netfilter: ipset: fix suspicious RCU usage in find_set_and_id - kernel/linux.git

diff options

author	Kadlecsik József <kadlec@blackhole.kfki.hu>	2020-01-25 22:39:25 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2020-02-11 15:35:07 +0300
commit	8ce07d95d67a9f4236bb44b6c7046a9b0a8d715b (patch)
tree	28ea69cc679bdbdd7ad6ed4c5850fcc5169181b1 /Documentation/firmware-guide
parent	7bad0dda8164c4cd6f1c43444089fb9c4188cdf4 (diff)
download	linux-8ce07d95d67a9f4236bb44b6c7046a9b0a8d715b.tar.xz

netfilter: ipset: fix suspicious RCU usage in find_set_and_id

commit 5038517119d50ed0240059b1d7fc2faa92371c08 upstream. find_set_and_id() is called when the NFNL_SUBSYS_IPSET mutex is held. However, in the error path there can be a follow-up recvmsg() without the mutex held. Use the start() function of struct netlink_dump_control instead of dump() to verify and report if the specified set does not exist. Thanks to Pablo Neira Ayuso for helping me to understand the subleties of the netlink protocol. Reported-by: syzbot+fc69d7cb21258ab4ae4d@syzkaller.appspotmail.com Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'Documentation/firmware-guide')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: