From patchwork Sun Apr 2 09:27:53 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Liping Zhang X-Patchwork-Id: 746146 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3vwqfg1rMtz9rxm for ; Sun, 2 Apr 2017 19:28:27 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=163.com header.i=@163.com header.b="XJ2BXtme"; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751168AbdDBJ20 (ORCPT ); Sun, 2 Apr 2017 05:28:26 -0400 Received: from m12-16.163.com ([220.181.12.16]:33976 "EHLO m12-16.163.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750984AbdDBJ2Z (ORCPT ); Sun, 2 Apr 2017 05:28:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com; s=s110527; h=From:Subject:Date:Message-Id; bh=6oTWqoEDHV3DVteU+h lMCIqMZUcua+458QDqjj9OfGs=; b=XJ2BXtmeYJhTESJxqY94Wstpn7YgF5F+jg JtkTS2FTaWhPukUEc4dB6o1mt65qY+OgtA5QGwaIlqYxytMXcj1+dj0exzy3GLYb dbphiTxdtnQvJLhlkOv2+If5x7fOtP5GglDuplgCSD4835o2TDcq2vLoY+8ksBfJ qltVDAVUM= Received: from MiWiFi-R2D-srv.localdomain (unknown [180.164.231.180]) by smtp12 (Coremail) with SMTP id EMCowAB3u7EpxOBYASjeNQ--.36097S2; Sun, 02 Apr 2017 17:28:15 +0800 (CST) From: Liping Zhang To: pablo@netfilter.org Cc: netfilter-devel@vger.kernel.org, Liping Zhang Subject: [PATCH nf] netfilter: make it safer during the inet6_dev->addr_list traversal Date: Sun, 2 Apr 2017 17:27:53 +0800 Message-Id: <1491125273-8002-1-git-send-email-zlpnobody@163.com> X-Mailer: git-send-email 2.5.5 X-CM-TRANSID: EMCowAB3u7EpxOBYASjeNQ--.36097S2 X-Coremail-Antispam: 1Uf129KBjvJXoW7AFyxtF4xJF4DGF4DZFyrZwb_yoW8AF43pF y3Ca4fJr17Xr4jvw1DuFW8uF4ru34FgwsrurWrA34kJFn8XrsIga1fKFWfW3Z8XrZxAw43 Xr1jg3ykGw1qvrJanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDUYxBIdaVFxhVjvjDU0xZFpf9x07j2_M3UUUUU= X-Originating-IP: [180.164.231.180] X-CM-SenderInfo: x2os00perg5qqrwthudrp/xtbBUQ+tl1aDthS0rgAAsJ Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org From: Liping Zhang inet6_dev->addr_list is protected by inet6_dev->lock, so only using rcu_read_lock is not enough, we should acquire read_lock_bh(&idev->lock) before the inet6_dev->addr_list traversal. Signed-off-by: Liping Zhang --- net/netfilter/nf_nat_redirect.c | 2 ++ net/netfilter/xt_TPROXY.c | 5 ++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/net/netfilter/nf_nat_redirect.c b/net/netfilter/nf_nat_redirect.c index d438698..86067560 100644 --- a/net/netfilter/nf_nat_redirect.c +++ b/net/netfilter/nf_nat_redirect.c @@ -101,11 +101,13 @@ nf_nat_redirect_ipv6(struct sk_buff *skb, const struct nf_nat_range *range, rcu_read_lock(); idev = __in6_dev_get(skb->dev); if (idev != NULL) { + read_lock_bh(&idev->lock); list_for_each_entry(ifa, &idev->addr_list, if_list) { newdst = ifa->addr; addr = true; break; } + read_unlock_bh(&idev->lock); } rcu_read_unlock(); diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c index 80cb7ba..df7f1df 100644 --- a/net/netfilter/xt_TPROXY.c +++ b/net/netfilter/xt_TPROXY.c @@ -393,7 +393,8 @@ tproxy_laddr6(struct sk_buff *skb, const struct in6_addr *user_laddr, rcu_read_lock(); indev = __in6_dev_get(skb->dev); - if (indev) + if (indev) { + read_lock_bh(&indev->lock); list_for_each_entry(ifa, &indev->addr_list, if_list) { if (ifa->flags & (IFA_F_TENTATIVE | IFA_F_DEPRECATED)) continue; @@ -401,6 +402,8 @@ tproxy_laddr6(struct sk_buff *skb, const struct in6_addr *user_laddr, laddr = &ifa->addr; break; } + read_unlock_bh(&indev->lock); + } rcu_read_unlock(); return laddr ? laddr : daddr;