git.samba.org / sfrench / cifs-2.6.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 61f9e29) | patch
netfilter: nf_tables: fix race when create new element in dynset
authorLiping Zhang <zlpnobody@gmail.com>
Sat, 22 Oct 2016 10:51:26 +0000 (18:51 +0800)
committerPablo Neira Ayuso <pablo@netfilter.org>
Thu, 27 Oct 2016 16:22:02 +0000 (18:22 +0200)
commitdab45060a56a9732b027d2031c1b6100bc75eea2
tree6eb28be6f001aac951f25ccf471d5ff21dfe9adatree
parent61f9e2924f4981d626b3a931fed935f2fa3cb4decommit | diff
netfilter: nf_tables: fix race when create new element in dynset

Packets may race when create the new element in nft_hash_update:
       CPU0                 CPU1
  lookup_fast - fail     lookup_fast - fail
       new - ok             new - ok
     insert - ok         insert - fail(EEXIST)

So when race happened, we reuse the existing element. Otherwise,
these *racing* packets will not be handled properly.

Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates")
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nft_set_hash.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.