Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1335059imm;
        Thu, 23 Aug 2018 01:01:41 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdZlFDOLlil89Y68PA8nqG7SeArJLvgM2wkLjHmbMKV2WSRQQ0AR6dU3vaNfSoU2yITNARY1
X-Received: by 2002:a62:1192:: with SMTP id 18-v6mr10120872pfr.54.1535011300956;
        Thu, 23 Aug 2018 01:01:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535011300; cv=none;
        d=google.com; s=arc-20160816;
        b=qXFDwqzuDOHMouGObKwjQasbskJ2ffhX0XzYKGtWjjmO3uGtjTdz5yM5Fjbb7hk+qA
         R/ccI3dD12QLbca9abkT7xcwAbPYsNw6IkhCj/roLaa9bFvsrnmYl7KOxCMqpev3Wz0A
         8Fj1JgSmLPWXPrtCO+Ub/ds8asrusmXaBQQiWNJB0J/paVeBL/XkgdGKdznCsEHRYOcl
         Zr9f+lIPxIEUCA1m/2v3YtfxcdDKa1ZL8bldSLEAmi/lQ9/BxFXQFkf8FzWbeAyPmbz5
         ibyZtgoRwgZgBlB1s6sdy2wO6ebF7I1h26xTVBb+HlCK6d3Syi2YnRIYIH7ndc8XaHxs
         N2tg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=Sf9cLA1ZkMFNAHzX355oy1dH4RI6VDGzVOYUVqmk6o4=;
        b=cO/zCYKk1hUariYcDSs7TZ0PQWEN2/sK+APkooZvXCCYBWBGhoNpEFCDBfLxfhHR/H
         PYZXURQ1Zxmxtu7Tto0OdYJvRCk1rgfBKiqs7JhlczUHr0Llm0Zno/SGE4SNsmzOES5o
         5Z4vr3vA0KnS0XMFnjx/XSNAfRUBlCXwSIGPtLvgUmRGe9VOxeocIKAbcILn4NQ2ypAC
         HtrsaAbCxA6v88596M1g5I9pPzEc6ccx4MkXLe/iBXAFUEzb8/1Vytwug0Yn3rM72gwY
         //fk/7OmVw3LYQIJfoNosbxVk3yEX2A0MyduAcbNWhAdHFmWx/TgbDly0lkk3PIIdZ/C
         8NWg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a11-v6si816484pla.22.2018.08.23.01.01.26;
        Thu, 23 Aug 2018 01:01:40 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728303AbeHWL1Y (ORCPT <rfc822;0330sisy@gmail.com> + 99 others);
        Thu, 23 Aug 2018 07:27:24 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:41942 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726978AbeHWL1Y (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 23 Aug 2018 07:27:24 -0400
Received: from localhost (5355525A.cm-6-6b.dynamic.ziggo.nl [83.85.82.90])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id B39779D2;
        Thu, 23 Aug 2018 07:59:00 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Florian Westphal <fw@strlen.de>,
        Pablo Neira Ayuso <pablo@netfilter.org>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.4 45/79] netfilter: x_tables: set module owner for icmp(6) matches
Date:   Thu, 23 Aug 2018 09:53:21 +0200
Message-Id: <20180823074922.051836472@linuxfoundation.org>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20180823074918.641878835@linuxfoundation.org>
References: <20180823074918.641878835@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Florian Westphal <fw@strlen.de>

[ Upstream commit d376bef9c29b3c65aeee4e785fffcd97ef0a9a81 ]

nft_compat relies on xt_request_find_match to increment
refcount of the module that provides the match/target.

The (builtin) icmp matches did't set the module owner so it
was possible to rmmod ip(6)tables while icmp extensions were still in use.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv4/netfilter/ip_tables.c  |    1 +
 net/ipv6/netfilter/ip6_tables.c |    1 +
 2 files changed, 2 insertions(+)

--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -2072,6 +2072,7 @@ static struct xt_match ipt_builtin_mt[]
 		.checkentry = icmp_checkentry,
 		.proto      = IPPROTO_ICMP,
 		.family     = NFPROTO_IPV4,
+		.me	    = THIS_MODULE,
 	},
 };
 
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -2073,6 +2073,7 @@ static struct xt_match ip6t_builtin_mt[]
 		.checkentry = icmp6_checkentry,
 		.proto      = IPPROTO_ICMPV6,
 		.family     = NFPROTO_IPV6,
+		.me	    = THIS_MODULE,
 	},
 };