summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2014-05-22 12:36:03 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2014-06-02 10:54:25 +0200
commit46bbafceb201df635b7c0a9d7a0e526cb2f8cb75 (patch)
tree83072842019888714b8457ebbd1c9782087f14b2
parent4c552a64dfc2063ef060cf45788cd4250eea3596 (diff)
downloadlinux-46bbafceb201df635b7c0a9d7a0e526cb2f8cb75.tar.bz2
netfilter: nf_tables: fix wrong transaction ordering in set elements
The transaction needs to be placed at the end of the commit list, otherwise event notifications are reordered and we may crash when releasing object via call_rcu. This problem was introduced in 60319eb ("netfilter: nf_tables: use new transaction infrastructure to handle elements"). Reported-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--net/netfilter/nf_tables_api.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 047884776586..9365531ee911 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -3077,7 +3077,7 @@ static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set,
goto err4;
nft_trans_elem(trans) = elem;
- list_add(&trans->list, &ctx->net->nft.commit_list);
+ list_add_tail(&trans->list, &ctx->net->nft.commit_list);
return 0;
err4:
@@ -3161,7 +3161,7 @@ static int nft_del_setelem(struct nft_ctx *ctx, struct nft_set *set,
goto err2;
nft_trans_elem(trans) = elem;
- list_add(&trans->list, &ctx->net->nft.commit_list);
+ list_add_tail(&trans->list, &ctx->net->nft.commit_list);
nft_data_uninit(&elem.key, NFT_DATA_VALUE);
if (set->flags & NFT_SET_MAP)