Merge tag 'gvt-fixes-2020-02-12' of https://github.com/intel/gvt-linux into drm-intel...

[linux.git] / net / netfilter / nft_tunnel.c

diff --git a/net/netfilter/nft_tunnel.c b/net/netfilter/nft_tunnel.c
index b113fcac94e1c46be2fae6dd3eec2c5cbb19f40a..5284fcf16be73463f8ac679989298b6b5d520096 100644 (file)
--- a/net/netfilter/nft_tunnel.c
+++ b/net/netfilter/nft_tunnel.c
@@ -76,7 +76,7 @@ static int nft_tunnel_get_init(const struct nft_ctx *ctx,
        struct nft_tunnel *priv = nft_expr_priv(expr);
        u32 len;
 
-       if (!tb[NFTA_TUNNEL_KEY] &&
+       if (!tb[NFTA_TUNNEL_KEY] ||
            !tb[NFTA_TUNNEL_DREG])
                return -EINVAL;
 
@@ -166,8 +166,8 @@ static int nft_tunnel_obj_ip_init(const struct nft_ctx *ctx,
        struct nlattr *tb[NFTA_TUNNEL_KEY_IP_MAX + 1];
        int err;
 
-       err = nla_parse_nested(tb, NFTA_TUNNEL_KEY_IP_MAX, attr,
-                              nft_tunnel_ip_policy, NULL);
+       err = nla_parse_nested_deprecated(tb, NFTA_TUNNEL_KEY_IP_MAX, attr,
+                                         nft_tunnel_ip_policy, NULL);
        if (err < 0)
                return err;
 
@@ -195,8 +195,8 @@ static int nft_tunnel_obj_ip6_init(const struct nft_ctx *ctx,
        struct nlattr *tb[NFTA_TUNNEL_KEY_IP6_MAX + 1];
        int err;
 
-       err = nla_parse_nested(tb, NFTA_TUNNEL_KEY_IP6_MAX, attr,
-                              nft_tunnel_ip6_policy, NULL);
+       err = nla_parse_nested_deprecated(tb, NFTA_TUNNEL_KEY_IP6_MAX, attr,
+                                         nft_tunnel_ip6_policy, NULL);
        if (err < 0)
                return err;
 
@@ -231,8 +231,8 @@ static int nft_tunnel_obj_vxlan_init(const struct nlattr *attr,
        struct nlattr *tb[NFTA_TUNNEL_KEY_VXLAN_MAX + 1];
        int err;
 
-       err = nla_parse_nested(tb, NFTA_TUNNEL_KEY_VXLAN_MAX, attr,
-                              nft_tunnel_opts_vxlan_policy, NULL);
+       err = nla_parse_nested_deprecated(tb, NFTA_TUNNEL_KEY_VXLAN_MAX, attr,
+                                         nft_tunnel_opts_vxlan_policy, NULL);
        if (err < 0)
                return err;
 
@@ -260,11 +260,15 @@ static int nft_tunnel_obj_erspan_init(const struct nlattr *attr,
        uint8_t hwid, dir;
        int err, version;
 
-       err = nla_parse_nested(tb, NFTA_TUNNEL_KEY_ERSPAN_MAX, attr,
-                              nft_tunnel_opts_erspan_policy, NULL);
+       err = nla_parse_nested_deprecated(tb, NFTA_TUNNEL_KEY_ERSPAN_MAX,
+                                         attr, nft_tunnel_opts_erspan_policy,
+                                         NULL);
        if (err < 0)
                return err;
 
+       if (!tb[NFTA_TUNNEL_KEY_ERSPAN_VERSION])
+                return -EINVAL;
+
        version = ntohl(nla_get_be32(tb[NFTA_TUNNEL_KEY_ERSPAN_VERSION]));
        switch (version) {
        case ERSPAN_VERSION:
@@ -309,8 +313,8 @@ static int nft_tunnel_obj_opts_init(const struct nft_ctx *ctx,
        struct nlattr *tb[NFTA_TUNNEL_KEY_OPTS_MAX + 1];
        int err;
 
-       err = nla_parse_nested(tb, NFTA_TUNNEL_KEY_OPTS_MAX, attr,
-                              nft_tunnel_opts_policy, NULL);
+       err = nla_parse_nested_deprecated(tb, NFTA_TUNNEL_KEY_OPTS_MAX, attr,
+                                         nft_tunnel_opts_policy, NULL);
        if (err < 0)
                return err;
 
@@ -437,7 +441,7 @@ static int nft_tunnel_ip_dump(struct sk_buff *skb, struct ip_tunnel_info *info)
        struct nlattr *nest;
 
        if (info->mode & IP_TUNNEL_INFO_IPV6) {
-               nest = nla_nest_start(skb, NFTA_TUNNEL_KEY_IP6);
+               nest = nla_nest_start_noflag(skb, NFTA_TUNNEL_KEY_IP6);
                if (!nest)
                        return -1;
 
@@ -448,7 +452,7 @@ static int nft_tunnel_ip_dump(struct sk_buff *skb, struct ip_tunnel_info *info)
 
                nla_nest_end(skb, nest);
        } else {
-               nest = nla_nest_start(skb, NFTA_TUNNEL_KEY_IP);
+               nest = nla_nest_start_noflag(skb, NFTA_TUNNEL_KEY_IP);
                if (!nest)
                        return -1;
 
@@ -468,7 +472,7 @@ static int nft_tunnel_opts_dump(struct sk_buff *skb,
        struct nft_tunnel_opts *opts = &priv->opts;
        struct nlattr *nest;
 
-       nest = nla_nest_start(skb, NFTA_TUNNEL_KEY_OPTS);
+       nest = nla_nest_start_noflag(skb, NFTA_TUNNEL_KEY_OPTS);
        if (!nest)
                return -1;