netfilter: ipset: Fix set:list type crash when flush/dump set in parallel

Flushing/listing entries was not RCU safe, so parallel flush/dump could lead to kernel crash. Bug reported by Deniz Eren. Fixes netfilter bugzilla id #1050. Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2016-02-24 20:32:21 +0100
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2016-02-24 20:32:21 +0100
commit: 45040978c8994d1401baf5cc5ac71c1495d4e120 (patch)
tree: ffeb080b7e2cee14529cf1d6324a48914368cc0f /net/netfilter/ipset/ip_set_core.c
parent: netfilter: nft_counter: fix erroneous return values (diff)
download: linux-dev-45040978c8994d1401baf5cc5ac71c1495d4e120.tar.xz
linux-dev-45040978c8994d1401baf5cc5ac71c1495d4e120.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 95db43fc0303..7e6568cad494 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -985,6 +985,9 @@ static int ip_set_destroy(struct net *net, struct sock *ctnl,
 	if (unlikely(protocol_failed(attr)))
 		return -IPSET_ERR_PROTOCOL;
 
+	/* Must wait for flush to be really finished in list:set */
+	rcu_barrier();
+
 	/* Commands are serialized and references are
 	 * protected by the ip_set_ref_lock.
 	 * External systems (i.e. xt_set) must call
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2016-02-24 20:32:21 +0100
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2016-02-24 20:32:21 +0100
commit	45040978c8994d1401baf5cc5ac71c1495d4e120 (patch)
tree	ffeb080b7e2cee14529cf1d6324a48914368cc0f /net/netfilter/ipset/ip_set_core.c
parent	netfilter: nft_counter: fix erroneous return values (diff)
download	linux-dev-45040978c8994d1401baf5cc5ac71c1495d4e120.tar.xz linux-dev-45040978c8994d1401baf5cc5ac71c1495d4e120.zip