From: Eric Dumazet <edumazet@google.com>
Date: Mon, 12 Feb 2018 16:11:48 +0000 (-0800)
Subject: netfilter: xt_hashlimit: fix lock imbalance
X-Git-Tag: v4.15.10~37
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ea2699504d334d557ade9fc83e66ad695201333a;p=thirdparty%2Fkernel%2Fstable.git

netfilter: xt_hashlimit: fix lock imbalance

commit de526f401284e1638d4c97cb5a4c292ac3f37655 upstream.

syszkaller found that rcu was not held in hashlimit_mt_common()

We only need to enable BH at this point.

Fixes: bea74641e378 ("netfilter: xt_hashlimit: add rate match mode")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c
index 5da8746f7b88f..b8a3e740ffd4e 100644
--- a/net/netfilter/xt_hashlimit.c
+++ b/net/netfilter/xt_hashlimit.c
@@ -774,7 +774,7 @@ hashlimit_mt_common(const struct sk_buff *skb, struct xt_action_param *par,
 		if (!dh->rateinfo.prev_window &&
 		    (dh->rateinfo.current_rate <= dh->rateinfo.burst)) {
 			spin_unlock(&dh->lock);
-			rcu_read_unlock_bh();
+			local_bh_enable();
 			return !(cfg->mode & XT_HASHLIMIT_INVERT);
 		} else {
 			goto overlimit;