Skip to content
Commit 94dd411c authored by Jozsef Kadlecsik's avatar Jozsef Kadlecsik Committed by Greg Kroah-Hartman
Browse files

netfilter: ipset: Fix suspicious rcu_dereference_protected() 

[ Upstream commit 8ecd0627 ]

When destroying all sets, we are either in pernet exit phase or
are executing a "destroy all sets command" from userspace. The latter
was taken into account in ip_set_dereference() (nfnetlink mutex is held),
but the former was not. The patch adds the required check to
rcu_dereference_protected() in ip_set_dereference().

Fixes: 4e7aaa6b

 ("netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type")
Reported-by: default avatar <syzbot+b62c37cdd58103293a5a@syzkaller.appspotmail.com>
Reported-by: default avatar <syzbot+cfbe1da5fdfc39efc293@syzkaller.appspotmail.com>
Reported-by: default avatarkernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202406141556.e0b6f17e-lkp@intel.com
Signed-off-by: default avatarJozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 3ee9c732
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment