Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

netfilter: nft_connlimit: fix possible data race on connection count 

nft_connlimit_eval() reads priv->list->count to check if the connection
limit has been exceeded. This value is being read without a lock and can
be modified by a different process. Use READ_ONCE() for correctness.

Fixes: df4a902509 ("netfilter: nf_conncount: merge lookup and add functions")
Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
This commit is contained in:
Fernando Fernandez Mancera 2025-10-24 17:54:39 +02:00 committed by Florian Westphal
parent 514f1dc8f2
commit 8d96dfdcab
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/netfilter/nft_connlimit.c
View File

@ -48,7 +48,7 @@ static inline void nft_connlimit_do_eval(struct nft_connlimit *priv,
return; return;
} }
count = priv->list->count; count = READ_ONCE(priv->list->count);
if ((count > priv->limit) ^ priv->invert) { if ((count > priv->limit) ^ priv->invert) {
regs->verdict.code = NFT_BREAK; regs->verdict.code = NFT_BREAK;