[RHEL7,COMMIT] ms/netfilter: nft_rbtree: ignore inactive matching element with no descendants

Submitted by Konstantin Khorenko on Feb. 27, 2020, 9:31 a.m.

Details

Message ID 202002270931.01R9V3eL024642@finist-ce7.sw.ru
State New
Headers show

Patch hide | download patch | download mbox

diff --git a/net/netfilter/nft_rbtree.c b/net/netfilter/nft_rbtree.c
index b7169fa6e9d63..068731fbbad4e 100644
--- a/net/netfilter/nft_rbtree.c
+++ b/net/netfilter/nft_rbtree.c
@@ -56,7 +56,6 @@  static bool nft_rbtree_lookup(const struct nft_set *set, const u32 *key,
 		} else if (d > 0)
 			parent = parent->rb_right;
 		else {
-found:
 			if (!nft_set_elem_active(&rbe->ext, genmask)) {
 				parent = parent->rb_left;
 				continue;
@@ -70,9 +69,12 @@  static bool nft_rbtree_lookup(const struct nft_set *set, const u32 *key,
 		}
 	}
 
-	if (set->flags & NFT_SET_INTERVAL && interval != NULL) {
-		rbe = interval;
-		goto found;
+	if (set->flags & NFT_SET_INTERVAL && interval != NULL &&
+	    nft_set_elem_active(&interval->ext, genmask) &&
+	    !nft_rbtree_interval_end(interval)) {
+		spin_unlock_bh(&nft_rbtree_lock);
+		*ext = &interval->ext;
+		return true;
 	}
 out:
 	spin_unlock_bh(&nft_rbtree_lock);