iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: nf_tables: take AF module reference when creating a table

Browse Source 
The table refers to data of the AF module, so we need to make sure the
module isn't unloaded while the table exists.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Patrick McHardy 2014-01-09 18:42:40 +00:00 committed by Pablo Neira Ayuso
parent c5c1f975ad
commit 7047f9d052
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
net/netfilter/nf_tables_api.c
View File

@ -430,9 +430,14 @@ static int nf_tables_newtable(struct sock *nlsk, struct sk_buff *skb,
return -EINVAL; return -EINVAL;
} }
if (!try_module_get(afi->owner))
return -EAFNOSUPPORT;
table = kzalloc(sizeof(*table) + nla_len(name), GFP_KERNEL); table = kzalloc(sizeof(*table) + nla_len(name), GFP_KERNEL);
if (table == NULL) if (table == NULL) {
module_put(afi->owner);
return -ENOMEM; return -ENOMEM;
}
nla_strlcpy(table->name, name, nla_len(name)); nla_strlcpy(table->name, name, nla_len(name));
INIT_LIST_HEAD(&table->chains); INIT_LIST_HEAD(&table->chains);
@ -468,6 +473,7 @@ static int nf_tables_deltable(struct sock *nlsk, struct sk_buff *skb,
list_del(&table->list); list_del(&table->list);
nf_tables_table_notify(skb, nlh, table, NFT_MSG_DELTABLE, family); nf_tables_table_notify(skb, nlh, table, NFT_MSG_DELTABLE, family);
kfree(table); kfree(table);
module_put(afi->owner);
return 0; return 0;
} }