summaryrefslogtreecommitdiffstats
path: root/kernel/net/netfilter/ipset/ip_set_core.c
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2011-08-31 12:32:55 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2011-08-31 12:32:55 +0200
commited9c6570aa746bdfc4e006e3fdd25b69f04cd6a2 (patch)
tree05f09c45f48277c79b36b8344f4bb61b058dfa2a /kernel/net/netfilter/ipset/ip_set_core.c
parent10bdb94d4a6448b70c887cc38e0c87d3b11c2a09 (diff)
Dumping error triggered removing references twice and lead to kernel BUG
If there was a dumping error in the middle, the set-specific variable was not zeroed out and thus the 'done' function of the dumping wrongly tried to release the already released reference of the set. The already released reference was caught by __ip_set_put and triggered a kernel BUG message. The issue was reported by Jean-Philippe Menil.
Diffstat (limited to 'kernel/net/netfilter/ipset/ip_set_core.c')
-rw-r--r--kernel/net/netfilter/ipset/ip_set_core.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index b5d380c..c3eabfd 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -1148,6 +1148,7 @@ release_refcount:
if (ret || !cb->args[2]) {
pr_debug("release set %s\n", ip_set_list[index]->name);
ip_set_put_byindex(index);
+ cb->args[2] = 0;
}
out:
if (nlh) {