Patch "netfilter: nf_tables: drop module reference after updating chain" has been added to the 6.3-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    netfilter: nf_tables: drop module reference after updating chain

to the 6.3-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     netfilter-nf_tables-drop-module-reference-after-updating-chain.patch
and it can be found in the queue-6.3 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 043d2acf57227db1fdaaa620b2a420acfaa56d6e Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Wed, 14 Jun 2023 23:20:18 +0200
Subject: netfilter: nf_tables: drop module reference after updating chain

From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>

commit 043d2acf57227db1fdaaa620b2a420acfaa56d6e upstream.

Otherwise the module reference counter is leaked.

Fixes b9703ed44ffb ("netfilter: nf_tables: support for adding new devices to an existing netdev chain")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/netfilter/nf_tables_api.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2664,6 +2664,8 @@ static int nf_tables_updchain(struct nft
 	nft_trans_basechain(trans) = basechain;
 	INIT_LIST_HEAD(&nft_trans_chain_hooks(trans));
 	list_splice(&hook.list, &nft_trans_chain_hooks(trans));
+	if (nla[NFTA_CHAIN_HOOK])
+		module_put(hook.type->owner);
 
 	nft_trans_commit_list_add_tail(ctx->net, trans);
 


Patches currently in stable-queue which might be from pablo@xxxxxxxxxxxxx are

queue-6.3/netfilter-nf_tables-reject-unbound-chain-set-before-.patch
queue-6.3/ipvs-align-inner_mac_header-for-encapsulation.patch
queue-6.3/netfilter-nf_tables-drop-module-reference-after-updating-chain.patch
queue-6.3/netfilter-nf_tables-disallow-element-updates-of-boun.patch
queue-6.3/netfilter-nfnetlink_osf-fix-module-autoload.patch
queue-6.3/netfilter-nf_tables-disallow-updates-of-anonymous-se.patch
queue-6.3/netfilter-nf_tables-add-nft_trans_prepare_error-to-d.patch
queue-6.3/netfilter-nf_tables-drop-map-element-references-from.patch
queue-6.3/netfilter-nft_set_pipapo-.walk-does-not-deal-with-ge.patch
queue-6.3/netfilter-nf_tables-fix-chain-binding-transaction-lo.patch
queue-6.3/netfilter-nf_tables-reject-unbound-anonymous-set-bef.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux