Fix set:list type crash when flush/dump set in parallel

Flushing/listing entries was not RCU safe, so parallel flush/dump could lead to kernel crash. Bug reported by Deniz Eren. Fixes netfilter bugzilla id #1050.
author: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2016-02-24 20:22:51 +0100
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2016-02-24 20:22:51 +0100
commit: 27265aaba0ed7d6256223e8424233af7c1dd1017 (patch)
tree: dbb20c9befbd864900cf5369cecfee38dfcce24e /kernel/net/netfilter/ipset/ip_set_core.c
parent: b418935ba84bce0fd2dd332b87df8d56c707e056 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index 31a6954..d34dfef 100644
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -997,6 +997,9 @@ IPSET_CBFN(ip_set_destroy, struct net *net, struct sock *ctnl,
 	if (unlikely(protocol_failed(attr)))
 		return -IPSET_ERR_PROTOCOL;
 
+	/* Must wait for flush to be really finished in list:set */
+	rcu_barrier();
+
 	/* Commands are serialized and references are
 	 * protected by the ip_set_ref_lock.
 	 * External systems (i.e. xt_set) must call
author	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2016-02-24 20:22:51 +0100
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2016-02-24 20:22:51 +0100
commit	27265aaba0ed7d6256223e8424233af7c1dd1017 (patch)
tree	dbb20c9befbd864900cf5369cecfee38dfcce24e /kernel/net/netfilter/ipset/ip_set_core.c
parent	b418935ba84bce0fd2dd332b87df8d56c707e056 (diff)