Merge pull request #45 from github/always-release-rcu-lock

[ipt_GLBREDIRECT] Ensure all conntrack paths call rcu_read_unlock.
github · Nov 1, 2018 · aea242e · aea242e
2 parents d5e6f63 + cb0c40b
commit aea242e
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/src/glb-redirect/ipt_GLBREDIRECT.c b/src/glb-redirect/ipt_GLBREDIRECT.c
@@ -428,6 +428,7 @@ static unsigned int is_valid_locally(struct net *net, struct sk_buff *skb, int i
 			goto no_ct_entry;
 
 		rcu_read_lock();
+		/* from now on no_ct_entry_unlock should be used to ensure we release this lock */
 
 		thash = nf_conntrack_find_get(net,
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(4,3,0)
@@ -437,11 +438,11 @@ static unsigned int is_valid_locally(struct net *net, struct sk_buff *skb, int i
 #endif
 			&tuple);
 		if (thash == NULL)
-			goto no_ct_entry;
+			goto no_ct_entry_unlock;
 
 		ct = nf_ct_tuplehash_to_ctrack(thash);
 		if (ct == NULL)
-			goto no_ct_entry;
+			goto no_ct_entry_unlock;
 
 		if (!nf_ct_is_dying(ct) && nf_ct_tuple_equal(&tuple, &thash->tuple)) {
 			nf_ct_put(ct);
@@ -450,6 +451,7 @@ static unsigned int is_valid_locally(struct net *net, struct sk_buff *skb, int i
 		}
 
 		nf_ct_put(ct);
+no_ct_entry_unlock:
 		rcu_read_unlock();
 	}