From 4ecd5474b7a19aa84158f8e727fa6dbfc9464191 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 23 Mar 2022 11:01:39 +0000
Subject: [PATCH] NFQUEUE: Hold RCU read lock while calling nf_reinject

nf_reinject requires the called to hold the RCU read-side lock which
wasn't the case in nfqnl_reinject.

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 net/netfilter/nfnetlink_queue.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/nfnetlink_queue.c b/net/netfilter/nfnetlink_queue.c
index 8787d0613ad8..b12cc5d21310 100644
--- a/net/netfilter/nfnetlink_queue.c
+++ b/net/netfilter/nfnetlink_queue.c
@@ -228,19 +228,20 @@ static void nfqnl_reinject(struct nf_queue_entry *entry, unsigned int verdict)
 	struct nf_ct_hook *ct_hook;
 	int err;
 
+	rcu_read_lock();
+
 	if (verdict == NF_ACCEPT ||
 	    verdict == NF_REPEAT ||
 	    verdict == NF_STOP) {
-		rcu_read_lock();
 		ct_hook = rcu_dereference(nf_ct_hook);
 		if (ct_hook) {
 			err = ct_hook->update(entry->state.net, entry->skb);
 			if (err < 0)
 				verdict = NF_DROP;
 		}
-		rcu_read_unlock();
 	}
 	nf_reinject(entry, verdict);
+	rcu_read_unlock();
 }
 
 static void
-- 
2.30.2