Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 54fa5832c0e34b734d90576ca48cc01e52942d82^! / . / net / netfilter / nft_set_rbtree.c
commit54fa5832c0e34b734d90576ca48cc01e52942d82[log] [tgz]
authorPablo Neira Ayuso <pablo@netfilter.org>Tue Mar 12 12:10:59 2019 +0100
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Sat May 04 08:49:06 2019 +0200
tree3f15aa3b8b03af68c7d45b26dc7f87e4a22eec56
parentaba0a087a00096c3831b6524852a972df5f5f3d9 [diff] [blame]
netfilter: nft_set_rbtree: check for inactive element after flag mismatch

[ Upstream commit 05b7639da55f5555b9866a1f4b7e8995232a6323 ]

Otherwise, we hit bogus ENOENT when removing elements.

Fixes: e701001e7cbe ("netfilter: nft_rbtree: allow adjacent intervals with dynamic updates")
Reported-by: Václav Zindulka <vaclav.zindulka@tlapnet.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin (Microsoft) <sashal@kernel.org>

diff --git a/net/netfilter/nft_set_rbtree.c b/net/netfilter/nft_set_rbtree.c
index 93820e0..4ee8acd 100644
--- a/net/netfilter/nft_set_rbtree.c
+++ b/net/netfilter/nft_set_rbtree.c

@@ -191,10 +191,6 @@
 		else if (d > 0)
 			parent = parent->rb_right;
 		else {
-			if (!nft_set_elem_active(&rbe->ext, genmask)) {
-				parent = parent->rb_left;
-				continue;
-			}
 			if (nft_rbtree_interval_end(rbe) &&
 			    !nft_rbtree_interval_end(this)) {
 				parent = parent->rb_left;
@@ -203,6 +199,9 @@
 				   nft_rbtree_interval_end(this)) {
 				parent = parent->rb_right;
 				continue;
+			} else if (!nft_set_elem_active(&rbe->ext, genmask)) {
+				parent = parent->rb_left;
+				continue;
 			}
 			nft_set_elem_change_active(net, set, &rbe->ext);
 			return rbe;