Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2229705/?format=api
{ "id": 2229705, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2229705/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260428151913.584739-3-kadlec@netfilter.org/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/1.1/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null }, "msgid": "<20260428151913.584739-3-kadlec@netfilter.org>", "date": "2026-04-28T15:19:10", "name": "[2/5] netfilter: ipset: Fix data race between add and dump in all hash types", "commit_ref": null, "pull_url": null, "state": "changes-requested", "archived": true, "hash": "94bd191e1f1768852eceffa789edce2ed4e42c8a", "submitter": { "id": 77226, "url": "http://patchwork.ozlabs.org/api/1.1/people/77226/?format=api", "name": "Jozsef Kadlecsik", "email": "kadlec@netfilter.org" }, "delegate": { "id": 11902, "url": "http://patchwork.ozlabs.org/api/1.1/users/11902/?format=api", "username": "strlen", "first_name": "Florian", "last_name": "Westphal", "email": "fw@strlen.de" }, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260428151913.584739-3-kadlec@netfilter.org/mbox/", "series": [ { "id": 501876, "url": "http://patchwork.ozlabs.org/api/1.1/series/501876/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=501876", "date": "2026-04-28T15:19:09", "name": "netfilter: ipset fixes", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/501876/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2229705/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2229705/checks/", "tags": {}, "headers": { "Return-Path": "\n <netfilter-devel+bounces-12257-incoming=patchwork.ozlabs.org@vger.kernel.org>", "X-Original-To": [ "incoming@patchwork.ozlabs.org", "netfilter-devel@vger.kernel.org" ], "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=blackhole.kfki.hu header.i=@blackhole.kfki.hu\n header.a=rsa-sha256 header.s=20151130 header.b=kALeYpCU;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c15:e001:75::12fc:5321; helo=sin.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-12257-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)", "smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=blackhole.kfki.hu\n header.i=@blackhole.kfki.hu header.b=\"kALeYpCU\"", "smtp.subspace.kernel.org;\n arc=none smtp.client-ip=148.6.0.49", "smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org", "smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=blackhole.kfki.hu" ], "Received": [ "from sin.lore.kernel.org (sin.lore.kernel.org\n [IPv6:2600:3c15:e001:75::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g4lz40hHpz1xrS\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 29 Apr 2026 02:20:32 +1000 (AEST)", "from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id C21FD3096799\n\tfor <incoming@patchwork.ozlabs.org>; Tue, 28 Apr 2026 15:19:30 +0000 (UTC)", "from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 0D09F37C11A;\n\tTue, 28 Apr 2026 15:19:28 +0000 (UTC)", "from smtp-out.kfki.hu (smtp-out.kfki.hu [148.6.0.49])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id D194930DEB8\n\tfor <netfilter-devel@vger.kernel.org>; Tue, 28 Apr 2026 15:19:22 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n\tby smtp0.kfki.hu (Postfix) with ESMTP id 4g4kcM435Yz3sb9v;\n\tTue, 28 Apr 2026 17:19:15 +0200 (CEST)", "from smtp0.kfki.hu ([127.0.0.1])\n by localhost (smtp0.kfki.hu [127.0.0.1]) (amavis, port 10026) with ESMTP\n id Ia77a02anwNT; Tue, 28 Apr 2026 17:19:13 +0200 (CEST)", "from mentat.rmki.kfki.hu (unknown [148.6.40.64])\n\t(Authenticated sender: kadlecsik.jozsef@wigner.hu)\n\tby smtp0.kfki.hu (Postfix) with ESMTPSA id 4g4kcK4pC0z3sb9B;\n\tTue, 28 Apr 2026 17:19:13 +0200 (CEST)", "by mentat.rmki.kfki.hu (Postfix, from userid 1000)\n\tid 7AB2A14127D; Tue, 28 Apr 2026 17:19:13 +0200 (CEST)" ], "ARC-Seal": "i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1777389566; cv=none;\n b=e4JVuIpkP61AsbNgUxZST7/1mZqRJ0u2UycLQ7SVSeElbm264I+cQPIb6sR8+He/54D53M9CueRQLm5E2RuPfQS5ebzLTse1lgrgRbTQd9rYz5JLofsXDeYYh+ogH4PcbZudZ6tkw4YBrZTuiq5qmXqaoCwYowoIP3GNOzshwtA=", "ARC-Message-Signature": "i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1777389566; c=relaxed/simple;\n\tbh=z9vTmh0fSqwJ1ueufXsV7s1eXltCSepqRBLDjqQ/Xfs=;\n\th=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:\n\t MIME-Version;\n b=qvosT2CD7yNJycPBT5bCb6TxMU2+eRG/l6rARm+jTITbj9JtQyS6bikEDh9iKXcxirfWCy4qovee8FNxFv0Mup4I9kLi+ktnJzKZ6Na7cIg84YvvNetmPAMq8SUeOmqC0LbCcs70Vycrx3JpqybZntnGgoMdjOLeIGhhlTP8hlI=", "ARC-Authentication-Results": "i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org;\n spf=pass smtp.mailfrom=blackhole.kfki.hu;\n dkim=pass (1024-bit key) header.d=blackhole.kfki.hu\n header.i=@blackhole.kfki.hu header.b=kALeYpCU;\n arc=none smtp.client-ip=148.6.0.49", "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=\n\tblackhole.kfki.hu; h=mime-version:references:in-reply-to\n\t:x-mailer:message-id:date:date:from:from:received:received\n\t:received; s=20151130; t=1777389553; x=1779203954; bh=mMbMG0BPl3\n\tzgbThJJz5+q6tMTVZ/+YN5YNiuckTDl5Q=; b=kALeYpCUAqOzvcFhjoBbtOqDzz\n\tE8Xz/MVK1+oXtlfYEr+vMCGzzmpXgLG5NzGv5CdGh9p+XTqSfDYV65EjX2dFIGFn\n\tU3KTj9gZVHrIH86KtHO9hFMLl3pE1RUfZrw+Q36laMzMa43CCyCOSiPceCEATfe7\n\tsKl+gCBWjVJ10P12U=", "X-Virus-Scanned": "Debian amavis at smtp0.kfki.hu", "From": "Jozsef Kadlecsik <kadlec@netfilter.org>", "To": "netfilter-devel@vger.kernel.org", "Cc": "Pablo Neira Ayuso <pablo@netfilter.org>", "Subject": "[PATCH 2/5] netfilter: ipset: Fix data race between add and dump in\n all hash types", "Date": "Tue, 28 Apr 2026 17:19:10 +0200", "Message-Id": "<20260428151913.584739-3-kadlec@netfilter.org>", "X-Mailer": "git-send-email 2.39.5", "In-Reply-To": "<20260428151913.584739-1-kadlec@netfilter.org>", "References": "<20260428151913.584739-1-kadlec@netfilter.org>", "Precedence": "bulk", "X-Mailing-List": "netfilter-devel@vger.kernel.org", "List-Id": "<netfilter-devel.vger.kernel.org>", "List-Subscribe": "<mailto:netfilter-devel+subscribe@vger.kernel.org>", "List-Unsubscribe": "<mailto:netfilter-devel+unsubscribe@vger.kernel.org>", "MIME-Version": "1.0", "Content-Transfer-Encoding": "quoted-printable" }, "content": "When adding a new entry to the next position in the existing hash bucket,\nthe position index was incremented too early and parallel dump could\nread it before the entry was populated with the value. Move the setting\nof the position index after populating the entry.\n\nv2: Position counting fixed, noticed by Florian Westphal.\n\nReported-by: syzbot+786c889f046e8b003ca6@syzkaller.appspotmail.com\nReported-by: syzbot+1da17e4b41d795df059e@syzkaller.appspotmail.com\nReported-by: syzbot+421c5f3ff8e9493084d9@syzkaller.appspotmail.com\nSigned-off-by: Jozsef Kadlecsik <kadlec@netfilter.org>\n---\n net/netfilter/ipset/ip_set_hash_gen.h | 7 +++++--\n 1 file changed, 5 insertions(+), 2 deletions(-)", "diff": "diff --git a/net/netfilter/ipset/ip_set_hash_gen.h b/net/netfilter/ipset/ip_set_hash_gen.h\nindex b79e5dd2af03..133ce4611eed 100644\n--- a/net/netfilter/ipset/ip_set_hash_gen.h\n+++ b/net/netfilter/ipset/ip_set_hash_gen.h\n@@ -844,7 +844,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \tconst struct mtype_elem *d = value;\n \tstruct mtype_elem *data;\n \tstruct hbucket *n, *old = ERR_PTR(-ENOENT);\n-\tint i, j = -1, ret;\n+\tint i, j = -1, npos = 0, ret;\n \tbool flag_exist = flags & IPSET_FLAG_EXIST;\n \tbool deleted = false, forceadd = false, reuse = false;\n \tu32 r, key, multi = 0, elements, maxelem;\n@@ -889,6 +889,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \t\t\text_size(AHASH_INIT_SIZE, set->dsize);\n \t\tgoto copy_elem;\n \t}\n+\tnpos = n->pos;\n \tfor (i = 0; i < n->pos; i++) {\n \t\tif (!test_bit(i, n->used)) {\n \t\t\t/* Reuse first deleted entry */\n@@ -962,7 +963,8 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \t}\n \n copy_elem:\n-\tj = n->pos++;\n+\tj = npos;\n+\tnpos = n->pos + 1;\n \tdata = ahash_data(n, j, set->dsize);\n copy_data:\n \tt->hregion[r].elements++;\n@@ -985,6 +987,7 @@ mtype_add(struct ip_set *set, void *value, const struct ip_set_ext *ext,\n \tif (SET_WITH_TIMEOUT(set))\n \t\tip_set_timeout_set(ext_timeout(data, set), ext->timeout);\n \tsmp_mb__before_atomic();\n+\tn->pos = npos;\n \tset_bit(j, n->used);\n \tif (old != ERR_PTR(-ENOENT)) {\n \t\trcu_assign_pointer(hbucket(t, key), n);\n", "prefixes": [ "2/5" ] }