Unverified Commit 89882d97 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!8072 [sync] PR-8030: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() 

Merge Pull Request from: @openeuler-sync-bot 
 

Origin pull request: 
https://gitee.com/openeuler/kernel/pulls/8030 
 
PR sync from: Ziyang Xuan <william.xuanziyang@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/I2C3XTJDOEKYVDIAVH5QUQD6K3ELRZRG/ 
 
https://gitee.com/src-openeuler/kernel/issues/I9QG2A 
 
Link:https://gitee.com/openeuler/kernel/pulls/8072

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents caf0ef45 90e541dd

net/netfilter/nf_tables_api.c

+7 −2
Original line number Diff line number Diff line
@@ -6791,11 +6791,12 @@ static int nft_flowtable_parse_hook(const struct nft_ctx *ctx, 
	return err;

}



/* call under rcu_read_lock */

static const struct nf_flowtable_type *__nft_flowtable_type_get(u8 family)

{

	const struct nf_flowtable_type *type;



	list_for_each_entry(type, &nf_tables_flowtables, list) {

	list_for_each_entry_rcu(type, &nf_tables_flowtables, list) {

		if (family == type->family)

			return type;

	}
@@ -6807,9 +6808,13 @@ nft_flowtable_type_get(struct net *net, u8 family) 
{

	const struct nf_flowtable_type *type;



	rcu_read_lock();

	type = __nft_flowtable_type_get(family);

	if (type != NULL && try_module_get(type->owner))

	if (type != NULL && try_module_get(type->owner)) {

		rcu_read_unlock();

		return type;

	}

	rcu_read_unlock();



	lockdep_nfnl_nft_mutex_not_held();

#ifdef CONFIG_MODULES