projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1578c32) | patch
netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests
authorPhil Sutter <phil@nwl.cc>
Thu, 19 Oct 2023 14:03:36 +0000 (16:03 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 24 Oct 2023 11:16:29 +0000 (13:16 +0200)
commit3cb03edb4de33fd04c4ea55f47397b96a8657c53
treec82f45e2442d232d6d0349df570e5d08b7ad72d2tree | snapshot
parent1578c32877191815f631af32ba5dfc1f1b20c1b4commit | diff
netfilter: nf_tables: Add locking for NFT_MSG_GETRULE_RESET requests

Rule reset is not concurrency-safe per-se, so multiple CPUs may reset
the same rule at the same time. At least counter and quota expressions
will suffer from value underruns in this case.

Prevent this by introducing dedicated locking callbacks for nfnetlink
and the asynchronous dump handling to serialize access.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_tables_api.c diff | blob | history
ep93xx device tree rework repo: git://git.maquefel.me/linux.git