netfilter: conntrack: Fix data-races around ct mark

nf_conn:mark can be read from and written to in parallel. Use READ_ONCE()/WRITE_ONCE() for reads and writes to prevent unwanted compiler optimizations. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Daniel Xu <dxu@dxuuu.xyz> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Daniel Xu <dxu@dxuuu.xyz> 2022-11-09 22:39:07 +0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2022-11-18 17:21:00 +0300
commit: 52d1aa8b8249ff477aaa38b6f74a8ced780d079c (patch)
tree: ac248cfe960bc3483f2aeea8a9e0257907952e83 /net/sched/act_connmark.c
parent: 40b9d1ab63f5c4f3cb69450044d07b45e5af72e1 (diff)
download: linux-52d1aa8b8249ff477aaa38b6f74a8ced780d079c.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/net/sched/act_connmark.c b/net/sched/act_connmark.c
index 66b143bb04ac..d41002e4613f 100644
--- a/net/sched/act_connmark.c
+++ b/net/sched/act_connmark.c
@@ -61,7 +61,7 @@ static int tcf_connmark_act(struct sk_buff *skb, const struct tc_action *a,
 
 	c = nf_ct_get(skb, &ctinfo);
 	if (c) {
-		skb->mark = c->mark;
+		skb->mark = READ_ONCE(c->mark);
 		/* using overlimits stats to count how many packets marked */
 		ca->tcf_qstats.overlimits++;
 		goto out;
@@ -81,7 +81,7 @@ static int tcf_connmark_act(struct sk_buff *skb, const struct tc_action *a,
 	c = nf_ct_tuplehash_to_ctrack(thash);
 	/* using overlimits stats to count how many packets marked */
 	ca->tcf_qstats.overlimits++;
-	skb->mark = c->mark;
+	skb->mark = READ_ONCE(c->mark);
 	nf_ct_put(c);
 
 out:
author	Daniel Xu <dxu@dxuuu.xyz>	2022-11-09 22:39:07 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-11-18 17:21:00 +0300
commit	52d1aa8b8249ff477aaa38b6f74a8ced780d079c (patch)
tree	ac248cfe960bc3483f2aeea8a9e0257907952e83 /net/sched/act_connmark.c
parent	40b9d1ab63f5c4f3cb69450044d07b45e5af72e1 (diff)
download	linux-52d1aa8b8249ff477aaa38b6f74a8ced780d079c.tar.xz