From: Jozsef Kadlecsik <kadlec@netfilter.org>
Date: Tue, 23 Jul 2019 08:25:55 +0000 (+0200)
Subject: netfilter: ipset: Fix rename concurrency with listing
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=6c1f7e2c1b96ab9b09ac97c4df2bd9dc327206f6;p=linux.git

netfilter: ipset: Fix rename concurrency with listing

Shijie Luo reported that when stress-testing ipset with multiple concurrent
create, rename, flush, list, destroy commands, it can result

ipset <version>: Broken LIST kernel message: missing DATA part!

error messages and broken list results. The problem was the rename operation
was not properly handled with respect of listing. The patch fixes the issue.

Reported-by: Shijie Luo <luoshijie1@huawei.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
---

diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 2e151856ad999..e64d5f9a89dd3 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1161,7 +1161,7 @@ static int ip_set_rename(struct net *net, struct sock *ctnl,
 		return -ENOENT;
 
 	write_lock_bh(&ip_set_ref_lock);
-	if (set->ref != 0) {
+	if (set->ref != 0 || set->ref_netlink != 0) {
 		ret = -IPSET_ERR_REFERENCED;
 		goto out;
 	}