Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp7279955imu; Wed, 14 Nov 2018 14:46:48 -0800 (PST) X-Google-Smtp-Source: AJdET5dmme40nvh8+JkuwrIU7ylt/URx9eUx/tGFdSuQuySsw00DKHpa7G3XH6MAeUigH6sAXe0U X-Received: by 2002:a63:fe48:: with SMTP id x8mr3560904pgj.261.1542235608556; Wed, 14 Nov 2018 14:46:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542235608; cv=none; d=google.com; s=arc-20160816; b=Jd8RwVnnQNXZ5fZbRFgob/ELjC4j1rc0vQiHoLLgNKrymPcwgghfQAj4Zy1nDSF+0F D+J0wYWxzTDC57Q0je/QdeiM8vBBeTa3StSUG0m5zTYkDXS5QNis5t1voXz1ej+s4aRY mN/66CoWIPNOU+0McvPFRRILICFATEsOrCiiP2AwmS9+XjytbL7KFRJQtxMVeFmHCd8M qQ56BnCUEuM8T+AyPfE7i8S8adyc3dzoTl4byAV04S6hZMobWdGiTeVDuI7xCKbQrCOk E0Kh+HvAKRGjpJu8KOZfDZoDB7+mnR9jUfTieUc2+81t3BgomeHywmMY0Rmz8UtyeeZG tiJA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=H5PtGBR5aXC9ghcMgmEjxalv3W12IuG3ejpeFY7jDz0=; b=v7/9uWB2tpDeE9lphzWO61WxAcDX1/28Xiz4VR3gqfizgmQNc7T8Ggme00exGpBQKC zxzZdnepIQjYp8fYTSemdm/vuua4neVnhnL8YoJrDaR5m2cnXfCqf2xyzm39KQZbFym8 7QGw0w49OA4UWLpdxrAC1okS6huOYD/1f8Ne++n1zf0pqnTnMEQYyTZFtKATr8gTuKyy dm7Ir2ePnBeZIoVENYa+jp4wObG7LKS4yWoSiCDX801vYKquBcFSDXFp02rB0lcEO31P BSmJPlPf+e4pDRxm2KnlL6+wiJynvVCFDy2NKiIa22vqtmvSowZQaW+rB7YPNiRVb7I1 f6Uw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=i1LK2rM4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d66-v6si27237834pfc.92.2018.11.14.14.46.34; Wed, 14 Nov 2018 14:46:48 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=i1LK2rM4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728874AbeKOIt7 (ORCPT + 99 others); Thu, 15 Nov 2018 03:49:59 -0500 Received: from mail.kernel.org ([198.145.29.99]:34408 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728422AbeKOI1Q (ORCPT ); Thu, 15 Nov 2018 03:27:16 -0500 Received: from sasha-vm.mshome.net (unknown [64.114.255.114]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8A20522510; Wed, 14 Nov 2018 22:22:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542234133; bh=0Ba+ZyadSmg7aFaAPrWWog7CEYHQpUo/W1UcbDv6TuY=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=i1LK2rM4wWrbpRh/6+S7fWe9Th7Nf9gredDXamyog8aG6ABZRuxgZsGV0x1O5jfgK 45CNYKkvilt2qRYX/1fjYhO39J63vJ0LLqxx/qdrtC1sfzzrW/COOy3FmytqRXqUnI MPVnM3UJidY7AxjwgnRp7XnIrRNBMvXiOw6MFzbQ= From: Sasha Levin To: stable@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Jozsef Kadlecsik , Pablo Neira Ayuso , Sasha Levin Subject: [PATCH AUTOSEL 4.19 22/73] netfilter: ipset: Fix calling ip_set() macro at dumping Date: Wed, 14 Nov 2018 17:21:16 -0500 Message-Id: <20181114222207.98701-22-sashal@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181114222207.98701-1-sashal@kernel.org> References: <20181114222207.98701-1-sashal@kernel.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Jozsef Kadlecsik [ Upstream commit 8a02bdd50b2ecb6d62121d2958d3ea186cc88ce7 ] The ip_set() macro is called when either ip_set_ref_lock held only or no lock/nfnl mutex is held at dumping. Take this into account properly. Also, use Pablo's suggestion to use rcu_dereference_raw(), the ref_netlink protects the set. Signed-off-by: Jozsef Kadlecsik Signed-off-by: Pablo Neira Ayuso Signed-off-by: Sasha Levin --- net/netfilter/ipset/ip_set_core.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c index 68db946df151..1577f2f76060 100644 --- a/net/netfilter/ipset/ip_set_core.c +++ b/net/netfilter/ipset/ip_set_core.c @@ -55,11 +55,15 @@ MODULE_AUTHOR("Jozsef Kadlecsik "); MODULE_DESCRIPTION("core IP set support"); MODULE_ALIAS_NFNL_SUBSYS(NFNL_SUBSYS_IPSET); -/* When the nfnl mutex is held: */ +/* When the nfnl mutex or ip_set_ref_lock is held: */ #define ip_set_dereference(p) \ - rcu_dereference_protected(p, lockdep_nfnl_is_held(NFNL_SUBSYS_IPSET)) + rcu_dereference_protected(p, \ + lockdep_nfnl_is_held(NFNL_SUBSYS_IPSET) || \ + lockdep_is_held(&ip_set_ref_lock)) #define ip_set(inst, id) \ ip_set_dereference((inst)->ip_set_list)[id] +#define ip_set_ref_netlink(inst,id) \ + rcu_dereference_raw((inst)->ip_set_list)[id] /* The set types are implemented in modules and registered set types * can be found in ip_set_type_list. Adding/deleting types is @@ -1251,7 +1255,7 @@ ip_set_dump_done(struct netlink_callback *cb) struct ip_set_net *inst = (struct ip_set_net *)cb->args[IPSET_CB_NET]; ip_set_id_t index = (ip_set_id_t)cb->args[IPSET_CB_INDEX]; - struct ip_set *set = ip_set(inst, index); + struct ip_set *set = ip_set_ref_netlink(inst, index); if (set->variant->uref) set->variant->uref(set, cb, false); @@ -1440,7 +1444,7 @@ next_set: release_refcount: /* If there was an error or set is done, release set */ if (ret || !cb->args[IPSET_CB_ARG0]) { - set = ip_set(inst, index); + set = ip_set_ref_netlink(inst, index); if (set->variant->uref) set->variant->uref(set, cb, false); pr_debug("release set %s\n", set->name); -- 2.17.1