netfilter: ipset: Add list flush to cancel_gc

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Flushing list in cancel_gc drops references to other lists right away,
without waiting for RCU to destroy list. Fixes race when referenced
ipsets can't be destroyed while referring list is scheduled for destroy.

Fixes: 97f7cf1cd80e ("netfilter: ipset: fix performance regression in swap operation")
Signed-off-by: Alexander Maltsev <keltar.gw@gmail.com>
Acked-by: Jozsef Kadlecsik <kadlec@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Alexander Maltsev and committed by

Pablo Neira Ayuso 2 years ago c1193d9b dc21c6cc

1 changed file

expand all

net

netfilter

ipset

ip_set_list_set.c

net/netfilter/ipset/ip_set_list_set.c

··· 549 549 550 550 if (SET_WITH_TIMEOUT(set)) 551 551 timer_shutdown_sync(&map->gc); 552 + 553 + /* Flush list to drop references to other ipsets */ 554 + list_set_flush(set); 552 555 } 553 556 554 557 static const struct ip_set_type_variant set_variant = {