linux/net/ipv6/netfilter
Eric Dumazet db856674ac netfilter: xtables: fix reentrancy
commit f3c5c1bfd4 (make ip_tables reentrant) introduced a race in
handling the stackptr restore, at the end of ipt_do_table()

We should do it before the call to xt_info_rdunlock_bh(), or we allow
cpu preemption and another cpu overwrites stackptr of original one.

A second fix is to change the underflow test to check the origptr value
instead of 0 to detect underflow, or else we allow a jump from different
hooks.

Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Cc: Jan Engelhardt <jengelh@medozas.de>
Signed-off-by: Patrick McHardy <kaber@trash.net>
2011-03-20 15:40:06 +01:00
..
ip6_queue.c netfilter: ip6_queue: rwlock to spinlock conversion 2010-06-09 16:25:08 +02:00
ip6_tables.c netfilter: xtables: fix reentrancy 2011-03-20 15:40:06 +01:00
ip6t_ah.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_eui64.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_frag.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_hbh.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_ipv6header.c netfilter: xtables: deconstify struct xt_action_param for matches 2010-05-11 18:33:37 +02:00
ip6t_LOG.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-02-19 19:17:35 -08:00
ip6t_mh.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6t_REJECT.c net: Put fl6_* macros to struct flowi6 and use them again. 2011-03-12 15:08:55 -08:00
ip6t_rt.c netfilter: xtables: change hotdrop pointer to direct modification 2010-05-11 18:35:27 +02:00
ip6table_filter.c netfilter: cleanup printk messages 2010-05-13 15:02:08 +02:00
ip6table_mangle.c netfilter: cleanup printk messages 2010-05-13 15:02:08 +02:00
ip6table_raw.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ip6table_security.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
Kconfig netfilter: fix module dependency issues with IPv6 defragmentation, ip6tables and xt_TPROXY 2010-10-25 13:58:36 -07:00
Makefile Net: ipv6: netfiliter: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:12 -08:00
nf_conntrack_l3proto_ipv6.c tproxy: split off ipv6 defragmentation to a separate module 2010-10-21 16:03:43 +02:00
nf_conntrack_proto_icmpv6.c netfilter: nf_conntrack: IPS_UNTRACKED bit 2010-06-08 16:09:52 +02:00
nf_conntrack_reasm.c netfilter: add a missing include in nf_conntrack_reasm.c 2011-01-20 21:00:38 +01:00
nf_defrag_ipv6_hooks.c netfilter: fix compilation when conntrack is disabled but tproxy is enabled 2011-01-12 20:25:08 +01:00