Commit 2c1e2703 authored by Aaron Conole's avatar Aaron Conole Committed by Pablo Neira Ayuso

netfilter: call nf_hook_ingress with rcu_read_lock

This commit ensures that the rcu read-side lock is held while the
ingress hook is called.  This ensures that a call to nf_hook_slow (and
ultimately nf_ingress) will be read protected.
Signed-off-by: default avatarAaron Conole <aconole@bytheb.org>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent fe72926b
...@@ -4040,12 +4040,17 @@ static inline int nf_ingress(struct sk_buff *skb, struct packet_type **pt_prev, ...@@ -4040,12 +4040,17 @@ static inline int nf_ingress(struct sk_buff *skb, struct packet_type **pt_prev,
{ {
#ifdef CONFIG_NETFILTER_INGRESS #ifdef CONFIG_NETFILTER_INGRESS
if (nf_hook_ingress_active(skb)) { if (nf_hook_ingress_active(skb)) {
int ingress_retval;
if (*pt_prev) { if (*pt_prev) {
*ret = deliver_skb(skb, *pt_prev, orig_dev); *ret = deliver_skb(skb, *pt_prev, orig_dev);
*pt_prev = NULL; *pt_prev = NULL;
} }
return nf_hook_ingress(skb); rcu_read_lock();
ingress_retval = nf_hook_ingress(skb);
rcu_read_unlock();
return ingress_retval;
} }
#endif /* CONFIG_NETFILTER_INGRESS */ #endif /* CONFIG_NETFILTER_INGRESS */
return 0; return 0;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment