From: Peter Müller <peter.mueller@ipfire.org>
Date: Tue, 5 Apr 2022 05:47:09 +0000 (+0000)
Subject: linux: Pick up Michael's patch for correctly holding RCU lock while nf_reinject'ing
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f0a86e186552c1213621a3288482609806433829;p=people%2Fms%2Fipfire-2.x.git

linux: Pick up Michael's patch for correctly holding RCU lock while nf_reinject'ing

Fixes: #12760

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---

diff --git a/lfs/linux b/lfs/linux
index 1f3263d65e..91bba123bf 100644
--- a/lfs/linux
+++ b/lfs/linux
@@ -140,6 +140,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
 	# Patch performance monitoring restrictions to allow further hardening
 	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15.17-security-perf-allow-further-restriction-of-perf_event_open.patch
 
+	# https://bugzilla.ipfire.org/show_bug.cgi?id=12760
+	cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch
+
 ifeq "$(BUILD_ARCH)" "armv6l"
 	# Apply Arm-multiarch kernel patches.
 	cd $(DIR_APP) && xzcat $(DIR_DL)/arm-multi-patches-$(ARM_PATCHES).patch.xz | patch -Np1
diff --git a/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch b/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch
new file mode 100644
index 0000000000..5f3223449f
--- /dev/null
+++ b/src/patches/linux/linux-5.15-NFQUEUE-Hold-RCU-read-lock-while-calling-nf_reinject.patch
@@ -0,0 +1,43 @@
+From 4ecd5474b7a19aa84158f8e727fa6dbfc9464191 Mon Sep 17 00:00:00 2001
+From: Michael Tremer <michael.tremer@ipfire.org>
+Date: Wed, 23 Mar 2022 11:01:39 +0000
+Subject: [PATCH] NFQUEUE: Hold RCU read lock while calling nf_reinject
+
+nf_reinject requires the called to hold the RCU read-side lock which
+wasn't the case in nfqnl_reinject.
+
+Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
+---
+ net/netfilter/nfnetlink_queue.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
+index 8787d0613ad8..b12cc5d21310 100644
+--- a/net/netfilter/nfnetlink_queue.c
++++ b/net/netfilter/nfnetlink_queue.c
+@@ -228,19 +228,20 @@ static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict)
+ 	struct nf_ct_hook *ct_hook;
+ 	int err;
+ 
++	rcu_read_lock();
++
+ 	if (verdict == NF_ACCEPT ||
+ 	    verdict == NF_REPEAT ||
+ 	    verdict == NF_STOP) {
+-		rcu_read_lock();
+ 		ct_hook = rcu_dereference(nf_ct_hook);
+ 		if (ct_hook) {
+ 			err = ct_hook->update(entry->state.net, entry->skb);
+ 			if (err < 0)
+ 				verdict = NF_DROP;
+ 		}
+-		rcu_read_unlock();
+ 	}
+ 	nf_reinject(entry, verdict);
++	rcu_read_unlock();
+ }
+ 
+ static void
+-- 
+2.30.2
+