From: Alexey Dobriyan <adobriyan@gmail.com>
Date: Mon, 8 Feb 2010 19:17:22 +0000 (-0800)
Subject: netfilter: nf_conntrack: restrict runtime expect hashsize modifications
X-Git-Tag: firefly_0821_release~11625^2~45
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=51d3a347944f76bc2f304e0622d61b9b39fec585;p=firefly-linux-kernel-4.4.55.git

netfilter: nf_conntrack: restrict runtime expect hashsize modifications

commit 13ccdfc2af03e09e60791f7d4bc4ccf53398af7c upstream.

Expectation hashtable size was simply glued to a variable with no code
to rehash expectations, so it was a bug to allow writing to it.
Make "expect_hashsize" readonly.

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

diff --git a/net/netfilter/nf_conntrack_expect.c b/net/netfilter/nf_conntrack_expect.c
index 2032dfe25ca8..1b8ed66aa0ba 100644
--- a/net/netfilter/nf_conntrack_expect.c
+++ b/net/netfilter/nf_conntrack_expect.c
@@ -569,7 +569,7 @@ static void exp_proc_remove(struct net *net)
 #endif /* CONFIG_PROC_FS */
 }
 
-module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0600);
+module_param_named(expect_hashsize, nf_ct_expect_hsize, uint, 0400);
 
 int nf_conntrack_expect_init(struct net *net)
 {