raspi/linux
1
0
Fork 1
mirror of https://github.com/raspberrypi/linux.git synced 2025-12-07 18:40:10 +00:00
Code Issues Projects Releases Wiki Activity

netfilter: add missing error handling code for register functions

Browse Source 
[ Upstream commit 584eab291c ]

register_{netdevice/inetaddr/inet6addr}_notifier may return an error
value, this patch adds the code to handle these error paths.

Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Taehee Yoo
2018-11-22 19:59:46 +09:00
committed by Greg Kroah-Hartman
parent 4f03e063a5
commit 18218f827e
9 changed files with 63 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/net/netfilter/ipv4/nf_nat_masquerade.h
View File

@@ -9,7 +9,7 @@ nf_nat_masquerade_ipv4(struct sk_buff *skb, unsigned int hooknum,
const struct nf_nat_range2 *range, const struct nf_nat_range2 *range,
const struct net_device *out); const struct net_device *out);
void nf_nat_masquerade_ipv4_register_notifier(void); int nf_nat_masquerade_ipv4_register_notifier(void);
void nf_nat_masquerade_ipv4_unregister_notifier(void); void nf_nat_masquerade_ipv4_unregister_notifier(void);
#endif /*_NF_NAT_MASQUERADE_IPV4_H_ */ #endif /*_NF_NAT_MASQUERADE_IPV4_H_ */

2
include/net/netfilter/ipv6/nf_nat_masquerade.h
View File

@@ -5,7 +5,7 @@
unsigned int unsigned int
nf_nat_masquerade_ipv6(struct sk_buff *skb, const struct nf_nat_range2 *range, nf_nat_masquerade_ipv6(struct sk_buff *skb, const struct nf_nat_range2 *range,
const struct net_device *out); const struct net_device *out);
void nf_nat_masquerade_ipv6_register_notifier(void); int nf_nat_masquerade_ipv6_register_notifier(void);
void nf_nat_masquerade_ipv6_unregister_notifier(void); void nf_nat_masquerade_ipv6_unregister_notifier(void);
#endif /* _NF_NAT_MASQUERADE_IPV6_H_ */ #endif /* _NF_NAT_MASQUERADE_IPV6_H_ */

7
net/ipv4/netfilter/ipt_MASQUERADE.c
View File

@@ -81,9 +81,12 @@ static int __init masquerade_tg_init(void)
int ret; int ret;
ret = xt_register_target(&masquerade_tg_reg); ret = xt_register_target(&masquerade_tg_reg);
if (ret)
return ret;
if (ret == 0) ret = nf_nat_masquerade_ipv4_register_notifier();
nf_nat_masquerade_ipv4_register_notifier(); if (ret)
xt_unregister_target(&masquerade_tg_reg);
return ret; return ret;
} }

21
net/ipv4/netfilter/nf_nat_masquerade_ipv4.c
View File

@@ -133,16 +133,29 @@ static struct notifier_block masq_inet_notifier = {
static atomic_t masquerade_notifier_refcount = ATOMIC_INIT(0); static atomic_t masquerade_notifier_refcount = ATOMIC_INIT(0);
void nf_nat_masquerade_ipv4_register_notifier(void) int nf_nat_masquerade_ipv4_register_notifier(void)
{ {
int ret;
/* check if the notifier was already set */ /* check if the notifier was already set */
if (atomic_inc_return(&masquerade_notifier_refcount) > 1) if (atomic_inc_return(&masquerade_notifier_refcount) > 1)
return; return 0;
/* Register for device down reports */ /* Register for device down reports */
register_netdevice_notifier(&masq_dev_notifier); ret = register_netdevice_notifier(&masq_dev_notifier);
if (ret)
goto err_dec;
/* Register IP address change reports */ /* Register IP address change reports */
register_inetaddr_notifier(&masq_inet_notifier); ret = register_inetaddr_notifier(&masq_inet_notifier);
if (ret)
goto err_unregister;
return ret;
err_unregister:
unregister_netdevice_notifier(&masq_dev_notifier);
err_dec:
atomic_dec(&masquerade_notifier_refcount);
return ret;
} }
EXPORT_SYMBOL_GPL(nf_nat_masquerade_ipv4_register_notifier); EXPORT_SYMBOL_GPL(nf_nat_masquerade_ipv4_register_notifier);

4
net/ipv4/netfilter/nft_masq_ipv4.c
View File

@@ -69,7 +69,9 @@ static int __init nft_masq_ipv4_module_init(void)
if (ret < 0) if (ret < 0)
return ret; return ret;
nf_nat_masquerade_ipv4_register_notifier(); ret = nf_nat_masquerade_ipv4_register_notifier();
if (ret)
nft_unregister_expr(&nft_masq_ipv4_type);
return ret; return ret;
} }

8
net/ipv6/netfilter/ip6t_MASQUERADE.c
View File

@@ -58,8 +58,12 @@ static int __init masquerade_tg6_init(void)
int err; int err;
err = xt_register_target(&masquerade_tg6_reg); err = xt_register_target(&masquerade_tg6_reg);
if (err == 0) if (err)
nf_nat_masquerade_ipv6_register_notifier(); return err;
err = nf_nat_masquerade_ipv6_register_notifier();
if (err)
xt_unregister_target(&masquerade_tg6_reg);
return err; return err;
} }

30
net/ipv6/netfilter/nf_nat_masquerade_ipv6.c
View File

@@ -120,7 +120,7 @@ static void iterate_cleanup_work(struct work_struct *work)
* of ipv6 addresses being deleted), we also need to add an upper * of ipv6 addresses being deleted), we also need to add an upper
* limit to the number of queued work items. * limit to the number of queued work items.
*/ */
static int masq_inet_event(struct notifier_block *this, static int masq_inet6_event(struct notifier_block *this,
unsigned long event, void *ptr) unsigned long event, void *ptr)
{ {
struct inet6_ifaddr *ifa = ptr; struct inet6_ifaddr *ifa = ptr;
@@ -158,20 +158,34 @@ static int masq_inet_event(struct notifier_block *this,
return NOTIFY_DONE; return NOTIFY_DONE;
} }
static struct notifier_block masq_inet_notifier = { static struct notifier_block masq_inet6_notifier = {
.notifier_call = masq_inet_event, .notifier_call = masq_inet6_event,
}; };
static atomic_t masquerade_notifier_refcount = ATOMIC_INIT(0); static atomic_t masquerade_notifier_refcount = ATOMIC_INIT(0);
void nf_nat_masquerade_ipv6_register_notifier(void) int nf_nat_masquerade_ipv6_register_notifier(void)
{ {
int ret;
/* check if the notifier is already set */ /* check if the notifier is already set */
if (atomic_inc_return(&masquerade_notifier_refcount) > 1) if (atomic_inc_return(&masquerade_notifier_refcount) > 1)
return; return 0;
register_netdevice_notifier(&masq_dev_notifier); ret = register_netdevice_notifier(&masq_dev_notifier);
register_inet6addr_notifier(&masq_inet_notifier); if (ret)
goto err_dec;
ret = register_inet6addr_notifier(&masq_inet6_notifier);
if (ret)
goto err_unregister;
return ret;
err_unregister:
unregister_netdevice_notifier(&masq_dev_notifier);
err_dec:
atomic_dec(&masquerade_notifier_refcount);
return ret;
} }
EXPORT_SYMBOL_GPL(nf_nat_masquerade_ipv6_register_notifier); EXPORT_SYMBOL_GPL(nf_nat_masquerade_ipv6_register_notifier);
@@ -181,7 +195,7 @@ void nf_nat_masquerade_ipv6_unregister_notifier(void)
if (atomic_dec_return(&masquerade_notifier_refcount) > 0) if (atomic_dec_return(&masquerade_notifier_refcount) > 0)
return; return;
unregister_inet6addr_notifier(&masq_inet_notifier); unregister_inet6addr_notifier(&masq_inet6_notifier);
unregister_netdevice_notifier(&masq_dev_notifier); unregister_netdevice_notifier(&masq_dev_notifier);
} }
EXPORT_SYMBOL_GPL(nf_nat_masquerade_ipv6_unregister_notifier); EXPORT_SYMBOL_GPL(nf_nat_masquerade_ipv6_unregister_notifier);

4
net/ipv6/netfilter/nft_masq_ipv6.c
View File

@@ -70,7 +70,9 @@ static int __init nft_masq_ipv6_module_init(void)
if (ret < 0) if (ret < 0)
return ret; return ret;
nf_nat_masquerade_ipv6_register_notifier(); ret = nf_nat_masquerade_ipv6_register_notifier();
if (ret)
nft_unregister_expr(&nft_masq_ipv6_type);
return ret; return ret;
} }

5
net/netfilter/nft_flow_offload.c
View File

@@ -214,7 +214,9 @@ static int __init nft_flow_offload_module_init(void)
{ {
int err; int err;
register_netdevice_notifier(&flow_offload_netdev_notifier); err = register_netdevice_notifier(&flow_offload_netdev_notifier);
if (err)
goto err;
err = nft_register_expr(&nft_flow_offload_type); err = nft_register_expr(&nft_flow_offload_type);
if (err < 0) if (err < 0)
@@ -224,6 +226,7 @@ static int __init nft_flow_offload_module_init(void)
register_expr: register_expr:
unregister_netdevice_notifier(&flow_offload_netdev_notifier); unregister_netdevice_notifier(&flow_offload_netdev_notifier);
err:
return err; return err;
} }