git.proxmox.com Git - mirror_ubuntu-kernels.git/commit

author	Jozsef Kadlecsik <kadlec@netfilter.org>
	Mon, 17 Jun 2024 09:18:15 +0000 (11:18 +0200)
committer	Roxana Nicolescu <roxana.nicolescu@canonical.com>
	Fri, 2 Aug 2024 14:27:17 +0000 (16:27 +0200)
commit	fa7f890c0e47d75b525fe3910365aec0f5669e39
tree	d35c1bb4003cf465be4d1325781dc13d1fc6f430	tree
parent	4c9e114318fb2f3106b9dea89f4f369db2dd734f	commit \| diff

netfilter: ipset: Fix suspicious rcu_dereference_protected()

BugLink: https://bugs.launchpad.net/bugs/2075154
[ Upstream commit 8ecd06277a7664f4ef018abae3abd3451d64e7a6 ]

When destroying all sets, we are either in pernet exit phase or
are executing a "destroy all sets command" from userspace. The latter
was taken into account in ip_set_dereference() (nfnetlink mutex is held),
but the former was not. The patch adds the required check to
rcu_dereference_protected() in ip_set_dereference().

Fixes: 4e7aaa6b82d6 ("netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type")
Reported-by: syzbot+b62c37cdd58103293a5a@syzkaller.appspotmail.com
Reported-by: syzbot+cfbe1da5fdfc39efc293@syzkaller.appspotmail.com
Reported-by: kernel test robot <oliver.sang@intel.com>
Closes: https://lore.kernel.org/oe-lkp/202406141556.e0b6f17e-lkp@intel.com
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Manuel Diewald <manuel.diewald@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>