diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-10 10:53:00 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-06-16 13:07:29 +0200 |
commit | 5bc5c307653cbf8fe9da6cbd8ae6c6bd5b86ff4b (patch) | |
tree | 74d2777a909bbbbe2a94139439643ca1d711a911 /net | |
parent | netfilter: ctnetlink: fix refcnt leak in dying/unconfirmed list dumper (diff) | |
download | linux-5bc5c307653cbf8fe9da6cbd8ae6c6bd5b86ff4b.tar.xz linux-5bc5c307653cbf8fe9da6cbd8ae6c6bd5b86ff4b.zip |
netfilter: nf_tables: use RCU-safe list insertion when replacing rules
The patch 5e94846 ("netfilter: nf_tables: add insert operation") did
not include RCU-safe list insertion when replacing rules.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/nf_tables_api.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 624e083125b9..ba37c10e5139 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1796,7 +1796,7 @@ static int nf_tables_newrule(struct sock *nlsk, struct sk_buff *skb, goto err2; } nft_rule_disactivate_next(net, old_rule); - list_add_tail(&rule->list, &old_rule->list); + list_add_tail_rcu(&rule->list, &old_rule->list); } else { err = -ENOENT; goto err2; |