{"id":2223397,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2223397/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260415082039.4133308-2-kadlec@netfilter.org/","project":{"id":26,"url":"http://patchwork.ozlabs.org/api/1.1/projects/26/?format=json","name":"Netfilter Development","link_name":"netfilter-devel","list_id":"netfilter-devel.vger.kernel.org","list_email":"netfilter-devel@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null},"msgid":"<20260415082039.4133308-2-kadlec@netfilter.org>","date":"2026-04-15T08:20:38","name":"[1/2] netfilter: ipset: Fix data race between add and list header in all hash types","commit_ref":null,"pull_url":null,"state":"changes-requested","archived":true,"hash":"522c2a88b848ad3180e48026c837f6729d66450a","submitter":{"id":77226,"url":"http://patchwork.ozlabs.org/api/1.1/people/77226/?format=json","name":"Jozsef Kadlecsik","email":"kadlec@netfilter.org"},"delegate":{"id":11902,"url":"http://patchwork.ozlabs.org/api/1.1/users/11902/?format=json","username":"strlen","first_name":"Florian","last_name":"Westphal","email":"fw@strlen.de"},"mbox":"http://patchwork.ozlabs.org/project/netfilter-devel/patch/20260415082039.4133308-2-kadlec@netfilter.org/mbox/","series":[{"id":499944,"url":"http://patchwork.ozlabs.org/api/1.1/series/499944/?format=json","web_url":"http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=499944","date":"2026-04-15T08:20:37","name":"[1/2] netfilter: ipset: Fix data race between add and list header in all hash types","version":3,"mbox":"http://patchwork.ozlabs.org/series/499944/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2223397/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2223397/checks/","tags":{},"headers":{"Return-Path":"\n ","X-Original-To":["incoming@patchwork.ozlabs.org","netfilter-devel@vger.kernel.org"],"Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (1024-bit key;\n unprotected) header.d=blackhole.kfki.hu header.i=@blackhole.kfki.hu\n header.a=rsa-sha256 header.s=20151130 header.b=A1vJcHWA;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2600:3c15:e001:75::12fc:5321; helo=sin.lore.kernel.org;\n envelope-from=netfilter-devel+bounces-11902-incoming=patchwork.ozlabs.org@vger.kernel.org;\n receiver=patchwork.ozlabs.org)","smtp.subspace.kernel.org;\n\tdkim=pass (1024-bit key) header.d=blackhole.kfki.hu\n header.i=@blackhole.kfki.hu header.b=\"A1vJcHWA\"","smtp.subspace.kernel.org;\n arc=none smtp.client-ip=148.6.0.51","smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org","smtp.subspace.kernel.org;\n spf=pass smtp.mailfrom=blackhole.kfki.hu"],"Received":["from sin.lore.kernel.org (sin.lore.kernel.org\n [IPv6:2600:3c15:e001:75::12fc:5321])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fwZ2J5r9Xz1yDF\n\tfor ; Wed, 15 Apr 2026 18:24:56 +1000 (AEST)","from smtp.subspace.kernel.org (conduit.subspace.kernel.org\n [100.90.174.1])\n\tby sin.lore.kernel.org (Postfix) with ESMTP id 2B4F13059320\n\tfor ; Wed, 15 Apr 2026 08:21:05 +0000 (UTC)","from localhost.localdomain (localhost.localdomain [127.0.0.1])\n\tby smtp.subspace.kernel.org (Postfix) with ESMTP id 27D573CF02D;\n\tWed, 15 Apr 2026 08:20:54 +0000 (UTC)","from smtp-out.kfki.hu (smtp-out.kfki.hu [148.6.0.51])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))\n\t(No client certificate requested)\n\tby smtp.subspace.kernel.org (Postfix) with ESMTPS id D2C903CF034\n\tfor ; Wed, 15 Apr 2026 08:20:49 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n\tby smtp2.kfki.hu (Postfix) with ESMTP id 4fwYxP6cQtz7s85N;\n\tWed, 15 Apr 2026 10:20:41 +0200 (CEST)","from smtp2.kfki.hu ([127.0.0.1])\n by localhost (smtp2.kfki.hu [127.0.0.1]) (amavis, port 10026) with ESMTP\n id TYnsdlxcN5gb; Wed, 15 Apr 2026 10:20:40 +0200 (CEST)","from blackhole.kfki.hu (blackhole.szhk.kfki.hu [148.6.240.2])\n\tby smtp2.kfki.hu (Postfix) with ESMTP id 4fwYxM5RJwz7s85G;\n\tWed, 15 Apr 2026 10:20:39 +0200 (CEST)","by blackhole.kfki.hu (Postfix, from userid 1000)\n\tid AD11934316B; Wed, 15 Apr 2026 10:20:39 +0200 (CEST)"],"ARC-Seal":"i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;\n\tt=1776241253; cv=none;\n b=cVr+avY61yYEbsNj8lir10ycEyEp7atyQxWcDU5gAtjKVnXYPjQ8kgk6LzPkoYopm5RjpP70/gP45r/JIK00EvZxthjIhxgdGV2GkIxsdQQN99kIEaYgfbCGju5J+3cp0zOepSXsy69y9pF4RzMEBXvNP4a9zqvtNuP5Bnb8MFI=","ARC-Message-Signature":"i=1; a=rsa-sha256; d=subspace.kernel.org;\n\ts=arc-20240116; t=1776241253; c=relaxed/simple;\n\tbh=mhivghAY4iqzWA8QMbRoxlpLf9wlOsy2eI7mzmhbFMM=;\n\th=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:\n\t MIME-Version;\n b=D1+t4BTsG7DTp95BBG4d+F5TMOnbeYcYcgx8WyAhq1GGfwUcLuRVOysdkJkD2faM66rjKlSqh+gtaDHcfm1PPLgoyL8f3TzCmEM1LYb2zwbpC6KqT4SRWXCJ48q4KOajL67bWgimnWw0u1W0UjDOI2t1CY7HZvh946aHRgqs+/w=","ARC-Authentication-Results":"i=1; smtp.subspace.kernel.org;\n dmarc=none (p=none dis=none) header.from=netfilter.org;\n spf=pass smtp.mailfrom=blackhole.kfki.hu;\n dkim=pass (1024-bit key) header.d=blackhole.kfki.hu\n header.i=@blackhole.kfki.hu header.b=A1vJcHWA;\n arc=none smtp.client-ip=148.6.0.51","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=\n\tblackhole.kfki.hu; h=mime-version:references:in-reply-to\n\t:x-mailer:message-id:date:date:from:from:received:received\n\t:received; s=20151130; t=1776241240; x=1778055641; bh=UPYFQnNHUB\n\tvCFSBcJlCDrBtq0YeZvIr5oN6GY29vYpg=; b=A1vJcHWA9W94tyqQ76NK5gClCh\n\tzhV2VdOMLoJO1f42G/k4HyXGRTB7rzlDlSSuT5kjBMTiFXQbEoKNjyjgXIthCFbQ\n\tkbJ/ewgde4TS7+Eq3RfZGM/yb55XPrG0hWeTrWSf7mrlm9aw8/RvY/jx4+aCKerW\n\tEwSzH743qRvOuRlLM=","X-Virus-Scanned":"Debian amavis at smtp2.kfki.hu","From":"Jozsef Kadlecsik ","To":"netfilter-devel@vger.kernel.org","Cc":"Pablo Neira Ayuso ,\n\tFlorian Westphal ","Subject":"[PATCH 1/2] netfilter: ipset: Fix data race between add and list\n header in all hash types","Date":"Wed, 15 Apr 2026 10:20:38 +0200","Message-Id":"<20260415082039.4133308-2-kadlec@netfilter.org>","X-Mailer":"git-send-email 2.39.5","In-Reply-To":"<20260415082039.4133308-1-kadlec@netfilter.org>","References":"<20260415082039.4133308-1-kadlec@netfilter.org>","Precedence":"bulk","X-Mailing-List":"netfilter-devel@vger.kernel.org","List-Id":"","List-Subscribe":"","List-Unsubscribe":"","MIME-Version":"1.0","Content-Transfer-Encoding":"quoted-printable"},"content":"The \"ipset list -terse\" command is actually a dump operation which\nmay run parallel with \"ipset add\" commands, which can trigger an\ninternal resizing of the hash type of sets just being dumped. However,\ndumping just the header part of the set was not protected against\nunderlying resizing. Fix it by protecting the header dumping part\nas well.\n\nSigned-off-by: Jozsef Kadlecsik \n---\n net/netfilter/ipset/ip_set_core.c | 4 ++--\n 1 file changed, 2 insertions(+), 2 deletions(-)","diff":"diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c\nindex d0c9fe59c67d..e6a8b3acc556 100644\n--- a/net/netfilter/ipset/ip_set_core.c\n+++ b/net/netfilter/ipset/ip_set_core.c\n@@ -1648,13 +1648,13 @@ ip_set_dump_do(struct sk_buff *skb, struct netlink_callback *cb)\n \t\t\tif (cb->args[IPSET_CB_PROTO] > IPSET_PROTOCOL_MIN &&\n \t\t\t nla_put_net16(skb, IPSET_ATTR_INDEX, htons(index)))\n \t\t\t\tgoto nla_put_failure;\n+\t\t\tif (set->variant->uref)\n+\t\t\t\tset->variant->uref(set, cb, true);\n \t\t\tret = set->variant->head(set, skb);\n \t\t\tif (ret < 0)\n \t\t\t\tgoto release_refcount;\n \t\t\tif (dump_flags & IPSET_FLAG_LIST_HEADER)\n \t\t\t\tgoto next_set;\n-\t\t\tif (set->variant->uref)\n-\t\t\t\tset->variant->uref(set, cb, true);\n \t\t\tfallthrough;\n \t\tdefault:\n \t\t\tret = set->variant->list(set, skb, cb);\n","prefixes":["1/2"]}