Re: [PATCH net-next] netfilter: x_tables: xt_init() should run earlier

Patrick McHardy <kaber@xxxxxxxxx> · Sat, 8 Sep 2012 19:50:27 +0200 (MEST)

On Wed, 5 Sep 2012, Eric Dumazet wrote:

From: Eric Dumazet <edumazet@xxxxxxxxxx>

Cong Wang reported a NULL dereference in xt_register_target()

It turns out xt_nat_init() was called before xt_init(), so xt array
was not yet setup.

xt_init() should be marked core_initcall() to solve this problem.

Reported-by: Cong Wang <xiyou.wangcong@xxxxxxxxx>
Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
---
net/netfilter/x_tables.c |    2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
index 8d987c3..afcea11 100644
--- a/net/netfilter/x_tables.c
+++ b/net/netfilter/x_tables.c
@@ -1390,6 +1390,6 @@ static void __exit xt_fini(void)
	kfree(xt);
}

-module_init(xt_init);
+core_initcall(xt_init);
module_exit(xt_fini);

Shouldn't we simply change the Makefile order?
commit ecc4508e476e4325e747dad5d86c03248ed16271
Author: Patrick McHardy <kaber@xxxxxxxxx>
Date:   Sat Sep 8 19:45:12 2012 +0200

    netfilter: fix xt_nat link order
    
    Cong Wang reported a NULL dereference in xt_register_target()
    
    It turns out xt_nat_init() was called before xt_init(), so xt array
    was not yet setup.
    
    Move xt_nat down in the Makefile to avoid initialization before
    x_tables is initialized.
    
    Based on patch from Eric Dumazet.
    
    Reported-by: Cong Wang <xiyou.wangcong@xxxxxxxxx>
    Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>

diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile
index 98244d4..6ad6616 100644
--- a/net/netfilter/Makefile
+++ b/net/netfilter/Makefile
@@ -47,7 +47,6 @@ nf_nat-y	:= nf_nat_core.o nf_nat_proto_unknown.o nf_nat_proto_common.o \
 		   nf_nat_proto_udp.o nf_nat_proto_tcp.o nf_nat_helper.o
 
 obj-$(CONFIG_NF_NAT) += nf_nat.o
-obj-$(CONFIG_NF_NAT) += xt_nat.o
 
 # NAT protocols (nf_nat)
 obj-$(CONFIG_NF_NAT_PROTO_DCCP) += nf_nat_proto_dccp.o
@@ -93,6 +92,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP) += xt_TCPOPTSTRIP.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_TEE) += xt_TEE.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_TRACE) += xt_TRACE.o
 obj-$(CONFIG_NETFILTER_XT_TARGET_IDLETIMER) += xt_IDLETIMER.o
+obj-$(CONFIG_NF_NAT) += xt_nat.o
 
 # matches
 obj-$(CONFIG_NETFILTER_XT_MATCH_ADDRTYPE) += xt_addrtype.o




