diff options
author | Phil Sutter <phil@nwl.cc> | 2024-08-09 16:07:32 +0300 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-08-15 00:44:55 +0300 |
commit | bd662c4218f9648e888bebde9468146965f3f8a0 (patch) | |
tree | 42f14596e598d6c3fc7cf1e280dea8ff7808e5e6 /ipc | |
parent | 69fc3e9e90f1afc11f4015e6b75d18ab9acee348 (diff) | |
download | linux-bd662c4218f9648e888bebde9468146965f3f8a0.tar.xz |
netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
Objects' dump callbacks are not concurrency-safe per-se with reset bit
set. If two CPUs perform a reset at the same time, at least counter and
quota objects suffer from value underrun.
Prevent this by introducing dedicated locking callbacks for nfnetlink
and the asynchronous dump handling to serialize access.
Fixes: 43da04a593d8 ("netfilter: nf_tables: atomic dump and reset for stateful objects")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'ipc')
0 files changed, 0 insertions, 0 deletions