* [PATCH 00/01] netfilter: netfilter fixes
@ 2011-02-14 16:49 kaber
2011-02-14 16:49 ` [PATCH 01/01] netfilter: nf_iterate: fix incorrect RCU usage kaber
2011-02-14 19:15 ` [PATCH 00/01] netfilter: netfilter fixes David Miller
0 siblings, 2 replies; 3+ messages in thread
From: kaber @ 2011-02-14 16:49 UTC (permalink / raw)
To: davem; +Cc: netfilter-devel, netdev
Hi Dave,
following is a single netfilter bugfix for 2.6.38, fixing incorrect
RCU usage in nf_iterate(). Problem noticed by Eric, patch from myself.
Please apply or pull from:
git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git master
Thanks!
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 01/01] netfilter: nf_iterate: fix incorrect RCU usage
2011-02-14 16:49 [PATCH 00/01] netfilter: netfilter fixes kaber
@ 2011-02-14 16:49 ` kaber
2011-02-14 19:15 ` [PATCH 00/01] netfilter: netfilter fixes David Miller
1 sibling, 0 replies; 3+ messages in thread
From: kaber @ 2011-02-14 16:49 UTC (permalink / raw)
To: davem; +Cc: netfilter-devel, netdev
From: Patrick McHardy <kaber@trash.net>
As noticed by Eric, nf_iterate doesn't use RCU correctly by
accessing the prev pointer of a RCU protected list element when
a verdict of NF_REPEAT is issued.
Fix by jumping backwards to the hook invocation directly instead
of loading the previous list element before continuing the list
iteration.
Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
net/netfilter/core.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 32fcbe2..4aa614b 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -133,6 +133,7 @@ unsigned int nf_iterate(struct list_head *head,
/* Optimization: we don't need to hold module
reference here, since function can't sleep. --RR */
+repeat:
verdict = elem->hook(hook, skb, indev, outdev, okfn);
if (verdict != NF_ACCEPT) {
#ifdef CONFIG_NETFILTER_DEBUG
@@ -145,7 +146,7 @@ unsigned int nf_iterate(struct list_head *head,
#endif
if (verdict != NF_REPEAT)
return verdict;
- *i = (*i)->prev;
+ goto repeat;
}
}
return NF_ACCEPT;
--
1.7.2.3
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 00/01] netfilter: netfilter fixes
2011-02-14 16:49 [PATCH 00/01] netfilter: netfilter fixes kaber
2011-02-14 16:49 ` [PATCH 01/01] netfilter: nf_iterate: fix incorrect RCU usage kaber
@ 2011-02-14 19:15 ` David Miller
1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2011-02-14 19:15 UTC (permalink / raw)
To: kaber; +Cc: netfilter-devel, netdev
From: kaber@trash.net
Date: Mon, 14 Feb 2011 17:49:11 +0100
> git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git master
Pulled, thanks Patrick!
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-02-14 19:15 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-02-14 16:49 [PATCH 00/01] netfilter: netfilter fixes kaber
2011-02-14 16:49 ` [PATCH 01/01] netfilter: nf_iterate: fix incorrect RCU usage kaber
2011-02-14 19:15 ` [PATCH 00/01] netfilter: netfilter fixes David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.