linux/net/netfilter/ipset
Nikolay Borisov 00db674bed netfilter: ipset: Fix sleeping memory allocation in atomic context
Commit 00590fdd5b introduced RCU locking in list type and in
doing so introduced a memory allocation in list_set_add, which
is done in an atomic context, due to the fact that ipset rcu
list modifications are serialised with a spin lock. The reason
why we can't use a mutex is that in addition to modifying the
list with ipset commands, it's also being modified when a
particular ipset rule timeout expires aka garbage collection.
This gc is triggered from set_cleanup_entries, which in turn
is invoked from a timer thus requiring the lock to be bh-safe.

Concretely the following call chain can lead to "sleeping function
called in atomic context" splat:
call_ad -> list_set_uadt -> list_set_uadd -> kzalloc(, GFP_KERNEL).
And since GFP_KERNEL allows initiating direct reclaim thus
potentially sleeping in the allocation path.

To fix the issue change the allocation type to GFP_ATOMIC, to
correctly reflect that it is occuring in an atomic context.

Fixes: 00590fdd5b ("netfilter: ipset: Introduce RCU locking in list type")
Signed-off-by: Nikolay Borisov <kernel@kyup.com>
Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2015-10-17 13:01:24 +02:00
..
Kconfig netfilter: ipset: hash:mac type added to ipset 2014-09-15 22:20:21 +02:00
Makefile netfilter: ipset: hash:mac type added to ipset 2014-09-15 22:20:21 +02:00
ip_set_bitmap_gen.h netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_bitmap_ip.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_bitmap_ipmac.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_bitmap_port.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_core.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_getport.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_gen.h netfilter: ipset: Out of bound access in hash:net* types fixed 2015-08-28 18:51:30 +02:00
ip_set_hash_ip.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_ipmark.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_ipport.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_ipportip.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_ipportnet.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_mac.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_net.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_netiface.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_netnet.c netfilter: ipset: Fixing unnamed union init 2015-08-29 01:02:28 +02:00
ip_set_hash_netport.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00
ip_set_hash_netportnet.c netfilter: ipset: Fixing unnamed union init 2015-08-29 01:02:28 +02:00
ip_set_list_set.c netfilter: ipset: Fix sleeping memory allocation in atomic context 2015-10-17 13:01:24 +02:00
pfxlen.c netfilter: ipset: Fix coding styles reported by checkpatch.pl 2015-06-14 10:40:18 +02:00