netfilter: ipset: Fix data race between add and list header in all hash types

The "ipset list -terse" command is actually a dump operation which
may run parallel with "ipset add" commands, which can trigger an
internal resizing of the hash type of sets just being dumped. However,
dumping just the header part of the set was not protected against
underlying resizing. Fix it by protecting the header dumping part
as well.

Fixes: c4c997839cf9 ("netfilter: ipset: Fix parallel resizing and listing of the same set")
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 0874029cb0f2d333b0189baa2f1dfad7588b5f3c..3706b4a85a0f1faf2d6d6ad88bfabe2d7d0867c0 100644 (file)
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1649,13 +1649,13 @@ dump_last:
                        if (cb->args[IPSET_CB_PROTO] > IPSET_PROTOCOL_MIN &&
                            nla_put_net16(skb, IPSET_ATTR_INDEX, htons(index)))
                                goto nla_put_failure;
+                       if (set->variant->uref)
+                               set->variant->uref(set, cb, true);
                        ret = set->variant->head(set, skb);
                        if (ret < 0)
                                goto release_refcount;
                        if (dump_flags & IPSET_FLAG_LIST_HEADER)
                                goto next_set;
-                       if (set->variant->uref)
-                               set->variant->uref(set, cb, true);
                        fallthrough;
                default:
                        ret = set->variant->list(set, skb, cb);