Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2c1e2703 authored by Aaron Conole's avatar Aaron Conole Committed by Pablo Neira Ayuso
Browse files

netfilter: call nf_hook_ingress with rcu_read_lock 



This commit ensures that the rcu read-side lock is held while the
ingress hook is called.  This ensures that a call to nf_hook_slow (and
ultimately nf_ingress) will be read protected.

Signed-off-by: default avatarAaron Conole <aconole@bytheb.org>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent fe72926b

net/core/dev.c

+6 −1
Original line number Diff line number Diff line
@@ -4040,12 +4040,17 @@ static inline int nf_ingress(struct sk_buff *skb, struct packet_type **pt_prev, 
{

#ifdef CONFIG_NETFILTER_INGRESS

	if (nf_hook_ingress_active(skb)) {

		int ingress_retval;



		if (*pt_prev) {

			*ret = deliver_skb(skb, *pt_prev, orig_dev);

			*pt_prev = NULL;

		}



		return nf_hook_ingress(skb);

		rcu_read_lock();

		ingress_retval = nf_hook_ingress(skb);

		rcu_read_unlock();

		return ingress_retval;

	}

#endif /* CONFIG_NETFILTER_INGRESS */

	return 0;