netfilter: nf_tables: take AF module reference when creating a table

The table refers to data of the AF module, so we need to make sure the
module isn't unloaded while the table exists.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 88f9c944853893cc7dffe4f18b0c0fd37ad3aa01..c35261496c30b9e8d8f4c257641d173f58f78a9d 100644 (file)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -430,9 +430,14 @@ static int nf_tables_newtable(struct sock *nlsk, struct sk_buff *skb,
                        return -EINVAL;
        }
 
+       if (!try_module_get(afi->owner))
+               return -EAFNOSUPPORT;
+
        table = kzalloc(sizeof(*table) + nla_len(name), GFP_KERNEL);
-       if (table == NULL)
+       if (table == NULL) {
+               module_put(afi->owner);
                return -ENOMEM;
+       }
 
        nla_strlcpy(table->name, name, nla_len(name));
        INIT_LIST_HEAD(&table->chains);
@@ -468,6 +473,7 @@ static int nf_tables_deltable(struct sock *nlsk, struct sk_buff *skb,
        list_del(&table->list);
        nf_tables_table_notify(skb, nlh, table, NFT_MSG_DELTABLE, family);
        kfree(table);
+       module_put(afi->owner);
        return 0;
 }