From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 29 Jun 2015 23:10:48 +0000 (-0700)
Subject: 4.0-stable patches
X-Git-Tag: v3.10.83~22
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fb93043296a69dfad7978c65265ed6d1a71559b4;p=thirdparty%2Fkernel%2Fstable-queue.git

4.0-stable patches

added patches:
	netfilter-nft_rbtree-fix-locking.patch
---

diff --git a/queue-4.0/netfilter-nft_rbtree-fix-locking.patch b/queue-4.0/netfilter-nft_rbtree-fix-locking.patch
new file mode 100644
index 00000000000..45e12f859a8
--- /dev/null
+++ b/queue-4.0/netfilter-nft_rbtree-fix-locking.patch
@@ -0,0 +1,57 @@
+From 16c45eda96038aae848b6cfd42e2bf4b5e80f365 Mon Sep 17 00:00:00 2001
+From: Patrick McHardy <kaber@trash.net>
+Date: Sat, 21 Mar 2015 15:19:14 +0000
+Subject: netfilter: nft_rbtree: fix locking
+
+From: Patrick McHardy <kaber@trash.net>
+
+commit 16c45eda96038aae848b6cfd42e2bf4b5e80f365 upstream.
+
+Fix a race condition and unnecessary locking:
+
+* the root rb_node must only be accessed under the lock in nft_rbtree_lookup()
+* the lock is not needed in lookup functions in netlink context
+
+Signed-off-by: Patrick McHardy <kaber@trash.net>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/netfilter/nft_rbtree.c |    6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+--- a/net/netfilter/nft_rbtree.c
++++ b/net/netfilter/nft_rbtree.c
+@@ -37,10 +37,11 @@ static bool nft_rbtree_lookup(const stru
+ {
+ 	const struct nft_rbtree *priv = nft_set_priv(set);
+ 	const struct nft_rbtree_elem *rbe, *interval = NULL;
+-	const struct rb_node *parent = priv->root.rb_node;
++	const struct rb_node *parent;
+ 	int d;
+ 
+ 	spin_lock_bh(&nft_rbtree_lock);
++	parent = priv->root.rb_node;
+ 	while (parent != NULL) {
+ 		rbe = rb_entry(parent, struct nft_rbtree_elem, node);
+ 
+@@ -158,7 +159,6 @@ static int nft_rbtree_get(const struct n
+ 	struct nft_rbtree_elem *rbe;
+ 	int d;
+ 
+-	spin_lock_bh(&nft_rbtree_lock);
+ 	while (parent != NULL) {
+ 		rbe = rb_entry(parent, struct nft_rbtree_elem, node);
+ 
+@@ -173,11 +173,9 @@ static int nft_rbtree_get(const struct n
+ 			    !(rbe->flags & NFT_SET_ELEM_INTERVAL_END))
+ 				nft_data_copy(&elem->data, rbe->data);
+ 			elem->flags = rbe->flags;
+-			spin_unlock_bh(&nft_rbtree_lock);
+ 			return 0;
+ 		}
+ 	}
+-	spin_unlock_bh(&nft_rbtree_lock);
+ 	return -ENOENT;
+ }
+ 
diff --git a/queue-4.0/series b/queue-4.0/series
index b73c67bb889..fe60ea9fc02 100644
--- a/queue-4.0/series
+++ b/queue-4.0/series
@@ -1 +1,2 @@
 config-enable-need_dma_map_state-by-default-when-swiotlb-is-selected.patch
+netfilter-nft_rbtree-fix-locking.patch