lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[NETFILTER]: recent match: fix "sleeping function called from invalid context"

Browse Source 
create_proc_entry must not be called with locks held. Use a mutex
instead to protect data only changed in user context.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy
2006-06-09 12:17:41 -07:00
committed by David S. Miller
parent 4e5ab4cb85
commit a0e889bb1b
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
net/ipv4/netfilter/ipt_recent.c
View File

@@ -69,6 +69,7 @@ struct recent_table {
static LIST_HEAD(tables); static LIST_HEAD(tables);
static DEFINE_SPINLOCK(recent_lock); static DEFINE_SPINLOCK(recent_lock);
static DEFINE_MUTEX(recent_mutex);
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
static struct proc_dir_entry *proc_dir; static struct proc_dir_entry *proc_dir;
@@ -249,7 +250,7 @@ ipt_recent_checkentry(const char *tablename, const void *ip,
strnlen(info->name, IPT_RECENT_NAME_LEN) == IPT_RECENT_NAME_LEN) strnlen(info->name, IPT_RECENT_NAME_LEN) == IPT_RECENT_NAME_LEN)
return 0; return 0;
spin_lock_bh(&recent_lock); mutex_lock(&recent_mutex);
t = recent_table_lookup(info->name); t = recent_table_lookup(info->name);
if (t != NULL) { if (t != NULL) {
t->refcnt++; t->refcnt++;
@@ -258,7 +259,7 @@ ipt_recent_checkentry(const char *tablename, const void *ip,
} }
t = kzalloc(sizeof(*t) + sizeof(t->iphash[0]) * ip_list_hash_size, t = kzalloc(sizeof(*t) + sizeof(t->iphash[0]) * ip_list_hash_size,
GFP_ATOMIC); GFP_KERNEL);
if (t == NULL) if (t == NULL)
goto out; goto out;
strcpy(t->name, info->name); strcpy(t->name, info->name);
@@ -274,10 +275,12 @@ ipt_recent_checkentry(const char *tablename, const void *ip,
t->proc->proc_fops = &recent_fops; t->proc->proc_fops = &recent_fops;
t->proc->data = t; t->proc->data = t;
#endif #endif
spin_lock_bh(&recent_lock);
list_add_tail(&t->list, &tables); list_add_tail(&t->list, &tables);
spin_unlock_bh(&recent_lock);
ret = 1; ret = 1;
out: out:
spin_unlock_bh(&recent_lock); mutex_unlock(&recent_mutex);
return ret; return ret;
} }
@@ -288,17 +291,19 @@ ipt_recent_destroy(const struct xt_match *match, void *matchinfo,
const struct ipt_recent_info *info = matchinfo; const struct ipt_recent_info *info = matchinfo;
struct recent_table *t; struct recent_table *t;
spin_lock_bh(&recent_lock); mutex_lock(&recent_mutex);
t = recent_table_lookup(info->name); t = recent_table_lookup(info->name);
if (--t->refcnt == 0) { if (--t->refcnt == 0) {
spin_lock_bh(&recent_lock);
list_del(&t->list); list_del(&t->list);
spin_unlock_bh(&recent_lock);
recent_table_flush(t); recent_table_flush(t);
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
remove_proc_entry(t->name, proc_dir); remove_proc_entry(t->name, proc_dir);
#endif #endif
kfree(t); kfree(t);
} }
spin_unlock_bh(&recent_lock); mutex_unlock(&recent_mutex);
} }
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS