netfilter: nft_compat: put back match/target module if init fail

If the user specify the invalid NFTA_MATCH_INFO/NFTA_TARGET_INFO attr or memory alloc fail, we should call module_put to the related match or target. Otherwise, we cannot remove the module even nobody use it. Signed-off-by: Liping Zhang <liping.zhang@spreadtrum.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Liping Zhang <liping.zhang@spreadtrum.com> 2016-07-23 04:00:31 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-07-23 06:22:07 -0400
commit: 2bf4fade54de995f84d319ae02003609dca450f3 (patch)
tree: 024cb3652c7f57ae1dc8ef1df2333a2d4a2c581d
parent: 96d1327ac2e3dc3ac4204fe3656dad0043fc0efd (diff)
1 files changed, 24 insertions, 8 deletions
diff --git a/net/netfilter/nft_compat.c b/net/netfilter/nft_compat.c
index 6228c422c766..2e07cec50ffd 100644
--- a/net/netfilter/nft_compat.c
+++ b/net/netfilter/nft_compat.c
@@ -634,6 +634,7 @@ nft_match_select_ops(const struct nft_ctx *ctx,
        struct xt_match *match;
        char *mt_name;
        u32 rev, family;
+        int err;
        if (tb[NFTA_MATCH_NAME] == NULL ||
            tb[NFTA_MATCH_REV] == NULL ||
@@ -660,13 +661,17 @@ nft_match_select_ops(const struct nft_ctx *ctx,
        if (IS_ERR(match))
                return ERR_PTR(-ENOENT);
-        if (match->matchsize > nla_len(tb[NFTA_MATCH_INFO]))
+        if (match->matchsize > nla_len(tb[NFTA_MATCH_INFO])) {
-                return ERR_PTR(-EINVAL);
+                err = -EINVAL;
+                goto err;
+        }
        /* This is the first time we use this match, allocate operations */
        nft_match = kzalloc(sizeof(struct nft_xt), GFP_KERNEL);
-        if (nft_match == NULL)
+        if (nft_match == NULL) {
-                return ERR_PTR(-ENOMEM);
+                err = -ENOMEM;
+                goto err;
+        }
        nft_match->ops.type = &nft_match_type;
        nft_match->ops.size = NFT_EXPR_SIZE(XT_ALIGN(match->matchsize));
@@ -680,6 +685,9 @@ nft_match_select_ops(const struct nft_ctx *ctx,
        list_add(&nft_match->head, &nft_match_list);
        return &nft_match->ops;
+err:
+        module_put(match->me);
+        return ERR_PTR(err);
 }
 static void nft_match_release(void)
@@ -717,6 +725,7 @@ nft_target_select_ops(const struct nft_ctx *ctx,
        struct xt_target *target;
        char *tg_name;
        u32 rev, family;
+        int err;
        if (tb[NFTA_TARGET_NAME] == NULL ||
            tb[NFTA_TARGET_REV] == NULL ||
@@ -743,13 +752,17 @@ nft_target_select_ops(const struct nft_ctx *ctx,
        if (IS_ERR(target))
                return ERR_PTR(-ENOENT);
-        if (target->targetsize > nla_len(tb[NFTA_TARGET_INFO]))
+        if (target->targetsize > nla_len(tb[NFTA_TARGET_INFO])) {
-                return ERR_PTR(-EINVAL);
+                err = -EINVAL;
+                goto err;
+        }
        /* This is the first time we use this target, allocate operations */
        nft_target = kzalloc(sizeof(struct nft_xt), GFP_KERNEL);
-        if (nft_target == NULL)
+        if (nft_target == NULL) {
-                return ERR_PTR(-ENOMEM);
+                err = -ENOMEM;
+                goto err;
+        }
        nft_target->ops.type = &nft_target_type;
        nft_target->ops.size = NFT_EXPR_SIZE(XT_ALIGN(target->targetsize));
@@ -767,6 +780,9 @@ nft_target_select_ops(const struct nft_ctx *ctx,
        list_add(&nft_target->head, &nft_target_list);
        return &nft_target->ops;
+err:
+        module_put(target->me);
+        return ERR_PTR(err);
 }
 static void nft_target_release(void)
author	Liping Zhang <liping.zhang@spreadtrum.com>	2016-07-23 04:00:31 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-07-23 06:22:07 -0400
commit	2bf4fade54de995f84d319ae02003609dca450f3 (patch)
tree	024cb3652c7f57ae1dc8ef1df2333a2d4a2c581d
parent	96d1327ac2e3dc3ac4204fe3656dad0043fc0efd (diff)