The goal of this patchset is to protect list in the nft_compat.
The first patch adds a mutex lock to avoid race condition for general case.
The second patch adds a use bit to avoid race condition for below
scenario.
CPU0 CPU1
nft_{match/target}_select_ops
nft_{match/target}_destroy
nft_{match/target}_init
Common test commands:
while :
do
iptables-nft -t nat -I POSTROUTING -m string --string ap --algo \
kmp -j MASQUERADE &
nft flush ruleset &
done
Taehee Yoo (2):
netfilter: nft_compat: fix a race condition in match/target list
netfilter: nft_compat: protect lists between select_ops and init
net/netfilter/nft_compat.c | 37 ++++++++++++++++++++++++++++++++++---
1 file changed, 34 insertions(+), 3 deletions(-)
--
2.17.1
