* [FIX V2] sip: add missing RCU reader lock
@ 2013-09-20 20:43 Holger Eitzenberger
2013-09-27 14:14 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Holger Eitzenberger @ 2013-09-20 20:43 UTC (permalink / raw)
To: netfilter-devel; +Cc: Patrick McHardy
[-- Attachment #1: Type: text/plain, Size: 265 bytes --]
Hi,
I noticed that set_expected_rtp_rtcp() in net-next misses a 2nd
RCU reader lock when dereferencing the 2nd hook function. Same
bug is present in kernel v3.8 at least.
This is a resend, which extend the RCU protected area as needed.
Please check.
/Holger
[-- Attachment #2: sip-add-missing-RCU-reader-lock.diff --]
[-- Type: text/x-diff, Size: 1196 bytes --]
sip: add missing RCU reader lock in set_expected_rtp_rtcp()
Currently set_expected_rtp_rtcp() in the SIP helper uses
rcu_dereference() two times to access two different NAT hook
functions. However, only the first one is protected by the RCU
reader lock, but the 2nd isn't.
Fix it by extending the RCU protected area.
Signed-off-by: Holger Eitzenberger <holger.eitzenberger@sophos.com>
Index: net-next/net/netfilter/nf_conntrack_sip.c
===================================================================
--- net-next.orig/net/netfilter/nf_conntrack_sip.c
+++ net-next/net/netfilter/nf_conntrack_sip.c
@@ -966,7 +966,6 @@ static int set_expected_rtp_rtcp(struct
#endif
skip_expect = 1;
} while (!skip_expect);
- rcu_read_unlock();
base_port = ntohs(tuple.dst.u.udp.port) & ~1;
rtp_port = htons(base_port);
@@ -980,8 +979,10 @@ static int set_expected_rtp_rtcp(struct
goto err1;
}
- if (skip_expect)
+ if (skip_expect) {
+ rcu_read_unlock();
return NF_ACCEPT;
+ }
rtp_exp = nf_ct_expect_alloc(ct);
if (rtp_exp == NULL)
@@ -1012,6 +1013,7 @@ static int set_expected_rtp_rtcp(struct
err2:
nf_ct_expect_put(rtp_exp);
err1:
+ rcu_read_unlock();
return ret;
}
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [FIX V2] sip: add missing RCU reader lock
2013-09-20 20:43 [FIX V2] sip: add missing RCU reader lock Holger Eitzenberger
@ 2013-09-27 14:14 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2013-09-27 14:14 UTC (permalink / raw)
To: holger@eitzenberger.org; +Cc: netfilter-devel, Patrick McHardy
On Fri, Sep 20, 2013 at 10:43:04PM +0200, Holger Eitzenberger wrote:
> Hi,
>
> I noticed that set_expected_rtp_rtcp() in net-next misses a 2nd
> RCU reader lock when dereferencing the 2nd hook function. Same
> bug is present in kernel v3.8 at least.
>
> This is a resend, which extend the RCU protected area as needed.
Applied to nf-next, thanks Holger.
I added to the description a short clarification, as Patrick mentioned,
this is comestic fix.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-09-27 14:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-09-20 20:43 [FIX V2] sip: add missing RCU reader lock Holger Eitzenberger
2013-09-27 14:14 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).