netfilter: make it safer during the inet6_dev->addr_list traversal

inet6_dev->addr_list is protected by inet6_dev->lock, so only using rcu_read_lock is not enough, we should acquire read_lock_bh(&idev->lock) before the inet6_dev->addr_list traversal. Signed-off-by: Liping Zhang <zlpnobody@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Liping Zhang <zlpnobody@gmail.com> 2017-04-02 17:27:53 +0800
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-04-08 23:52:16 +0200
commit: 0c7930e5763bdd189bd50035c025a9cbe5e82f23 (patch)
tree: e050756cd08b43500bc7e2b8a6f803a9f0b376bb /net/netfilter/nf_nat_redirect.c
parent: netfilter: ctnetlink: make it safer when checking the ct helper name (diff)
download: linux-dev-0c7930e5763bdd189bd50035c025a9cbe5e82f23.tar.xz
linux-dev-0c7930e5763bdd189bd50035c025a9cbe5e82f23.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/net/netfilter/nf_nat_redirect.c b/net/netfilter/nf_nat_redirect.c
index d43869879fcf..86067560a318 100644
--- a/net/netfilter/nf_nat_redirect.c
+++ b/net/netfilter/nf_nat_redirect.c
@@ -101,11 +101,13 @@ nf_nat_redirect_ipv6(struct sk_buff *skb, const struct nf_nat_range *range,
 		rcu_read_lock();
 		idev = __in6_dev_get(skb->dev);
 		if (idev != NULL) {
+			read_lock_bh(&idev->lock);
 			list_for_each_entry(ifa, &idev->addr_list, if_list) {
 				newdst = ifa->addr;
 				addr = true;
 				break;
 			}
+			read_unlock_bh(&idev->lock);
 		}
 		rcu_read_unlock();
author	Liping Zhang <zlpnobody@gmail.com>	2017-04-02 17:27:53 +0800
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-04-08 23:52:16 +0200
commit	0c7930e5763bdd189bd50035c025a9cbe5e82f23 (patch)
tree	e050756cd08b43500bc7e2b8a6f803a9f0b376bb /net/netfilter/nf_nat_redirect.c
parent	netfilter: ctnetlink: make it safer when checking the ct helper name (diff)
download	linux-dev-0c7930e5763bdd189bd50035c025a9cbe5e82f23.tar.xz linux-dev-0c7930e5763bdd189bd50035c025a9cbe5e82f23.zip