From: Holger Eitzenberger <holger@eitzenberger.org>
To: netfilter-devel <netfilter-devel@vger.kernel.org>
Cc: Patrick McHardy <kaber@trash.net>
Subject: [FIX V2] sip: add missing RCU reader lock
Date: Fri, 20 Sep 2013 22:43:04 +0200 [thread overview]
Message-ID: <20130920204304.GA12439@imap.eitzenberger.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 265 bytes --]
Hi,
I noticed that set_expected_rtp_rtcp() in net-next misses a 2nd
RCU reader lock when dereferencing the 2nd hook function. Same
bug is present in kernel v3.8 at least.
This is a resend, which extend the RCU protected area as needed.
Please check.
/Holger
[-- Attachment #2: sip-add-missing-RCU-reader-lock.diff --]
[-- Type: text/x-diff, Size: 1196 bytes --]
sip: add missing RCU reader lock in set_expected_rtp_rtcp()
Currently set_expected_rtp_rtcp() in the SIP helper uses
rcu_dereference() two times to access two different NAT hook
functions. However, only the first one is protected by the RCU
reader lock, but the 2nd isn't.
Fix it by extending the RCU protected area.
Signed-off-by: Holger Eitzenberger <holger.eitzenberger@sophos.com>
Index: net-next/net/netfilter/nf_conntrack_sip.c
===================================================================
--- net-next.orig/net/netfilter/nf_conntrack_sip.c
+++ net-next/net/netfilter/nf_conntrack_sip.c
@@ -966,7 +966,6 @@ static int set_expected_rtp_rtcp(struct
#endif
skip_expect = 1;
} while (!skip_expect);
- rcu_read_unlock();
base_port = ntohs(tuple.dst.u.udp.port) & ~1;
rtp_port = htons(base_port);
@@ -980,8 +979,10 @@ static int set_expected_rtp_rtcp(struct
goto err1;
}
- if (skip_expect)
+ if (skip_expect) {
+ rcu_read_unlock();
return NF_ACCEPT;
+ }
rtp_exp = nf_ct_expect_alloc(ct);
if (rtp_exp == NULL)
@@ -1012,6 +1013,7 @@ static int set_expected_rtp_rtcp(struct
err2:
nf_ct_expect_put(rtp_exp);
err1:
+ rcu_read_unlock();
return ret;
}
next reply other threads:[~2013-09-20 20:43 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-20 20:43 Holger Eitzenberger [this message]
2013-09-27 14:14 ` [FIX V2] sip: add missing RCU reader lock Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130920204304.GA12439@imap.eitzenberger.org \
--to=holger@eitzenberger.org \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).