From 27265aaba0ed7d6256223e8424233af7c1dd1017 Mon Sep 17 00:00:00 2001 From: Jozsef Kadlecsik Date: Wed, 24 Feb 2016 20:22:51 +0100 Subject: Fix set:list type crash when flush/dump set in parallel Flushing/listing entries was not RCU safe, so parallel flush/dump could lead to kernel crash. Bug reported by Deniz Eren. Fixes netfilter bugzilla id #1050. --- kernel/net/netfilter/ipset/ip_set_core.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'kernel/net/netfilter/ipset/ip_set_core.c') diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index 31a6954..d34dfef 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -997,6 +997,9 @@ IPSET_CBFN(ip_set_destroy, struct net *net, struct sock *ctnl, if (unlikely(protocol_failed(attr))) return -IPSET_ERR_PROTOCOL; + /* Must wait for flush to be really finished in list:set */ + rcu_barrier(); + /* Commands are serialized and references are * protected by the ip_set_ref_lock. * External systems (i.e. xt_set) must call -- cgit v1.2.3