mirror of
https://github.com/torvalds/linux.git
synced 2024-11-14 08:02:07 +00:00
netfilter: ctnetlink: drop the incorrect cthelper module request
First, when creating a new ct, we will invoke request_module to try to load the related inkernel cthelper. So there's no need to call the request_module again when updating the ct helpinfo. Second, ctnetlink_change_helper may be called with rcu_read_lock held, i.e. rcu_read_lock -> nfqnl_recv_verdict -> nfqnl_ct_parse -> ctnetlink_glue_parse -> ctnetlink_glue_parse_ct -> ctnetlink_change_helper. But the request_module invocation may sleep, so we can't call it with the rcu_read_lock held. Remove it now. Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
54a5f9d9ab
commit
14e5676156
@ -1512,23 +1512,8 @@ static int ctnetlink_change_helper(struct nf_conn *ct,
|
|||||||
|
|
||||||
helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
|
helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
|
||||||
nf_ct_protonum(ct));
|
nf_ct_protonum(ct));
|
||||||
if (helper == NULL) {
|
if (helper == NULL)
|
||||||
#ifdef CONFIG_MODULES
|
|
||||||
spin_unlock_bh(&nf_conntrack_expect_lock);
|
|
||||||
|
|
||||||
if (request_module("nfct-helper-%s", helpname) < 0) {
|
|
||||||
spin_lock_bh(&nf_conntrack_expect_lock);
|
|
||||||
return -EOPNOTSUPP;
|
|
||||||
}
|
|
||||||
|
|
||||||
spin_lock_bh(&nf_conntrack_expect_lock);
|
|
||||||
helper = __nf_conntrack_helper_find(helpname, nf_ct_l3num(ct),
|
|
||||||
nf_ct_protonum(ct));
|
|
||||||
if (helper)
|
|
||||||
return -EAGAIN;
|
|
||||||
#endif
|
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
}
|
|
||||||
|
|
||||||
if (help) {
|
if (help) {
|
||||||
if (help->helper == helper) {
|
if (help->helper == helper) {
|
||||||
|
Loading…
Reference in New Issue
Block a user