diff options
author | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2016-02-24 20:22:51 +0100 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2016-02-24 20:22:51 +0100 |
commit | 27265aaba0ed7d6256223e8424233af7c1dd1017 (patch) | |
tree | dbb20c9befbd864900cf5369cecfee38dfcce24e /kernel/net/netfilter/ipset/ip_set_core.c | |
parent | b418935ba84bce0fd2dd332b87df8d56c707e056 (diff) |
Fix set:list type crash when flush/dump set in parallel
Flushing/listing entries was not RCU safe, so parallel flush/dump
could lead to kernel crash. Bug reported by Deniz Eren.
Fixes netfilter bugzilla id #1050.
Diffstat (limited to 'kernel/net/netfilter/ipset/ip_set_core.c')
-rw-r--r-- | kernel/net/netfilter/ipset/ip_set_core.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index 31a6954..d34dfef 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -997,6 +997,9 @@ IPSET_CBFN(ip_set_destroy, struct net *net, struct sock *ctnl, if (unlikely(protocol_failed(attr))) return -IPSET_ERR_PROTOCOL; + /* Must wait for flush to be really finished in list:set */ + rcu_barrier(); + /* Commands are serialized and references are * protected by the ip_set_ref_lock. * External systems (i.e. xt_set) must call |