releases/2.6.17.11/ip_tables-fix-table-locking-in-ipt_do_table.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From stable-bounces@linux.kernel.org Thu Aug 17 22:53:48 2006
 Message-ID: <44E555B9.9010009@trash.net>
 Date: Fri, 18 Aug 2006 07:52:57 +0200
 From: Patrick McHardy <kaber@trash.net>
 To: stable@kernel.org
 Cc: Adrian Bunk <bunk@stusta.de>
 Subject: [NETFILTER]: ip_tables: fix table locking in ipt_do_table

 From: Patrick McHardy <kaber@trash.net>

 [NETFILTER]: ip_tables: fix table locking in ipt_do_table

 table->private might change because of ruleset changes, don't use it without
 holding the lock.

 Signed-off-by: Patrick McHardy <kaber@trash.net>
 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

 ---
  net/ipv4/netfilter/arp_tables.c |    3 ++-
  net/ipv4/netfilter/ip_tables.c  |    3 ++-
  2 files changed, 4 insertions(+), 2 deletions(-)

 --- linux-2.6.17.9.orig/net/ipv4/netfilter/arp_tables.c
 +++ linux-2.6.17.9/net/ipv4/netfilter/arp_tables.c
 @@ -237,7 +237,7 @@ unsigned int arpt_do_table(struct sk_buf
  	struct arpt_entry *e, *back;
  	const char *indev, *outdev;
  	void *table_base;
 -	struct xt_table_info *private = table->private;
 +	struct xt_table_info *private;

  	/* ARP header, plus 2 device addresses, plus 2 IP addresses.  */
  	if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) +
 @@ -249,6 +249,7 @@ unsigned int arpt_do_table(struct sk_buf
  	outdev = out ? out->name : nulldevname;

  	read_lock_bh(&table->lock);
 +	private = table->private;
  	table_base = (void *)private->entries[smp_processor_id()];
  	e = get_entry(table_base, private->hook_entry[hook]);
  	back = get_entry(table_base, private->underflow[hook]);
 --- linux-2.6.17.9.orig/net/ipv4/netfilter/ip_tables.c
 +++ linux-2.6.17.9/net/ipv4/netfilter/ip_tables.c
 @@ -231,7 +231,7 @@ ipt_do_table(struct sk_buff **pskb,
  	const char *indev, *outdev;
  	void *table_base;
  	struct ipt_entry *e, *back;
 -	struct xt_table_info *private = table->private;
 +	struct xt_table_info *private;

  	/* Initialization */
  	ip = (*pskb)->nh.iph;
 @@ -248,6 +248,7 @@ ipt_do_table(struct sk_buff **pskb,

  	read_lock_bh(&table->lock);
  	IP_NF_ASSERT(table->valid_hooks & (1 << hook));
 +	private = table->private;
  	table_base = (void *)private->entries[smp_processor_id()];
  	e = get_entry(table_base, private->hook_entry[hook]);
	From stable-bounces@linux.kernel.org Thu Aug 17 22:53:48 2006
	Message-ID: <44E555B9.9010009@trash.net>
	Date: Fri, 18 Aug 2006 07:52:57 +0200
	From: Patrick McHardy <kaber@trash.net>
	To: stable@kernel.org
	Cc: Adrian Bunk <bunk@stusta.de>
	Subject: [NETFILTER]: ip_tables: fix table locking in ipt_do_table

	From: Patrick McHardy <kaber@trash.net>

	[NETFILTER]: ip_tables: fix table locking in ipt_do_table

	table->private might change because of ruleset changes, don't use it without
	holding the lock.

	Signed-off-by: Patrick McHardy <kaber@trash.net>
	Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

	---
	net/ipv4/netfilter/arp_tables.c \| 3 ++-
	net/ipv4/netfilter/ip_tables.c \| 3 ++-
	2 files changed, 4 insertions(+), 2 deletions(-)

	--- linux-2.6.17.9.orig/net/ipv4/netfilter/arp_tables.c
	+++ linux-2.6.17.9/net/ipv4/netfilter/arp_tables.c
	@@ -237,7 +237,7 @@ unsigned int arpt_do_table(struct sk_buf
	struct arpt_entry e, back;
	const char indev, outdev;
	void *table_base;
	- struct xt_table_info *private = table->private;
	+ struct xt_table_info *private;

	/* ARP header, plus 2 device addresses, plus 2 IP addresses. */
	if (!pskb_may_pull((*pskb), (sizeof(struct arphdr) +
	@@ -249,6 +249,7 @@ unsigned int arpt_do_table(struct sk_buf
	outdev = out ? out->name : nulldevname;

	read_lock_bh(&table->lock);
	+ private = table->private;
	table_base = (void *)private->entries[smp_processor_id()];
	e = get_entry(table_base, private->hook_entry[hook]);
	back = get_entry(table_base, private->underflow[hook]);
	--- linux-2.6.17.9.orig/net/ipv4/netfilter/ip_tables.c
	+++ linux-2.6.17.9/net/ipv4/netfilter/ip_tables.c
	@@ -231,7 +231,7 @@ ipt_do_table(struct sk_buff **pskb,
	const char indev, outdev;
	void *table_base;
	struct ipt_entry e, back;
	- struct xt_table_info *private = table->private;
	+ struct xt_table_info *private;

	/* Initialization */
	ip = (*pskb)->nh.iph;
	@@ -248,6 +248,7 @@ ipt_do_table(struct sk_buff **pskb,

	read_lock_bh(&table->lock);
	IP_NF_ASSERT(table->valid_hooks & (1 << hook));
	+ private = table->private;
	table_base = (void *)private->entries[smp_processor_id()];
	e = get_entry(table_base, private->hook_entry[hook]);