diff options
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nfnetlink.c | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c index f8bd7c7e7921..83f4c53030fc 100644 --- a/net/netfilter/nfnetlink.c +++ b/net/netfilter/nfnetlink.c | |||
@@ -240,15 +240,18 @@ static inline int nfnetlink_rcv_msg(struct sk_buff *skb, | |||
240 | ss = nfnetlink_get_subsys(type); | 240 | ss = nfnetlink_get_subsys(type); |
241 | if (!ss) { | 241 | if (!ss) { |
242 | #ifdef CONFIG_KMOD | 242 | #ifdef CONFIG_KMOD |
243 | /* don't call nfnl_shunlock, since it would reenter | 243 | if (cap_raised(NETLINK_CB(skb).eff_cap, CAP_NET_ADMIN)) { |
244 | * with further packet processing */ | 244 | /* don't call nfnl_shunlock, since it would reenter |
245 | up(&nfnl_sem); | 245 | * with further packet processing */ |
246 | request_module("nfnetlink-subsys-%d", NFNL_SUBSYS_ID(type)); | 246 | up(&nfnl_sem); |
247 | nfnl_shlock(); | 247 | request_module("nfnetlink-subsys-%d", |
248 | ss = nfnetlink_get_subsys(type); | 248 | NFNL_SUBSYS_ID(type)); |
249 | nfnl_shlock(); | ||
250 | ss = nfnetlink_get_subsys(type); | ||
251 | } | ||
249 | if (!ss) | 252 | if (!ss) |
250 | #endif | 253 | #endif |
251 | goto err_inval; | 254 | goto err_inval; |
252 | } | 255 | } |
253 | 256 | ||
254 | nc = nfnetlink_find_client(type, ss); | 257 | nc = nfnetlink_find_client(type, ss); |