netfilter: nf_tables: nft_obj_filter fits into cb->ctx

No need to allocate it if one may just use struct netlink_callback's
scratch area for it.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 3585ddd99ef869c9068f0da5c30058a0165a5e25..c84e2cc6d3b36b4a81c2e0db2f9224d5231f6910 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -7690,7 +7690,7 @@ struct nft_obj_dump_ctx {
 static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
 {
        const struct nfgenmsg *nfmsg = nlmsg_data(cb->nlh);
-       struct nft_obj_dump_ctx *ctx = cb->data;
+       struct nft_obj_dump_ctx *ctx = (void *)cb->ctx;
        struct net *net = sock_net(skb->sk);
        int family = nfmsg->nfgen_family;
        struct nftables_pernet *nft_net;
@@ -7752,34 +7752,28 @@ cont:
 
 static int nf_tables_dump_obj_start(struct netlink_callback *cb)
 {
+       struct nft_obj_dump_ctx *ctx = (void *)cb->ctx;
        const struct nlattr * const *nla = cb->data;
-       struct nft_obj_dump_ctx *ctx = NULL;
 
-       ctx = kzalloc(sizeof(*ctx), GFP_ATOMIC);
-       if (!ctx)
-               return -ENOMEM;
+       BUILD_BUG_ON(sizeof(*ctx) > sizeof(cb->ctx));
 
        if (nla[NFTA_OBJ_TABLE]) {
                ctx->table = nla_strdup(nla[NFTA_OBJ_TABLE], GFP_ATOMIC);
-               if (!ctx->table) {
-                       kfree(ctx);
+               if (!ctx->table)
                        return -ENOMEM;
-               }
        }
 
        if (nla[NFTA_OBJ_TYPE])
                ctx->type = ntohl(nla_get_be32(nla[NFTA_OBJ_TYPE]));
 
-       cb->data = ctx;
        return 0;
 }
 
 static int nf_tables_dump_obj_done(struct netlink_callback *cb)
 {
-       struct nft_obj_dump_ctx *ctx = cb->data;
+       struct nft_obj_dump_ctx *ctx = (void *)cb->ctx;
 
        kfree(ctx->table);
-       kfree(ctx);
 
        return 0;
 }