[Devel] [PATCH RHEL7 COMMIT] ms/netfilter: ipset: Fix forceadd evaluation path
Vasily Averin
vvs at virtuozzo.com
Thu Dec 3 12:07:44 MSK 2020
The commit is pushed to "branch-rh7-3.10.0-1160.6.1.vz7.171.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1160.6.1.vz7.171.1
------>
commit c01ab9e64a34b0b7276159a9a6bc68deda44f0ab
Author: Jozsef Kadlecsik <kadlec at netfilter.org>
Date: Thu Dec 3 12:07:44 2020 +0300
ms/netfilter: ipset: Fix forceadd evaluation path
When the forceadd option is enabled, the hash:* types should find and replace
the first entry in the bucket with the new one if there are no reuseable
(deleted or timed out) entries. However, the position index was just not set
to zero and remained the invalid -1 if there were no reuseable entries.
Reported-by: syzbot+6a86565c74ebe30aea18 at syzkaller.appspotmail.com
Fixes: 23c42a403a9c ("netfilter: ipset: Introduction of new commands and protocol version 7")
Signed-off-by: Jozsef Kadlecsik <kadlec at netfilter.org>
(cherry-picked from commit 8af1c6fbd9239877998c7f5a591cb2c88d41fb66)
https://jira.sw.ru/browse/PSBM-123063
Signed-off-by: Vasily Averin <vvs at virtuozzo.com>
---
net/netfilter/ipset/ip_set_hash_gen.h | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h
index aa10e4a..45046e5 100644
--- a/net/netfilter/ipset/ip_set_hash_gen.h
+++ b/net/netfilter/ipset/ip_set_hash_gen.h
@@ -758,6 +758,8 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,
}
}
if (reuse || forceadd) {
+ if (j == -1)
+ j = 0;
data = ahash_data(n, j, set->dsize);
if (!deleted) {
#ifdef IP_SET_HASH_WITH_NETS
More information about the Devel
mailing list