4c1b52bc7a
check_compat_entry_size_and_hooks iterates over the matches and calls compat_check_calc_match, which loads the match and calculates the compat offsets, but unlike the non-compat version, doesn't call ->checkentry yet. On error however it calls cleanup_matches, which in turn calls ->destroy, which can result in crashes if the destroy function (validly) expects to only get called after the checkentry function. Add a compat_release_match function that only drops the module reference on error and rename compat_check_calc_match to compat_find_calc_match to reflect the fact that it doesn't call the checkentry function. Reported by Jan Engelhardt <jengelh@linux01.gwdg.de> Signed-off-by: Dmitry Mishin <dim@openvz.org> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
|---|---|---|
| .. | ||
| ip_queue.h | ||
| ip_tables.h | ||
| ipt_addrtype.h | ||
| ipt_ah.h | ||
| ipt_CLASSIFY.h | ||
| ipt_CLUSTERIP.h | ||
| ipt_comment.h | ||
| ipt_connbytes.h | ||
| ipt_CONNMARK.h | ||
| ipt_connmark.h | ||
| ipt_conntrack.h | ||
| ipt_dccp.h | ||
| ipt_DSCP.h | ||
| ipt_dscp.h | ||
| ipt_ecn.h | ||
| ipt_ECN.h | ||
| ipt_esp.h | ||
| ipt_hashlimit.h | ||
| ipt_helper.h | ||
| ipt_iprange.h | ||
| ipt_length.h | ||
| ipt_limit.h | ||
| ipt_LOG.h | ||
| ipt_mac.h | ||
| ipt_mark.h | ||
| ipt_MARK.h | ||
| ipt_multiport.h | ||
| ipt_NFQUEUE.h | ||
| ipt_owner.h | ||
| ipt_physdev.h | ||
| ipt_pkttype.h | ||
| ipt_policy.h | ||
| ipt_realm.h | ||
| ipt_recent.h | ||
| ipt_REJECT.h | ||
| ipt_SAME.h | ||
| ipt_sctp.h | ||
| ipt_state.h | ||
| ipt_string.h | ||
| ipt_TCPMSS.h | ||
| ipt_tcpmss.h | ||
| ipt_TOS.h | ||
| ipt_tos.h | ||
| ipt_TTL.h | ||
| ipt_ttl.h | ||
| ipt_ULOG.h | ||
| Kbuild | ||