netfilter: nf_tables: don't skip inactive chains during update - linux-dev - Linux kernel development work

diff options

author	Florian Westphal <fw@strlen.de>	2018-10-31 18:26:20 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-11-12 16:13:35 +0100
commit	0fb39bbe43d4481fcf300d2b5822de60942fd189 (patch)
tree	a5bbef61262e9d4c83b5e80e3f0e43abbfd14a89 /tools
parent	netfilter: nf_conncount: fix unexpected permanent node of list. (diff)
download	linux-dev-0fb39bbe43d4481fcf300d2b5822de60942fd189.tar.xz linux-dev-0fb39bbe43d4481fcf300d2b5822de60942fd189.zip

netfilter: nf_tables: don't skip inactive chains during update

There is no synchronization between packet path and the configuration plane. The packet path uses two arrays with rules, one contains the current (active) generation. The other either contains the last (obsolete) generation or the future one. Consider: cpu1 cpu2 nft_do_chain(c); delete c net->gen++; genbit = !!net->gen; rules = c->rg[genbit]; cpu1 ignores c when updating if c is not active anymore in the new generation. On cpu2, we now use rules from wrong generation, as c->rg[old] contains the rules matching 'c' whereas c->rg[new] was not updated and can even point to rules that have been free'd already, causing a crash. To fix this, make sure that 'current' to the 'next' generation are identical for chains that are going away so that c->rg[new] will just use the matching rules even if genbit was incremented already. Fixes: 0cbc06b3faba7 ("netfilter: nf_tables: remove synchronize_rcu in commit phase") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'tools')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: