problem with ipset and 2.4.31, again...
Piotr Chytla
pch at packetconsulting.pl
Fri Feb 24 12:10:12 CET 2006
Hi
ipset from patch-o-matic-ng(r6345) fails to compile on 2.4.31/32, Problem and
solution is the same as this :
http://lists.netfilter.org/pipermail/netfilter-devel/2005-January/018087.html
In some earlier version this was fixed but this problem comes back again
:)
When CONFIG_NETFILTER_DEBUG is defined RWLOCK is structure but without
DEBUG , only rwlock_t l is use , WRITE_LOCK is write_lock_bh etc etc,
maybe this need some note in patch-o-matic-ng/patchlets/set/help that set must
by compiled without DEBUG , or use macros everywhere .
patch is attached.
/pch
--
Dyslexia bug unpatched since 1977 ...
exploit has been leaked to the underground.
-------------- next part --------------
--- ip_set.c.20060224 2006-02-24 09:32:29.000000000 +0100
+++ ip_set.c 2006-02-24 10:16:49.000000000 +0100
@@ -130,7 +130,7 @@
IP_SET_ASSERT(ip_set_list[id]);
DP("set: %s, ip: %u.%u.%u.%u", ip_set_list[id]->name, HIPQUAD(ip));
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
set_hash = LIST_FIND(&ip_set_hash[key], ip_hash_cmp,
struct ip_set_hash *, id, ip);
DP("set: %s, ip: %u.%u.%u.%u, binding: %s", ip_set_list[id]->name,
@@ -139,7 +139,7 @@
if (set_hash != NULL)
__set_hash_del(set_hash);
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
return 0;
}
@@ -155,7 +155,7 @@
IP_SET_ASSERT(ip_set_list[binding]);
DP("set: %s, ip: %u.%u.%u.%u, binding: %s", ip_set_list[id]->name,
HIPQUAD(ip), ip_set_list[binding]->name);
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
set_hash = LIST_FIND(&ip_set_hash[key], ip_hash_cmp,
struct ip_set_hash *, id, ip);
if (!set_hash) {
@@ -177,7 +177,7 @@
set_hash->binding = binding;
__ip_set_get(set_hash->binding);
unlock:
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
return ret;
}
@@ -221,7 +221,7 @@
unsigned char i = 0;
IP_SET_ASSERT(flags[i]);
- read_lock_bh(&ip_set_lock);
+ READ_LOCK(&ip_set_lock);
do {
set = ip_set_list[index];
IP_SET_ASSERT(set);
@@ -233,7 +233,7 @@
} while (res > 0
&& flags[i]
&& follow_bindings(index, set, ip));
- read_unlock_bh(&ip_set_lock);
+ READ_UNLOCK(&ip_set_lock);
return res;
}
@@ -250,7 +250,7 @@
IP_SET_ASSERT(flags[i]);
retry:
- read_lock_bh(&ip_set_lock);
+ READ_LOCK(&ip_set_lock);
do {
set = ip_set_list[index];
IP_SET_ASSERT(set);
@@ -262,7 +262,7 @@
} while ((res == 0 || res == -EEXIST)
&& flags[i]
&& follow_bindings(index, set, ip));
- read_unlock_bh(&ip_set_lock);
+ READ_UNLOCK(&ip_set_lock);
if (res == -EAGAIN
&& set->type->retry
@@ -281,7 +281,7 @@
unsigned char i = 0;
IP_SET_ASSERT(flags[i]);
- read_lock_bh(&ip_set_lock);
+ READ_LOCK(&ip_set_lock);
do {
set = ip_set_list[index];
IP_SET_ASSERT(set);
@@ -293,7 +293,7 @@
} while ((res == 0 || res == -EEXIST)
&& flags[i]
&& follow_bindings(index, set, ip));
- read_unlock_bh(&ip_set_lock);
+ READ_UNLOCK(&ip_set_lock);
}
/* Register and deregister settype */
@@ -326,7 +326,7 @@
return -EINVAL;
}
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
if (find_set_type(set_type->typename)) {
/* Duplicate! */
ip_set_printk("'%s' already registered!",
@@ -338,14 +338,14 @@
list_append(&set_type_list, set_type);
DP("'%s' registered.", set_type->typename);
unlock:
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
return ret;
}
void
ip_set_unregister_set_type(struct ip_set_type *set_type)
{
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
if (!find_set_type(set_type->typename)) {
ip_set_printk("'%s' not registered?",
set_type->typename);
@@ -355,7 +355,7 @@
__MOD_DEC_SELF;
DP("'%s' unregistered.", set_type->typename);
unlock:
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
}
@@ -567,13 +567,13 @@
if (binding == IP_SET_INVALID_ID)
return -ENOENT;
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
/* Sets as binding values are referenced */
if (set->binding != IP_SET_INVALID_ID)
__ip_set_put(set->binding);
set->binding = binding;
__ip_set_get(set->binding);
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
return 0;
}
@@ -645,15 +645,15 @@
/* unbind :all: */
if (strcmp(req_bind->binding, IPSET_TOKEN_DEFAULT) == 0) {
/* Default binding of sets */
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
FOREACH_SET_DO(__unbind_default);
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
return 0;
} else if (strcmp(req_bind->binding, IPSET_TOKEN_ALL) == 0) {
/* Flush all bindings of all sets*/
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
FOREACH_HASH_RW_DO(__set_hash_del);
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
return 0;
}
DP("unreachable reached!");
@@ -669,19 +669,19 @@
if (binding == IP_SET_INVALID_ID)
return -ENOENT;
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
/* Sets in hash values are referenced */
__ip_set_put(set->binding);
set->binding = IP_SET_INVALID_ID;
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
return 0;
} else if (strcmp(req_bind->binding, IPSET_TOKEN_ALL) == 0) {
/* Flush all bindings */
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
FOREACH_HASH_RW_DO(__set_hash_del_byid, set->id);
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
return 0;
}
@@ -757,10 +757,10 @@
{
struct ip_set_type *type;
- read_lock_bh(&ip_set_lock);
+ READ_LOCK(&ip_set_lock);
type = find_set_type(typename);
if (type == NULL)
- read_unlock_bh(&ip_set_lock);
+ READ_UNLOCK(&ip_set_lock);
return type;
}
@@ -848,7 +848,7 @@
return -ENOENT;
}
__MOD_INC(set->type->me);
- read_unlock_bh(&ip_set_lock);
+ READ_UNLOCK(&ip_set_lock);
/*
* Without holding any locks, create private part.
@@ -867,7 +867,7 @@
* find free id/index and check that it is not already in
* ip_set_list.
*/
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
if ((res = find_free_id(set->name, &index, &id)) != 0) {
DP("no free id!");
goto cleanup;
@@ -886,11 +886,11 @@
DP("create: '%s' created with index %u, id %u!", set->name, index, id);
set->id = id;
ip_set_list[index] = set;
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
return res;
cleanup:
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
set->type->destroy(set);
__MOD_DEC(set->type->me);
kfree(set);
@@ -907,12 +907,12 @@
IP_SET_ASSERT(set);
DP("set: %s", set->name);
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
FOREACH_HASH_RW_DO(__set_hash_del_byid, set->id);
if (set->binding != IP_SET_INVALID_ID)
__ip_set_put(set->binding);
ip_set_list[index] = NULL;
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
/* Must call it without holding any lock */
set->type->destroy(set);
@@ -983,7 +983,7 @@
int res = 0;
DP("set: %s to %s", set->name, name);
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
for (i = 0; i < ip_set_max; i++) {
if (ip_set_list[i] != NULL
&& strncmp(ip_set_list[i]->name,
@@ -995,7 +995,7 @@
}
strncpy(set->name, name, IP_SET_MAXNAMELEN);
unlock:
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
return res;
}
@@ -1017,7 +1017,7 @@
return -ENOEXEC;
/* No magic here: ref munging protected by the mutex */
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
strncpy(from_name, from->name, IP_SET_MAXNAMELEN);
from_ref = atomic_read(&from->ref);
@@ -1029,7 +1029,7 @@
ip_set_list[from_index] = to;
ip_set_list[to_index] = from;
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
return 0;
}
@@ -1351,10 +1351,10 @@
hash_save->binding);
else {
IP_SET_ASSERT(set->binding == IP_SET_INVALID_ID);
- write_lock_bh(&ip_set_lock);
+ WRITE_LOCK(&ip_set_lock);
set->binding = hash_save->binding;
__ip_set_get(set->binding);
- write_unlock_bh(&ip_set_lock);
+ WRITE_UNLOCK(&ip_set_lock);
DP("default binding: %u", set->binding);
}
if (res != 0)
More information about the netfilter-devel
mailing list