diff options
author | Liping Zhang | 2017-05-14 15:35:22 +0200 |
---|---|---|
committer | Pablo Neira Ayuso | 2017-05-15 12:51:39 +0200 |
commit | fa803605eef39372e53d7813002d73a3fcf10c88 (patch) | |
tree | 7e3e452796daa0e76cd98d2fcb97134dbedd98fa /net/netfilter/nft_set_hash.c | |
parent | netfilter: synproxy: fix conntrackd interaction (diff) | |
download | kernel-qcow2-linux-fa803605eef39372e53d7813002d73a3fcf10c88.tar.gz kernel-qcow2-linux-fa803605eef39372e53d7813002d73a3fcf10c88.tar.xz kernel-qcow2-linux-fa803605eef39372e53d7813002d73a3fcf10c88.zip |
netfilter: nf_tables: can't assume lock is acquired when dumping set elems
When dumping the elements related to a specified set, we may invoke the
nf_tables_dump_set with the NFNL_SUBSYS_NFTABLES lock not acquired. So
we should use the proper rcu operation to avoid race condition, just
like other nft dump operations.
Signed-off-by: Liping Zhang <zlpnobody@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_set_hash.c')
-rw-r--r-- | net/netfilter/nft_set_hash.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netfilter/nft_set_hash.c b/net/netfilter/nft_set_hash.c index 8ec086b6b56b..3d3a6df4ce70 100644 --- a/net/netfilter/nft_set_hash.c +++ b/net/netfilter/nft_set_hash.c @@ -222,7 +222,7 @@ static void nft_hash_walk(const struct nft_ctx *ctx, struct nft_set *set, struct nft_set_elem elem; int err; - err = rhashtable_walk_init(&priv->ht, &hti, GFP_KERNEL); + err = rhashtable_walk_init(&priv->ht, &hti, GFP_ATOMIC); iter->err = err; if (err) return; |