]>
Commit | Line | Data |
---|---|---|
f0a86e18 PM |
1 | From 4ecd5474b7a19aa84158f8e727fa6dbfc9464191 Mon Sep 17 00:00:00 2001 |
2 | From: Michael Tremer <michael.tremer@ipfire.org> | |
3 | Date: Wed, 23 Mar 2022 11:01:39 +0000 | |
4 | Subject: [PATCH] NFQUEUE: Hold RCU read lock while calling nf_reinject | |
5 | ||
6 | nf_reinject requires the called to hold the RCU read-side lock which | |
7 | wasn't the case in nfqnl_reinject. | |
8 | ||
9 | Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> | |
10 | --- | |
11 | net/netfilter/nfnetlink_queue.c | 5 +++-- | |
12 | 1 file changed, 3 insertions(+), 2 deletions(-) | |
13 | ||
14 | diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c | |
15 | index 8787d0613ad8..b12cc5d21310 100644 | |
16 | --- a/net/netfilter/nfnetlink_queue.c | |
17 | +++ b/net/netfilter/nfnetlink_queue.c | |
18 | @@ -228,19 +228,20 @@ static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict) | |
19 | struct nf_ct_hook *ct_hook; | |
20 | int err; | |
21 | ||
22 | + rcu_read_lock(); | |
23 | + | |
24 | if (verdict == NF_ACCEPT || | |
25 | verdict == NF_REPEAT || | |
26 | verdict == NF_STOP) { | |
27 | - rcu_read_lock(); | |
28 | ct_hook = rcu_dereference(nf_ct_hook); | |
29 | if (ct_hook) { | |
30 | err = ct_hook->update(entry->state.net, entry->skb); | |
31 | if (err < 0) | |
32 | verdict = NF_DROP; | |
33 | } | |
34 | - rcu_read_unlock(); | |
35 | } | |
36 | nf_reinject(entry, verdict); | |
37 | + rcu_read_unlock(); | |
38 | } | |
39 | ||
40 | static void | |
41 | -- | |
42 | 2.30.2 | |
43 |