1 From 4ecd5474b7a19aa84158f8e727fa6dbfc9464191 Mon Sep 17 00:00:00 2001
2 From: Michael Tremer <michael.tremer@ipfire.org>
3 Date: Wed, 23 Mar 2022 11:01:39 +0000
4 Subject: [PATCH] NFQUEUE: Hold RCU read lock while calling nf_reinject
6 nf_reinject requires the called to hold the RCU read-side lock which
7 wasn't the case in nfqnl_reinject.
9 Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
11 net/netfilter/nfnetlink_queue.c | 5 +++--
12 1 file changed, 3 insertions(+), 2 deletions(-)
14 diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
15 index 8787d0613ad8..b12cc5d21310 100644
16 --- a/net/netfilter/nfnetlink_queue.c
17 +++ b/net/netfilter/nfnetlink_queue.c
18 @@ -228,19 +228,20 @@ static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict)
19 struct nf_ct_hook *ct_hook;
24 if (verdict == NF_ACCEPT ||
25 verdict == NF_REPEAT ||
28 ct_hook = rcu_dereference(nf_ct_hook);
30 err = ct_hook->update(entry->state.net, entry->skb);
36 nf_reinject(entry, verdict);