diff options
| author | Jozsef Kadlecsik <kadlec@netfilter.org> | 2019-07-23 10:25:55 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-08-29 08:26:39 +0200 |
| commit | aa79a247cbbbd047f07cc39b3875017b613c1040 (patch) | |
| tree | 549e2507b208f85e633633ed80a985343fa84232 /net | |
| parent | 80688abcb90ae32bd425df6e6e34746242eb0a3f (diff) | |
| download | linux-aa79a247cbbbd047f07cc39b3875017b613c1040.tar.gz linux-aa79a247cbbbd047f07cc39b3875017b613c1040.tar.bz2 linux-aa79a247cbbbd047f07cc39b3875017b613c1040.zip | |
netfilter: ipset: Fix rename concurrency with listing
[ Upstream commit 6c1f7e2c1b96ab9b09ac97c4df2bd9dc327206f6 ]
Shijie Luo reported that when stress-testing ipset with multiple concurrent
create, rename, flush, list, destroy commands, it can result
ipset <version>: Broken LIST kernel message: missing DATA part!
error messages and broken list results. The problem was the rename operation
was not properly handled with respect of listing. The patch fixes the issue.
Reported-by: Shijie Luo <luoshijie1@huawei.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'net')
| -rw-r--r-- | net/netfilter/ipset/ip_set_core.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index a3f1dc7cf538..dbf17d3596a6 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -1128,7 +1128,7 @@ static int ip_set_rename(struct net *net, struct sock *ctnl, return -ENOENT; write_lock_bh(&ip_set_ref_lock); - if (set->ref != 0) { + if (set->ref != 0 || set->ref_netlink != 0) { ret = -IPSET_ERR_REFERENCED; goto out; } |