提交 adb00ae2 编写于 作者: S Stephen Hemminger 提交者: Patrick McHardy

netfilter: x_tables: misuse of try_then_request_module

Since xt_find_match() returns ERR_PTR(xx) on error not NULL,
the macro try_then_request_module won't work correctly here.
The macro expects its first argument will be zero if condition
fails. But ERR_PTR(-ENOENT) is not zero.

The correct solution is to propagate the error value
back.

Found by inspection, and compile tested only.
Signed-off-by: NStephen Hemminger <shemminger@vyatta.com>
Signed-off-by: NPatrick McHardy <kaber@trash.net>
上级 9846ada1
...@@ -183,7 +183,7 @@ EXPORT_SYMBOL(xt_unregister_matches); ...@@ -183,7 +183,7 @@ EXPORT_SYMBOL(xt_unregister_matches);
/* /*
* These are weird, but module loading must not be done with mutex * These are weird, but module loading must not be done with mutex
* held (since they will register), and we have to have a single * held (since they will register), and we have to have a single
* function to use try_then_request_module(). * function to use.
*/ */
/* Find match, grabs ref. Returns ERR_PTR() on error. */ /* Find match, grabs ref. Returns ERR_PTR() on error. */
...@@ -221,9 +221,13 @@ xt_request_find_match(uint8_t nfproto, const char *name, uint8_t revision) ...@@ -221,9 +221,13 @@ xt_request_find_match(uint8_t nfproto, const char *name, uint8_t revision)
{ {
struct xt_match *match; struct xt_match *match;
match = try_then_request_module(xt_find_match(nfproto, name, revision), match = xt_find_match(nfproto, name, revision);
"%st_%s", xt_prefix[nfproto], name); if (IS_ERR(match)) {
return (match != NULL) ? match : ERR_PTR(-ENOENT); request_module("%st_%s", xt_prefix[nfproto], name);
match = xt_find_match(nfproto, name, revision);
}
return match;
} }
EXPORT_SYMBOL_GPL(xt_request_find_match); EXPORT_SYMBOL_GPL(xt_request_find_match);
...@@ -261,9 +265,13 @@ struct xt_target *xt_request_find_target(u8 af, const char *name, u8 revision) ...@@ -261,9 +265,13 @@ struct xt_target *xt_request_find_target(u8 af, const char *name, u8 revision)
{ {
struct xt_target *target; struct xt_target *target;
target = try_then_request_module(xt_find_target(af, name, revision), target = xt_find_target(af, name, revision);
"%st_%s", xt_prefix[af], name); if (IS_ERR(target)) {
return (target != NULL) ? target : ERR_PTR(-ENOENT); request_module("%st_%s", xt_prefix[af], name);
target = xt_find_target(af, name, revision);
}
return target;
} }
EXPORT_SYMBOL_GPL(xt_request_find_target); EXPORT_SYMBOL_GPL(xt_request_find_target);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册