summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAaron Conole <aconole@bytheb.org>2016-09-21 11:35:03 -0400
committerPablo Neira Ayuso <pablo@netfilter.org>2016-09-24 21:25:49 +0200
commit2c1e2703ff812ccaa42a4bc8a25803955e342b85 (patch)
tree084902b5a0c95a45bb27d99dcffeaf0a902bfeac
parentfe72926b792e52ab00abfa81a201805bfb2247d6 (diff)
downloadlinux-2c1e2703ff812ccaa42a4bc8a25803955e342b85.tar.bz2
netfilter: call nf_hook_ingress with rcu_read_lock
This commit ensures that the rcu read-side lock is held while the ingress hook is called. This ensures that a call to nf_hook_slow (and ultimately nf_ingress) will be read protected. Signed-off-by: Aaron Conole <aconole@bytheb.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/core/dev.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/net/core/dev.c b/net/core/dev.c
index 34b5322bc081..064919425b7d 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -4040,12 +4040,17 @@ static inline int nf_ingress(struct sk_buff *skb, struct packet_type **pt_prev,
{
#ifdef CONFIG_NETFILTER_INGRESS
if (nf_hook_ingress_active(skb)) {
+ int ingress_retval;
+
if (*pt_prev) {
*ret = deliver_skb(skb, *pt_prev, orig_dev);
*pt_prev = NULL;
}
- return nf_hook_ingress(skb);
+ rcu_read_lock();
+ ingress_retval = nf_hook_ingress(skb);
+ rcu_read_unlock();
+ return ingress_retval;
}
#endif /* CONFIG_NETFILTER_INGRESS */
return 0;