CVE-2024-26910

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> netfilter: ipset: fix performance regression in swap operation<br /> <br /> The patch "netfilter: ipset: fix race condition between swap/destroy<br /> and kernel side add/del/test", commit 28628fa9 fixes a race condition.<br /> But the synchronize_rcu() added to the swap function unnecessarily slows<br /> it down: it can safely be moved to destroy and use call_rcu() instead.<br /> <br /> Eric Dumazet pointed out that simply calling the destroy functions as<br /> rcu callback does not work: sets with timeout use garbage collectors<br /> which need cancelling at destroy which can wait. Therefore the destroy<br /> functions are split into two: cancelling garbage collectors safely at<br /> executing the command received by netlink and moving the remaining<br /> part only into the rcu callback.