[Devel] [PATCH] iptable_raw: Don't reuse VE_IP_IPTABLES bit

[Kirill Tkhai]

We can't use the same bit in _iptables_modules for different
modules. This leads to a memory leak, because it's cleared
after pernet exit method, so only one pernet exit is executed.

Found in the process of fixing: https://jira.sw.ru/browse/PSBM-34192.

Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
---
 net/ipv4/netfilter/iptable_raw.c |   13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index 6627256..d52e1dd 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -41,10 +41,13 @@ static struct nf_hook_ops *rawtable_ops __read_mostly;
 static int __net_init iptable_raw_net_init(struct net *net)
 {
 	struct ipt_replace *repl;
+	int ret;
 
 	if (!net_ipt_permitted(net, VE_IP_IPTABLES))
 		return 0;
 
+	BUG_ON(net->ipv4.iptable_raw);
+
 	repl = ipt_alloc_initial_table(&packet_raw);
 	if (repl == NULL)
 		return -ENOMEM;
@@ -52,19 +55,21 @@ static int __net_init iptable_raw_net_init(struct net *net)
 		ipt_register_table(net, &packet_raw, repl);
 	kfree(repl);
 
-	net_ipt_module_set(net, VE_IP_IPTABLES);
+	ret = PTR_RET(net->ipv4.iptable_raw);
+	if (ret)
+		net->ipv4.iptable_raw = NULL;
 
-	return PTR_RET(net->ipv4.iptable_raw);
+	return ret;
 }
 
 static void __net_exit iptable_raw_net_exit(struct net *net)
 {
-	if (!net_is_ipt_module_set(net, VE_IP_IPTABLES))
+	if (!net->ipv4.iptable_raw)
 		return;
 
 	ipt_unregister_table(net, net->ipv4.iptable_raw);
 
-	net_ipt_module_clear(net, VE_IP_IPTABLES);
+	net->ipv4.iptable_raw = NULL;
 }
 
 static struct pernet_operations iptable_raw_net_ops = {