Commit 4ffcf5ca authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nf_tables: use rcu chain hook list iterator from netlink dump path 



Lockless iteration over hook list is possible from netlink dump path,
use rcu variant to iterate over the hook list as is done with flowtable
hooks.

Fixes: b9703ed4 ("netfilter: nf_tables: support for adding new devices to an existing netdev chain")
Reported-by: default avatarPhil Sutter <phil@nwl.cc>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent e1f1ee0e

net/netfilter/nf_tables_api.c

+1 −1
Original line number Diff line number Diff line
@@ -1849,7 +1849,7 @@ static int nft_dump_basechain_hook(struct sk_buff *skb, int family, 
		if (!hook_list)

			hook_list = &basechain->hook_list;



		list_for_each_entry(hook, hook_list, list) {

		list_for_each_entry_rcu(hook, hook_list, list) {

			if (!first)

				first = hook;