From: Eric W. Biederman <ebiederm@xmission.com>
Date: Fri, 19 Jun 2015 22:23:37 +0000 (-0500)
Subject: netfilter: nf_queue: Don't recompute the hook_list head
X-Git-Tag: v5.15~15428^2~16^2~6
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f307170d6e591a48529425b1ed6ca835790995a9;p=platform%2Fkernel%2Flinux-starfive.git

netfilter: nf_queue: Don't recompute the hook_list head

If someone sends packets from one of the netdevice ingress hooks to
the a userspace queue, and then userspace later accepts the packet,
the netfilter code can enter an infinite loop as the list head will
never be found.

Pass in the saved list_head to avoid this.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c
index cd60d39..8a8b2ab 100644
--- a/net/netfilter/nf_queue.c
+++ b/net/netfilter/nf_queue.c
@@ -213,7 +213,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict)
 
 	if (verdict == NF_ACCEPT) {
 	next_hook:
-		verdict = nf_iterate(&nf_hooks[entry->state.pf][entry->state.hook],
+		verdict = nf_iterate(entry->state.hook_list,
 				     skb, &entry->state, &elem);
 	}