)
 		return -EINVAL;
-	}
 
 	/* Don't add one table to multiple lists. */
 	table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
@@ -1235,13 +1194,10 @@ int ebt_register_table(struct net *net,
 				((char *)repl->hook_entry[i] - repl->entries);
 	}
 	ret = translate_table(net, repl->name, newinfo);
-	if (ret != 0) {
-		BUGPRINT("Translate_table failed\n");
+	if (ret != 0)
 		goto free_chainstack;
-	}
 
 	if (table->check && table->check(newinfo, table->valid_hooks)) {
-		BUGPRINT("The table doesn't like its own initial data, lol\n");
 		ret = -EINVAL;
 		goto free_chainstack;
 	}
@@ -1252,7 +1208,6 @@ int ebt_register_table(struct net *net,
 	list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
 		if (strcmp(t->name, table->name) == 0) {
 			ret = -EEXIST;
-			BUGPRINT("Table name already exists\n");
 			goto free_unlock;
 		}
 	}
@@ -1320,7 +1275,6 @@ static int do_update_counters(struct net
 		goto free_tmp;
 
 	if (num_counters != t->private->nentries) {
-		BUGPRINT("Wrong nr of counters\n");
 		ret = -EINVAL;
 		goto unlock_mutex;
 	}
@@ -1447,10 +1401,8 @@ static int copy_counters_to_user(struct
 	if (num_counters == 0)
 		return 0;
 
-	if (num_counters != nentries) {
-		BUGPRINT("Num_counters wrong\n");
+	if (num_counters != nentries)
 		return -EINVAL;
-	}
 
 	counterstmp = vmalloc(array_size(nentries, sizeof(*counterstmp)));
 	if (!counterstmp)
@@ -1496,15 +1448,11 @@ static int copy_everything_to_user(struc
 	   (tmp.num_counters ? nentries * sizeof(struct ebt_counter) : 0))
 		return -EINVAL;
 
-	if (tmp.nentries != nentries) {
-		BUGPRINT("Nentries wrong\n");
+	if (tmp.nentries != nentries)
 		return -EINVAL;
-	}
 
-	if (tmp.entries_size != entries_size) {
-		BUGPRINT("Wrong size\n");
+	if (tmp.entries_size != entries_size)
 		return -EINVAL;
-	}
 
 	ret = copy_counters_to_user(t, oldcounters, tmp.counters,
 					tmp.num_counters, nentries);
@@ -1576,7 +1524,6 @@ static int do_ebt_get_ctl(struct sock *s
 		}
 		mutex_unlock(&ebt_mutex);
 		if (copy_to_user(user, &tmp, *len) != 0) {
-			BUGPRINT("c2u Didn't work\n");
 			ret = -EFAULT;
 			break;
 		}
Commit	Line	Data
77348cdf GKH	1	From d824548dae220820bdf69b2d1561b7c4b072783f Mon Sep 17 00:00:00 2001
	2	From: Florian Westphal <fw@strlen.de>
	3	Date: Tue, 19 Feb 2019 00:37:21 +0100
	4	Subject: netfilter: ebtables: remove BUGPRINT messages
	5
	6	From: Florian Westphal <fw@strlen.de>
	7
	8	commit d824548dae220820bdf69b2d1561b7c4b072783f upstream.
	9
	10	They are however frequently triggered by syzkaller, so remove them.
	11
	12	ebtables userspace should never trigger any of these, so there is little
	13	value in making them pr_debug (or ratelimited).
	14
	15	Signed-off-by: Florian Westphal <fw@strlen.de>
	16	Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
	17	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	18
	19	---
	20	net/bridge/netfilter/ebtables.c \| 131 +++++++++++-----------------------------
	21	1 file changed, 39 insertions(+), 92 deletions(-)
	22
	23	--- a/net/bridge/netfilter/ebtables.c
	24	+++ b/net/bridge/netfilter/ebtables.c
	25	@@ -31,10 +31,6 @@
	26	/* needed for logical [in,out]-dev filtering */
	27	#include "../br_private.h"
	28
	29	-#define BUGPRINT(format, args...) printk("kernel msg: ebtables bug: please "\
	30	- "report to author: "format, ## args)
	31	-/* #define BUGPRINT(format, args...) */
	32	-
	33	/* Each cpu has its own set of counters, so there is no need for write_lock in
	34	* the softirq
	35	* For reading or updating the counters, the user context needs to
	36	@@ -466,8 +462,6 @@ static int ebt_verify_pointers(const str
	37	/* we make userspace set this right,
	38	* so there is no misunderstanding
	39	*/
	40	- BUGPRINT("EBT_ENTRY_OR_ENTRIES shouldn't be set "
	41	- "in distinguisher\n");
	42	return -EINVAL;
	43	}
	44	if (i != NF_BR_NUMHOOKS)
	45	@@ -485,18 +479,14 @@ static int ebt_verify_pointers(const str
	46	offset += e->next_offset;
	47	}
	48	}
	49	- if (offset != limit) {
	50	- BUGPRINT("entries_size too small\n");
	51	+ if (offset != limit)
	52	return -EINVAL;
	53	- }
	54
	55	/* check if all valid hooks have a chain */
	56	for (i = 0; i < NF_BR_NUMHOOKS; i++) {
	57	if (!newinfo->hook_entry[i] &&
	58	- (valid_hooks & (1 << i))) {
	59	- BUGPRINT("Valid hook without chain\n");
	60	+ (valid_hooks & (1 << i)))
	61	return -EINVAL;
	62	- }
	63	}
	64	return 0;
65	}
66	@@ -523,26 +513,20 @@ ebt_check_entry_size_and_hooks(const str
67	/* this checks if the previous chain has as many entries
68	* as it said it has
69	*/
70	- if (n != cnt) {
71	- BUGPRINT("nentries does not equal the nr of entries "
72	- "in the chain\n");
73	+ if (n != cnt)
74	return -EINVAL;
75	- }
76	+
77	if (((struct ebt_entries *)e)->policy != EBT_DROP &&
78	((struct ebt_entries *)e)->policy != EBT_ACCEPT) {
79	/* only RETURN from udc */
80	if (i != NF_BR_NUMHOOKS \|\|
81	- ((struct ebt_entries *)e)->policy != EBT_RETURN) {
82	- BUGPRINT("bad policy\n");
83	+ ((struct ebt_entries *)e)->policy != EBT_RETURN)
84	return -EINVAL;
85	- }
86	}
87	if (i == NF_BR_NUMHOOKS) /* it's a user defined chain */
88	(*udc_cnt)++;
89	- if (((struct ebt_entries )e)->counter_offset != totalcnt) {
90	- BUGPRINT("counter_offset != totalcnt");
91	+ if (((struct ebt_entries )e)->counter_offset != totalcnt)
92	return -EINVAL;
93	- }
94	n = ((struct ebt_entries )e)->nentries;
95	*cnt = 0;
96	return 0;
97	@@ -550,15 +534,13 @@ ebt_check_entry_size_and_hooks(const str
98	/* a plain old entry, heh */
99	if (sizeof(struct ebt_entry) > e->watchers_offset \|\|
100	e->watchers_offset > e->target_offset \|\|
101	- e->target_offset >= e->next_offset) {
102	- BUGPRINT("entry offsets not in right order\n");
103	+ e->target_offset >= e->next_offset)
104	return -EINVAL;
105	- }
106	+
107	/* this is not checked anywhere else */
108	- if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target)) {
109	- BUGPRINT("target size too small\n");
110	+ if (e->next_offset - e->target_offset < sizeof(struct ebt_entry_target))
111	return -EINVAL;
112	- }
113	+
114	(*cnt)++;
115	(*totalcnt)++;
116	return 0;
117	@@ -678,18 +660,15 @@ ebt_check_entry(struct ebt_entry *e, str
118	if (e->bitmask == 0)
119	return 0;
120
121	- if (e->bitmask & ~EBT_F_MASK) {
122	- BUGPRINT("Unknown flag for bitmask\n");
123	+ if (e->bitmask & ~EBT_F_MASK)
124	return -EINVAL;
125	- }
126	- if (e->invflags & ~EBT_INV_MASK) {
127	- BUGPRINT("Unknown flag for inv bitmask\n");
128	+
129	+ if (e->invflags & ~EBT_INV_MASK)
130	return -EINVAL;
131	- }
132	- if ((e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3)) {
133	- BUGPRINT("NOPROTO & 802_3 not allowed\n");
134	+
135	+ if ((e->bitmask & EBT_NOPROTO) && (e->bitmask & EBT_802_3))
136	return -EINVAL;
137	- }
138	+
139	/* what hook do we belong to? */
140	for (i = 0; i < NF_BR_NUMHOOKS; i++) {
141	if (!newinfo->hook_entry[i])
142	@@ -748,13 +727,11 @@ ebt_check_entry(struct ebt_entry *e, str
143	t->u.target = target;
144	if (t->u.target == &ebt_standard_target) {
145	if (gap < sizeof(struct ebt_standard_target)) {
146	- BUGPRINT("Standard target size too big\n");
147	ret = -EFAULT;
148	goto cleanup_watchers;
149	}
150	if (((struct ebt_standard_target *)t)->verdict <
151	-NUM_STANDARD_TARGETS) {
152	- BUGPRINT("Invalid standard target\n");
153	ret = -EFAULT;
154	goto cleanup_watchers;
155	}
156	@@ -813,10 +790,9 @@ static int check_chainloops(const struct
157	if (strcmp(t->u.name, EBT_STANDARD_TARGET))
158	goto letscontinue;
159	if (e->target_offset + sizeof(struct ebt_standard_target) >
160	- e->next_offset) {
161	- BUGPRINT("Standard target size too big\n");
162	+ e->next_offset)
163	return -1;
164	- }
165	+
166	verdict = ((struct ebt_standard_target *)t)->verdict;
167	if (verdict >= 0) { /* jump to another chain */
168	struct ebt_entries *hlp2 =
169	@@ -825,14 +801,12 @@ static int check_chainloops(const struct
170	if (hlp2 == cl_s[i].cs.chaininfo)
171	break;
172	/* bad destination or loop */
173	- if (i == udc_cnt) {
174	- BUGPRINT("bad destination\n");
175	+ if (i == udc_cnt)
176	return -1;
177	- }
178	- if (cl_s[i].cs.n) {
179	- BUGPRINT("loop\n");
180	+
181	+ if (cl_s[i].cs.n)
182	return -1;
183	- }
184	+
185	if (cl_s[i].hookmask & (1 << hooknr))
186	goto letscontinue;
187	/* this can't be 0, so the loop test is correct */
188	@@ -865,24 +839,21 @@ static int translate_table(struct net *n
189	i = 0;
190	while (i < NF_BR_NUMHOOKS && !newinfo->hook_entry[i])
191	i++;
192	- if (i == NF_BR_NUMHOOKS) {
193	- BUGPRINT("No valid hooks specified\n");
194	+ if (i == NF_BR_NUMHOOKS)
195	return -EINVAL;
196	- }
197	- if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries) {
198	- BUGPRINT("Chains don't start at beginning\n");
199	+
200	+ if (newinfo->hook_entry[i] != (struct ebt_entries *)newinfo->entries)
201	return -EINVAL;
202	- }
203	+
204	/* make sure chains are ordered after each other in same order
205	* as their corresponding hooks
206	*/
207	for (j = i + 1; j < NF_BR_NUMHOOKS; j++) {
208	if (!newinfo->hook_entry[j])
209	continue;
210	- if (newinfo->hook_entry[j] <= newinfo->hook_entry[i]) {
211	- BUGPRINT("Hook order must be followed\n");
212	+ if (newinfo->hook_entry[j] <= newinfo->hook_entry[i])
213	return -EINVAL;
214	- }
215	+
216	i = j;
217	}
218
219	@@ -900,15 +871,11 @@ static int translate_table(struct net *n
220	if (ret != 0)
221	return ret;
222
223	- if (i != j) {
224	- BUGPRINT("nentries does not equal the nr of entries in the "
225	- "(last) chain\n");
226	+ if (i != j)
227	return -EINVAL;
228	- }
229	- if (k != newinfo->nentries) {
230	- BUGPRINT("Total nentries is wrong\n");
231	+
232	+ if (k != newinfo->nentries)
233	return -EINVAL;
234	- }
235
236	/* get the location of the udc, put them in an array
237	* while we're at it, allocate the chainstack
238	@@ -942,7 +909,6 @@ static int translate_table(struct net *n
239	ebt_get_udc_positions, newinfo, &i, cl_s);
240	/* sanity check */
241	if (i != udc_cnt) {
242	- BUGPRINT("i != udc_cnt\n");
243	vfree(cl_s);
244	return -EFAULT;
245	}
246	@@ -1042,7 +1008,6 @@ static int do_replace_finish(struct net
247	goto free_unlock;
248
249	if (repl->num_counters && repl->num_counters != t->private->nentries) {
250	- BUGPRINT("Wrong nr. of counters requested\n");
251	ret = -EINVAL;
252	goto free_unlock;
253	}
254	@@ -1118,15 +1083,12 @@ static int do_replace(struct net *net, c
255	if (copy_from_user(&tmp, user, sizeof(tmp)) != 0)
256	return -EFAULT;
257
258	- if (len != sizeof(tmp) + tmp.entries_size) {
259	- BUGPRINT("Wrong len argument\n");
260	+ if (len != sizeof(tmp) + tmp.entries_size)
261	return -EINVAL;
262	- }
263
264	- if (tmp.entries_size == 0) {
265	- BUGPRINT("Entries_size never zero\n");
266	+ if (tmp.entries_size == 0)
267	return -EINVAL;
268	- }
269	+
270	/* overflow check */
271	if (tmp.nentries >= ((INT_MAX - sizeof(struct ebt_table_info)) /
272	NR_CPUS - SMP_CACHE_BYTES) / sizeof(struct ebt_counter))
273	@@ -1153,7 +1115,6 @@ static int do_replace(struct net *net, c
274	}
275	if (copy_from_user(
276	newinfo->entries, tmp.entries, tmp.entries_size) != 0) {
277	- BUGPRINT("Couldn't copy entries from userspace\n");
278	ret = -EFAULT;
279	goto free_entries;
280	}
281	@@ -1194,10 +1155,8 @@ int ebt_register_table(struct net *net,
282
283	if (input_table == NULL \|\| (repl = input_table->table) == NULL \|\|
284	repl->entries == NULL \|\| repl->entries_size == 0 \|\|
285	- repl->counters != NULL \|\| input_table->private != NULL) {
286	- BUGPRINT("Bad table data for ebt_register_table!!!\n");
287	+ repl->counters != NULL \|\| input_table->private != NULL)
288	return -EINVAL;
289	- }
290
291	/* Don't add one table to multiple lists. */
292	table = kmemdup(input_table, sizeof(struct ebt_table), GFP_KERNEL);
293	@@ -1235,13 +1194,10 @@ int ebt_register_table(struct net *net,
294	((char *)repl->hook_entry[i] - repl->entries);
295	}
296	ret = translate_table(net, repl->name, newinfo);
297	- if (ret != 0) {
298	- BUGPRINT("Translate_table failed\n");
299	+ if (ret != 0)
300	goto free_chainstack;
301	- }
302
303	if (table->check && table->check(newinfo, table->valid_hooks)) {
304	- BUGPRINT("The table doesn't like its own initial data, lol\n");
305	ret = -EINVAL;
306	goto free_chainstack;
307	}
308	@@ -1252,7 +1208,6 @@ int ebt_register_table(struct net *net,
309	list_for_each_entry(t, &net->xt.tables[NFPROTO_BRIDGE], list) {
310	if (strcmp(t->name, table->name) == 0) {
311	ret = -EEXIST;
312	- BUGPRINT("Table name already exists\n");
313	goto free_unlock;
314	}
315	}
316	@@ -1320,7 +1275,6 @@ static int do_update_counters(struct net
317	goto free_tmp;
318
319	if (num_counters != t->private->nentries) {
320	- BUGPRINT("Wrong nr of counters\n");
321	ret = -EINVAL;
322	goto unlock_mutex;
323	}
324	@@ -1447,10 +1401,8 @@ static int copy_counters_to_user(struct
325	if (num_counters == 0)
326	return 0;
327
328	- if (num_counters != nentries) {
329	- BUGPRINT("Num_counters wrong\n");
330	+ if (num_counters != nentries)
331	return -EINVAL;
332	- }
333
334	counterstmp = vmalloc(array_size(nentries, sizeof(*counterstmp)));
335	if (!counterstmp)
336	@@ -1496,15 +1448,11 @@ static int copy_everything_to_user(struc
337	(tmp.num_counters ? nentries * sizeof(struct ebt_counter) : 0))
338	return -EINVAL;
339
340	- if (tmp.nentries != nentries) {
341	- BUGPRINT("Nentries wrong\n");
342	+ if (tmp.nentries != nentries)
343	return -EINVAL;
344	- }
345
346	- if (tmp.entries_size != entries_size) {
347	- BUGPRINT("Wrong size\n");
348	+ if (tmp.entries_size != entries_size)
349	return -EINVAL;
350	- }
351
352	ret = copy_counters_to_user(t, oldcounters, tmp.counters,
353	tmp.num_counters, nentries);
354	@@ -1576,7 +1524,6 @@ static int do_ebt_get_ctl(struct sock *s
355	}
356	mutex_unlock(&ebt_mutex);
357	if (copy_to_user(user, &tmp, *len) != 0) {
358	- BUGPRINT("c2u Didn't work\n");
359	ret = -EFAULT;
360	break;
361	}