diff options
author | Daniel Xu <dxu@dxuuu.xyz> | 2022-11-09 22:39:07 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-11-18 17:21:00 +0300 |
commit | 52d1aa8b8249ff477aaa38b6f74a8ced780d079c (patch) | |
tree | ac248cfe960bc3483f2aeea8a9e0257907952e83 /net/sched/act_connmark.c | |
parent | 40b9d1ab63f5c4f3cb69450044d07b45e5af72e1 (diff) | |
download | linux-52d1aa8b8249ff477aaa38b6f74a8ced780d079c.tar.xz |
netfilter: conntrack: Fix data-races around ct mark
nf_conn:mark can be read from and written to in parallel. Use
READ_ONCE()/WRITE_ONCE() for reads and writes to prevent unwanted
compiler optimizations.
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Daniel Xu <dxu@dxuuu.xyz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/sched/act_connmark.c')
-rw-r--r-- | net/sched/act_connmark.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/sched/act_connmark.c b/net/sched/act_connmark.c index 66b143bb04ac..d41002e4613f 100644 --- a/net/sched/act_connmark.c +++ b/net/sched/act_connmark.c @@ -61,7 +61,7 @@ static int tcf_connmark_act(struct sk_buff *skb, const struct tc_action *a, c = nf_ct_get(skb, &ctinfo); if (c) { - skb->mark = c->mark; + skb->mark = READ_ONCE(c->mark); /* using overlimits stats to count how many packets marked */ ca->tcf_qstats.overlimits++; goto out; @@ -81,7 +81,7 @@ static int tcf_connmark_act(struct sk_buff *skb, const struct tc_action *a, c = nf_ct_tuplehash_to_ctrack(thash); /* using overlimits stats to count how many packets marked */ ca->tcf_qstats.overlimits++; - skb->mark = c->mark; + skb->mark = READ_ONCE(c->mark); nf_ct_put(c); out: |