netfilter: conntrack: Fix data-races around ct mark

nf_conn:mark can be read from and written to in parallel. Use READ_ONCE()/WRITE_ONCE() for reads and writes to prevent unwanted compiler optimizations. Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Daniel Xu <dxu@dxuuu.xyz> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Daniel Xu <dxu@dxuuu.xyz> 2022-11-09 12:39:07 -0700
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2022-11-18 15:21:00 +0100
commit: 52d1aa8b8249ff477aaa38b6f74a8ced780d079c (patch)
tree: ac248cfe960bc3483f2aeea8a9e0257907952e83 /net/core/flow_dissector.c
parent: 40b9d1ab63f5c4f3cb69450044d07b45e5af72e1 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 25cd35f5922e..007730412947 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -296,7 +296,7 @@ skb_flow_dissect_ct(const struct sk_buff *skb,
 	key->ct_zone = ct->zone.id;
 #endif
 #if IS_ENABLED(CONFIG_NF_CONNTRACK_MARK)
-	key->ct_mark = ct->mark;
+	key->ct_mark = READ_ONCE(ct->mark);
 #endif
 
 	cl = nf_ct_labels_find(ct);
author	Daniel Xu <dxu@dxuuu.xyz>	2022-11-09 12:39:07 -0700
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2022-11-18 15:21:00 +0100
commit	52d1aa8b8249ff477aaa38b6f74a8ced780d079c (patch)
tree	ac248cfe960bc3483f2aeea8a9e0257907952e83 /net/core/flow_dissector.c
parent	40b9d1ab63f5c4f3cb69450044d07b45e5af72e1 (diff)