netfilter: ipt_CLUSTERIP: put config instead of freeing it
Once struct is added to per-netns list it becomes visible to other cpus, so we cannot use kfree(). Also delay setting entries refcount to 1 until after everything is initialised so that when we call clusterip_config_put() in this spot entries is still zero. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
8ae5682281
commit
1a9da59373
|
@ -232,7 +232,6 @@ clusterip_config_init(struct net *net, const struct ipt_clusterip_tgt_info *i,
|
||||||
c->hash_mode = i->hash_mode;
|
c->hash_mode = i->hash_mode;
|
||||||
c->hash_initval = i->hash_initval;
|
c->hash_initval = i->hash_initval;
|
||||||
refcount_set(&c->refcount, 1);
|
refcount_set(&c->refcount, 1);
|
||||||
refcount_set(&c->entries, 1);
|
|
||||||
|
|
||||||
spin_lock_bh(&cn->lock);
|
spin_lock_bh(&cn->lock);
|
||||||
if (__clusterip_config_find(net, ip)) {
|
if (__clusterip_config_find(net, ip)) {
|
||||||
|
@ -263,8 +262,10 @@ clusterip_config_init(struct net *net, const struct ipt_clusterip_tgt_info *i,
|
||||||
|
|
||||||
c->notifier.notifier_call = clusterip_netdev_event;
|
c->notifier.notifier_call = clusterip_netdev_event;
|
||||||
err = register_netdevice_notifier(&c->notifier);
|
err = register_netdevice_notifier(&c->notifier);
|
||||||
if (!err)
|
if (!err) {
|
||||||
|
refcount_set(&c->entries, 1);
|
||||||
return c;
|
return c;
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_PROC_FS
|
#ifdef CONFIG_PROC_FS
|
||||||
proc_remove(c->pde);
|
proc_remove(c->pde);
|
||||||
|
@ -273,7 +274,7 @@ err:
|
||||||
spin_lock_bh(&cn->lock);
|
spin_lock_bh(&cn->lock);
|
||||||
list_del_rcu(&c->list);
|
list_del_rcu(&c->list);
|
||||||
spin_unlock_bh(&cn->lock);
|
spin_unlock_bh(&cn->lock);
|
||||||
kfree(c);
|
clusterip_config_put(c);
|
||||||
|
|
||||||
return ERR_PTR(err);
|
return ERR_PTR(err);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue