From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: "Greg Kroah-Hartman" <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
"Václav Zindulka" <vaclav.zindulka@tlapnet.cz>,
"Pablo Neira Ayuso" <pablo@netfilter.org>,
"Sasha Levin (Microsoft)" <sashal@kernel.org>
Subject: [PATCH 4.9 07/32] netfilter: nft_set_rbtree: check for inactive element after flag mismatch
Date: Thu, 2 May 2019 17:20:53 +0200 [thread overview]
Message-ID: <20190502143317.550077918@linuxfoundation.org> (raw)
In-Reply-To: <20190502143314.649935114@linuxfoundation.org>
[ Upstream commit 05b7639da55f5555b9866a1f4b7e8995232a6323 ]
Otherwise, we hit bogus ENOENT when removing elements.
Fixes: e701001e7cbe ("netfilter: nft_rbtree: allow adjacent intervals with dynamic updates")
Reported-by: Václav Zindulka <vaclav.zindulka@tlapnet.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin (Microsoft) <sashal@kernel.org>
---
net/netfilter/nft_set_rbtree.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
index 93820e0d8814..4ee8acded0a4 100644
--- a/net/netfilter/nft_set_rbtree.c
+++ b/net/netfilter/nft_set_rbtree.c
@@ -191,10 +191,6 @@ static void *nft_rbtree_deactivate(const struct net *net,
else if (d > 0)
parent = parent->rb_right;
else {
- if (!nft_set_elem_active(&rbe->ext, genmask)) {
- parent = parent->rb_left;
- continue;
- }
if (nft_rbtree_interval_end(rbe) &&
!nft_rbtree_interval_end(this)) {
parent = parent->rb_left;
@@ -203,6 +199,9 @@ static void *nft_rbtree_deactivate(const struct net *net,
nft_rbtree_interval_end(this)) {
parent = parent->rb_right;
continue;
+ } else if (!nft_set_elem_active(&rbe->ext, genmask)) {
+ parent = parent->rb_left;
+ continue;
}
nft_set_elem_change_active(net, set, &rbe->ext);
return rbe;
--
2.19.1
next prev parent reply other threads:[~2019-05-02 15:22 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-02 15:20 [PATCH 4.9 00/32] 4.9.173-stable review Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 01/32] usbnet: ipheth: prevent TX queue timeouts when device not ready Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 02/32] usbnet: ipheth: fix potential null pointer dereference in ipheth_carrier_set Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 03/32] media: vivid: check if the cec_adapter is valid Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 04/32] ARM: dts: bcm283x: Fix hdmi hpd gpio pull Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 05/32] s390: limit brk randomization to 32MB Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 06/32] qlcnic: Avoid potential NULL pointer dereference Greg Kroah-Hartman
2019-05-02 15:20 ` Greg Kroah-Hartman [this message]
2019-05-02 15:20 ` [PATCH 4.9 08/32] netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 09/32] sc16is7xx: missing unregister/delete driver on error in sc16is7xx_init() Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 10/32] serial: ar933x_uart: Fix build failure with disabled console Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 11/32] usb: gadget: net2280: Fix overrun of OUT messages Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 12/32] usb: gadget: net2280: Fix net2280_dequeue() Greg Kroah-Hartman
2019-05-02 15:20 ` [PATCH 4.9 13/32] usb: gadget: net2272: Fix net2272_dequeue() Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 14/32] ARM: dts: pfla02: increase phy reset duration Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 15/32] net: ks8851: Dequeue RX packets explicitly Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 16/32] net: ks8851: Reassert reset pin if chip ID check fails Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 17/32] net: ks8851: Delay requesting IRQ until opened Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 18/32] net: ks8851: Set initial carrier state to down Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 19/32] staging: rtl8712: uninitialized memory in read_bbreg_hdl() Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 20/32] NFS: Fix a typo in nfs_init_timeout_values() Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 21/32] net: xilinx: fix possible object reference leak Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 22/32] net: ibm: " Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 23/32] net: ethernet: ti: " Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 24/32] scsi: qla4xxx: fix a potential NULL pointer dereference Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 25/32] usb: u132-hcd: fix resource leak Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 26/32] ceph: fix use-after-free on symlink traversal Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 27/32] scsi: zfcp: reduce flood of fcrscn1 trace records on multi-element RSCN Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 28/32] libata: fix using DMA buffers on stack Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 29/32] gpio: of: Fix of_gpiochip_add() error path Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 30/32] kconfig/[mn]conf: handle backspace (^H) key Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 31/32] leds: pca9532: fix a potential NULL pointer dereference Greg Kroah-Hartman
2019-05-02 15:21 ` [PATCH 4.9 32/32] vfio/type1: Limit DMA mappings per container Greg Kroah-Hartman
2019-05-02 23:06 ` [PATCH 4.9 00/32] 4.9.173-stable review kernelci.org bot
2019-05-03 7:04 ` Naresh Kamboju
2019-05-03 9:27 ` Jon Hunter
2019-05-03 17:15 ` Guenter Roeck
2019-05-03 21:21 ` shuah
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190502143317.550077918@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=vaclav.zindulka@tlapnet.cz \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).