netfilter: nf_iterate: fix incorrect RCU usage

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

As noticed by Eric, nf_iterate doesn't use RCU correctly by
accessing the prev pointer of a RCU protected list element when
a verdict of NF_REPEAT is issued.

Fix by jumping backwards to the hook invocation directly instead
of loading the previous list element before continuing the list
iteration.

Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>

Patrick McHardy 15 years ago de9963f0 c3174286

+2 -1

1 changed file

expand all

net

netfilter

core.c

+2 -1

net/netfilter/core.c

··· 133 133 134 134 /* Optimization: we don't need to hold module 135 135 reference here, since function can't sleep. --RR */ 136 + repeat: 136 137 verdict = elem->hook(hook, skb, indev, outdev, okfn); 137 138 if (verdict != NF_ACCEPT) { 138 139 #ifdef CONFIG_NETFILTER_DEBUG ··· 146 145 #endif 147 146 if (verdict != NF_REPEAT) 148 147 return verdict; 149 - *i = (*i)->prev; 148 + goto repeat; 150 149 } 151 150 } 152 151 return NF_ACCEPT;