netfilter: xt_qtaguid: fix crash on ctrl delete command

Because for now the xt_qtaguid module allows procs to use tags without
having /dev/xt_qtaguid open, there was a case where it would try
to delete a resources from a list that was proc specific.
But that resource was never added to that list which is only
used when /dev/xt_qtaguid has been opened by the proc.

Once our userspace is fully updated, we won't need those exceptions.

Change-Id: Idd4bfea926627190c74645142916e10832eb2504
Signed-off-by: JP Abgrall <jpa@google.com>

diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c
index 5d73ecaf540a5238e1e4dff13b9c481a262a77ef..08086d680c2c2b6c5ec668c704f500ae00b5ff9d 100644 (file)
--- a/net/netfilter/xt_qtaguid.c
+++ b/net/netfilter/xt_qtaguid.c
@@ -1919,7 +1919,15 @@ static int ctrl_cmd_delete(const char *input)
                        tr_entry = lookup_tag_ref(st_entry->tag, NULL);
                        BUG_ON(tr_entry->num_sock_tags <= 0);
                        tr_entry->num_sock_tags--;
-                       list_del(&st_entry->list);
+                       /*
+                        * TODO: remove if, and start failing.
+                        * This is a hack to work around the fact that in some
+                        * places we have "if (IS_ERR_OR_NULL(pqd_entry))"
+                        * and are trying to work around apps
+                        * that didn't open the /dev/xt_qtaguid.
+                        */
+                       if (st_entry->list.next && st_entry->list.prev)
+                               list_del(&st_entry->list);
                }
        }
        spin_unlock_bh(&sock_tag_list_lock);