]> git.ipfire.org Git - thirdparty/ipset.git/commitdiff
projects / thirdparty / ipset.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cf94d3f)
netfilter: ipset: fix race condition between swap/destroy and kernel side add/del...
authorJozsef Kadlecsik <kadlec@netfilter.org>
Sat, 4 Nov 2023 09:51:47 +0000 (10:51 +0100)
committerJozsef Kadlecsik <kadlec@netfilter.org>
Sat, 4 Nov 2023 09:51:47 +0000 (10:51 +0100)
synchronize_rcu() is moved into ip_set_swap() in order not to burden
ip_set_destroy() unnecessarily when all sets are destroyed

Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
kernel/net/netfilter/ipset/ip_set_core.c patch | blob | blame | history

diff --git a/kernel/net/netfilter/ipset/ip_set_core.c b/kernel/net/netfilter/ipset/ip_set_core.c
index 98dd409cd962fc8e998ab3a029afda942aa5071a..9ab2195c2aa8851138b42565b6f4576620126ac3 100644 (file)
--- a/kernel/net/netfilter/ipset/ip_set_core.c
+++ b/kernel/net/netfilter/ipset/ip_set_core.c
@@ -1225,9 +1225,6 @@ IPSET_CBFN(ip_set_destroy, struct net *net, struct sock *ctnl,
        if (unlikely(protocol_min_failed(attr)))
                return -IPSET_ERR_PROTOCOL;
 
-       /* Make sure all readers of the old set pointers are completed. */
-       synchronize_rcu();
-
        /* Must wait for flush to be really finished in list:set */
        rcu_barrier();
 
@@ -1441,6 +1438,9 @@ IPSET_CBFN(ip_set_swap, struct net *net, struct sock *ctnl,
        ip_set(inst, to_id) = from;
        write_unlock_bh(&ip_set_ref_lock);
 
+       /* Make sure all readers of the old set pointers are completed. */
+       synchronize_rcu();
+
        return 0;
 }
 
Mirror of git://git.netfilter.org/ipset