summaryrefslogtreecommitdiff
path: root/net/netfilter
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2024-09-03 01:08:58 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2024-09-03 18:18:41 +0200
commit73d3c04b710f0c144ce873dfe4f173a55c749539 (patch)
treeb576262a106232c7208cde4c22d455209c3aedc0 /net/netfilter
parentc5ad8ed61fa8410b272c077ec167c593602b4542 (diff)
netfilter: nf_tables: annotate data-races around element expiration
element expiration can be read-write locklessly, it can be written by dynset and read from netlink dump, add annotation. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
-rw-r--r--net/netfilter/nf_tables_api.c2
-rw-r--r--net/netfilter/nft_dynset.c2
2 files changed, 2 insertions, 2 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 571aa30918e9..77dce3d61ae6 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5827,7 +5827,7 @@ static int nf_tables_fill_setelem(struct sk_buff *skb,
if (nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) {
u64 expires, now = get_jiffies_64();
- expires = *nft_set_ext_expiration(ext);
+ expires = READ_ONCE(*nft_set_ext_expiration(ext));
if (time_before64(now, expires))
expires -= now;
else
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
index 5812fd880b79..ca4b52e68295 100644
--- a/net/netfilter/nft_dynset.c
+++ b/net/netfilter/nft_dynset.c
@@ -96,7 +96,7 @@ void nft_dynset_eval(const struct nft_expr *expr,
if (priv->op == NFT_DYNSET_OP_UPDATE &&
nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION)) {
timeout = priv->timeout ? : READ_ONCE(set->timeout);
- *nft_set_ext_expiration(ext) = get_jiffies_64() + timeout;
+ WRITE_ONCE(*nft_set_ext_expiration(ext), get_jiffies_64() + timeout);
}
nft_set_elem_update_expr(ext, regs, pkt);