Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 183901 Details for
Bug 212922
/sbin/service iptables stop hangs on modprobe -r ipt_state
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
patch to block module unloads with module refcounting in nf_sockopt
linux-kernel-test.patch (text/plain), 7.21 KB, created by
Neil Horman
on 2007-08-31 20:10:59 UTC
(
hide
)
Description:
patch to block module unloads with module refcounting in nf_sockopt
Filename:
MIME Type:
Creator:
Neil Horman
Created:
2007-08-31 20:10:59 UTC
Size:
7.21 KB
patch
obsolete
>--- linux-2.6.9/include/linux/netfilter.h.orig 2007-08-31 14:04:31.000000000 -0400 >+++ linux-2.6.9/include/linux/netfilter.h 2007-08-31 14:04:44.000000000 -0400 >@@ -96,6 +96,7 @@ void nf_unregister_hook(struct nf_hook_o > /* Functions to register get/setsockopt ranges (non-inclusive). You > need to check permissions yourself! */ > int nf_register_sockopt(struct nf_sockopt_ops *reg); >+int nf_register_sockopt_owner(struct nf_sockopt_ops *reg, struct module *owner); > void nf_unregister_sockopt(struct nf_sockopt_ops *reg); > > extern struct list_head nf_hooks[NPROTO][NF_MAX_HOOKS]; >--- linux-2.6.9/net/ipv4/netfilter/ip_tables.c.orig 2007-08-31 14:10:35.000000000 -0400 >+++ linux-2.6.9/net/ipv4/netfilter/ip_tables.c 2007-08-31 14:10:45.000000000 -0400 >@@ -1867,7 +1867,7 @@ static int __init init(void) > up(&ipt_mutex); > > /* Register setsockopt */ >- ret = nf_register_sockopt(&ipt_sockopts); >+ ret = nf_register_sockopt_owner(&ipt_sockopts, THIS_MODULE); > if (ret < 0) { > duprintf("Unable to register sockopts.\n"); > return ret; >--- linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c.orig 2007-08-31 14:07:22.000000000 -0400 >+++ linux-2.6.9/net/ipv4/netfilter/ip_conntrack_core.c 2007-08-31 14:07:33.000000000 -0400 >@@ -1332,7 +1332,7 @@ int __init ip_conntrack_init(void) > ip_conntrack_htable_size, ip_conntrack_max, > sizeof(struct ip_conntrack)); > >- ret = nf_register_sockopt(&so_getorigdst); >+ ret = nf_register_sockopt_owner(&so_getorigdst, THIS_MODULE); > if (ret != 0) { > printk(KERN_ERR "Unable to register netfilter socket option\n"); > return ret; >--- linux-2.6.9/net/ipv4/netfilter/arp_tables.c.orig 2007-08-31 14:06:38.000000000 -0400 >+++ linux-2.6.9/net/ipv4/netfilter/arp_tables.c 2007-08-31 14:06:48.000000000 -0400 >@@ -1298,7 +1298,7 @@ static int __init init(void) > up(&arpt_mutex); > > /* Register setsockopt */ >- ret = nf_register_sockopt(&arpt_sockopts); >+ ret = nf_register_sockopt_owner(&arpt_sockopts, THIS_MODULE); > if (ret < 0) { > duprintf("Unable to register sockopts.\n"); > return ret; >--- linux-2.6.9/net/ipv4/netfilter/ip_fw_compat.c.orig 2007-08-31 14:07:41.000000000 -0400 >+++ linux-2.6.9/net/ipv4/netfilter/ip_fw_compat.c 2007-08-31 14:10:23.000000000 -0400 >@@ -251,7 +251,7 @@ static int init_or_cleanup(int init) > > if (!init) goto cleanup; > >- ret = nf_register_sockopt(&sock_ops); >+ ret = nf_register_sockopt_owner(&sock_ops, THIS_MODULE); > > if (ret < 0) > goto cleanup_nothing; >--- linux-2.6.9/net/ipv4/ipvs/ip_vs_ctl.c.orig 2007-08-31 14:06:18.000000000 -0400 >+++ linux-2.6.9/net/ipv4/ipvs/ip_vs_ctl.c 2007-08-31 14:06:29.000000000 -0400 >@@ -2346,7 +2346,7 @@ int ip_vs_control_init(void) > > EnterFunction(2); > >- ret = nf_register_sockopt(&ip_vs_sockopts); >+ ret = nf_register_sockopt_owner(&ip_vs_sockopts, THIS_MODULE); > if (ret) { > IP_VS_ERR("cannot register sockopt.\n"); > return ret; >--- linux-2.6.9/net/bridge/netfilter/ebtables.c.orig 2007-08-31 14:05:21.000000000 -0400 >+++ linux-2.6.9/net/bridge/netfilter/ebtables.c 2007-08-31 14:05:37.000000000 -0400 >@@ -1482,7 +1482,7 @@ static int __init init(void) > down(&ebt_mutex); > list_named_insert(&ebt_targets, &ebt_standard_target); > up(&ebt_mutex); >- if ((ret = nf_register_sockopt(&ebt_sockopts)) < 0) >+ if ((ret = nf_register_sockopt_owner(&ebt_sockopts, THIS_MODULE)) < 0) > return ret; > > printk(KERN_NOTICE "Ebtables v2.0 registered\n"); >--- linux-2.6.9/net/ipv6/netfilter/ip6_tables.c.orig 2007-08-31 14:10:53.000000000 -0400 >+++ linux-2.6.9/net/ipv6/netfilter/ip6_tables.c 2007-08-31 14:11:03.000000000 -0400 >@@ -1935,7 +1935,7 @@ static int __init init(void) > up(&ip6t_mutex); > > /* Register setsockopt */ >- ret = nf_register_sockopt(&ip6t_sockopts); >+ ret = nf_register_sockopt_owner(&ip6t_sockopts, THIS_MODULE); > if (ret < 0) { > duprintf("Unable to register sockopts.\n"); > return ret; >--- linux-2.6.9/net/core/netfilter.c.orig 2007-08-31 13:43:58.000000000 -0400 >+++ linux-2.6.9/net/core/netfilter.c 2007-08-31 14:03:57.000000000 -0400 >@@ -60,6 +60,11 @@ static struct nf_queue_handler_t { > } queue_handler[NPROTO]; > static rwlock_t queue_handler_lock = RW_LOCK_UNLOCKED; > >+struct nf_sockopt_ops_wrapper { >+ struct nf_sockopt_ops *ops; >+ struct module *owner; >+} >+ > int nf_register_hook(struct nf_hook_ops *reg) > { > struct list_head *i; >@@ -92,16 +97,19 @@ static inline int overlap(int min1, int > } > > /* Functions to register sockopt ranges (exclusive). */ >-int nf_register_sockopt(struct nf_sockopt_ops *reg) >+int nf_register_sockopt_owner(struct nf_sockopt_ops *reg, struct module *owner) > { > struct list_head *i; >+ struct nf_sockopt_ops_wrapper *newops; > int ret = 0; > > if (down_interruptible(&nf_sockopt_mutex) != 0) > return -EINTR; > > list_for_each(i, &nf_sockopts) { >- struct nf_sockopt_ops *ops = (struct nf_sockopt_ops *)i; >+ struct nf_sockopt_ops_wrapper *opsw = >+ (struct nf_sockopt_ops_wrapper *)i; >+ struct nf_sockopt_ops *ops = opsw->ops; > if (ops->pf == reg->pf > && (overlap(ops->set_optmin, ops->set_optmax, > reg->set_optmin, reg->set_optmax) >@@ -117,27 +125,34 @@ int nf_register_sockopt(struct nf_sockop > } > } > >+ ret = -ENOMEM; >+ newops = kmalloc(sizeof(struct nf_sockopt_ops_wrapper), GFP_KERNEL); >+ if (!newops) >+ goto out; >+ newops->ops = reg; >+ newops->owner = owner; >+ > list_add(®->list, &nf_sockopts); > out: > up(&nf_sockopt_mutex); > return ret; > } > >+int nf_register_sockopt(struct nf_sockopt_ops *reg) >+{ >+ return nf_register_sockopt_owner(reg, NULL); >+} >+ > void nf_unregister_sockopt(struct nf_sockopt_ops *reg) > { >+ struct nf_sockopt_ops_wrapper *wrapper; >+ >+ wrapper = container_of(reg, struct nf_sockopt_ops_wrapper, ops); >+ > /* No point being interruptible: we're probably in cleanup_module() */ >- restart: > down(&nf_sockopt_mutex); >- if (reg->use != 0) { >- /* To be woken by nf_sockopt call... */ >- /* FIXME: Stuart Young's name appears gratuitously. */ >- set_current_state(TASK_UNINTERRUPTIBLE); >- reg->cleanup_task = current; >- up(&nf_sockopt_mutex); >- schedule(); >- goto restart; >- } > list_del(®->list); >+ kfree(wrapper); > up(&nf_sockopt_mutex); > } > >@@ -289,6 +304,7 @@ static int nf_sockopt(struct sock *sk, i > char __user *opt, int *len, int get) > { > struct list_head *i; >+ struct nf_sockopt_ops_wrapper *opsw; > struct nf_sockopt_ops *ops; > int ret; > >@@ -296,8 +312,12 @@ static int nf_sockopt(struct sock *sk, i > return -EINTR; > > list_for_each(i, &nf_sockopts) { >- ops = (struct nf_sockopt_ops *)i; >+ opsw = (struct nf_sockopt_ops_wrapper *)i; >+ ops = opsw->ops; > if (ops->pf == pf) { >+ if (!try_module_get(opsw->owner)) >+ goto out_nosup; >+ > if (get) { > if (val >= ops->get_optmin > && val < ops->get_optmax) { >@@ -315,17 +335,18 @@ static int nf_sockopt(struct sock *sk, i > goto out; > } > } >+ module_put(opsw->owner); > } > } >+ out_nosup: > up(&nf_sockopt_mutex); > return -ENOPROTOOPT; > > out: > down(&nf_sockopt_mutex); > ops->use--; >- if (ops->cleanup_task) >- wake_up_process(ops->cleanup_task); > up(&nf_sockopt_mutex); >+ module_put(opsw->owner); > return ret; > } > >@@ -826,6 +847,7 @@ EXPORT_SYMBOL(nf_hooks); > EXPORT_SYMBOL(nf_register_hook); > EXPORT_SYMBOL(nf_register_queue_handler); > EXPORT_SYMBOL(nf_register_sockopt); >+EXPORT_SYMBOL(nf_register_sockopt_owner); > EXPORT_SYMBOL(nf_reinject); > EXPORT_SYMBOL(nf_setsockopt); > EXPORT_SYMBOL(nf_unregister_hook);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=183901">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 212922
:
159071
|
159072
|
159567
|
159568
|
159571
|
160770
|
160787
|
169395
|
174041
|
174261
|
176401
|
183901
|
183921
|
184891
|
186411
|
186601