| From stable-bounces@linux.kernel.org Tue Nov 15 04:33:04 2005 |
| Date: Tue, 15 Nov 2005 13:32:36 +0100 |
| From: Harald Welte <laforge@netfilter.org> |
| To: Stable Kernel <stable@kernel.org> |
| Cc: |
| Subject: [PATCH] [NETFILTER] NAT: Fix module refcount dropping too far |
| |
| From: Rusty Rusty <rusty@rustcorp.com.au> |
| |
| The unknown protocol is used as a fallback when a protocol isn't known. |
| Hence we cannot handle it failing, so don't set ".me". It's OK, since we |
| only grab a reference from within the same module (iptable_nat.ko), so we |
| never take the module refcount from 0 to 1. |
| |
| Also, remove the "protocol is NULL" test: it's never NULL. |
| |
| Signed-off-by: Rusty Rusty <rusty@rustcorp.com.au> |
| Signed-off-by: Harald Welte <laforge@netfilter.org> |
| Signed-off-by: Chris Wright <chrisw@osdl.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| --- |
| net/ipv4/netfilter/ip_nat_core.c | 6 ++---- |
| net/ipv4/netfilter/ip_nat_proto_unknown.c | 2 +- |
| 2 files changed, 3 insertions(+), 5 deletions(-) |
| |
| --- linux-2.6.14.2.orig/net/ipv4/netfilter/ip_nat_core.c |
| +++ linux-2.6.14.2/net/ipv4/netfilter/ip_nat_core.c |
| @@ -66,10 +66,8 @@ ip_nat_proto_find_get(u_int8_t protonum) |
| * removed until we've grabbed the reference */ |
| preempt_disable(); |
| p = __ip_nat_proto_find(protonum); |
| - if (p) { |
| - if (!try_module_get(p->me)) |
| - p = &ip_nat_unknown_protocol; |
| - } |
| + if (!try_module_get(p->me)) |
| + p = &ip_nat_unknown_protocol; |
| preempt_enable(); |
| |
| return p; |
| --- linux-2.6.14.2.orig/net/ipv4/netfilter/ip_nat_proto_unknown.c |
| +++ linux-2.6.14.2/net/ipv4/netfilter/ip_nat_proto_unknown.c |
| @@ -62,7 +62,7 @@ unknown_print_range(char *buffer, const |
| |
| struct ip_nat_protocol ip_nat_unknown_protocol = { |
| .name = "unknown", |
| - .me = THIS_MODULE, |
| + /* .me isn't set: getting a ref to this cannot fail. */ |
| .manip_pkt = unknown_manip_pkt, |
| .in_range = unknown_in_range, |
| .unique_tuple = unknown_unique_tuple, |