diff options
author | Jozsef Kadlecsik <kadlec@netfilter.org> | 2023-11-04 10:51:47 +0100 |
---|---|---|
committer | Jozsef Kadlecsik <kadlec@netfilter.org> | 2023-11-04 10:51:47 +0100 |
commit | 74f6e7b96229c6fd2a0e5fb8bb75e81b3fde9a59 (patch) | |
tree | c1749982ce88f209954e5ef12551fc3876ba71df /kernel | |
parent | cf94d3f5d139dc3695967e19f464e0958bf1d718 (diff) |
netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test v2
synchronize_rcu() is moved into ip_set_swap() in order not to burden
ip_set_destroy() unnecessarily when all sets are destroyed
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/net/netfilter/ipset/ip_set_core.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c index 98dd409..9ab2195 100644 --- a/kernel/net/netfilter/ipset/ip_set_core.c +++ b/kernel/net/netfilter/ipset/ip_set_core.c @@ -1225,9 +1225,6 @@ IPSET_CBFN(ip_set_destroy, struct net *net, struct sock *ctnl, if (unlikely(protocol_min_failed(attr))) return -IPSET_ERR_PROTOCOL; - /* Make sure all readers of the old set pointers are completed. */ - synchronize_rcu(); - /* Must wait for flush to be really finished in list:set */ rcu_barrier(); @@ -1441,6 +1438,9 @@ IPSET_CBFN(ip_set_swap, struct net *net, struct sock *ctnl, ip_set(inst, to_id) = from; write_unlock_bh(&ip_set_ref_lock); + /* Make sure all readers of the old set pointers are completed. */ + synchronize_rcu(); + return 0; } |