diff options
author | Phil Sutter <phil@nwl.cc> | 2020-02-28 20:32:13 +0100 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2020-03-06 16:55:56 +0100 |
commit | c550c81fd373e5753103d20f7902171f0fa79807 (patch) | |
tree | dc1728b92e6e4d06fca842eed96bae694aad8739 /iptables/nft-cache.c | |
parent | f56d91bd80f0e86aaad56a32ddc84f373bb80745 (diff) |
nft: cache: Fix nft_release_cache() under stress
iptables-nft-restore calls nft_action(h, NFT_COMPAT_COMMIT) for each
COMMIT line in input. When restoring a dump containing multiple large
tables, chances are nft_rebuild_cache() has to run multiple times.
If the above happens, consecutive table contents are added to __cache[1]
which nft_rebuild_cache() then frees, so next commit attempt accesses
invalid memory.
Fix this by making nft_release_cache() (called after each successful
commit) return things into pre-rebuild state again, but keeping the
fresh cache copy.
Fixes: f6ad231d698c7 ("nft: keep original cache in case of ERESTART")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft-cache.c')
-rw-r--r-- | iptables/nft-cache.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/iptables/nft-cache.c b/iptables/nft-cache.c index 7345a27e..6f21f228 100644 --- a/iptables/nft-cache.c +++ b/iptables/nft-cache.c @@ -647,8 +647,14 @@ void nft_rebuild_cache(struct nft_handle *h) void nft_release_cache(struct nft_handle *h) { - if (h->cache_index) - flush_cache(h, &h->__cache[0], NULL); + if (!h->cache_index) + return; + + flush_cache(h, &h->__cache[0], NULL); + memcpy(&h->__cache[0], &h->__cache[1], sizeof(h->__cache[0])); + memset(&h->__cache[1], 0, sizeof(h->__cache[1])); + h->cache_index = 0; + h->cache = &h->__cache[0]; } struct nftnl_table_list *nftnl_table_list_get(struct nft_handle *h) |