Patchwork [net-next] netfilter: x_tables: xt_init() should run earlier

login
register
mail settings
Submitter Eric Dumazet
Date Sept. 5, 2012, 4:37 p.m.
Message ID <1346863073.13121.155.camel@edumazet-glaptop>
Download mbox | patch
Permalink /patch/181900/
State Superseded
Headers show

Comments

Eric Dumazet - Sept. 5, 2012, 4:37 p.m.
From: Eric Dumazet <edumazet@google.com>

Cong Wang reported a NULL dereference in xt_register_target()

It turns out xt_nat_init() was called before xt_init(), so xt array
was not yet setup.

xt_init() should be marked core_initcall() to solve this problem.

Reported-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
---
 net/netfilter/x_tables.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)



--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Pablo Neira - Sept. 5, 2012, 4:53 p.m.
Hi Eric,

On Wed, Sep 05, 2012 at 06:37:53PM +0200, Eric Dumazet wrote:
> From: Eric Dumazet <edumazet@google.com>
> 
> Cong Wang reported a NULL dereference in xt_register_target()
> 
> It turns out xt_nat_init() was called before xt_init(), so xt array
> was not yet setup.
> 
> xt_init() should be marked core_initcall() to solve this problem.
> 
> Reported-by: Cong Wang <xiyou.wangcong@gmail.com>
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> ---
>  net/netfilter/x_tables.c |    2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
> index 8d987c3..afcea11 100644
> --- a/net/netfilter/x_tables.c
> +++ b/net/netfilter/x_tables.c
> @@ -1390,6 +1390,6 @@ static void __exit xt_fini(void)
>  	kfree(xt);
>  }
>  
> -module_init(xt_init);
> +core_initcall(xt_init);
>  module_exit(xt_fini);

It seems we've clashed fixing this, sorry. Can you still see any
problem with my patch?

Thanks for looking into this.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Eric Dumazet - Sept. 5, 2012, 4:59 p.m.
On Wed, 2012-09-05 at 18:53 +0200, Pablo Neira Ayuso wrote:
> Hi Eric,

> 
> It seems we've clashed fixing this, sorry. Can you still see any
> problem with my patch?
> 
> Thanks for looking into this.

No problem !

It seems link order is the way to go, so your patch is good too !

Thanks


--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 8d987c3..afcea11 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -1390,6 +1390,6 @@  static void __exit xt_fini(void)
 	kfree(xt);
 }
 
-module_init(xt_init);
+core_initcall(xt_init);
 module_exit(xt_fini);