projects / people / pmueller / ipfire-2.x.git / blame
| Commit | Line | Data |
|---|---|---|
| f0a86e18 PM |
1 | From 4ecd5474b7a19aa84158f8e727fa6dbfc9464191 Mon Sep 17 00:00:00 2001 |
| 2 | From: Michael Tremer <michael.tremer@ipfire.org> | |
| 3 | Date: Wed, 23 Mar 2022 11:01:39 +0000 | |
| 4 | Subject: [PATCH] NFQUEUE: Hold RCU read lock while calling nf_reinject | |
| 5 | ||
| 6 | nf_reinject requires the called to hold the RCU read-side lock which | |
| 7 | wasn't the case in nfqnl_reinject. | |
| 8 | ||
| 9 | Signed-off-by: Michael Tremer <michael.tremer@ipfire.org> | |
| 10 | --- | |
| 11 | net/netfilter/nfnetlink_queue.c | 5 +++-- | |
| 12 | 1 file changed, 3 insertions(+), 2 deletions(-) | |
| 13 | ||
| 14 | diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c | |
| 15 | index 8787d0613ad8..b12cc5d21310 100644 | |
| 16 | --- a/net/netfilter/nfnetlink_queue.c | |
| 17 | +++ b/net/netfilter/nfnetlink_queue.c | |
| 18 | @@ -228,19 +228,20 @@ static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict) | |
| 19 | struct nf_ct_hook *ct_hook; | |
| 20 | int err; | |
| 21 | ||
| 22 | + rcu_read_lock(); | |
| 23 | + | |
| 24 | if (verdict == NF_ACCEPT || | |
| 25 | verdict == NF_REPEAT || | |
| 26 | verdict == NF_STOP) { | |
| 27 | - rcu_read_lock(); | |
| 28 | ct_hook = rcu_dereference(nf_ct_hook); | |
| 29 | if (ct_hook) { | |
| 30 | err = ct_hook->update(entry->state.net, entry->skb); | |
| 31 | if (err < 0) | |
| 32 | verdict = NF_DROP; | |
| 33 | } | |
| 34 | - rcu_read_unlock(); | |
| 35 | } | |
| 36 | nf_reinject(entry, verdict); | |
| 37 | + rcu_read_unlock(); | |
| 38 | } | |
| 39 | ||
| 40 | static void | |
| 41 | -- | |
| 42 | 2.30.2 | |
| 43 |