From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
torvalds@osdl.org, akpm@osdl.org, alan@lxorguk.ukuu.org.uk,
Adrian Bunk <bunk@stusta.de>, Patrick McHardy <kaber@trash.net>,
Greg Kroah-Hartman <gregkh@suse.de>
Subject: [patch 14/20] : ip_tables: fix table locking in ipt_do_table
Date: Mon, 21 Aug 2006 11:47:23 -0700 [thread overview]
Message-ID: <20060821184723.GO21938@kroah.com> (raw)
In-Reply-To: <20060821184527.GA21938@kroah.com>
[-- Attachment #1: ip_tables-fix-table-locking-in-ipt_do_table.patch --]
[-- Type: text/plain, Size: 1989 bytes --]
-stable review patch. If anyone has any objections, please let us know.
------------------
From: Patrick McHardy <kaber@trash.net>
[NETFILTER]: ip_tables: fix table locking in ipt_do_table
table->private might change because of ruleset changes, don't use it without
holding the lock.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/ipv4/netfilter/arp_tables.c | 3 ++-
net/ipv4/netfilter/ip_tables.c | 3 ++-
2 files changed, 4 insertions(+), 2 deletions(-)
--- linux-2.6.17.9.orig/net/ipv4/netfilter/arp_tables.c
+++ linux-2.6.17.9/net/ipv4/netfilter/arp_tables.c
@@ -237,7 +237,7 @@ unsigned int arpt_do_table(struct sk_buf
struct arpt_entry *e, *back;
const char *indev, *outdev;
void *table_base;
- struct xt_table_info *private = table->private;
+ struct xt_table_info *private;
/* ARP header, plus 2 device addresses, plus 2 IP addresses. */
if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) +
@@ -249,6 +249,7 @@ unsigned int arpt_do_table(struct sk_buf
outdev = out ? out->name : nulldevname;
read_lock_bh(&table->lock);
+ private = table->private;
table_base = (void *)private->entries[smp_processor_id()];
e = get_entry(table_base, private->hook_entry[hook]);
back = get_entry(table_base, private->underflow[hook]);
--- linux-2.6.17.9.orig/net/ipv4/netfilter/ip_tables.c
+++ linux-2.6.17.9/net/ipv4/netfilter/ip_tables.c
@@ -231,7 +231,7 @@ ipt_do_table(struct sk_buff **pskb,
const char *indev, *outdev;
void *table_base;
struct ipt_entry *e, *back;
- struct xt_table_info *private = table->private;
+ struct xt_table_info *private;
/* Initialization */
ip = (*pskb)->nh.iph;
@@ -248,6 +248,7 @@ ipt_do_table(struct sk_buff **pskb,
read_lock_bh(&table->lock);
IP_NF_ASSERT(table->valid_hooks & (1 << hook));
+ private = table->private;
table_base = (void *)private->entries[smp_processor_id()];
e = get_entry(table_base, private->hook_entry[hook]);
--
next prev parent reply other threads:[~2006-08-21 18:53 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20060821183818.155091391@quad.kroah.org>
2006-08-21 18:45 ` [patch 00/20] 2.6.17-stable review Greg KH
2006-08-21 18:45 ` [patch 01/20] Have ext3 reject file handles with bad inode numbers early Greg KH
2006-08-21 18:45 ` [patch 02/20] sky2: phy power problem on 88e805x Greg KH
2006-08-21 18:46 ` [patch 03/20] Kill HASH_HIGHMEM from route cache hash sizing Greg KH
2006-08-21 18:46 ` [patch 04/20] Fix timer race in dst GC code Greg KH
2006-08-21 18:46 ` [patch 05/20] Fix IFLA_ADDRESS handling Greg KH
2006-08-21 18:46 ` [patch 06/20] Fix BeFS slab corruption Greg KH
2006-08-21 18:46 ` [patch 07/20] disable debugging version of write_lock() Greg KH
2006-08-21 18:46 ` [patch 08/20] ipx: header length validation needed Greg KH
2006-08-21 18:46 ` [patch 09/20] tpm: interrupt clear fix Greg KH
2006-08-21 18:46 ` [patch 10/20] : ulog: fix panic on SMP kernels Greg KH
2006-08-21 18:47 ` [patch 11/20] sys_getppid oopses on debug kernel Greg KH
2006-08-21 18:47 ` [patch 12/20] SERIAL: icom: select FW_LOADER Greg KH
2006-08-21 18:47 ` [patch 13/20] PCI: fix ICH6 quirks Greg KH
2006-08-21 18:47 ` Greg KH [this message]
2006-08-21 18:47 ` [patch 15/20] IA64: local DoS with corrupted ELFs Greg KH
2006-08-21 18:47 ` [patch 16/20] Fix ipv4 routing locking bug Greg KH
2006-08-21 18:47 ` Greg KH
2006-08-21 18:48 ` [patch 17/20] dm: BUG/OOPS fix Greg KH
2006-08-21 18:48 ` [patch 18/20] swsusp: Fix swap_type_of Greg KH
2006-08-21 18:48 ` [patch 19/20] MD: Fix a potential NULL dereference in md/raid1 Greg KH
2006-08-21 18:48 ` [patch 20/20] 1394: fix for recently added firewire patch that breaks things on ppc Greg KH
2006-08-22 9:03 ` Stefan Richter
2006-08-21 19:46 ` [patch 00/20] 2.6.17-stable review Dave Jones
2006-08-21 21:43 ` Greg KH
2006-08-22 13:49 ` John Stoffel
2006-08-22 13:59 ` Kyle Moffett
2006-08-22 14:53 ` John Stoffel
2006-08-22 19:13 ` Herbert Xu's paged unique skb trimming patch? Nix
2006-08-22 19:17 ` Greg KH
2006-08-22 20:41 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20060821184723.GO21938@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@osdl.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bunk@stusta.de \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=jmforbes@linuxtx.org \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@osdl.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.