netfilter: nft_set_rbtree: check for inactive element after flag mismatch

This change “netfilter: nft_set_rbtree: check for inactive element after flag mismatch” (commit 05b7639) in Linux kernel is authored by Pablo Neira Ayuso <pablo [at] netfilter.org> on Tue Mar 12 12:10:59 2019 +0100.

Description of "netfilter: nft_set_rbtree: check for inactive element after flag mismatch"

The change “netfilter: nft_set_rbtree: check for inactive element after flag mismatch” introduces changes as follows.

netfilter: nft_set_rbtree: check for inactive element after flag mismatch

Otherwise, we hit bogus ENOENT when removing elements.

Fixes: e701001e7cbe ("netfilter: nft_rbtree: allow adjacent intervals with dynamic updates")
Reported-by: Václav Zindulka <vaclav.zindulka@tlapnet.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Linux kernel releases containing commit 05b7639

The Linux kernel releases containing this commit are as follows.

Linux kernel code changes from "netfilter: nft_set_rbtree: check for inactive element after flag mismatch"

There are 7 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 net/netfilter/nft_set_rbtree.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)
 
diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
index fa61208371f8..321a0036fdf5 100644
--- a/net/netfilter/nft_set_rbtree.c
+++ b/net/netfilter/nft_set_rbtree.c
@@ -308,10 +308,6 @@ static void *nft_rbtree_deactivate(const struct net *net,
 		else if (d > 0)
 			parent = parent->rb_right;
 		else {
-			if (!nft_set_elem_active(&rbe->ext, genmask)) {
-				parent = parent->rb_left;
-				continue;
-			}
 			if (nft_rbtree_interval_end(rbe) &&
 			    !nft_rbtree_interval_end(this)) {
 				parent = parent->rb_left;
@@ -320,6 +316,9 @@ static void *nft_rbtree_deactivate(const struct net *net,
 				   nft_rbtree_interval_end(this)) {
 				parent = parent->rb_right;
 				continue;
+			} else if (!nft_set_elem_active(&rbe->ext, genmask)) {
+				parent = parent->rb_left;
+				continue;
 			}
 			nft_rbtree_flush(net, set, rbe);
 			return rbe;

The commit for this change in Linux stable tree is 05b7639 (patch).

Last modified: 2020/02/09