diff options
| author | Fernando Fernandez Mancera <fmancera@suse.de> | 2025-10-24 17:54:39 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2025-10-29 14:47:59 +0100 |
| commit | 8d96dfdcabef00e28f0c851b1502adb679dfc6d9 (patch) | |
| tree | 0594169fc27f9bb3cdd8271ec32ea43fb008bc04 | |
| parent | 514f1dc8f2ca3101e04cdf452e53baca3a76e544 (diff) | |
netfilter: nft_connlimit: fix possible data race on connection count
nft_connlimit_eval() reads priv->list->count to check if the connection
limit has been exceeded. This value is being read without a lock and can
be modified by a different process. Use READ_ONCE() for correctness.
Fixes: df4a90250976 ("netfilter: nf_conncount: merge lookup and add functions")
Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | net/netfilter/nft_connlimit.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nft_connlimit.c b/net/netfilter/nft_connlimit.c index 92b984fa8175..fc35a11cdca2 100644 --- a/net/netfilter/nft_connlimit.c +++ b/net/netfilter/nft_connlimit.c @@ -48,7 +48,7 @@ static inline void nft_connlimit_do_eval(struct nft_connlimit *priv, return; } - count = priv->list->count; + count = READ_ONCE(priv->list->count); if ((count > priv->limit) ^ priv->invert) { regs->verdict.code = NFT_BREAK; |