diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-09-03 01:08:58 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-09-03 18:18:41 +0200 |
commit | 73d3c04b710f0c144ce873dfe4f173a55c749539 (patch) | |
tree | b576262a106232c7208cde4c22d455209c3aedc0 /net/netfilter | |
parent | c5ad8ed61fa8410b272c077ec167c593602b4542 (diff) |
netfilter: nf_tables: annotate data-races around element expiration
element expiration can be read-write locklessly, it can be written by
dynset and read from netlink dump, add annotation.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
-rw-r--r-- | net/netfilter/nf_tables_api.c | 2 | ||||
-rw-r--r-- | net/netfilter/nft_dynset.c | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index 571aa30918e9..77dce3d61ae6 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -5827,7 +5827,7 @@ static int nf_tables_fill_setelem(struct sk_buff *skb, if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) { u64 expires, now = get_jiffies_64(); - expires = *nft_set_ext_expiration(ext); + expires = READ_ONCE(*nft_set_ext_expiration(ext)); if (time_before64(now, expires)) expires -= now; else diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c index 5812fd880b79..ca4b52e68295 100644 --- a/net/netfilter/nft_dynset.c +++ b/net/netfilter/nft_dynset.c @@ -96,7 +96,7 @@ void nft_dynset_eval(const struct nft_expr *expr, if (priv->op == NFT_DYNSET_OP_UPDATE && nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) { timeout = priv->timeout ? : READ_ONCE(set->timeout); - *nft_set_ext_expiration(ext) = get_jiffies_64() + timeout; + WRITE_ONCE(*nft_set_ext_expiration(ext), get_jiffies_64() + timeout); } nft_set_elem_update_expr(ext, regs, pkt); |