Commit f7b2dd9f authored Jun 16, 2023 by Pablo Neira Ayuso Committed by sanglipeng Nov 30, 2023

netfilter: nft_set_pipapo: .walk does not deal with generations

stable inclusion
from stable-v5.10.186
commit 2a90da8e0dd50f42e577988f4219f4f4cd3616b7
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8J4KH

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2a90da8e0dd50f42e577988f4219f4f4cd3616b7



--------------------------------

[ Upstream commit 2b84e215 ]

The .walk callback iterates over the current active set, but it might be
useful to iterate over the next generation set. Use the generation mask
to determine what set view (either current or next generation) is use
for the walk iteration.

Fixes: 3c4287f6 ("nf_tables: Add set type for arbitrary concatenation of ranges")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: sanglipeng <sanglipeng1@jd.com>

parent adc19b52

net/netfilter/nft_set_pipapo.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -1953,12 +1953,16 @@ static void nft_pipapo_walk(const struct nft_ctx ctx, struct nft_set set,
		struct nft_set_iter *iter)
		{
		struct nft_pipapo *priv = nft_set_priv(set);
		struct net *net = read_pnet(&set->net);
		struct nft_pipapo_match *m;
		struct nft_pipapo_field *f;
		int i, r;

		rcu_read_lock();
		if (iter->genmask == nft_genmask_cur(net))
		m = rcu_dereference(priv->match);
		else
		m = priv->clone;

		if (unlikely(!m))
		goto out;