git.ipfire.org Git - thirdparty/ipset.git/commit

author	Jozsef Kadlecsik <kadlec@netfilter.org>
	Mon, 17 Jun 2024 09:18:15 +0000 (11:18 +0200)
committer	Jozsef Kadlecsik <kadlec@netfilter.org>
	Sun, 15 Dec 2024 16:57:48 +0000 (17:57 +0100)
commit	d5e8a0ae50c07204284cd60f497aff677638b93b
tree	bfe31653e40cc4081fc6711666b32d989681ee23	tree
parent	5872aeda8b0ff70d45bc0cb844e86d0795f08fe9	commit \| diff

netfilter: ipset: Fix suspicious rcu_dereference_protected()

When destroying all sets, we are either in pernet exit phase or
are executing a "destroy all sets command" from userspace. The latter
was taken into account in ip_set_dereference() (nfnetlink mutex is held),
but the former was not. The patch adds the required check to
rcu_dereference_protected() in ip_set_dereference().

Fixes: 4e7aaa6b82d6 ("netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type")
Reported-by: syzbot+b62c37cdd58103293a5a@syzkaller.appspotmail.com
Reported-by: syzbot+cfbe1da5fdfc39efc293@syzkaller.appspotmail.com
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202406141556.e0b6f17e-lkp@intel.com
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>