summaryrefslogtreecommitdiff
path: root/net
diff options
context:
space:
mode:
authorJozsef Kadlecsik <kadlec@netfilter.org>2019-07-23 10:25:55 +0200
committerJozsef Kadlecsik <kadlec@blackhole.kfki.hu>2019-07-29 21:18:07 +0200
commit6c1f7e2c1b96ab9b09ac97c4df2bd9dc327206f6 (patch)
tree7b0d0728d479829760e9fdd27dcb0a27ceb6c7fa /net
parent1b4a75108d5bc153daf965d334e77e8e94534f96 (diff)
netfilter: ipset: Fix rename concurrency with listing
Shijie Luo reported that when stress-testing ipset with multiple concurrent create, rename, flush, list, destroy commands, it can result ipset <version>: Broken LIST kernel message: missing DATA part! error messages and broken list results. The problem was the rename operation was not properly handled with respect of listing. The patch fixes the issue. Reported-by: Shijie Luo <luoshijie1@huawei.com> Signed-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Diffstat (limited to 'net')
-rw-r--r--net/netfilter/ipset/ip_set_core.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 2e151856ad99..e64d5f9a89dd 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -1161,7 +1161,7 @@ static int ip_set_rename(struct net *net, struct sock *ctnl,
return -ENOENT;
write_lock_bh(&ip_set_ref_lock);
- if (set->ref != 0) {
+ if (set->ref != 0 || set->ref_netlink != 0) {
ret = -IPSET_ERR_REFERENCED;
goto out;
}