pending/netfilter-ipset-missing-nfnl_lock-nfnl_unlock-is-added-to-ip_set_net_exit.patch

   1 From f998b6b10144cd9809da6af02758615f789e8aa1 Mon Sep 17 00:00:00 2001
   2 From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   3 Date: Sat, 6 Jan 2018 15:24:18 +0100
   4 Subject: netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit()
   5
   6 From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
   7
   8 commit f998b6b10144cd9809da6af02758615f789e8aa1 upstream.
   9
  10 Patch "netfilter: ipset: use nfnl_mutex_is_locked" is added the real
  11 mutex locking check, which revealed the missing locking in ip_set_net_exit().
  12
  13 Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
  14 Reported-by: syzbot+36b06f219f2439fe62e1@syzkaller.appspotmail.com
  15 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  16 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  17
  18 diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
  19 index e00299051e79..728bf31bb386 100644
  20 --- a/net/netfilter/ipset/ip_set_core.c
  21 +++ b/net/netfilter/ipset/ip_set_core.c
  22 @@ -2078,6 +2078,7 @@ ip_set_net_exit(struct net *net)
  23
  24         inst->is_deleted = true; /* flag for ip_set_nfnl_put */
  25
  26 +       nfnl_lock(NFNL_SUBSYS_IPSET);
  27         for (i = 0; i < inst->ip_set_max; i++) {
  28                 set = ip_set(inst, i);
  29                 if (set) {
  30 @@ -2085,6 +2086,7 @@ ip_set_net_exit(struct net *net)
  31                         ip_set_destroy_set(set);
  32                 }
  33         }
  34 +       nfnl_unlock(NFNL_SUBSYS_IPSET);
  35         kfree(rcu_dereference_protected(inst->ip_set_list, 1));
  36  }
  37