Skip to content

Commit

Permalink
netfilter: use rcu_read_bh() in ipt_do_table()
Browse files Browse the repository at this point in the history 
Commit 7845447
(netfilter: iptables: lock free counters) forgot to disable BH
in arpt_do_table(), ipt_do_table() and  ip6t_do_table()

Use rcu_read_lock_bh() instead of rcu_read_lock() cures the problem.

Reported-and-bisected-by: Roman Mindalev <[email protected]>
Signed-off-by: Eric Dumazet <[email protected]>
Acked-by: Patrick McHardy <[email protected]>
Acked-by: Stephen Hemminger <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
  • Loading branch information
@davem330
Eric Dumazet authored and davem330 committed Apr 2, 2009
1 parent 8cbd960 commit fa9a86d
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
4 changes: 2 additions & 2 deletions net/ipv4/netfilter/arp_tables.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
indev = in ? in->name : nulldevname;
outdev = out ? out->name : nulldevname;

rcu_read_lock();
rcu_read_lock_bh();
private = rcu_dereference(table->private);
table_base = rcu_dereference(private->entries[smp_processor_id()]);

Expand Down Expand Up @@ -329,7 +329,7 @@ unsigned int arpt_do_table(struct sk_buff *skb,
}
} while (!hotdrop);

rcu_read_unlock();
rcu_read_unlock_bh();

if (hotdrop)
return NF_DROP;
Expand Down
4 changes: 2 additions & 2 deletions net/ipv4/netfilter/ip_tables.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -339,7 +339,7 @@ ipt_do_table(struct sk_buff *skb,

IP_NF_ASSERT(table->valid_hooks & (1 << hook));

rcu_read_lock();
rcu_read_lock_bh();
private = rcu_dereference(table->private);
table_base = rcu_dereference(private->entries[smp_processor_id()]);

Expand Down Expand Up @@ -437,7 +437,7 @@ ipt_do_table(struct sk_buff *skb,
}
} while (!hotdrop);

rcu_read_unlock();
rcu_read_unlock_bh();

#ifdef DEBUG_ALLOW_ALL
return NF_ACCEPT;
Expand Down
4 changes: 2 additions & 2 deletions net/ipv6/netfilter/ip6_tables.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -365,7 +365,7 @@ ip6t_do_table(struct sk_buff *skb,

IP_NF_ASSERT(table->valid_hooks & (1 << hook));

rcu_read_lock();
rcu_read_lock_bh();
private = rcu_dereference(table->private);
table_base = rcu_dereference(private->entries[smp_processor_id()]);

Expand Down Expand Up @@ -466,7 +466,7 @@ ip6t_do_table(struct sk_buff *skb,
#ifdef CONFIG_NETFILTER_DEBUG
((struct ip6t_entry *)table_base)->comefrom = NETFILTER_LINK_POISON;
#endif
rcu_read_unlock();
rcu_read_unlock_bh();

#ifdef DEBUG_ALLOW_ALL
return NF_ACCEPT;
Expand Down

0 comments on commit fa9a86d

Please sign in to comment.