Commit 0d98da5d845e0d0293055913ce65c9904b3b902a
Committed by
Pablo Neira Ayuso
Pablo Neira Ayuso
1 parent
cca7af3889
netfilter: nf_conntrack: register pernet subsystem before register L4 proto
In (c296bb4 netfilter: nf_conntrack: refactor l4proto support for netns) the l4proto gre/dccp/udplite/sctp registration happened before the pernet subsystem, which is wrong. Register pernet subsystem before register L4proto since after register L4proto, init_conntrack may try to access the resources which allocated in register_pernet_subsys. Reported-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Showing 4 changed files with 24 additions and 24 deletions Side-by-side Diff
net/netfilter/nf_conntrack_proto_dccp.c
| ... | ... | @@ -969,6 +969,10 @@ |
| 969 | 969 | { |
| 970 | 970 | int ret; |
| 971 | 971 | |
| 972 | + ret = register_pernet_subsys(&dccp_net_ops); | |
| 973 | + if (ret < 0) | |
| 974 | + goto out_pernet; | |
| 975 | + | |
| 972 | 976 | ret = nf_ct_l4proto_register(&dccp_proto4); |
| 973 | 977 | if (ret < 0) |
| 974 | 978 | goto out_dccp4; |
| 975 | 979 | |
| 976 | 980 | |
| ... | ... | @@ -977,16 +981,12 @@ |
| 977 | 981 | if (ret < 0) |
| 978 | 982 | goto out_dccp6; |
| 979 | 983 | |
| 980 | - ret = register_pernet_subsys(&dccp_net_ops); | |
| 981 | - if (ret < 0) | |
| 982 | - goto out_pernet; | |
| 983 | - | |
| 984 | 984 | return 0; |
| 985 | -out_pernet: | |
| 986 | - nf_ct_l4proto_unregister(&dccp_proto6); | |
| 987 | 985 | out_dccp6: |
| 988 | 986 | nf_ct_l4proto_unregister(&dccp_proto4); |
| 989 | 987 | out_dccp4: |
| 988 | + unregister_pernet_subsys(&dccp_net_ops); | |
| 989 | +out_pernet: | |
| 990 | 990 | return ret; |
| 991 | 991 | } |
| 992 | 992 |
net/netfilter/nf_conntrack_proto_gre.c
| ... | ... | @@ -420,18 +420,18 @@ |
| 420 | 420 | { |
| 421 | 421 | int ret; |
| 422 | 422 | |
| 423 | - ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_gre4); | |
| 424 | - if (ret < 0) | |
| 425 | - goto out_gre4; | |
| 426 | - | |
| 427 | 423 | ret = register_pernet_subsys(&proto_gre_net_ops); |
| 428 | 424 | if (ret < 0) |
| 429 | 425 | goto out_pernet; |
| 430 | 426 | |
| 427 | + ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_gre4); | |
| 428 | + if (ret < 0) | |
| 429 | + goto out_gre4; | |
| 430 | + | |
| 431 | 431 | return 0; |
| 432 | -out_pernet: | |
| 433 | - nf_ct_l4proto_unregister(&nf_conntrack_l4proto_gre4); | |
| 434 | 432 | out_gre4: |
| 433 | + unregister_pernet_subsys(&proto_gre_net_ops); | |
| 434 | +out_pernet: | |
| 435 | 435 | return ret; |
| 436 | 436 | } |
| 437 | 437 |
net/netfilter/nf_conntrack_proto_sctp.c
| ... | ... | @@ -888,6 +888,10 @@ |
| 888 | 888 | { |
| 889 | 889 | int ret; |
| 890 | 890 | |
| 891 | + ret = register_pernet_subsys(&sctp_net_ops); | |
| 892 | + if (ret < 0) | |
| 893 | + goto out_pernet; | |
| 894 | + | |
| 891 | 895 | ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_sctp4); |
| 892 | 896 | if (ret < 0) |
| 893 | 897 | goto out_sctp4; |
| 894 | 898 | |
| 895 | 899 | |
| ... | ... | @@ -896,16 +900,12 @@ |
| 896 | 900 | if (ret < 0) |
| 897 | 901 | goto out_sctp6; |
| 898 | 902 | |
| 899 | - ret = register_pernet_subsys(&sctp_net_ops); | |
| 900 | - if (ret < 0) | |
| 901 | - goto out_pernet; | |
| 902 | - | |
| 903 | 903 | return 0; |
| 904 | -out_pernet: | |
| 905 | - nf_ct_l4proto_unregister(&nf_conntrack_l4proto_sctp6); | |
| 906 | 904 | out_sctp6: |
| 907 | 905 | nf_ct_l4proto_unregister(&nf_conntrack_l4proto_sctp4); |
| 908 | 906 | out_sctp4: |
| 907 | + unregister_pernet_subsys(&sctp_net_ops); | |
| 908 | +out_pernet: | |
| 909 | 909 | return ret; |
| 910 | 910 | } |
| 911 | 911 |
net/netfilter/nf_conntrack_proto_udplite.c
| ... | ... | @@ -371,6 +371,10 @@ |
| 371 | 371 | { |
| 372 | 372 | int ret; |
| 373 | 373 | |
| 374 | + ret = register_pernet_subsys(&udplite_net_ops); | |
| 375 | + if (ret < 0) | |
| 376 | + goto out_pernet; | |
| 377 | + | |
| 374 | 378 | ret = nf_ct_l4proto_register(&nf_conntrack_l4proto_udplite4); |
| 375 | 379 | if (ret < 0) |
| 376 | 380 | goto out_udplite4; |
| 377 | 381 | |
| 378 | 382 | |
| ... | ... | @@ -379,16 +383,12 @@ |
| 379 | 383 | if (ret < 0) |
| 380 | 384 | goto out_udplite6; |
| 381 | 385 | |
| 382 | - ret = register_pernet_subsys(&udplite_net_ops); | |
| 383 | - if (ret < 0) | |
| 384 | - goto out_pernet; | |
| 385 | - | |
| 386 | 386 | return 0; |
| 387 | -out_pernet: | |
| 388 | - nf_ct_l4proto_unregister(&nf_conntrack_l4proto_udplite6); | |
| 389 | 387 | out_udplite6: |
| 390 | 388 | nf_ct_l4proto_unregister(&nf_conntrack_l4proto_udplite4); |
| 391 | 389 | out_udplite4: |
| 390 | + unregister_pernet_subsys(&udplite_net_ops); | |
| 391 | +out_pernet: | |
| 392 | 392 | return ret; |
| 393 | 393 | } |
| 394 | 394 |