Commit 1b1617f9 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Zheng Zengkai
Browse files

netfilter: nft_dynset: restore set element counter when failing to update 

stable inclusion
from stable-v5.10.129
commit 91d3bb82c43e8dfb68ef9e0d61d7bf27b0c7b5b0
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5YNDQ

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=91d3bb82c43e8dfb68ef9e0d61d7bf27b0c7b5b0



--------------------------------

commit 05907f10 upstream.

This patch fixes a race condition.

nft_rhash_update() might fail for two reasons:

- Element already exists in the hashtable.
- Another packet won race to insert an entry in the hashtable.

In both cases, new() has already bumped the counter via atomic_add_unless(),
therefore, decrement the set element counter.

Fixes: 22fe54d5 ("netfilter: nf_tables: add support for dynamic set updates")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
Reviewed-by: default avatarWei Li <liwei391@huawei.com>
parent 9da337e9
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment