Commit 93b0806f authored by Patrick McHardy's avatar Patrick McHardy Committed by Pablo Neira Ayuso

netfilter: nf_tables: replay request after dropping locks to load chain type

To avoid races, we need to replay to request after dropping the nfnl_mutex
to auto-load the chain type module.
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 88ce65a7
...@@ -147,16 +147,20 @@ nf_tables_chain_type_lookup(const struct nft_af_info *afi, ...@@ -147,16 +147,20 @@ nf_tables_chain_type_lookup(const struct nft_af_info *afi,
struct nf_chain_type *type; struct nf_chain_type *type;
type = __nf_tables_chain_type_lookup(afi->family, nla); type = __nf_tables_chain_type_lookup(afi->family, nla);
if (type != NULL)
return type;
#ifdef CONFIG_MODULES #ifdef CONFIG_MODULES
if (type == NULL && autoload) { if (autoload) {
nfnl_unlock(NFNL_SUBSYS_NFTABLES); nfnl_unlock(NFNL_SUBSYS_NFTABLES);
request_module("nft-chain-%u-%*.s", afi->family, request_module("nft-chain-%u-%*.s", afi->family,
nla_len(nla)-1, (const char *)nla_data(nla)); nla_len(nla)-1, (const char *)nla_data(nla));
nfnl_lock(NFNL_SUBSYS_NFTABLES); nfnl_lock(NFNL_SUBSYS_NFTABLES);
type = __nf_tables_chain_type_lookup(afi->family, nla); type = __nf_tables_chain_type_lookup(afi->family, nla);
if (type != NULL)
return ERR_PTR(-EAGAIN);
} }
#endif #endif
return type; return ERR_PTR(-ENOENT);
} }
static const struct nla_policy nft_table_policy[NFTA_TABLE_MAX + 1] = { static const struct nla_policy nft_table_policy[NFTA_TABLE_MAX + 1] = {
...@@ -906,8 +910,8 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb, ...@@ -906,8 +910,8 @@ static int nf_tables_newchain(struct sock *nlsk, struct sk_buff *skb,
type = nf_tables_chain_type_lookup(afi, type = nf_tables_chain_type_lookup(afi,
nla[NFTA_CHAIN_TYPE], nla[NFTA_CHAIN_TYPE],
create); create);
if (type == NULL) if (IS_ERR(type))
return -ENOENT; return PTR_ERR(type);
} }
err = nla_parse_nested(ha, NFTA_HOOK_MAX, nla[NFTA_CHAIN_HOOK], err = nla_parse_nested(ha, NFTA_HOOK_MAX, nla[NFTA_CHAIN_HOOK],
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment