netfilter: nf_tables: take AF module reference when creating a table
The table refers to data of the AF module, so we need to make sure the module isn't unloaded while the table exists. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
c5c1f975ad
commit
7047f9d052
@ -430,9 +430,14 @@ static int nf_tables_newtable(struct sock *nlsk, struct sk_buff *skb,
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!try_module_get(afi->owner))
|
||||
return -EAFNOSUPPORT;
|
||||
|
||||
table = kzalloc(sizeof(*table) + nla_len(name), GFP_KERNEL);
|
||||
if (table == NULL)
|
||||
if (table == NULL) {
|
||||
module_put(afi->owner);
|
||||
return -ENOMEM;
|
||||
}
|
||||
|
||||
nla_strlcpy(table->name, name, nla_len(name));
|
||||
INIT_LIST_HEAD(&table->chains);
|
||||
@ -468,6 +473,7 @@ static int nf_tables_deltable(struct sock *nlsk, struct sk_buff *skb,
|
||||
list_del(&table->list);
|
||||
nf_tables_table_notify(skb, nlh, table, NFT_MSG_DELTABLE, family);
|
||||
kfree(table);
|
||||
module_put(afi->owner);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
Loading…
x
Reference in New Issue
Block a user