netfilter: annotate NAT helper hook pointers with __rcu

The NAT helper hook pointers are updated and dereferenced under RCU rules,
but lack the proper __rcu annotation.

This makes sparse report address space mismatches when the hooks are used
with rcu_dereference().

Add the missing __rcu annotations to the global hook pointer declarations
and definitions in Amanda, FTP, IRC, SNMP and TFTP.

No functional change intended.

Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Sun Jian <sun.jian.kdev@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/include/linux/netfilter/nf_conntrack_amanda.h b/include/linux/netfilter/nf_conntrack_amanda.h
index 6f0ac896fcc9730fcceb8ae880f09a121770274c..dfe89f38d1f7e213fcae1248e012ca9598bcb2e8 100644 (file)
--- a/include/linux/netfilter/nf_conntrack_amanda.h
+++ b/include/linux/netfilter/nf_conntrack_amanda.h
@@ -7,7 +7,7 @@
 #include <linux/skbuff.h>
 #include <net/netfilter/nf_conntrack_expect.h>
 
-extern unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb,
+extern unsigned int (__rcu *nf_nat_amanda_hook)(struct sk_buff *skb,
                                          enum ip_conntrack_info ctinfo,
                                          unsigned int protoff,
                                          unsigned int matchoff,

diff --git a/include/linux/netfilter/nf_conntrack_ftp.h b/include/linux/netfilter/nf_conntrack_ftp.h
index 0e38302820b9ea8183f3eefa456716dbc90a985a..f312926420359b841bf9c3ef9b45d97f841e4aed 100644 (file)
--- a/include/linux/netfilter/nf_conntrack_ftp.h
+++ b/include/linux/netfilter/nf_conntrack_ftp.h
@@ -26,7 +26,7 @@ struct nf_ct_ftp_master {
 
 /* For NAT to hook in when we find a packet which describes what other
  * connection we should expect. */
-extern unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
+extern unsigned int (__rcu *nf_nat_ftp_hook)(struct sk_buff *skb,
                                       enum ip_conntrack_info ctinfo,
                                       enum nf_ct_ftp_type type,
                                       unsigned int protoff,

diff --git a/include/linux/netfilter/nf_conntrack_irc.h b/include/linux/netfilter/nf_conntrack_irc.h
index d02255f721e14a9dafce1610a13c2b406d46b90f..4f3ca562199807c40f1fca44df57c3aa4a26adbd 100644 (file)
--- a/include/linux/netfilter/nf_conntrack_irc.h
+++ b/include/linux/netfilter/nf_conntrack_irc.h
@@ -8,7 +8,7 @@
 
 #define IRC_PORT       6667
 
-extern unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb,
+extern unsigned int (__rcu *nf_nat_irc_hook)(struct sk_buff *skb,
                                       enum ip_conntrack_info ctinfo,
                                       unsigned int protoff,
                                       unsigned int matchoff,

diff --git a/include/linux/netfilter/nf_conntrack_snmp.h b/include/linux/netfilter/nf_conntrack_snmp.h
index 87e4f33eb55fa11413dee3aac8512fc6352d4e03..99107e4f5234c516092841700c68980051c7e25e 100644 (file)
--- a/include/linux/netfilter/nf_conntrack_snmp.h
+++ b/include/linux/netfilter/nf_conntrack_snmp.h
@@ -5,7 +5,7 @@
 #include <linux/netfilter.h>
 #include <linux/skbuff.h>
 
-extern int (*nf_nat_snmp_hook)(struct sk_buff *skb,
+extern int (__rcu *nf_nat_snmp_hook)(struct sk_buff *skb,
                                unsigned int protoff,
                                struct nf_conn *ct,
                                enum ip_conntrack_info ctinfo);

diff --git a/include/linux/netfilter/nf_conntrack_tftp.h b/include/linux/netfilter/nf_conntrack_tftp.h
index dc4c1b9beac0c63b7799255a19383a356732c7f9..1490b68dd7d189e3a7774e0899dd2f3f5189659a 100644 (file)
--- a/include/linux/netfilter/nf_conntrack_tftp.h
+++ b/include/linux/netfilter/nf_conntrack_tftp.h
@@ -19,7 +19,7 @@ struct tftphdr {
 #define TFTP_OPCODE_ACK                4
 #define TFTP_OPCODE_ERROR      5
 
-extern unsigned int (*nf_nat_tftp_hook)(struct sk_buff *skb,
+extern unsigned int (__rcu *nf_nat_tftp_hook)(struct sk_buff *skb,
                                        enum ip_conntrack_info ctinfo,
                                        struct nf_conntrack_expect *exp);
 

diff --git a/net/netfilter/nf_conntrack_amanda.c b/net/netfilter/nf_conntrack_amanda.c
index 7be4c35e4795ead2216b4add1bec5b26d71746f5..c0132559f6af5ea5f171df3849b7ff497e8f0df2 100644 (file)
--- a/net/netfilter/nf_conntrack_amanda.c
+++ b/net/netfilter/nf_conntrack_amanda.c
@@ -37,13 +37,13 @@ MODULE_PARM_DESC(master_timeout, "timeout for the master connection");
 module_param(ts_algo, charp, 0400);
 MODULE_PARM_DESC(ts_algo, "textsearch algorithm to use (default kmp)");
 
-unsigned int (*nf_nat_amanda_hook)(struct sk_buff *skb,
-                                  enum ip_conntrack_info ctinfo,
-                                  unsigned int protoff,
-                                  unsigned int matchoff,
-                                  unsigned int matchlen,
-                                  struct nf_conntrack_expect *exp)
-                                  __read_mostly;
+unsigned int (__rcu *nf_nat_amanda_hook)(struct sk_buff *skb,
+                                        enum ip_conntrack_info ctinfo,
+                                        unsigned int protoff,
+                                        unsigned int matchoff,
+                                        unsigned int matchlen,
+                                        struct nf_conntrack_expect *exp)
+                                        __read_mostly;
 EXPORT_SYMBOL_GPL(nf_nat_amanda_hook);
 
 enum amanda_strings {

diff --git a/net/netfilter/nf_conntrack_ftp.c b/net/netfilter/nf_conntrack_ftp.c
index 617f744a2e3a33c223ed2205559df941cbb55174..5e00f9123c38ea2fe650a3fe1ee40a1045f7bfbe 100644 (file)
--- a/net/netfilter/nf_conntrack_ftp.c
+++ b/net/netfilter/nf_conntrack_ftp.c
@@ -43,13 +43,13 @@ module_param_array(ports, ushort, &ports_c, 0400);
 static bool loose;
 module_param(loose, bool, 0600);
 
-unsigned int (*nf_nat_ftp_hook)(struct sk_buff *skb,
-                               enum ip_conntrack_info ctinfo,
-                               enum nf_ct_ftp_type type,
-                               unsigned int protoff,
-                               unsigned int matchoff,
-                               unsigned int matchlen,
-                               struct nf_conntrack_expect *exp);
+unsigned int (__rcu *nf_nat_ftp_hook)(struct sk_buff *skb,
+                                     enum ip_conntrack_info ctinfo,
+                                     enum nf_ct_ftp_type type,
+                                     unsigned int protoff,
+                                     unsigned int matchoff,
+                                     unsigned int matchlen,
+                                     struct nf_conntrack_expect *exp);
 EXPORT_SYMBOL_GPL(nf_nat_ftp_hook);
 
 static int try_rfc959(const char *, size_t, struct nf_conntrack_man *,

diff --git a/net/netfilter/nf_conntrack_irc.c b/net/netfilter/nf_conntrack_irc.c
index 5703846bea3b699a8e31ed9ced9c7542362e528b..b8e6d724acd155655d6c4d0af3d515e890b11612 100644 (file)
--- a/net/netfilter/nf_conntrack_irc.c
+++ b/net/netfilter/nf_conntrack_irc.c
@@ -30,12 +30,13 @@ static unsigned int dcc_timeout __read_mostly = 300;
 static char *irc_buffer;
 static DEFINE_SPINLOCK(irc_buffer_lock);
 
-unsigned int (*nf_nat_irc_hook)(struct sk_buff *skb,
-                               enum ip_conntrack_info ctinfo,
-                               unsigned int protoff,
-                               unsigned int matchoff,
-                               unsigned int matchlen,
-                               struct nf_conntrack_expect *exp) __read_mostly;
+unsigned int (__rcu *nf_nat_irc_hook)(struct sk_buff *skb,
+                                     enum ip_conntrack_info ctinfo,
+                                     unsigned int protoff,
+                                     unsigned int matchoff,
+                                     unsigned int matchlen,
+                                     struct nf_conntrack_expect *exp)
+                                     __read_mostly;
 EXPORT_SYMBOL_GPL(nf_nat_irc_hook);
 
 #define HELPER_NAME "irc"

diff --git a/net/netfilter/nf_conntrack_snmp.c b/net/netfilter/nf_conntrack_snmp.c
index daacf2023fa5f13a252288527760efccf3a680e2..387dd6e58f8831be547f30032a198fb6d8252a5b 100644 (file)
--- a/net/netfilter/nf_conntrack_snmp.c
+++ b/net/netfilter/nf_conntrack_snmp.c
@@ -25,10 +25,10 @@ static unsigned int timeout __read_mostly = 30;
 module_param(timeout, uint, 0400);
 MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds");
 
-int (*nf_nat_snmp_hook)(struct sk_buff *skb,
-                       unsigned int protoff,
-                       struct nf_conn *ct,
-                       enum ip_conntrack_info ctinfo);
+int (__rcu *nf_nat_snmp_hook)(struct sk_buff *skb,
+                             unsigned int protoff,
+                             struct nf_conn *ct,
+                             enum ip_conntrack_info ctinfo);
 EXPORT_SYMBOL_GPL(nf_nat_snmp_hook);
 
 static int snmp_conntrack_help(struct sk_buff *skb, unsigned int protoff,

diff --git a/net/netfilter/nf_conntrack_tftp.c b/net/netfilter/nf_conntrack_tftp.c
index 80ee53f29f68f350d1ff1383161b2dc84f1614cd..89e9914e5d037859ca85c58ee060092439236abc 100644 (file)
--- a/net/netfilter/nf_conntrack_tftp.c
+++ b/net/netfilter/nf_conntrack_tftp.c
@@ -32,9 +32,10 @@ static unsigned int ports_c;
 module_param_array(ports, ushort, &ports_c, 0400);
 MODULE_PARM_DESC(ports, "Port numbers of TFTP servers");
 
-unsigned int (*nf_nat_tftp_hook)(struct sk_buff *skb,
-                                enum ip_conntrack_info ctinfo,
-                                struct nf_conntrack_expect *exp) __read_mostly;
+unsigned int (__rcu *nf_nat_tftp_hook)(struct sk_buff *skb,
+                                      enum ip_conntrack_info ctinfo,
+                                      struct nf_conntrack_expect *exp)
+                                      __read_mostly;
 EXPORT_SYMBOL_GPL(nf_nat_tftp_hook);
 
 static int tftp_help(struct sk_buff *skb,