From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: netdev@vger.kernel.org
Subject: Re: [PATCH 3/3] netfilter: xt_CT: remove a compile warning
Date: Tue, 3 Apr 2012 14:57:55 +0200 [thread overview]
Message-ID: <20120403125755.GA15339@1984> (raw)
In-Reply-To: <201204032128.JEG78136.JStMOHQOVFFFLO@I-love.SAKURA.ne.jp>
[-- Attachment #1: Type: text/plain, Size: 414 bytes --]
On Tue, Apr 03, 2012 at 09:28:38PM +0900, Tetsuo Handa wrote:
> Pablo Neira Ayuso wrote:
> > Indeed. The patch attached should fix this problem. Thanks.
>
> It seems to me that the timeout object is associated with the "ct"
> by successful nf_ct_timeout_ext_add() call. If yes,
>
> +err5:
> + xt_ct_tg_timeout_put(ct);
>
> will not be able to find the timeout object.
You're right again. New patch attached.
[-- Attachment #2: 0001-netfilter-xt_CT-fix-missing-put-timeout-object-in-er.patch --]
[-- Type: text/x-diff, Size: 2728 bytes --]
>From 6b9599e7a092a241e86e376d14bb1b45902f19b5 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 3 Apr 2012 14:50:07 +0200
Subject: [PATCH] netfilter: xt_CT: fix missing put timeout object in error path
The error path misses putting the timeout object. This patch adds
new function xt_ct_tg_timeout_put() to put the timeout object.
Reported-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
net/netfilter/xt_CT.c | 28 +++++++++++++++++++++++-----
1 files changed, 23 insertions(+), 5 deletions(-)
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index 4babb27..e2ee11a 100644
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -150,6 +150,21 @@ err1:
return ret;
}
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
+static inline void xt_ct_tg_timeout_put(struct ctnl_timeout *timeout)
+{
+ typeof(nf_ct_timeout_put_hook) timeout_put;
+
+ rcu_read_lock();
+ timeout_put = rcu_dereference(nf_ct_timeout_put_hook);
+
+ if (timeout_put)
+ timeout_put(timeout);
+
+ rcu_read_unlock();
+}
+#endif
+
static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)
{
struct xt_ct_target_info_v1 *info = par->targinfo;
@@ -158,7 +173,9 @@ static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)
struct nf_conn *ct;
int ret = 0;
u8 proto;
-
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
+ struct ctnl_timeout *timeout;
+#endif
if (info->flags & ~XT_CT_NOTRACK)
return -EINVAL;
@@ -216,7 +233,6 @@ static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)
#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
if (info->timeout) {
typeof(nf_ct_timeout_find_get_hook) timeout_find_get;
- struct ctnl_timeout *timeout;
struct nf_conn_timeout *timeout_ext;
rcu_read_lock();
@@ -245,7 +261,7 @@ static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)
pr_info("Timeout policy `%s' can only be "
"used by L3 protocol number %d\n",
info->timeout, timeout->l3num);
- goto err4;
+ goto err5;
}
/* Make sure the timeout policy matches any existing
* protocol tracker, otherwise default to generic.
@@ -258,13 +274,13 @@ static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)
"used by L4 protocol number %d\n",
info->timeout,
timeout->l4proto->l4proto);
- goto err4;
+ goto err5;
}
timeout_ext = nf_ct_timeout_ext_add(ct, timeout,
GFP_ATOMIC);
if (timeout_ext == NULL) {
ret = -ENOMEM;
- goto err4;
+ goto err5;
}
} else {
ret = -ENOENT;
@@ -282,6 +298,8 @@ out:
return 0;
#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
+err5:
+ xt_ct_tg_timeout_put(timeout);
err4:
rcu_read_unlock();
#endif
--
1.7.2.5
next prev parent reply other threads:[~2012-04-03 12:58 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-04-03 10:13 [PATCH 0/3] netfilter fixes for 3.4-rc1 pablo
2012-04-03 10:13 ` [PATCH 1/3] netfilter: xt_LOG: don't use xchg() for simple assignment pablo
2012-04-03 10:13 ` [PATCH 2/3] netfilter: ipset: avoid use of kernel-only types pablo
2012-04-03 10:13 ` [PATCH 3/3] netfilter: xt_CT: remove a compile warning pablo
2012-04-03 10:27 ` Tetsuo Handa
2012-04-03 10:31 ` Pablo Neira Ayuso
2012-04-03 10:39 ` Pablo Neira Ayuso
2012-04-03 23:17 ` David Miller
2012-04-03 11:48 ` Tetsuo Handa
2012-04-03 12:09 ` Pablo Neira Ayuso
2012-04-03 12:28 ` Tetsuo Handa
2012-04-03 12:57 ` Pablo Neira Ayuso [this message]
2012-04-03 13:06 ` Pablo Neira Ayuso
2012-04-03 14:28 ` Tetsuo Handa
2012-04-03 14:52 ` Pablo Neira Ayuso
2012-04-03 23:21 ` David Miller
2012-04-03 23:20 ` David Miller
-- strict thread matches above, loose matches on Subject: below --
2012-04-03 9:50 [PATCH 0/3] netfilter fixes for 3.4-rc1 pablo
2012-04-03 9:50 ` [PATCH 3/3] netfilter: xt_CT: remove a compile warning pablo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120403125755.GA15339@1984 \
--to=pablo@netfilter.org \
--cc=netdev@vger.kernel.org \
--cc=penguin-kernel@I-love.SAKURA.ne.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.