From patchwork Sat Sep 8 17:50:27 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [net-next] netfilter: x_tables: xt_init() should run earlier Date: Sat, 08 Sep 2012 07:50:27 -0000 From: Patrick McHardy X-Patchwork-Id: 182589 Message-Id: To: Eric Dumazet Cc: Cong Wang , Pablo Neira Ayuso , netfilter-devel@vger.kernel.org, Linux Kernel Network Developers On Wed, 5 Sep 2012, Eric Dumazet wrote: > From: Eric Dumazet > > Cong Wang reported a NULL dereference in xt_register_target() > > It turns out xt_nat_init() was called before xt_init(), so xt array > was not yet setup. > > xt_init() should be marked core_initcall() to solve this problem. > > Reported-by: Cong Wang > Signed-off-by: Eric Dumazet > --- > net/netfilter/x_tables.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c > index 8d987c3..afcea11 100644 > --- a/net/netfilter/x_tables.c > +++ b/net/netfilter/x_tables.c > @@ -1390,6 +1390,6 @@ static void __exit xt_fini(void) > kfree(xt); > } > > -module_init(xt_init); > +core_initcall(xt_init); > module_exit(xt_fini); Shouldn't we simply change the Makefile order? commit ecc4508e476e4325e747dad5d86c03248ed16271 Author: Patrick McHardy Date: Sat Sep 8 19:45:12 2012 +0200 netfilter: fix xt_nat link order Cong Wang reported a NULL dereference in xt_register_target() It turns out xt_nat_init() was called before xt_init(), so xt array was not yet setup. Move xt_nat down in the Makefile to avoid initialization before x_tables is initialized. Based on patch from Eric Dumazet. Reported-by: Cong Wang Signed-off-by: Patrick McHardy diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile index 98244d4..6ad6616 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile @@ -47,7 +47,6 @@ nf_nat-y := nf_nat_core.o nf_nat_proto_unknown.o nf_nat_proto_common.o \ nf_nat_proto_udp.o nf_nat_proto_tcp.o nf_nat_helper.o obj-$(CONFIG_NF_NAT) += nf_nat.o -obj-$(CONFIG_NF_NAT) += xt_nat.o # NAT protocols (nf_nat) obj-$(CONFIG_NF_NAT_PROTO_DCCP) += nf_nat_proto_dccp.o @@ -93,6 +92,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP) += xt_TCPOPTSTRIP.o obj-$(CONFIG_NETFILTER_XT_TARGET_TEE) += xt_TEE.o obj-$(CONFIG_NETFILTER_XT_TARGET_TRACE) += xt_TRACE.o obj-$(CONFIG_NETFILTER_XT_TARGET_IDLETIMER) += xt_IDLETIMER.o +obj-$(CONFIG_NF_NAT) += xt_nat.o # matches obj-$(CONFIG_NETFILTER_XT_MATCH_ADDRTYPE) += xt_addrtype.o