Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit be2ab5b4 authored by Florian Westphal's avatar Florian Westphal Committed by Pablo Neira Ayuso
Browse files

netfilter: nf_tables: take module reference when starting a batch 



Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent ca2f18be

include/linux/netfilter/nfnetlink.h

+1 −0
Original line number Original line Diff line number Diff line
@@ -29,6 +29,7 @@ struct nfnetlink_subsystem { 
	__u8 subsys_id;			/* nfnetlink subsystem ID */

	__u8 subsys_id;			/* nfnetlink subsystem ID */

	__u8 cb_count;			/* number of callbacks */

	__u8 cb_count;			/* number of callbacks */

	const struct nfnl_callback *cb;	/* callback for individual types */

	const struct nfnl_callback *cb;	/* callback for individual types */

	struct module *owner;

	int (*commit)(struct net *net, struct sk_buff *skb);

	int (*commit)(struct net *net, struct sk_buff *skb);

	int (*abort)(struct net *net, struct sk_buff *skb);

	int (*abort)(struct net *net, struct sk_buff *skb);

	void (*cleanup)(struct net *net);

	void (*cleanup)(struct net *net);

net/netfilter/nf_tables_api.c

+1 −0
Original line number Original line Diff line number Diff line
@@ -6603,6 +6603,7 @@ static const struct nfnetlink_subsystem nf_tables_subsys = { 
	.abort		= nf_tables_abort,

	.abort		= nf_tables_abort,

	.cleanup	= nf_tables_cleanup,

	.cleanup	= nf_tables_cleanup,

	.valid_genid	= nf_tables_valid_genid,

	.valid_genid	= nf_tables_valid_genid,

	.owner		= THIS_MODULE,

};

};





int nft_chain_validate_dependency(const struct nft_chain *chain,

int nft_chain_validate_dependency(const struct nft_chain *chain,

net/netfilter/nfnetlink.c

+9 −0
Original line number Original line Diff line number Diff line
@@ -337,7 +337,14 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh, 
		return kfree_skb(skb);

		return kfree_skb(skb);

	}

	}





	if (!try_module_get(ss->owner)) {

		nfnl_unlock(subsys_id);

		netlink_ack(oskb, nlh, -EOPNOTSUPP, NULL);

		return kfree_skb(skb);

	}



	if (!ss->valid_genid(net, genid)) {

	if (!ss->valid_genid(net, genid)) {

		module_put(ss->owner);

		nfnl_unlock(subsys_id);

		nfnl_unlock(subsys_id);

		netlink_ack(oskb, nlh, -ERESTART, NULL);

		netlink_ack(oskb, nlh, -ERESTART, NULL);

		return kfree_skb(skb);

		return kfree_skb(skb);
@@ -472,6 +479,7 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh, 
		nfnl_err_reset(&err_list);

		nfnl_err_reset(&err_list);

		nfnl_unlock(subsys_id);

		nfnl_unlock(subsys_id);

		kfree_skb(skb);

		kfree_skb(skb);

		module_put(ss->owner);

		goto replay;

		goto replay;

	} else if (status == NFNL_BATCH_DONE) {

	} else if (status == NFNL_BATCH_DONE) {

		err = ss->commit(net, oskb);

		err = ss->commit(net, oskb);
@@ -491,6 +499,7 @@ static void nfnetlink_rcv_batch(struct sk_buff *skb, struct nlmsghdr *nlh, 
	nfnl_err_deliver(&err_list, oskb);

	nfnl_err_deliver(&err_list, oskb);

	nfnl_unlock(subsys_id);

	nfnl_unlock(subsys_id);

	kfree_skb(skb);

	kfree_skb(skb);

	module_put(ss->owner);

}

}





static const struct nla_policy nfnl_batch_policy[NFNL_BATCH_MAX + 1] = {

static const struct nla_policy nfnl_batch_policy[NFNL_BATCH_MAX + 1] = {