From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 23 Mar 2022 11:01:39 +0000 (+0000)
Subject: NFQUEUE: Hold RCU read lock while calling nf_reinject
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Fbug-12760;p=people%2Fms%2Flinux.git

NFQUEUE: Hold RCU read lock while calling nf_reinject

nf_reinject requires the called to hold the RCU read-side lock which
wasn't the case in nfqnl_reinject.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 8787d0613ad8..b12cc5d21310 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -228,19 +228,20 @@ static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict)
 	struct nf_ct_hook *ct_hook;
 	int err;
 
+	rcu_read_lock();
+
 	if (verdict == NF_ACCEPT ||
 	    verdict == NF_REPEAT ||
 	    verdict == NF_STOP) {
-		rcu_read_lock();
 		ct_hook = rcu_dereference(nf_ct_hook);
 		if (ct_hook) {
 			err = ct_hook->update(entry->state.net, entry->skb);
 			if (err < 0)
 				verdict = NF_DROP;
 		}
-		rcu_read_unlock();
 	}
 	nf_reinject(entry, verdict);
+	rcu_read_unlock();
 }
 
 static void