releases/2.6.14.5/fix-unbalanced-read_unlock_bh-in-ctnetlink.patch - pub/scm/linux/kernel/git/warthog9/stable-queue - Git at Google

 From stable-bounces@linux.kernel.org Tue Dec 13 03:28:35 2005
 Message-ID: <439EAFCF.1040409@trash.net>
 Date: Tue, 13 Dec 2005 12:26:07 +0100
 From: Patrick McHardy <kaber@trash.net>
 To: stable@kernel.org
 Cc: Harald Welte <laforge@netfilter.org>, Pablo Neira <pablo@eurodev.net>,
         Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>,
         Krzysztof Oledzki <olenf@ans.pl>
 Subject: [NETFILTER]: Fix unbalanced read_unlock_bh in ctnetlink

 NFA_NEST calls NFA_PUT which jumps to nfattr_failure if the skb has no
 room left. We call read_unlock_bh at nfattr_failure for the NFA_PUT
 inside the locked section, so move NFA_NEST inside the locked section
 too.

 Signed-off-by: Patrick McHardy <kaber@trash.net>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl>
 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

 ---
  net/ipv4/netfilter/ip_conntrack_proto_tcp.c |    3 ++-
  1 file changed, 2 insertions(+), 1 deletion(-)

 --- linux-2.6.14.4.orig/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
 +++ linux-2.6.14.4/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
 @@ -341,9 +341,10 @@ static int tcp_print_conntrack(struct se
  static int tcp_to_nfattr(struct sk_buff *skb, struct nfattr *nfa,
  			 const struct ip_conntrack *ct)
  {
 -	struct nfattr *nest_parms = NFA_NEST(skb, CTA_PROTOINFO_TCP);
 +	struct nfattr *nest_parms;

  	read_lock_bh(&tcp_lock);
 +	nest_parms = NFA_NEST(skb, CTA_PROTOINFO_TCP);
  	NFA_PUT(skb, CTA_PROTOINFO_TCP_STATE, sizeof(u_int8_t),
  		&ct->proto.tcp.state);
  	read_unlock_bh(&tcp_lock);
	From stable-bounces@linux.kernel.org Tue Dec 13 03:28:35 2005
	Message-ID: <439EAFCF.1040409@trash.net>
	Date: Tue, 13 Dec 2005 12:26:07 +0100
	From: Patrick McHardy <kaber@trash.net>
	To: stable@kernel.org
	Cc: Harald Welte <laforge@netfilter.org>, Pablo Neira <pablo@eurodev.net>,
	Netfilter Development Mailinglist <netfilter-devel@lists.netfilter.org>,
	Krzysztof Oledzki <olenf@ans.pl>
	Subject: [NETFILTER]: Fix unbalanced read_unlock_bh in ctnetlink

	NFA_NEST calls NFA_PUT which jumps to nfattr_failure if the skb has no
	room left. We call read_unlock_bh at nfattr_failure for the NFA_PUT
	inside the locked section, so move NFA_NEST inside the locked section
	too.

	Signed-off-by: Patrick McHardy <kaber@trash.net>
	Signed-off-by: David S. Miller <davem@davemloft.net>
	Signed-off-by: Krzysztof Piotr Oledzki <ole@ans.pl>
	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

	---
	net/ipv4/netfilter/ip_conntrack_proto_tcp.c \| 3 ++-
	1 file changed, 2 insertions(+), 1 deletion(-)

	--- linux-2.6.14.4.orig/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
	+++ linux-2.6.14.4/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
	@@ -341,9 +341,10 @@ static int tcp_print_conntrack(struct se
	static int tcp_to_nfattr(struct sk_buff skb, struct nfattr nfa,
	const struct ip_conntrack *ct)
	{
	- struct nfattr *nest_parms = NFA_NEST(skb, CTA_PROTOINFO_TCP);
	+ struct nfattr *nest_parms;

	read_lock_bh(&tcp_lock);
	+ nest_parms = NFA_NEST(skb, CTA_PROTOINFO_TCP);
	NFA_PUT(skb, CTA_PROTOINFO_TCP_STATE, sizeof(u_int8_t),
	&ct->proto.tcp.state);
	read_unlock_bh(&tcp_lock);