kybaaz/linux-xiaomi-chiron
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
linux-xiaomi-chiron/include
History
Stefano Brivio 439cd39ea1 netfilter: ipset: list:set: Decrease refcount synchronously on deletion and replace 
Commit 45040978c8 ("netfilter: ipset: Fix set:list type crash
when flush/dump set in parallel") postponed decreasing set
reference counters to the RCU callback.

An 'ipset del' command can terminate before the RCU grace period
is elapsed, and if sets are listed before then, the reference
counter shown in userspace will be wrong:

 # ipset create h hash:ip; ipset create l list:set; ipset add l
 # ipset del l h; ipset list h
 Name: h
 Type: hash:ip
 Revision: 4
 Header: family inet hashsize 1024 maxelem 65536
 Size in memory: 88
 References: 1
 Number of entries: 0
 Members:
 # sleep 1; ipset list h
 Name: h
 Type: hash:ip
 Revision: 4
 Header: family inet hashsize 1024 maxelem 65536
 Size in memory: 88
 References: 0
 Number of entries: 0
 Members:

Fix this by making the reference count update synchronous again.

As a result, when sets are listed, ip_set_name_byindex() might
now fetch a set whose reference count is already zero. Instead
of relying on the reference count to protect against concurrent
set renaming, grab ip_set_ref_lock as reader and copy the name,
while holding the same lock in ip_set_rename() as writer
instead.

Reported-by: Li Shuang <shuali@redhat.com>
Fixes: 45040978c8 ("netfilter: ipset: Fix set:list type crash when flush/dump set in parallel")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2018-11-01 00:29:36 +01:00
..
acpi ACPI updates for 4.20-rc1 2018-10-23 10:33:16 +01:00
asm-generic Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2018-10-24 11:49:35 +01:00
clocksource
crypto
drm drm: Get ref on CRTC commit object when waiting for flip_done 2018-10-18 14:23:13 -04:00
dt-bindings Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2018-10-24 06:47:44 +01:00
keys
kvm
linux netfilter: ipset: list:set: Decrease refcount synchronously on deletion and replace 2018-11-01 00:29:36 +01:00
math-emu
media media: v4l: event: Prevent freeing event subscriptions while accessed 2018-10-03 06:32:51 -04:00
memory
misc
net net: Don't return invalid table id error when dumping all families 2018-10-24 14:06:25 -07:00
pcmcia
ras
rdma RDMA/netdev: Fix netlink support in IPoIB 2018-10-10 17:58:12 -07:00
scsi
soc net/wan/fsl_ucc_hdlc: error counters 2018-10-22 19:58:10 -07:00
sound ASoC: Fixes for v4.19 2018-09-17 18:59:21 +02:00
target
trace Further restructure ext4 documentation; fix up ext4's delayed 2018-10-24 17:42:24 +01:00
uapi Revert "netfilter: nft_numgen: add map lookups for numgen random operations" 2018-10-29 11:11:33 +01:00
video
xen Merge branch 'x86-paravirt-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2018-10-23 17:54:58 +01:00