netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() - kernel

diff options

author	Ziyang Xuan <[email protected]>	2024-04-07 06:56:04 +0000
committer	Pablo Neira Ayuso <[email protected]>	2024-04-11 10:08:34 +0000
commit	f969eb84ce482331a991079ab7a5c4dc3b7f89bf (patch)
tree	69f7a9d0a380a20ee5c08c2c09effd1b57330577 /net/unix/af_unix.c
parent	r8169: fix LED-related deadlock on module removal (diff)
download	kernel-f969eb84ce482331a991079ab7a5c4dc3b7f89bf.tar.gz kernel-f969eb84ce482331a991079ab7a5c4dc3b7f89bf.zip

netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()

nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions list in __nft_expr_type_get(). Therefore, there is potential data-race of nf_tables_expressions list entry. Use list_for_each_entry_rcu() to iterate over nf_tables_expressions list in __nft_expr_type_get(), and use rcu_read_lock() in the caller nft_expr_type_get() to protect the entire type query process. Fixes: ef1f7df9170d ("netfilter: nf_tables: expression ops overloading") Signed-off-by: Ziyang Xuan <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>

Diffstat (limited to 'net/unix/af_unix.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: