summaryrefslogtreecommitdiff
path: root/ipc
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2024-08-09 16:07:32 +0300
committerPablo Neira Ayuso <pablo@netfilter.org>2024-08-15 00:44:55 +0300
commitbd662c4218f9648e888bebde9468146965f3f8a0 (patch)
tree42f14596e598d6c3fc7cf1e280dea8ff7808e5e6 /ipc
parent69fc3e9e90f1afc11f4015e6b75d18ab9acee348 (diff)
downloadlinux-bd662c4218f9648e888bebde9468146965f3f8a0.tar.xz
netfilter: nf_tables: Add locking for NFT_MSG_GETOBJ_RESET requests
Objects' dump callbacks are not concurrency-safe per-se with reset bit set. If two CPUs perform a reset at the same time, at least counter and quota objects suffer from value underrun. Prevent this by introducing dedicated locking callbacks for nfnetlink and the asynchronous dump handling to serialize access. Fixes: 43da04a593d8 ("netfilter: nf_tables: atomic dump and reset for stateful objects") Signed-off-by: Phil Sutter <phil@nwl.cc> Reviewed-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'ipc')
0 files changed, 0 insertions, 0 deletions