diff options
author | Eric Dumazet <edumazet@google.com> | 2018-02-12 17:11:48 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-02-16 15:00:55 +0100 |
commit | de526f401284e1638d4c97cb5a4c292ac3f37655 (patch) | |
tree | adce3258de97f6e996bc6abddcb70f961db5bba8 /net | |
parent | netfilter: nat: cope with negative port range (diff) | |
download | linux-de526f401284e1638d4c97cb5a4c292ac3f37655.tar.xz linux-de526f401284e1638d4c97cb5a4c292ac3f37655.zip |
netfilter: xt_hashlimit: fix lock imbalance
syszkaller found that rcu was not held in hashlimit_mt_common()
We only need to enable BH at this point.
Fixes: bea74641e378 ("netfilter: xt_hashlimit: add rate match mode")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzkaller <syzkaller@googlegroups.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/netfilter/xt_hashlimit.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index aa96027f4418..66f5aca62a08 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c @@ -775,7 +775,7 @@ hashlimit_mt_common(const struct sk_buff *skb, struct xt_action_param *par, if (!dh->rateinfo.prev_window && (dh->rateinfo.current_rate <= dh->rateinfo.burst)) { spin_unlock(&dh->lock); - rcu_read_unlock_bh(); + local_bh_enable(); return !(cfg->mode & XT_HASHLIMIT_INVERT); } else { goto overlimit; |