[PATCH 00/01] netfilter: netfilter fixes

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 00/01] netfilter: netfilter fixes
@ 2011-02-14 16:49 kaber
  2011-02-14 16:49 ` [PATCH 01/01] netfilter: nf_iterate: fix incorrect RCU usage kaber
  2011-02-14 19:15 ` [PATCH 00/01] netfilter: netfilter fixes David Miller
  0 siblings, 2 replies; 3+ messages in thread
From: kaber @ 2011-02-14 16:49 UTC (permalink / raw)
  To: davem; +Cc: netfilter-devel, netdev

Hi Dave,

following is a single netfilter bugfix for 2.6.38, fixing incorrect
RCU usage in nf_iterate(). Problem noticed by Eric, patch from myself.

Please apply or pull from:

git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git master

Thanks!

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH 01/01] netfilter: nf_iterate: fix incorrect RCU usage
  2011-02-14 16:49 [PATCH 00/01] netfilter: netfilter fixes kaber
@ 2011-02-14 16:49 ` kaber
  2011-02-14 19:15 ` [PATCH 00/01] netfilter: netfilter fixes David Miller
  1 sibling, 0 replies; 3+ messages in thread
From: kaber @ 2011-02-14 16:49 UTC (permalink / raw)
  To: davem; +Cc: netfilter-devel, netdev

From: Patrick McHardy <kaber@trash.net>

As noticed by Eric, nf_iterate doesn't use RCU correctly by
accessing the prev pointer of a RCU protected list element when
a verdict of NF_REPEAT is issued.

Fix by jumping backwards to the hook invocation directly instead
of loading the previous list element before continuing the list
iteration.

Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
 net/netfilter/core.c |    3 ++-
 1 files changed, 2 insertions(+), 1 deletions(-)

diff --git a/net/netfilter/core.c b/net/netfilter/core.c
index 32fcbe2..4aa614b 100644
--- a/net/netfilter/core.c
+++ b/net/netfilter/core.c
@@ -133,6 +133,7 @@ unsigned int nf_iterate(struct list_head *head,
 
 		/* Optimization: we don't need to hold module
 		   reference here, since function can't sleep. --RR */
+repeat:
 		verdict = elem->hook(hook, skb, indev, outdev, okfn);
 		if (verdict != NF_ACCEPT) {
 #ifdef CONFIG_NETFILTER_DEBUG
@@ -145,7 +146,7 @@ unsigned int nf_iterate(struct list_head *head,
 #endif
 			if (verdict != NF_REPEAT)
 				return verdict;
-			*i = (*i)->prev;
+			goto repeat;
 		}
 	}
 	return NF_ACCEPT;
-- 
1.7.2.3


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH 00/01] netfilter: netfilter fixes
  2011-02-14 16:49 [PATCH 00/01] netfilter: netfilter fixes kaber
  2011-02-14 16:49 ` [PATCH 01/01] netfilter: nf_iterate: fix incorrect RCU usage kaber
@ 2011-02-14 19:15 ` David Miller
  1 sibling, 0 replies; 3+ messages in thread
From: David Miller @ 2011-02-14 19:15 UTC (permalink / raw)
  To: kaber; +Cc: netfilter-devel, netdev

From: kaber@trash.net
Date: Mon, 14 Feb 2011 17:49:11 +0100

> git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6.git master

Pulled, thanks Patrick!

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2011-02-14 19:15 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-02-14 16:49 [PATCH 00/01] netfilter: netfilter fixes kaber
2011-02-14 16:49 ` [PATCH 01/01] netfilter: nf_iterate: fix incorrect RCU usage kaber
2011-02-14 19:15 ` [PATCH 00/01] netfilter: netfilter fixes David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).