1 files changed, 7 insertions, 83 deletions
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c
index ab0e32d3de46..9b91decbfddb 100644
--- a/net/ipv6/netfilter/ip6t_owner.c
+++ b/net/ipv6/netfilter/ip6t_owner.c
@@ -20,71 +20,6 @@ MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
 MODULE_DESCRIPTION("IP6 tables owner matching module");
 MODULE_LICENSE("GPL");
-static int
-match_pid(const struct sk_buff *skb, pid_t pid)
-{
-        struct task_struct *p;
-        struct files_struct *files;
-        int i;
-        read_lock(&tasklist_lock);
-        p = find_task_by_pid(pid);
-        if (!p)
-                goto out;
-        task_lock(p);
-        files = p->files;
-        if(files) {
-                spin_lock(&files->file_lock);
-                for (i=0; i < files->max_fds; i++) {
-                        if (fcheck_files(files, i) == skb->sk->sk_socket->file) {
-                                spin_unlock(&files->file_lock);
-                                task_unlock(p);
-                                read_unlock(&tasklist_lock);
-                                return 1;
-                        }
-                }
-                spin_unlock(&files->file_lock);
-        }
-        task_unlock(p);
-out:
-        read_unlock(&tasklist_lock);
-        return 0;
-}
-static int
-match_sid(const struct sk_buff *skb, pid_t sid)
-{
-        struct task_struct *g, *p;
-        struct file *file = skb->sk->sk_socket->file;
-        int i, found=0;
-        read_lock(&tasklist_lock);
-        do_each_thread(g, p) {
-                struct files_struct *files;
-                if (p->signal->session != sid)
-                        continue;
-                task_lock(p);
-                files = p->files;
-                if (files) {
-                        spin_lock(&files->file_lock);
-                        for (i=0; i < files->max_fds; i++) {
-                                if (fcheck_files(files, i) == file) {
-                                        found = 1;
-                                        break;
-                                }
-                        }
-                        spin_unlock(&files->file_lock);
-                }
-                task_unlock(p);
-                if (found)
-                        goto out;
-        } while_each_thread(g, p);
-out:
-        read_unlock(&tasklist_lock);
-        return found;
-}
 static int
 match(const struct sk_buff *skb,
@@ -112,18 +47,6 @@ match(const struct sk_buff *skb,
                        return 0;
        }
-        if(info->match & IP6T_OWNER_PID) {
-                if (!match_pid(skb, info->pid) ^
-                    !!(info->invert & IP6T_OWNER_PID))
-                        return 0;
-        }
-        if(info->match & IP6T_OWNER_SID) {
-                if (!match_sid(skb, info->sid) ^
-                    !!(info->invert & IP6T_OWNER_SID))
-                        return 0;
-        }
        return 1;
 }
@@ -134,6 +57,8 @@ checkentry(const char *tablename,
           unsigned int matchsize,
           unsigned int hook_mask)
 {
+        const struct ip6t_owner_info *info = matchinfo;
        if (hook_mask
            & ~((1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING))) {
                printk("ip6t_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");
@@ -142,14 +67,13 @@ checkentry(const char *tablename,
        if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_owner_info)))
                return 0;
-#ifdef CONFIG_SMP
-        /* files->file_lock can not be used in a BH */
+        if (info->match & (IP6T_OWNER_PID|IP6T_OWNER_SID)) {
-        if (((struct ip6t_owner_info *)matchinfo)->match
+                printk("ipt_owner: pid and sid matching "
-            & (IP6T_OWNER_PID|IP6T_OWNER_SID)) {
+                       "not supported anymore\n");
-                printk("ip6t_owner: pid and sid matching is broken on SMP.\n");
                return 0;
        }
-#endif
        return 1;
 }

diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c index ab0e32d3de46..9b91decbfddb 100644 --- a/net/ipv6/netfilter/ip6t_owner.c +++ b/net/ipv6/netfilter/ip6t_owner.c
@@ -20,71 +20,6 @@ MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
20	MODULE_DESCRIPTION("IP6 tables owner matching module");	20	MODULE_DESCRIPTION("IP6 tables owner matching module");
21	MODULE_LICENSE("GPL");	21	MODULE_LICENSE("GPL");
22		22
23	static int
24	match_pid(const struct sk_buff *skb, pid_t pid)
25	{
26	struct task_struct *p;
27	struct files_struct *files;
28	int i;
29
30	read_lock(&tasklist_lock);
31	p = find_task_by_pid(pid);
32	if (!p)
33	goto out;
34	task_lock(p);
35	files = p->files;
36	if(files) {
37	spin_lock(&files->file_lock);
38	for (i=0; i < files->max_fds; i++) {
39	if (fcheck_files(files, i) == skb->sk->sk_socket->file) {
40	spin_unlock(&files->file_lock);
41	task_unlock(p);
42	read_unlock(&tasklist_lock);
43	return 1;
44	}
45	}
46	spin_unlock(&files->file_lock);
47	}
48	task_unlock(p);
49	out:
50	read_unlock(&tasklist_lock);
51	return 0;
52	}
53
54	static int
55	match_sid(const struct sk_buff *skb, pid_t sid)
56	{
57	struct task_struct g, p;
58	struct file *file = skb->sk->sk_socket->file;
59	int i, found=0;
60
61	read_lock(&tasklist_lock);
62	do_each_thread(g, p) {
63	struct files_struct *files;
64	if (p->signal->session != sid)
65	continue;
66
67	task_lock(p);
68	files = p->files;
69	if (files) {
70	spin_lock(&files->file_lock);
71	for (i=0; i < files->max_fds; i++) {
72	if (fcheck_files(files, i) == file) {
73	found = 1;
74	break;
75	}
76	}
77	spin_unlock(&files->file_lock);
78	}
79	task_unlock(p);
80	if (found)
81	goto out;
82	} while_each_thread(g, p);
83	out:
84	read_unlock(&tasklist_lock);
85
86	return found;
87	}
88		23
89	static int	24	static int
90	match(const struct sk_buff *skb,	25	match(const struct sk_buff *skb,
@@ -112,18 +47,6 @@ match(const struct sk_buff *skb,
112	return 0;	47	return 0;
113	}	48	}
114		49
115	if(info->match & IP6T_OWNER_PID) {
116	if (!match_pid(skb, info->pid) ^
117	!!(info->invert & IP6T_OWNER_PID))
118	return 0;
119	}
120
121	if(info->match & IP6T_OWNER_SID) {
122	if (!match_sid(skb, info->sid) ^
123	!!(info->invert & IP6T_OWNER_SID))
124	return 0;
125	}
126
127	return 1;	50	return 1;
128	}	51	}
129		52
@@ -134,6 +57,8 @@ checkentry(const char *tablename,
134	unsigned int matchsize,	57	unsigned int matchsize,
135	unsigned int hook_mask)	58	unsigned int hook_mask)
136	{	59	{
		60	const struct ip6t_owner_info *info = matchinfo;
		61
137	if (hook_mask	62	if (hook_mask
138	& ~((1 << NF_IP6_LOCAL_OUT) \| (1 << NF_IP6_POST_ROUTING))) {	63	& ~((1 << NF_IP6_LOCAL_OUT) \| (1 << NF_IP6_POST_ROUTING))) {
139	printk("ip6t_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");	64	printk("ip6t_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");
@@ -142,14 +67,13 @@ checkentry(const char *tablename,
142		67
143	if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_owner_info)))	68	if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_owner_info)))
144	return 0;	69	return 0;
145	#ifdef CONFIG_SMP	70
146	/* files->file_lock can not be used in a BH */	71	if (info->match & (IP6T_OWNER_PID\|IP6T_OWNER_SID)) {
147	if (((struct ip6t_owner_info *)matchinfo)->match	72	printk("ipt_owner: pid and sid matching "
148	& (IP6T_OWNER_PID\|IP6T_OWNER_SID)) {	73	"not supported anymore\n");
149	printk("ip6t_owner: pid and sid matching is broken on SMP.\n");
150	return 0;	74	return 0;
151	}	75	}
152	#endif	76
153	return 1;	77	return 1;
154	}	78	}
155		79