tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

netfilter: nf_tables: take module reference when starting a batch

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Florian Westphal and committed by
Pablo Neira Ayuso be2ab5b4 ca2f18be

+11
+1
include/linux/netfilter/nfnetlink.h
··· 29 29 __u8 subsys_id; /* nfnetlink subsystem ID */ 30 30 __u8 cb_count; /* number of callbacks */ 31 31 const struct nfnl_callback *cb; /* callback for individual types */ 32 + struct module *owner; 32 33 int (*commit)(struct net *net, struct sk_buff *skb); 33 34 int (*abort)(struct net *net, struct sk_buff *skb); 34 35 void (*cleanup)(struct net *net);
+1
net/netfilter/nf_tables_api.c
··· 6603 6603 .abort = nf_tables_abort, 6604 6604 .cleanup = nf_tables_cleanup, 6605 6605 .valid_genid = nf_tables_valid_genid, 6606 + .owner = THIS_MODULE, 6606 6607 }; 6607 6608 6608 6609 int nft_chain_validate_dependency(const struct nft_chain *chain,
+9
net/netfilter/nfnetlink.c
··· 337 337 return kfree_skb(skb); 338 338 } 339 339 340 + if (!try_module_get(ss->owner)) { 341 + nfnl_unlock(subsys_id); 342 + netlink_ack(oskb, nlh, -EOPNOTSUPP, NULL); 343 + return kfree_skb(skb); 344 + } 345 + 340 346 if (!ss->valid_genid(net, genid)) { 347 + module_put(ss->owner); 341 348 nfnl_unlock(subsys_id); 342 349 netlink_ack(oskb, nlh, -ERESTART, NULL); 343 350 return kfree_skb(skb); ··· 479 472 nfnl_err_reset(&err_list); 480 473 nfnl_unlock(subsys_id); 481 474 kfree_skb(skb); 475 + module_put(ss->owner); 482 476 goto replay; 483 477 } else if (status == NFNL_BATCH_DONE) { 484 478 err = ss->commit(net, oskb); ··· 499 491 nfnl_err_deliver(&err_list, oskb); 500 492 nfnl_unlock(subsys_id); 501 493 kfree_skb(skb); 494 + module_put(ss->owner); 502 495 } 503 496 504 497 static const struct nla_policy nfnl_batch_policy[NFNL_BATCH_MAX + 1] = {