diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2016-02-24 20:32:21 +0100 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2016-02-24 20:32:21 +0100 |
commit | 45040978c8994d1401baf5cc5ac71c1495d4e120 (patch) | |
tree | ffeb080b7e2cee14529cf1d6324a48914368cc0f /net/netfilter/ipset/ip_set_core.c | |
parent | netfilter: nft_counter: fix erroneous return values (diff) | |
download | linux-dev-45040978c8994d1401baf5cc5ac71c1495d4e120.tar.xz linux-dev-45040978c8994d1401baf5cc5ac71c1495d4e120.zip |
netfilter: ipset: Fix set:list type crash when flush/dump set in parallel
Flushing/listing entries was not RCU safe, so parallel flush/dump
could lead to kernel crash. Bug reported by Deniz Eren.
Fixes netfilter bugzilla id #1050.
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'net/netfilter/ipset/ip_set_core.c')
-rw-r--r-- | net/netfilter/ipset/ip_set_core.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 95db43fc0303..7e6568cad494 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -985,6 +985,9 @@ static int ip_set_destroy(struct net *net, struct sock *ctnl, if (unlikely(protocol_failed(attr))) return -IPSET_ERR_PROTOCOL; + /* Must wait for flush to be really finished in list:set */ + rcu_barrier(); + /* Commands are serialized and references are * protected by the ip_set_ref_lock. * External systems (i.e. xt_set) must call |