Commits
Vitaliy Gusev authored and Pavel Emelyanov committed 1acba8533b7
netfilter: Fix NULL dereference in nf_nat_setup_info If conntrack is allowed in VE but iptable_nat is not allowed and loaded then Oops occurs: BUG: unable to handle kernel NULL pointer dereference at 0000000000000008 IP: [<ffffffffa0123df6>] :nf_nat:nf_nat_setup_info+0x343/0x489 Oops: 0000 [1] SMP DEBUG_PAGEALLOC CPU: 1 [<ffffffff8028c277>] ? poison_obj+0x27/0x32 [<ffffffffa012a084>] :iptable_nat:alloc_null_binding+0x44/0x46 [<ffffffffa012a1f7>] :iptable_nat:nf_nat_rule_find+0x62/0x6b [<ffffffffa012a4e5>] :iptable_nat:nf_nat_fn+0x11d/0x149 [<ffffffffa012a551>] :iptable_nat:nf_nat_local_fn+0x40/0xbf [<ffffffff80476ad5>] nf_iterate+0x43/0x80 [<ffffffff8047efa0>] ? dst_output+0x0/0xd [<ffffffff80476de9>] nf_hook_slow+0x5e/0xc1 [<ffffffff8047efa0>] ? dst_output+0x0/0xd [<ffffffff80480314>] __ip_local_out+0x9f/0xa1 [<ffffffff80480327>] ip_local_out+0x11/0x24 [<ffffffff80480600>] ip_push_pending_frames+0x2c6/0x345 [<ffffffff8049b668>] raw_sendmsg+0x6a9/0x739 [<ffffffff804a3750>] inet_sendmsg+0x46/0x53 [<ffffffff80455ffa>] sock_sendmsg+0xdf/0xf8 RIP [<ffffffffa0123df6>] :nf_nat:nf_nat_setup_info+0x343/0x489 So create/use iptable_nat to check was nat table initialized in VE or not. Bug #1051 http://bugzilla.openvz.org/show_bug.cgi?id=1051 Signed-off-by: Vitaliy Gusev <vgusev@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>