Currently set_expected_rtp_rtcp() in the SIP helper uses rcu_dereference() two times to access two different NAT hook functions. However, only the first one is protected properly by the RCU reader lock, but the 2nd isn't. I chose to not just extend the first RCU protected area but putting the rcu_read_unlock() down, because there is a 'return' in between. Signed-off-by: Holger Eitzenberger <holger.eitzenberger@xxxxxxxxxx> Index: net-next/net/netfilter/nf_conntrack_sip.c =================================================================== --- net-next.orig/net/netfilter/nf_conntrack_sip.c +++ net-next/net/netfilter/nf_conntrack_sip.c @@ -983,6 +983,7 @@ static int set_expected_rtp_rtcp(struct if (skip_expect) return NF_ACCEPT; + rcu_read_lock(); rtp_exp = nf_ct_expect_alloc(ct); if (rtp_exp == NULL) goto err1; @@ -1012,6 +1013,7 @@ static int set_expected_rtp_rtcp(struct err2: nf_ct_expect_put(rtp_exp); err1: + rcu_read_unlock(); return ret; } -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html