Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d817d29d authored by Eric Dumazet's avatar Eric Dumazet Committed by Patrick McHardy
Browse files

netfilter: fix nf_conntrack_l4proto_register() 



While doing __rcu annotations work on net/netfilter I found following
bug. On some arches, it is possible we publish a table while its content
is not yet committed to memory, and lockless reader can dereference wild
pointer.

Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: default avatarPatrick McHardy <kaber@trash.net>
parent 64e46749

net/netfilter/nf_conntrack_proto.c

+6 −0
Original line number Diff line number Diff line
@@ -292,6 +292,12 @@ int nf_conntrack_l4proto_register(struct nf_conntrack_l4proto *l4proto) 


		for (i = 0; i < MAX_NF_CT_PROTO; i++)

			proto_array[i] = &nf_conntrack_l4proto_generic;



		/* Before making proto_array visible to lockless readers,

		 * we must make sure its content is committed to memory.

		 */

		smp_wmb();



		nf_ct_protos[l4proto->l3proto] = proto_array;

	} else if (nf_ct_protos[l4proto->l3proto][l4proto->l4proto] !=

					&nf_conntrack_l4proto_generic) {