From patchwork Mon Feb 12 16:11:48 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 872132 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="i6l4z5+7"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zg9fR0xn5z9sRm for ; Tue, 13 Feb 2018 03:11:59 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S935350AbeBLQL4 (ORCPT ); Mon, 12 Feb 2018 11:11:56 -0500 Received: from mail-qt0-f195.google.com ([209.85.216.195]:33844 "EHLO mail-qt0-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934432AbeBLQLz (ORCPT ); Mon, 12 Feb 2018 11:11:55 -0500 Received: by mail-qt0-f195.google.com with SMTP id d14so184922qtg.1 for ; Mon, 12 Feb 2018 08:11:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:to:cc:date:mime-version :content-transfer-encoding; bh=FxyIRe/qbsJBne99pkcsVrUmAR3+udgRZCLrNuijkzo=; b=i6l4z5+7cL1xTjzvKvlhiaXIIPAb6V15GfXjxUWf5+k2MO5ussKWXFta6M5N2biyao rtHfanD4kUEYRXjHoBT5xMTbVu3+o1lweXU6wDOK+kDA8qvQIb5MAZFNomR0ji0kFjlj LCxK0ePRNr1gQqdwJ1fmfT11Af+KJNEFVVnQ7t3aPsHAzvPIx3yp1SBHXER0YB6mDNlx pQtrjDRb31qYx/KkSNeuOkr9t5yFHnrpUgAW1yGarVuflQ4+SN4g/yWiM14i+KCCP5D0 Cw2325luhcegamnR0prQjloqKqNN8W5zoMOrtfajZzppliIhyagvhJh5jlDa21Zmk21t P5Gg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:mime-version :content-transfer-encoding; bh=FxyIRe/qbsJBne99pkcsVrUmAR3+udgRZCLrNuijkzo=; b=TG2sTA0O7w6DDUuV89es5+XTY19fjmXitg4lo0fLOWazCPr3qfAy0PVhyAxxYGMmRL Zjls6Ty084tvmGlV9KLIQAC6q4UkMoiIpRVs3dBOZ1m4ZMvMgzC2vPL6jy3zY41VxA26 +pfQWDigryOxk7GpW3cqwsLrVy+FwuqbNL9/mLu5jetYeWGbPDvVuyhtLF1OG7lUYE0h CPd/8UyS6WWjGQleF5UbHBO7gxTisAPiRCE1vKZw6aG4xqu033c58VS0vzoUX5s6f6st B4zL6D5WbjNEOSzARbIuyDDEwHkUJ1ipnNxHXVgWYJpuqEyCrE7y7NBLe1kix/Pe/mun tZXQ== X-Gm-Message-State: APf1xPBzm+ImFkRu17cBHA+g/cacCGbSZQ0/oLkD1bjYr2rASgEbzwgU bAV4MFyBng8XV3oNBwjl2OQ= X-Google-Smtp-Source: AH8x225+fBuxTwQ4pDObK5ZvXIwi/OXBA19qdYbGpbdvbhrqTU/AZTlBh9jsIDiNsdUTAMYLcv2TkQ== X-Received: by 10.200.18.75 with SMTP id g11mr19849334qtj.71.1518451914558; Mon, 12 Feb 2018 08:11:54 -0800 (PST) Received: from [10.1.104.77] ([207.198.105.19]) by smtp.googlemail.com with ESMTPSA id u9sm6396144qtj.80.2018.02.12.08.11.52 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Mon, 12 Feb 2018 08:11:53 -0800 (PST) Message-ID: <1518451908.3715.161.camel@gmail.com> Subject: [PATCH net] netfilter: xt_hashlimit: fix lock imbalance From: Eric Dumazet To: Pablo Neira Ayuso , Florian Westphal Cc: Vishwanath Pai , netdev Date: Mon, 12 Feb 2018 08:11:48 -0800 X-Mailer: Evolution 3.22.6-1+deb9u1 Mime-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Eric Dumazet syszkaller found that rcu was not held in hashlimit_mt_common() We only need to enable BH at this point. Fixes: bea74641e378 ("netfilter: xt_hashlimit: add rate match mode") Signed-off-by: Eric Dumazet Reported-by: syzkaller Acked-by: Vishwanath Pai ---  net/netfilter/xt_hashlimit.c |    2 +-  1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index ca6847403ca218c478d208080aab3e3c92a0a615..1fea48b4182f7cd5669b9c5e7100b2735cc590e7 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c @@ -774,7 +774,7 @@ hashlimit_mt_common(const struct sk_buff *skb, struct xt_action_param *par, if (!dh->rateinfo.prev_window && (dh->rateinfo.current_rate <= dh->rateinfo.burst)) { spin_unlock(&dh->lock); - rcu_read_unlock_bh(); + local_bh_enable(); return !(cfg->mode & XT_HASHLIMIT_INVERT); } else { goto overlimit;