netfilter: remove invalid rcu_dereference() calls

The CONFIG_PROVE_RCU option discovered a few invalid uses of
rcu_dereference() in netfilter. In all these cases, the code code
intends to check whether a pointer is already assigned when
performing registration or whether the assigned pointer matches
when performing unregistration. The entire registration/
unregistration is protected by a mutex, so we don't need the
rcu_dereference() calls.

Reported-by: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Tested-by: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/netfilter/nf_conntrack_ecache.c b/net/netfilter/nf_conntrack_ecache.c
index d5a9bcd7d61b9695569bddd5a62b1874978da493..849614af23228707d3849762370cae5ec1db25af 100644 (file)
--- a/net/netfilter/nf_conntrack_ecache.c
+++ b/net/netfilter/nf_conntrack_ecache.c
@@ -81,11 +81,9 @@ EXPORT_SYMBOL_GPL(nf_ct_deliver_cached_events);
 int nf_conntrack_register_notifier(struct nf_ct_event_notifier *new)
 {
        int ret = 0;
-       struct nf_ct_event_notifier *notify;
 
        mutex_lock(&nf_ct_ecache_mutex);
-       notify = rcu_dereference(nf_conntrack_event_cb);
-       if (notify != NULL) {
+       if (nf_conntrack_event_cb != NULL) {
                ret = -EBUSY;
                goto out_unlock;
        }
@@ -101,11 +99,8 @@ EXPORT_SYMBOL_GPL(nf_conntrack_register_notifier);
 
 void nf_conntrack_unregister_notifier(struct nf_ct_event_notifier *new)
 {
-       struct nf_ct_event_notifier *notify;
-
        mutex_lock(&nf_ct_ecache_mutex);
-       notify = rcu_dereference(nf_conntrack_event_cb);
-       BUG_ON(notify != new);
+       BUG_ON(nf_conntrack_event_cb != new);
        rcu_assign_pointer(nf_conntrack_event_cb, NULL);
        mutex_unlock(&nf_ct_ecache_mutex);
 }
@@ -114,11 +109,9 @@ EXPORT_SYMBOL_GPL(nf_conntrack_unregister_notifier);
 int nf_ct_expect_register_notifier(struct nf_exp_event_notifier *new)
 {
        int ret = 0;
-       struct nf_exp_event_notifier *notify;
 
        mutex_lock(&nf_ct_ecache_mutex);
-       notify = rcu_dereference(nf_expect_event_cb);
-       if (notify != NULL) {
+       if (nf_expect_event_cb != NULL) {
                ret = -EBUSY;
                goto out_unlock;
        }
@@ -134,11 +127,8 @@ EXPORT_SYMBOL_GPL(nf_ct_expect_register_notifier);
 
 void nf_ct_expect_unregister_notifier(struct nf_exp_event_notifier *new)
 {
-       struct nf_exp_event_notifier *notify;
-
        mutex_lock(&nf_ct_ecache_mutex);
-       notify = rcu_dereference(nf_expect_event_cb);
-       BUG_ON(notify != new);
+       BUG_ON(nf_expect_event_cb != new);
        rcu_assign_pointer(nf_expect_event_cb, NULL);
        mutex_unlock(&nf_ct_ecache_mutex);
 }

diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index 015725a5cd5082162d2e7a029f523e17056ee139..908f59935fbb63064ee9b5feec061748d22b0cbc 100644 (file)
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -35,7 +35,6 @@ static struct nf_logger *__find_logger(int pf, const char *str_logger)
 /* return EEXIST if the same logger is registred, 0 on success. */
 int nf_log_register(u_int8_t pf, struct nf_logger *logger)
 {
-       const struct nf_logger *llog;
        int i;
 
        if (pf >= ARRAY_SIZE(nf_loggers))
@@ -52,8 +51,7 @@ int nf_log_register(u_int8_t pf, struct nf_logger *logger)
        } else {
                /* register at end of list to honor first register win */
                list_add_tail(&logger->list[pf], &nf_loggers_l[pf]);
-               llog = rcu_dereference(nf_loggers[pf]);
-               if (llog == NULL)
+               if (nf_loggers[pf] == NULL)
                        rcu_assign_pointer(nf_loggers[pf], logger);
        }
 
@@ -65,13 +63,11 @@ EXPORT_SYMBOL(nf_log_register);
 
 void nf_log_unregister(struct nf_logger *logger)
 {
-       const struct nf_logger *c_logger;
        int i;
 
        mutex_lock(&nf_log_mutex);
        for (i = 0; i < ARRAY_SIZE(nf_loggers); i++) {
-               c_logger = rcu_dereference(nf_loggers[i]);
-               if (c_logger == logger)
+               if (nf_loggers[i] == logger)
                        rcu_assign_pointer(nf_loggers[i], NULL);
                list_del(&logger->list[i]);
        }