NFQUEUE: Hold RCU read lock while calling nf_reinject

nf_reinject requires the called to hold the RCU read-side lock which
wasn't the case in nfqnl_reinject.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 8787d0613ad83eaae575348b8e7e532648b514f4..b12cc5d2131088eb0af7d99a1c5eb404441dec21 100644 (file)
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -228,19 +228,20 @@ static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict)
        struct nf_ct_hook *ct_hook;
        int err;
 
+       rcu_read_lock();
+
        if (verdict == NF_ACCEPT ||
            verdict == NF_REPEAT ||
            verdict == NF_STOP) {
-               rcu_read_lock();
                ct_hook = rcu_dereference(nf_ct_hook);
                if (ct_hook) {
                        err = ct_hook->update(entry->state.net, entry->skb);
                        if (err < 0)
                                verdict = NF_DROP;
                }
-               rcu_read_unlock();
        }
        nf_reinject(entry, verdict);
+       rcu_read_unlock();
 }
 
 static void