Skip to content

L
linux
Commit e688a7f8 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files
Options

netfilter: nf_tables: safe RCU iteration on list when dumping 

The dump operation through netlink is not protected by the nfnl_lock.
Thus, a reader process can be dumping any of the existing object
lists while another process can be updating the list content.

This patch resolves this situation by protecting all the object
lists with RCU in the netlink dump path which is the reader side.
The updater path is already protected via nfnl_lock, so use list
manipulation RCU-safe operations.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent 63283dd2
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 53 additions and 41 deletions
net/netfilter/nf_tables_api.c
View file @ e688a7f8
This diff is collapsed.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7