On Wed, 17 Apr 2024, Alexander Maltsev wrote:
> Flushing list in cancel_gc drops references to other lists right away,
> without waiting for RCU to destroy list. Fixes race when referenced
> ipsets can't be destroyed while referring list is scheduled for destroy.
>
> Signed-off-by: Alexander Maltsev <keltar.gw@xxxxxxxxx>
> ---
> kernel/net/netfilter/ipset/ip_set_list_set.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/kernel/net/netfilter/ipset/ip_set_list_set.c b/kernel/net/netfilter/ipset/ip_set_list_set.c
> index cc2e5b9..0d15f4f 100644
> --- a/kernel/net/netfilter/ipset/ip_set_list_set.c
> +++ b/kernel/net/netfilter/ipset/ip_set_list_set.c
> @@ -552,6 +552,9 @@ list_set_cancel_gc(struct ip_set *set)
>
> if (SET_WITH_TIMEOUT(set))
> timer_shutdown_sync(&map->gc);
> +
> + /* Flush list to drop references to other ipsets */
> + list_set_flush(set);
> }
>
> static const struct ip_set_type_variant set_variant = {
Looks good, Pablo please apply to the nf-next tree. Thanks!
Acked-by: Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>
Best regards,
Jozsef
--
E-mail : kadlec@xxxxxxxxxxxxxxxxx, kadlecsik.jozsef@xxxxxxxxx
PGP key : https://wigner.hu/~kadlec/pgp_public_key.txt
Address : Wigner Research Centre for Physics
H-1525 Budapest 114, POB. 49, Hungary
