Commit 05e61e65 authored by Li RongQing's avatar Li RongQing Committed by Xie XiuQi
Browse files

netfilter: nf_tables: check the result of dereferencing base_chain->stats 



mainline inclusion
from mainline-5.0
commit a9f5e78c
category: bugfix
bugzilla: 11221
CVE: NA

-------------------------------------------------

Check the result of dereferencing base_chain->stats, instead of result
of this_cpu_ptr with NULL.

base_chain->stats maybe be changed to NULL when a chain is updated and a
new NULL counter can be attached.

And we do not need to check returning of this_cpu_ptr since
base_chain->stats is from percpu allocator if it is non-NULL,
this_cpu_ptr returns a valid value.

And fix two sparse error by replacing rcu_access_pointer and
rcu_dereference with READ_ONCE under rcu_read_lock.

Thanks for Eric's help to finish this patch.

Fixes: 00924094 ("netfilter: nf_tables: don't assume chain stats are set when jumplabel is set")
Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: default avatarZhang Yu <zhangyu31@baidu.com>
Signed-off-by: default avatarLi RongQing <lirongqing@baidu.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarZhiqiang Liu <liuzhiqiang26@huawei.com>
Reviewed-by: default avatarWenan Mao <maowenan@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parent ee6aaa92
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment