releases/4.14.116/netfilter-nft_set_rbtree-check-for-inactive-element-.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 993b7bee8b5db671e1f5b0814a5819853f5afc94 Mon Sep 17 00:00:00 2001
 From: Pablo Neira Ayuso <pablo@netfilter.org>
 Date: Tue, 12 Mar 2019 12:10:59 +0100
 Subject: netfilter: nft_set_rbtree: check for inactive element after flag
  mismatch
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit

 [ Upstream commit 05b7639da55f5555b9866a1f4b7e8995232a6323 ]

 Otherwise, we hit bogus ENOENT when removing elements.

 Fixes: e701001e7cbe ("netfilter: nft_rbtree: allow adjacent intervals with dynamic updates")
 Reported-by: Václav Zindulka <vaclav.zindulka@tlapnet.cz>
 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
 Signed-off-by: Sasha Levin (Microsoft) <sashal@kernel.org>
 ---
  net/netfilter/nft_set_rbtree.c | 7 +++----
  1 file changed, 3 insertions(+), 4 deletions(-)

 diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
 index d83a4ec5900d..6f3205de887f 100644
 --- a/net/netfilter/nft_set_rbtree.c
 +++ b/net/netfilter/nft_set_rbtree.c
 @@ -224,10 +224,6 @@ static void *nft_rbtree_deactivate(const struct net *net,
  		else if (d > 0)
  			parent = parent->rb_right;
  		else {
 -			if (!nft_set_elem_active(&rbe->ext, genmask)) {
 -				parent = parent->rb_left;
 -				continue;
 -			}
  			if (nft_rbtree_interval_end(rbe) &&
  			    !nft_rbtree_interval_end(this)) {
  				parent = parent->rb_left;
 @@ -236,6 +232,9 @@ static void *nft_rbtree_deactivate(const struct net *net,
  				   nft_rbtree_interval_end(this)) {
  				parent = parent->rb_right;
  				continue;
 +			} else if (!nft_set_elem_active(&rbe->ext, genmask)) {
 +				parent = parent->rb_left;
 +				continue;
  			}
  			nft_rbtree_flush(net, set, rbe);
  			return rbe;
 --
 2.19.1
	From 993b7bee8b5db671e1f5b0814a5819853f5afc94 Mon Sep 17 00:00:00 2001
	From: Pablo Neira Ayuso <pablo@netfilter.org>
	Date: Tue, 12 Mar 2019 12:10:59 +0100
	Subject: netfilter: nft_set_rbtree: check for inactive element after flag
	mismatch
	MIME-Version: 1.0
	Content-Type: text/plain; charset=UTF-8
	Content-Transfer-Encoding: 8bit

	[ Upstream commit 05b7639da55f5555b9866a1f4b7e8995232a6323 ]

	Otherwise, we hit bogus ENOENT when removing elements.

	Fixes: e701001e7cbe ("netfilter: nft_rbtree: allow adjacent intervals with dynamic updates")
	Reported-by: Václav Zindulka <vaclav.zindulka@tlapnet.cz>
	Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
	Signed-off-by: Sasha Levin (Microsoft) <sashal@kernel.org>
	---
	net/netfilter/nft_set_rbtree.c \| 7 +++----
	1 file changed, 3 insertions(+), 4 deletions(-)

	diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
	index d83a4ec5900d..6f3205de887f 100644
	--- a/net/netfilter/nft_set_rbtree.c
	+++ b/net/netfilter/nft_set_rbtree.c
	@@ -224,10 +224,6 @@ static void nft_rbtree_deactivate(const struct net net,
	else if (d > 0)
	parent = parent->rb_right;
	else {
	- if (!nft_set_elem_active(&rbe->ext, genmask)) {
	- parent = parent->rb_left;
	- continue;
	- }
	if (nft_rbtree_interval_end(rbe) &&
	!nft_rbtree_interval_end(this)) {
	parent = parent->rb_left;
	@@ -236,6 +232,9 @@ static void nft_rbtree_deactivate(const struct net net,
	nft_rbtree_interval_end(this)) {
	parent = parent->rb_right;
	continue;
	+ } else if (!nft_set_elem_active(&rbe->ext, genmask)) {
	+ parent = parent->rb_left;
	+ continue;
	}
	nft_rbtree_flush(net, set, rbe);
	return rbe;
	--
	2.19.1