From 74f6e7b96229c6fd2a0e5fb8bb75e81b3fde9a59 Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@netfilter.org>
Date: Sat, 4 Nov 2023 10:51:47 +0100
Subject: netfilter: ipset: fix race condition between swap/destroy and kernel
 side add/del/test v2

synchronize_rcu() is moved into ip_set_swap() in order not to burden
ip_set_destroy() unnecessarily when all sets are destroyed

Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
---
 kernel/net/netfilter/ipset/ip_set_core.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'kernel/net/netfilter')

diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index 98dd409..9ab2195 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -1225,9 +1225,6 @@ IPSET_CBFN(ip_set_destroy, struct net *net, struct sock *ctnl,
 	if (unlikely(protocol_min_failed(attr)))
 		return -IPSET_ERR_PROTOCOL;
 
-	/* Make sure all readers of the old set pointers are completed. */
-	synchronize_rcu();
-
 	/* Must wait for flush to be really finished in list:set */
 	rcu_barrier();
 
@@ -1441,6 +1438,9 @@ IPSET_CBFN(ip_set_swap, struct net *net, struct sock *ctnl,
 	ip_set(inst, to_id) = from;
 	write_unlock_bh(&ip_set_ref_lock);
 
+	/* Make sure all readers of the old set pointers are completed. */
+	synchronize_rcu();
+
 	return 0;
 }
 
-- 
cgit v1.2.3