git.baikalelectronics.ru Git - kernel.git/commit

author	Florian Westphal <fw@strlen.de>
	Thu, 23 Sep 2021 14:44:34 +0000 (16:44 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Tue, 28 Sep 2021 11:04:55 +0000 (13:04 +0200)
commit	b50b02c1c96118873bf319133ed7c7ff3d458993
tree	4fd8f21da6f482db28701690064ef6c0251dd3a3	tree \| snapshot
parent	c686745a085f24784ab55b0aee8de2666d8ccfe6	commit \| diff

netfilter: conntrack: fix boot failure with nf_conntrack.enable_hooks=1

This is a revert of
995262f6a0 ("netfilter: nf_defrag_ipv4: use net_generic infra")
and a partial revert of
b0267976a7 ("netfilter: nf_defrag_ipv6: use net_generic infra").

If conntrack is builtin and kernel is booted with:
nf_conntrack.enable_hooks=1

.... kernel will fail to boot due to a NULL deref in
nf_defrag_ipv4_enable(): Its called before the ipv4 defrag initcall is
made, so net_generic() returns NULL.

To resolve this, move the user refcount back to struct net so calls
to those functions are possible even before their initcalls have run.

Fixes: 995262f6a025 ("netfilter: nf_defrag_ipv4: use net_generic infra")
Fixes: b0267976a72d ("netfilter: nf_defrag_ipv6: use net_generic infra").
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

include/net/netfilter/ipv6/nf_defrag_ipv6.h		diff \| blob \| history
include/net/netns/netfilter.h		diff \| blob \| history
net/ipv4/netfilter/nf_defrag_ipv4.c		diff \| blob \| history
net/ipv6/netfilter/nf_conntrack_reasm.c		diff \| blob \| history
net/ipv6/netfilter/nf_defrag_ipv6_hooks.c		diff \| blob \| history