Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/net/netfilter/ipset
History
Jozsef Kadlecsik 8ecd06277a netfilter: ipset: Fix suspicious rcu_dereference_protected() 
When destroying all sets, we are either in pernet exit phase or
are executing a "destroy all sets command" from userspace. The latter
was taken into account in ip_set_dereference() (nfnetlink mutex is held),
but the former was not. The patch adds the required check to
rcu_dereference_protected() in ip_set_dereference().

Fixes: 4e7aaa6b82 ("netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type")
Reported-by: syzbot+b62c37cdd58103293a5a@syzkaller.appspotmail.com
Reported-by: syzbot+cfbe1da5fdfc39efc293@syzkaller.appspotmail.com
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202406141556.e0b6f17e-lkp@intel.com
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 		2024-06-19 15:12:56 +02:00
..
Kconfig
Makefile
ip_set_bitmap_gen.h
ip_set_bitmap_ip.c
ip_set_bitmap_ipmac.c
ip_set_bitmap_port.c
ip_set_core.c netfilter: ipset: Fix suspicious rcu_dereference_protected() 2024-06-19 15:12:56 +02:00
ip_set_getport.c
ip_set_hash_gen.h
ip_set_hash_ip.c
ip_set_hash_ipmac.c
ip_set_hash_ipmark.c
ip_set_hash_ipport.c
ip_set_hash_ipportip.c
ip_set_hash_ipportnet.c
ip_set_hash_mac.c
ip_set_hash_net.c
ip_set_hash_netiface.c
ip_set_hash_netnet.c
ip_set_hash_netport.c
ip_set_hash_netportnet.c
ip_set_list_set.c
pfxlen.c