1. 20 Jan, 2020 1 commit
  2. 13 Jan, 2020 1 commit
  3. 07 Oct, 2019 1 commit
  4. 19 Jun, 2019 1 commit
  5. 10 Jun, 2019 1 commit
  6. 27 Apr, 2019 1 commit
  7. 08 Jan, 2018 2 commits
  8. 18 Oct, 2017 1 commit
    • Kees Cook's avatar
      netfilter: ipset: Convert timers to use timer_setup() · a92c5751
      Kees Cook authored
      
      
      In preparation for unconditionally passing the struct timer_list pointer to
      all timer callbacks, switch to using the new timer_setup() and from_timer()
      to pass the timer pointer explicitly. This introduces a pointer back to the
      struct ip_set, which is used instead of the struct timer_list .data field.
      
      Cc: Pablo Neira Ayuso <pablo@netfilter.org>
      Cc: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
      Cc: Florian Westphal <fw@strlen.de>
      Cc: "David S. Miller" <davem@davemloft.net>
      Cc: Stephen Hemminger <stephen@networkplumber.org>
      Cc: simran singhal <singhalsimran0@gmail.com>
      Cc: Muhammad Falak R Wani <falakreyaz@gmail.com>
      Cc: netfilter-devel@vger.kernel.org
      Cc: coreteam@netfilter.org
      Cc: netdev@vger.kernel.org
      Signed-off-by: default avatarKees Cook <keescook@chromium.org>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      a92c5751
  9. 07 Apr, 2017 1 commit
  10. 10 Nov, 2016 4 commits
  11. 28 Mar, 2016 1 commit
    • Vishwanath Pai's avatar
      netfilter: ipset: fix race condition in ipset save, swap and delete · 596cf3fe
      Vishwanath Pai authored
      
      
      This fix adds a new reference counter (ref_netlink) for the struct ip_set.
      The other reference counter (ref) can be swapped out by ip_set_swap and we
      need a separate counter to keep track of references for netlink events
      like dump. Using the same ref counter for dump causes a race condition
      which can be demonstrated by the following script:
      
      ipset create hash_ip1 hash:ip family inet hashsize 1024 maxelem 500000 \
      counters
      ipset create hash_ip2 hash:ip family inet hashsize 300000 maxelem 500000 \
      counters
      ipset create hash_ip3 hash:ip family inet hashsize 1024 maxelem 500000 \
      counters
      
      ipset save &
      
      ipset swap hash_ip3 hash_ip2
      ipset destroy hash_ip3 /* will crash the machine */
      
      Swap will exchange the values of ref so destroy will see ref = 0 instead of
      ref = 1. With this fix in place swap will not succeed because ipset save
      still has ref_netlink on the set (ip_set_swap doesn't swap ref_netlink).
      
      Both delete and swap will error out if ref_netlink != 0 on the set.
      
      Note: The changes to *_head functions is because previously we would
      increment ref whenever we called these functions, we don't do that
      anymore.
      
      Reviewed-by: default avatarJoshua Hunt <johunt@akamai.com>
      Signed-off-by: default avatarVishwanath Pai <vpai@akamai.com>
      Signed-off-by: default avatarJozsef Kadlecsik <kadlec@blackhole.kfki.hu>
      Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
      596cf3fe
  12. 07 Nov, 2015 1 commit
  13. 14 Jun, 2015 2 commits
  14. 15 Sep, 2014 1 commit
  15. 22 Oct, 2013 1 commit
  16. 30 Sep, 2013 7 commits
  17. 29 Apr, 2013 2 commits