From: Florian Westphal <fw@strlen.de>
To: <netdev@vger.kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
<netfilter-devel@vger.kernel.org>,
pablo@netfilter.org
Subject: [PATCH net 3/6] netfilter: nft_synproxy: avoid possible data-race on update operation
Date: Fri, 2 Jan 2026 12:41:25 +0100 [thread overview]
Message-ID: <20260102114128.7007-4-fw@strlen.de> (raw)
In-Reply-To: <20260102114128.7007-1-fw@strlen.de>
From: Fernando Fernandez Mancera <fmancera@suse.de>
During nft_synproxy eval we are reading nf_synproxy_info struct which
can be modified on update operation concurrently. As nf_synproxy_info
struct fits in 32 bits, use READ_ONCE/WRITE_ONCE annotations.
Fixes: ee394f96ad75 ("netfilter: nft_synproxy: add synproxy stateful object support")
Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
net/netfilter/nft_synproxy.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/net/netfilter/nft_synproxy.c b/net/netfilter/nft_synproxy.c
index 5d3e51825985..4d3e5a31b412 100644
--- a/net/netfilter/nft_synproxy.c
+++ b/net/netfilter/nft_synproxy.c
@@ -48,7 +48,7 @@ static void nft_synproxy_eval_v4(const struct nft_synproxy *priv,
struct tcphdr *_tcph,
struct synproxy_options *opts)
{
- struct nf_synproxy_info info = priv->info;
+ struct nf_synproxy_info info = READ_ONCE(priv->info);
struct net *net = nft_net(pkt);
struct synproxy_net *snet = synproxy_pernet(net);
struct sk_buff *skb = pkt->skb;
@@ -79,7 +79,7 @@ static void nft_synproxy_eval_v6(const struct nft_synproxy *priv,
struct tcphdr *_tcph,
struct synproxy_options *opts)
{
- struct nf_synproxy_info info = priv->info;
+ struct nf_synproxy_info info = READ_ONCE(priv->info);
struct net *net = nft_net(pkt);
struct synproxy_net *snet = synproxy_pernet(net);
struct sk_buff *skb = pkt->skb;
@@ -340,7 +340,7 @@ static void nft_synproxy_obj_update(struct nft_object *obj,
struct nft_synproxy *newpriv = nft_obj_data(newobj);
struct nft_synproxy *priv = nft_obj_data(obj);
- priv->info = newpriv->info;
+ WRITE_ONCE(priv->info, newpriv->info);
}
static struct nft_object_type nft_synproxy_obj_type;
--
2.51.2
next prev parent reply other threads:[~2026-01-02 11:41 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-01-02 11:41 [PATCH net 0/6] netfilter: updates for net Florian Westphal
2026-01-02 11:41 ` [PATCH net 1/6] netfilter: nft_set_pipapo: fix range overlap detection Florian Westphal
2026-01-04 20:13 ` patchwork-bot+netdevbpf
2026-01-02 11:41 ` [PATCH net 2/6] selftests: netfilter: nft_concat_range.sh: add check for overlap detection bug Florian Westphal
2026-01-02 11:41 ` Florian Westphal [this message]
2026-01-02 11:41 ` [PATCH net 4/6] netfilter: replace -EEXIST with -EBUSY Florian Westphal
2026-01-02 11:41 ` [PATCH net 5/6] netfilter: nf_tables: fix memory leak in nf_tables_newrule() Florian Westphal
2026-01-02 11:41 ` [PATCH net 6/6] netfilter: nf_conncount: update last_gc only when GC has been performed Florian Westphal
2026-01-04 15:08 ` [PATCH net 0/6] netfilter: updates for net Fernando Fernandez Mancera
2026-01-04 15:16 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260102114128.7007-4-fw@strlen.de \
--to=fw@strlen.de \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.