[PATCH net 08/16] netfilter: ipset: fix order of kfree_rcu() and rcu_assign_pointer()

[PATCH net 00/16] Netfilter fixes for net · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 01/16] netfilter: flowtable: fix offloaded ct timeout never being extended · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 02/16] netfilter: nf_queue: pin bridge device while NFQUEUE holds fake dst · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 03/16] netfilter: xt_cluster: reject template conntracks in hash match · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 05/16] netfilter: nfnetlink: make OOM conditions fatal · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 07/16] netfilter: ipset: Don't use test_bit() in lockless RCU readers in bitmap types · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 06/16] netfilter: ipset: Don't use test_bit() in lockless RCU readers in hash types · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 04/16] netfilter: flowtable: fix and simplify IP6IP6 tunnel handling · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 08/16] netfilter: ipset: fix order of kfree_rcu() and rcu_assign_pointer() · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 09/16] netfilter: ipset: make sure gc is properly stopped · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 10/16] netfilter: nft_payload: reject offsets exceeding 65535 bytes · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 11/16] netfilter: nft_meta_bridge: add validate callback for get operations · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 12/16] netfilter: nft_flow_offload: zero device address for non-ether case · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 13/16] netfilter: nf_reject: skip iphdr options when looking for icmp header · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 14/16] netfilter: nf_conntrack_expect: use conntrack GC to reap expectations · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 15/16] netfilter: nf_conntrack_expect: store master_tuple in expectation · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
[PATCH net 16/16] netfilter: nft_meta_bridge: fix NFT_META_BRI_IIFPVID stack leak · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-19
Re: [PATCH net 00/16] Netfilter fixes for net · Pablo Neira Ayuso <pablo@netfilter.org> · 2026-06-20

WARM2d

Revisions (59)

2014-04-05 v1 [diff vs current]
2014-06-18 v1 [diff vs current]
2014-10-27 v1 [diff vs current]
2015-11-11 v1 [diff vs current]
2016-08-10 v1 [diff vs current]
2016-08-10 v1 [diff vs current]
2016-10-21 v1 [diff vs current]
2016-11-10 v1 [diff vs current]
2016-11-30 v1 [diff vs current]
2017-02-23 v1 [diff vs current]
2017-03-29 v1 [diff vs current]
2017-04-14 v1 [diff vs current]
2017-12-13 v1 [diff vs current]
2018-02-20 v1 [diff vs current]
2018-06-13 v1 [diff vs current]
2018-07-24 v1 [diff vs current]
2018-09-11 v1 [diff vs current]
2018-11-06 v1 [diff vs current]
2018-11-28 v1 [diff vs current]
2018-12-29 v1 [diff vs current]
2019-03-21 v1 [diff vs current]
2019-05-13 v1 [diff vs current]
2019-07-19 v1 [diff vs current]
2019-07-31 v1 [diff vs current]
2019-11-06 v1 [diff vs current]
2019-12-09 v1 [diff vs current]
2020-01-08 v1 [diff vs current]
2020-02-18 v1 [diff vs current]
2020-03-06 v1 [diff vs current]
2020-08-15 v1 [diff vs current]
2020-08-31 v1 [diff vs current]
2021-03-06 v1 [diff vs current]
2021-03-19 v1 [diff vs current]
2021-05-07 v1 [diff vs current]
2021-06-22 v1 [diff vs current]
2021-07-07 v1 [diff vs current]
2021-08-06 v1 [diff vs current]
2021-08-06 v2 [diff vs current]
2021-11-18 v1 [diff vs current]
2022-01-27 v1 [diff vs current]
2022-03-01 v1 [diff vs current]
2022-08-09 v1 [diff vs current]
2022-08-24 v1 [diff vs current]
2023-09-13 v1 [diff vs current]
2024-01-17 v1 [diff vs current]
2024-01-18 v2 [diff vs current]
2024-02-07 v1 [diff vs current]
2024-02-08 v2 [diff vs current]
2024-08-14 v1 [diff vs current]
2024-09-24 v1 [diff vs current]
2024-09-26 v2 [diff vs current]
2026-03-25 v2 [diff vs current]
2026-04-01 v1 [diff vs current]
2026-04-28 v2 [diff vs current]
2026-05-01 v1 [diff vs current]
2026-05-07 v1 [diff vs current]
2026-06-10 v1 [diff vs current]
2026-06-19 v1 current
2026-06-20 v2 [diff vs current]

From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: 2026-06-19 11:55:11
Also in: netfilter-devel
Subsystem: netfilter, networking [general], the rest · Maintainers: Pablo Neira Ayuso, Florian Westphal, "David S. Miller", Eric Dumazet, Jakub Kicinski, Paolo Abeni, Linus Torvalds

From: Jozsef Kadlecsik <redacted>

Sashiko pointed out that kfree_rcu() was called before
rcu_assign_pointer() in handling the comment extension.
Fix the order so that rcu_assign_pointer() called first.

Fixes: b57b2d1fa53f ("netfilter: ipset: Prepare the ipset core to use RCU at set level")
Signed-off-by: Jozsef Kadlecsik <redacted>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/ipset/ip_set_core.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index 3706b4a85a0f..a531b654b8d9 100644
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c

@@ -351,8 +351,8 @@ ip_set_init_comment(struct ip_set *set, struct ip_set_comment *comment,
 
 	if (unlikely(c)) {
 		set->ext_size -= sizeof(*c) + strlen(c->str) + 1;
-		kfree_rcu(c, rcu);
 		rcu_assign_pointer(comment->c, NULL);
+		kfree_rcu(c, rcu);
 	}
 	if (!len)
 		return;

@@ -393,8 +393,8 @@ ip_set_comment_free(struct ip_set *set, void *ptr)
 	if (unlikely(!c))
 		return;
 	set->ext_size -= sizeof(*c) + strlen(c->str) + 1;
-	kfree_rcu(c, rcu);
 	rcu_assign_pointer(comment->c, NULL);
+	kfree_rcu(c, rcu);
 }
 
 typedef void (*destroyer)(struct ip_set *, void *);

-- 
2.47.3

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help