[Devel] [PATCH RH7] netfilter: drop/reaquire nfnl_lock on request_module() in nft_log module
Andrey Ryabinin
aryabinin at virtuozzo.com
Thu Jul 16 16:55:36 MSK 2020
On 7/16/20 3:37 PM, Konstantin Khorenko wrote:
>
> +extern struct nf_logger __rcu *loggers[NFPROTO_NUMPROTO][NF_LOG_TYPE_MAX] __read_mostly;
> +
> +/*
> + * In "nft_log" module we need to drop nfnl lock while performing
> + * request_module(), calls to nf_logger_find_get() in other
> + * modules are done without nfnl_lock taken.
> + *
> + * nf_logger_find_get
> + * nft_log_init
> + * nf_tables_newexpr
> + * nf_tables_newrule // nc->call_batch
> + * // called with nfnl_lock taken
> + *
> + * nfnetlink_rcv_batch // takes nfnl_lock(NFNL_SUBSYS_NFTABLES)
> + * nfnetlink_rcv
> + * netlink_unicast
> + * netlink_sendmsg
> + */
> +static int nf_logger_find_get_lock(int pf, enum nf_log_type type)
> +{
> + struct nf_logger *logger;
> + int ret = 0;
> +
> + logger = loggers[pf][type];
> + if (logger == NULL) {
> + nfnl_unlock(NFNL_SUBSYS_NFTABLES);
nfnetlink_rcv_batch() takes nfnl_lock(subsys_id) lock
How you can be sure that subsys_id is always NFNL_SUBSYS_NFTABLES ?
> + request_module("nf-logger-%u-%u", pf, type);
> + nfnl_lock(NFNL_SUBSYS_NFTABLES);
> + ret = -EAGAIN;
> + }
More information about the Devel
mailing list