WSL2-Linux-Kernel/net/netfilter/ipset
Vishwanath Pai 596cf3fe58 netfilter: ipset: fix race condition in ipset save, swap and delete
This fix adds a new reference counter (ref_netlink) for the struct ip_set.
The other reference counter (ref) can be swapped out by ip_set_swap and we
need a separate counter to keep track of references for netlink events
like dump. Using the same ref counter for dump causes a race condition
which can be demonstrated by the following script:

ipset create hash_ip1 hash:ip family inet hashsize 1024 maxelem 500000 \
counters
ipset create hash_ip2 hash:ip family inet hashsize 300000 maxelem 500000 \
counters
ipset create hash_ip3 hash:ip family inet hashsize 1024 maxelem 500000 \
counters

ipset save &

ipset swap hash_ip3 hash_ip2
ipset destroy hash_ip3 /* will crash the machine */

Swap will exchange the values of ref so destroy will see ref = 0 instead of
ref = 1. With this fix in place swap will not succeed because ipset save
still has ref_netlink on the set (ip_set_swap doesn't swap ref_netlink).

Both delete and swap will error out if ref_netlink != 0 on the set.

Note: The changes to *_head functions is because previously we would
increment ref whenever we called these functions, we don't do that
anymore.

Reviewed-by: Joshua Hunt <johunt@akamai.com>
Signed-off-by: Vishwanath Pai <vpai@akamai.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-03-28 17:57:45 +02:00
..
Kconfig netfilter: ipset: hash:mac type added to ipset 2014-09-15 22:20:21 +02:00
Makefile netfilter: ipset: hash:mac type added to ipset 2014-09-15 22:20:21 +02:00
ip_set_bitmap_gen.h netfilter: ipset: fix race condition in ipset save, swap and delete 2016-03-28 17:57:45 +02:00
ip_set_bitmap_ip.c netfilter: ipset: Fix extension alignment 2015-11-07 11:21:47 +01:00
ip_set_bitmap_ipmac.c netfilter: ipset: Check IPSET_ATTR_ETHER netlink attribute length 2016-03-08 20:36:17 +01:00
ip_set_bitmap_port.c netfilter: ipset: Fix extension alignment 2015-11-07 11:21:47 +01:00
ip_set_core.c netfilter: ipset: fix race condition in ipset save, swap and delete 2016-03-28 17:57:45 +02:00
ip_set_getport.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_gen.h netfilter: ipset: fix race condition in ipset save, swap and delete 2016-03-28 17:57:45 +02:00
ip_set_hash_ip.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_ipmark.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_ipport.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_ipportip.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_ipportnet.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_mac.c netfilter: ipset: Check IPSET_ATTR_ETHER netlink attribute length 2016-03-08 20:36:17 +01:00
ip_set_hash_net.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_netiface.c netfilter: ipset: allow a 0 netmask with hash_netiface type 2016-01-13 14:03:43 +01:00
ip_set_hash_netnet.c netfilter: ipset: Fixing unnamed union init 2015-08-29 01:02:28 +02:00
ip_set_hash_netport.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_netportnet.c netfilter: ipset: Fixing unnamed union init 2015-08-29 01:02:28 +02:00
ip_set_list_set.c netfilter: ipset: fix race condition in ipset save, swap and delete 2016-03-28 17:57:45 +02:00
pfxlen.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00