netfilter: nft_synproxy: avoid possible data-race on update operation

author Fernando Fernandez Mancera <fmancera@suse.de>

Wed, 17 Dec 2025 20:21:59 +0000 (21:21 +0100)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 19 Jan 2026 12:10:16 +0000 (13:10 +0100)
author Fernando Fernandez Mancera <fmancera@suse.de>
Wed, 17 Dec 2025 20:21:59 +0000 (21:21 +0100)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 19 Jan 2026 12:10:16 +0000 (13:10 +0100)
diff --git a/net/netfilter/nft_synproxy.c b/net/netfilter/nft_synproxy.c

index 0806813d3a7673fe6306bf9a582b078bce40f571..46d2eefb0b2182b2e9fcca65807fb227e812be9d 100644 (file)
--- a/net/netfilter/nft_synproxy.c
+++ b/net/netfilter/nft_synproxy.c
@@ -48,7 +48,7 @@ static void nft_synproxy_eval_v4(const struct nft_synproxy *priv,
                                  struct tcphdr *_tcph,
                                  struct synproxy_options *opts)
  {
-       struct nf_synproxy_info info = priv->info;
+       struct nf_synproxy_info info = READ_ONCE(priv->info);
         struct net *net = nft_net(pkt);
         struct synproxy_net *snet = synproxy_pernet(net);
         struct sk_buff *skb = pkt->skb;
@@ -79,7 +79,7 @@ static void nft_synproxy_eval_v6(const struct nft_synproxy *priv,
                                  struct tcphdr *_tcph,
                                  struct synproxy_options *opts)
  {
-       struct nf_synproxy_info info = priv->info;
+       struct nf_synproxy_info info = READ_ONCE(priv->info);
         struct net *net = nft_net(pkt);
         struct synproxy_net *snet = synproxy_pernet(net);
         struct sk_buff *skb = pkt->skb;
@@ -339,7 +339,7 @@ static void nft_synproxy_obj_update(struct nft_object *obj,
         struct nft_synproxy *newpriv = nft_obj_data(newobj);
         struct nft_synproxy *priv = nft_obj_data(obj);
  
-       priv->info = newpriv->info;
+       WRITE_ONCE(priv->info, newpriv->info);
  }
  
  static struct nft_object_type nft_synproxy_obj_type;
author	Fernando Fernandez Mancera <fmancera@suse.de>
	Wed, 17 Dec 2025 20:21:59 +0000 (21:21 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 19 Jan 2026 12:10:16 +0000 (13:10 +0100)