--- /dev/null
+From 16c45eda96038aae848b6cfd42e2bf4b5e80f365 Mon Sep 17 00:00:00 2001
+From: Patrick McHardy <kaber@trash.net>
+Date: Sat, 21 Mar 2015 15:19:14 +0000
+Subject: netfilter: nft_rbtree: fix locking
+
+From: Patrick McHardy <kaber@trash.net>
+
+commit 16c45eda96038aae848b6cfd42e2bf4b5e80f365 upstream.
+
+Fix a race condition and unnecessary locking:
+
+* the root rb_node must only be accessed under the lock in nft_rbtree_lookup()
+* the lock is not needed in lookup functions in netlink context
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nft_rbtree.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+--- a/net/netfilter/nft_rbtree.c
++++ b/net/netfilter/nft_rbtree.c
+@@ -37,10 +37,11 @@ static bool nft_rbtree_lookup(const stru
+ {
+ const struct nft_rbtree *priv = nft_set_priv(set);
+ const struct nft_rbtree_elem *rbe, *interval = NULL;
+- const struct rb_node *parent = priv->root.rb_node;
++ const struct rb_node *parent;
+ int d;
+
+ spin_lock_bh(&nft_rbtree_lock);
++ parent = priv->root.rb_node;
+ while (parent != NULL) {
+ rbe = rb_entry(parent, struct nft_rbtree_elem, node);
+
+@@ -158,7 +159,6 @@ static int nft_rbtree_get(const struct n
+ struct nft_rbtree_elem *rbe;
+ int d;
+
+- spin_lock_bh(&nft_rbtree_lock);
+ while (parent != NULL) {
+ rbe = rb_entry(parent, struct nft_rbtree_elem, node);
+
+@@ -173,11 +173,9 @@ static int nft_rbtree_get(const struct n
+ !(rbe->flags & NFT_SET_ELEM_INTERVAL_END))
+ nft_data_copy(&elem->data, rbe->data);
+ elem->flags = rbe->flags;
+- spin_unlock_bh(&nft_rbtree_lock);
+ return 0;
+ }
+ }
+- spin_unlock_bh(&nft_rbtree_lock);
+ return -ENOENT;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
