[PATCH] nf_conntrack: Fix module refcount dropping too far

[PATCH] nf_conntrack: Fix module refcount dropping too far

[Yasuyuki KOZAKAI]

Hi,

This is missing port from ip_conntrack, and prevents
nf_conntrack_l3proto_find_get() from taking refcount of
nf_conntrack_l3proto_generic to fix refcount underflow.

Regards,

-- Yasuyuki Kozakai

Re: [PATCH] nf_conntrack: Fix module refcount dropping too far

[Yasuyuki KOZAKAI]

[-- Attachment #1: Type: Text/Plain, Size: 301 bytes --]


From: Yasuyuki KOZAKAI <yasuyuki.kozakai@toshiba.co.jp>
Date: Wed, 08 Feb 2006 18:54:56 +0900 (JST)

> This is missing port from ip_conntrack, and prevents
> nf_conntrack_l3proto_find_get() from taking refcount of
> nf_conntrack_l3proto_generic to fix refcount underflow.

sorry for missing patch...

[-- Attachment #2: nfct-mod-refcnt.patch --]
[-- Type: Text/Plain, Size: 2806 bytes --]

[NETFILTER] nf_conntrack: Fix module refcount dropping too far

nf_ct_l3proto_find_get() may return nf_ct_l3proto_generic without taking
refcount. But nf_ct_l3proto_put() always drops it. To fix this problem,
this patch prevents nf_ct_l3proto_find_get() from taking refcount.
It's OK, because all of them live in same module(nf_conntrack.ko).

This also removes NULL check. __nf_ct_{l3proto,proto}_find_get() never
return NULL.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>

---
commit 6f95d916a3fd6eb8edf75eba29c86cd96447ccdc
tree d9bc4827a5db6d5570d0e5536046e4d59fbd0046
parent ecd52256054fb1e2a2864f4b7bc85a601121590d
author Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Wed, 08 Feb 2006 11:46:22 +0900
committer Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Wed, 08 Feb 2006 11:46:22 +0900

 net/netfilter/nf_conntrack_core.c            |   12 ++++--------
 net/netfilter/nf_conntrack_l3proto_generic.c |    2 +-
 net/netfilter/nf_conntrack_proto_generic.c   |    1 +
 3 files changed, 6 insertions(+), 9 deletions(-)

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 0ce337a..0496ee9 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -203,10 +203,8 @@ nf_ct_proto_find_get(u_int16_t l3proto, 
 
 	preempt_disable();
 	p = __nf_ct_proto_find(l3proto, protocol);
-	if (p) {
-		if (!try_module_get(p->me))
-			p = &nf_conntrack_generic_protocol;
-	}
+	if (!try_module_get(p->me))
+		p = &nf_conntrack_generic_protocol;
 	preempt_enable();
 	
 	return p;
@@ -224,10 +222,8 @@ nf_ct_l3proto_find_get(u_int16_t l3proto
 
 	preempt_disable();
 	p = __nf_ct_l3proto_find(l3proto);
-	if (p) {
-		if (!try_module_get(p->me))
-			p = &nf_conntrack_generic_l3proto;
-	}
+	if (!try_module_get(p->me))
+		p = &nf_conntrack_generic_l3proto;
 	preempt_enable();
 
 	return p;
diff --git a/net/netfilter/nf_conntrack_l3proto_generic.c b/net/netfilter/nf_conntrack_l3proto_generic.c
index 7de4f06..ee3bfd8 100644
--- a/net/netfilter/nf_conntrack_l3proto_generic.c
+++ b/net/netfilter/nf_conntrack_l3proto_generic.c
@@ -94,5 +94,5 @@ struct nf_conntrack_l3proto nf_conntrack
 	.print_conntrack = generic_print_conntrack,
 	.prepare	 = generic_prepare,
 	.get_features	 = generic_get_features,
-	.me		 = THIS_MODULE,
+	/* .me isn't set: getting a ref to this cannot fail. */
 };
diff --git a/net/netfilter/nf_conntrack_proto_generic.c b/net/netfilter/nf_conntrack_proto_generic.c
index 46bc27e..bc60cf3 100644
--- a/net/netfilter/nf_conntrack_proto_generic.c
+++ b/net/netfilter/nf_conntrack_proto_generic.c
@@ -82,4 +82,5 @@ struct nf_conntrack_protocol nf_conntrac
 	.print_conntrack	= generic_print_conntrack,
 	.packet			= packet,
 	.new			= new,
+	/* .me isn't set: getting a ref to this cannot fail. */
 };

[PATCH] nf_conntrack: Fix module refcount dropping too far

[Yasuyuki KOZAKAI]

[-- Attachment #1: Type: Text/Plain, Size: 307 bytes --]


If nf_ct_l3proto_find_get() fails to get the refcount of
nf_ct_l3proto_generic, nf_ct_l3proto_put() will drop the refcount
too far. Only nf_ct_l3proto_generic has this problem.

This fix is missing synchronization with ip_conntrack at the last minutes,
but it's not critical, I think.

-- Yasuyuki Kozakai

[-- Attachment #2: 01-generic-refcnt.patch --]
[-- Type: Text/Plain, Size: 2341 bytes --]

[NETFILTER] nf_conntrack: Fix module refcount dropping too far

If nf_ct_l3proto_find_get() fails to get the refcount of
nf_ct_l3proto_generic, nf_ct_l3proto_put() will drop the refcount
too far.

This gets rid of '.me = THIS_MODULE' of nf_ct_l3proto_generic so that
nf_ct_l3proto_find_get() doesn't try to get refcount of it.
It's OK because its symbol is usable until nf_conntrack.ko is unloaded.

This also kills unnecessary NULL pointer check as well.
__nf_ct_proto_find() allways returns non-NULL pointer.

Signed-off-by: Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp>

---
commit e2a1cbe4dda205181d6206df84fe3eb22ec85273
tree 01324536d3cf7d405dfddbb954ea155bed8a64af
parent a8b9aa85685a7f5c5841dfc4c5772d453fbf5776
author Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Fri, 07 Apr 2006 14:54:25 +0900
committer Yasuyuki Kozakai <yasuyuki.kozakai@toshiba.co.jp> Fri, 07 Apr 2006 14:54:25 +0900

 net/netfilter/nf_conntrack_core.c            |   12 ++++--------
 net/netfilter/nf_conntrack_l3proto_generic.c |    1 -
 2 files changed, 4 insertions(+), 9 deletions(-)

diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index 56389c8..54bdc08 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -208,10 +208,8 @@ nf_ct_proto_find_get(u_int16_t l3proto, 
 
 	preempt_disable();
 	p = __nf_ct_proto_find(l3proto, protocol);
-	if (p) {
-		if (!try_module_get(p->me))
-			p = &nf_conntrack_generic_protocol;
-	}
+	if (!try_module_get(p->me))
+		p = &nf_conntrack_generic_protocol;
 	preempt_enable();
 	
 	return p;
@@ -229,10 +227,8 @@ nf_ct_l3proto_find_get(u_int16_t l3proto
 
 	preempt_disable();
 	p = __nf_ct_l3proto_find(l3proto);
-	if (p) {
-		if (!try_module_get(p->me))
-			p = &nf_conntrack_generic_l3proto;
-	}
+	if (!try_module_get(p->me))
+		p = &nf_conntrack_generic_l3proto;
 	preempt_enable();
 
 	return p;
diff --git a/net/netfilter/nf_conntrack_l3proto_generic.c b/net/netfilter/nf_conntrack_l3proto_generic.c
index 7de4f06..3fc58e4 100644
--- a/net/netfilter/nf_conntrack_l3proto_generic.c
+++ b/net/netfilter/nf_conntrack_l3proto_generic.c
@@ -94,5 +94,4 @@ struct nf_conntrack_l3proto nf_conntrack
 	.print_conntrack = generic_print_conntrack,
 	.prepare	 = generic_prepare,
 	.get_features	 = generic_get_features,
-	.me		 = THIS_MODULE,
 };

Re: [PATCH] nf_conntrack: Fix module refcount dropping too far

[Patrick McHardy]

Yasuyuki KOZAKAI wrote:
> If nf_ct_l3proto_find_get() fails to get the refcount of
> nf_ct_l3proto_generic, nf_ct_l3proto_put() will drop the refcount
> too far. Only nf_ct_l3proto_generic has this problem.
> 
> This fix is missing synchronization with ip_conntrack at the last minutes,
> but it's not critical, I think.

Applies cleanly, thanks.