Skip to content

Commit 96ff072

Browse files
emmilemmil
committed
Merge: netfilter: ipset: Hold module reference while requesting a module
MR: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/5949 ``` JIRA: https://issues.redhat.com/browse/RHEL-35819 Upstream Status: net.git commit 456f010 commit 456f010 Author: Phil Sutter <[email protected]> Date: Fri Nov 29 16:30:38 2024 +0100 netfilter: ipset: Hold module reference while requesting a module User space may unload ip_set.ko while it is itself requesting a set type backend module, leading to a kernel crash. The race condition may be provoked by inserting an mdelay() right after the nfnl_unlock() call. Fixes: a7b4f98 ("netfilter: ipset: IP set core support") Signed-off-by: Phil Sutter <[email protected]> Acked-by: Jozsef Kadlecsik <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]> Signed-off-by: Phil Sutter <[email protected]> ``` Approved-by: Paolo Abeni <[email protected]> Approved-by: Antoine Tenart <[email protected]> Approved-by: CKI KWF Bot <[email protected]> Merged-by: Rado Vrbovsky <[email protected]>
2 parents 741b50f + fd462b6 commit 96ff072

File tree

1 file changed

+5
-0
lines changed

1 file changed

+5
-0
lines changed

net/netfilter/ipset/ip_set_core.c

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -106,14 +106,19 @@ find_set_type(const char *name, u8 family, u8 revision)
106106
static bool
107107
load_settype(const char *name)
108108
{
109+
if (!try_module_get(THIS_MODULE))
110+
return false;
111+
109112
nfnl_unlock(NFNL_SUBSYS_IPSET);
110113
pr_debug("try to load ip_set_%s\n", name);
111114
if (request_module("ip_set_%s", name) < 0) {
112115
pr_warn("Can't find ip_set type %s\n", name);
113116
nfnl_lock(NFNL_SUBSYS_IPSET);
117+
module_put(THIS_MODULE);
114118
return false;
115119
}
116120
nfnl_lock(NFNL_SUBSYS_IPSET);
121+
module_put(THIS_MODULE);
117122
return true;
118123
}
119124

0 commit comments

Comments
 (0)