netfilter: ipset: Missing nfnl_lock()/nfnl_unlock() is added to ip_set_net_exit()

Patch "netfilter: ipset: use nfnl_mutex_is_locked" is added the real
mutex locking check, which revealed the missing locking in ip_set_net_exit().

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Reported-by: syzbot+36b06f219f2439fe62e1@syzkaller.appspotmail.com
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/ipset/ip_set_core.c b/net/netfilter/ipset/ip_set_core.c
index e002990..728bf31 100644 (file)
--- a/net/netfilter/ipset/ip_set_core.c
+++ b/net/netfilter/ipset/ip_set_core.c
@@ -2078,6 +2078,7 @@ ip_set_net_exit(struct net *net)
 
        inst->is_deleted = true; /* flag for ip_set_nfnl_put */
 
+       nfnl_lock(NFNL_SUBSYS_IPSET);
        for (i = 0; i < inst->ip_set_max; i++) {
                set = ip_set(inst, i);
                if (set) {
@@ -2085,6 +2086,7 @@ ip_set_net_exit(struct net *net)
                        ip_set_destroy_set(set);
                }
        }
+       nfnl_unlock(NFNL_SUBSYS_IPSET);
        kfree(rcu_dereference_protected(inst->ip_set_list, 1));
 }