[NETFILTER]: Remove tasklist_lock abuse in ipt{,6}owner

Rip out cmd/sid/pid matching since its unfixable broken and stands in the way of locking changes to tasklist_lock. Signed-off-by: Christoph Hellwig <hch@lst.de> Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Christoph Hellwig <hch@lst.de> 2005-08-14 20:33:59 -0400
committer: David S. Miller <davem@sunset.davemloft.net> 2005-08-29 18:59:07 -0400
commit: 34b4a4a624bafe089107966a6c56d2a1aca026d4 (patch)
tree: d0546ea54dc1f7169447133df89e1512eb48ae39 /net/ipv4
parent: 000efe1d86620244b8e017429e57fab4170ab05a (diff)
1 files changed, 7 insertions, 125 deletions
diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c
index 3b9065e06381..c1889f88262b 100644
--- a/net/ipv4/netfilter/ipt_owner.c
+++ b/net/ipv4/netfilter/ipt_owner.c
@@ -21,106 +21,6 @@ MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
 MODULE_DESCRIPTION("iptables owner match");
 static int
-match_comm(const struct sk_buff *skb, const char *comm)
-{
-        struct task_struct *g, *p;
-        struct files_struct *files;
-        int i;
-        read_lock(&tasklist_lock);
-        do_each_thread(g, p) {
-                if(strncmp(p->comm, comm, sizeof(p->comm)))
-                        continue;
-                task_lock(p);
-                files = p->files;
-                if(files) {
-                        spin_lock(&files->file_lock);
-                        for (i=0; i < files->max_fds; i++) {
-                                if (fcheck_files(files, i) ==
-                                    skb->sk->sk_socket->file) {
-                                        spin_unlock(&files->file_lock);
-                                        task_unlock(p);
-                                        read_unlock(&tasklist_lock);
-                                        return 1;
-                                }
-                        }
-                        spin_unlock(&files->file_lock);
-                }
-                task_unlock(p);
-        } while_each_thread(g, p);
-        read_unlock(&tasklist_lock);
-        return 0;
-}
-static int
-match_pid(const struct sk_buff *skb, pid_t pid)
-{
-        struct task_struct *p;
-        struct files_struct *files;
-        int i;
-        read_lock(&tasklist_lock);
-        p = find_task_by_pid(pid);
-        if (!p)
-                goto out;
-        task_lock(p);
-        files = p->files;
-        if(files) {
-                spin_lock(&files->file_lock);
-                for (i=0; i < files->max_fds; i++) {
-                        if (fcheck_files(files, i) ==
-                            skb->sk->sk_socket->file) {
-                                spin_unlock(&files->file_lock);
-                                task_unlock(p);
-                                read_unlock(&tasklist_lock);
-                                return 1;
-                        }
-                }
-                spin_unlock(&files->file_lock);
-        }
-        task_unlock(p);
-out:
-        read_unlock(&tasklist_lock);
-        return 0;
-}
-static int
-match_sid(const struct sk_buff *skb, pid_t sid)
-{
-        struct task_struct *g, *p;
-        struct file *file = skb->sk->sk_socket->file;
-        int i, found=0;
-        read_lock(&tasklist_lock);
-        do_each_thread(g, p) {
-                struct files_struct *files;
-                if (p->signal->session != sid)
-                        continue;
-                task_lock(p);
-                files = p->files;
-                if (files) {
-                        spin_lock(&files->file_lock);
-                        for (i=0; i < files->max_fds; i++) {
-                                if (fcheck_files(files, i) == file) {
-                                        found = 1;
-                                        break;
-                                }
-                        }
-                        spin_unlock(&files->file_lock);
-                }
-                task_unlock(p);
-                if (found)
-                        goto out;
-        } while_each_thread(g, p);
-out:
-        read_unlock(&tasklist_lock);
-        return found;
-}
-static int
 match(const struct sk_buff *skb,
      const struct net_device *in,
      const struct net_device *out,
@@ -145,24 +45,6 @@ match(const struct sk_buff *skb,
                        return 0;
        }
-        if(info->match & IPT_OWNER_PID) {
-                if (!match_pid(skb, info->pid) ^
-                    !!(info->invert & IPT_OWNER_PID))
-                        return 0;
-        }
-        if(info->match & IPT_OWNER_SID) {
-                if (!match_sid(skb, info->sid) ^
-                    !!(info->invert & IPT_OWNER_SID))
-                        return 0;
-        }
-        if(info->match & IPT_OWNER_COMM) {
-                if (!match_comm(skb, info->comm) ^
-                    !!(info->invert & IPT_OWNER_COMM))
-                        return 0;
-        }
        return 1;
 }
@@ -173,6 +55,8 @@ checkentry(const char *tablename,
           unsigned int matchsize,
           unsigned int hook_mask)
 {
+        const struct ipt_owner_info *info = matchinfo;
        if (hook_mask
            & ~((1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING))) {
                printk("ipt_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");
@@ -184,15 +68,13 @@ checkentry(const char *tablename,
                       IPT_ALIGN(sizeof(struct ipt_owner_info)));
                return 0;
        }
-#ifdef CONFIG_SMP
-        /* files->file_lock can not be used in a BH */
+        if (info->match & (IPT_OWNER_PID|IPT_OWNER_SID|IPT_OWNER_COMM)) {
-        if (((struct ipt_owner_info *)matchinfo)->match
+                printk("ipt_owner: pid, sid and command matching "
-            & (IPT_OWNER_PID|IPT_OWNER_SID|IPT_OWNER_COMM)) {
+                       "not supported anymore\n");
-                printk("ipt_owner: pid, sid and command matching is broken "
-                       "on SMP.\n");
                return 0;
        }
-#endif
        return 1;
 }
author	Christoph Hellwig <hch@lst.de>	2005-08-14 20:33:59 -0400
committer	David S. Miller <davem@sunset.davemloft.net>	2005-08-29 18:59:07 -0400
commit	34b4a4a624bafe089107966a6c56d2a1aca026d4 (patch)
tree	d0546ea54dc1f7169447133df89e1512eb48ae39 /net/ipv4
parent	000efe1d86620244b8e017429e57fab4170ab05a (diff)

diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c index 3b9065e06381..c1889f88262b 100644 --- a/net/ipv4/netfilter/ipt_owner.c +++ b/net/ipv4/netfilter/ipt_owner.c
@@ -21,106 +21,6 @@ MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
21	MODULE_DESCRIPTION("iptables owner match");	21	MODULE_DESCRIPTION("iptables owner match");
22		22
23	static int	23	static int
24	match_comm(const struct sk_buff skb, const char comm)
25	{
26	struct task_struct g, p;
27	struct files_struct *files;
28	int i;
29
30	read_lock(&tasklist_lock);
31	do_each_thread(g, p) {
32	if(strncmp(p->comm, comm, sizeof(p->comm)))
33	continue;
34
35	task_lock(p);
36	files = p->files;
37	if(files) {
38	spin_lock(&files->file_lock);
39	for (i=0; i < files->max_fds; i++) {
40	if (fcheck_files(files, i) ==
41	skb->sk->sk_socket->file) {
42	spin_unlock(&files->file_lock);
43	task_unlock(p);
44	read_unlock(&tasklist_lock);
45	return 1;
46	}
47	}
48	spin_unlock(&files->file_lock);
49	}
50	task_unlock(p);
51	} while_each_thread(g, p);
52	read_unlock(&tasklist_lock);
53	return 0;
54	}
55
56	static int
57	match_pid(const struct sk_buff *skb, pid_t pid)
58	{
59	struct task_struct *p;
60	struct files_struct *files;
61	int i;
62
63	read_lock(&tasklist_lock);
64	p = find_task_by_pid(pid);
65	if (!p)
66	goto out;
67	task_lock(p);
68	files = p->files;
69	if(files) {
70	spin_lock(&files->file_lock);
71	for (i=0; i < files->max_fds; i++) {
72	if (fcheck_files(files, i) ==
73	skb->sk->sk_socket->file) {
74	spin_unlock(&files->file_lock);
75	task_unlock(p);
76	read_unlock(&tasklist_lock);
77	return 1;
78	}
79	}
80	spin_unlock(&files->file_lock);
81	}
82	task_unlock(p);
83	out:
84	read_unlock(&tasklist_lock);
85	return 0;
86	}
87
88	static int
89	match_sid(const struct sk_buff *skb, pid_t sid)
90	{
91	struct task_struct g, p;
92	struct file *file = skb->sk->sk_socket->file;
93	int i, found=0;
94
95	read_lock(&tasklist_lock);
96	do_each_thread(g, p) {
97	struct files_struct *files;
98	if (p->signal->session != sid)
99	continue;
100
101	task_lock(p);
102	files = p->files;
103	if (files) {
104	spin_lock(&files->file_lock);
105	for (i=0; i < files->max_fds; i++) {
106	if (fcheck_files(files, i) == file) {
107	found = 1;
108	break;
109	}
110	}
111	spin_unlock(&files->file_lock);
112	}
113	task_unlock(p);
114	if (found)
115	goto out;
116	} while_each_thread(g, p);
117	out:
118	read_unlock(&tasklist_lock);
119
120	return found;
121	}
122
123	static int
124	match(const struct sk_buff *skb,	24	match(const struct sk_buff *skb,
125	const struct net_device *in,	25	const struct net_device *in,
126	const struct net_device *out,	26	const struct net_device *out,
@@ -145,24 +45,6 @@ match(const struct sk_buff *skb,
145	return 0;	45	return 0;
146	}	46	}
147		47
148	if(info->match & IPT_OWNER_PID) {
149	if (!match_pid(skb, info->pid) ^
150	!!(info->invert & IPT_OWNER_PID))
151	return 0;
152	}
153
154	if(info->match & IPT_OWNER_SID) {
155	if (!match_sid(skb, info->sid) ^
156	!!(info->invert & IPT_OWNER_SID))
157	return 0;
158	}
159
160	if(info->match & IPT_OWNER_COMM) {
161	if (!match_comm(skb, info->comm) ^
162	!!(info->invert & IPT_OWNER_COMM))
163	return 0;
164	}
165
166	return 1;	48	return 1;
167	}	49	}
168		50
@@ -173,6 +55,8 @@ checkentry(const char *tablename,
173	unsigned int matchsize,	55	unsigned int matchsize,
174	unsigned int hook_mask)	56	unsigned int hook_mask)
175	{	57	{
		58	const struct ipt_owner_info *info = matchinfo;
		59
176	if (hook_mask	60	if (hook_mask
177	& ~((1 << NF_IP_LOCAL_OUT) \| (1 << NF_IP_POST_ROUTING))) {	61	& ~((1 << NF_IP_LOCAL_OUT) \| (1 << NF_IP_POST_ROUTING))) {
178	printk("ipt_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");	62	printk("ipt_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");
@@ -184,15 +68,13 @@ checkentry(const char *tablename,
184	IPT_ALIGN(sizeof(struct ipt_owner_info)));	68	IPT_ALIGN(sizeof(struct ipt_owner_info)));
185	return 0;	69	return 0;
186	}	70	}
187	#ifdef CONFIG_SMP	71
188	/* files->file_lock can not be used in a BH */	72	if (info->match & (IPT_OWNER_PID\|IPT_OWNER_SID\|IPT_OWNER_COMM)) {
189	if (((struct ipt_owner_info *)matchinfo)->match	73	printk("ipt_owner: pid, sid and command matching "
190	& (IPT_OWNER_PID\|IPT_OWNER_SID\|IPT_OWNER_COMM)) {	74	"not supported anymore\n");
191	printk("ipt_owner: pid, sid and command matching is broken "
192	"on SMP.\n");
193	return 0;	75	return 0;
194	}	76	}
195	#endif	77
196	return 1;	78	return 1;
197	}	79	}
198		80