diff options
| author | Patrick McHardy <kaber@trash.net> | 2005-12-05 16:37:33 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2005-12-05 16:37:33 -0500 |
| commit | 266c8543480e2202ab63d1d604a5ca049f350cd8 (patch) | |
| tree | 77c754dce63f39e1f9dc2d1768ecd348c1d50c74 /net | |
| parent | 6636568cf85ef5898a892e90fcc88b61cca9ca27 (diff) | |
[NETFILTER]: Fix unbalanced read_unlock_bh in ctnetlink
NFA_NEST calls NFA_PUT which jumps to nfattr_failure if the skb has no
room left. We call read_unlock_bh at nfattr_failure for the NFA_PUT inside
the locked section, so move NFA_NEST inside the locked section too.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
| -rw-r--r-- | net/ipv4/netfilter/ip_conntrack_proto_tcp.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c index aeb7353d4777..e7fa29e576dc 100644 --- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c +++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c | |||
| @@ -341,9 +341,10 @@ static int tcp_print_conntrack(struct seq_file *s, | |||
| 341 | static int tcp_to_nfattr(struct sk_buff *skb, struct nfattr *nfa, | 341 | static int tcp_to_nfattr(struct sk_buff *skb, struct nfattr *nfa, |
| 342 | const struct ip_conntrack *ct) | 342 | const struct ip_conntrack *ct) |
| 343 | { | 343 | { |
| 344 | struct nfattr *nest_parms = NFA_NEST(skb, CTA_PROTOINFO_TCP); | 344 | struct nfattr *nest_parms; |
| 345 | 345 | ||
| 346 | read_lock_bh(&tcp_lock); | 346 | read_lock_bh(&tcp_lock); |
| 347 | nest_parms = NFA_NEST(skb, CTA_PROTOINFO_TCP); | ||
| 347 | NFA_PUT(skb, CTA_PROTOINFO_TCP_STATE, sizeof(u_int8_t), | 348 | NFA_PUT(skb, CTA_PROTOINFO_TCP_STATE, sizeof(u_int8_t), |
| 348 | &ct->proto.tcp.state); | 349 | &ct->proto.tcp.state); |
| 349 | read_unlock_bh(&tcp_lock); | 350 | read_unlock_bh(&tcp_lock); |