Patch "netfilter: nf_tables: unbind non-anonymous set if rule construction fails" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    netfilter: nf_tables: unbind non-anonymous set if rule construction fails

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     netfilter-nf_tables-unbind-non-anonymous-set-if-rule-construction-fails.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 3e70489721b6c870252c9082c496703677240f53 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Mon, 26 Jun 2023 00:42:18 +0200
Subject: netfilter: nf_tables: unbind non-anonymous set if rule construction fails

From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>

commit 3e70489721b6c870252c9082c496703677240f53 upstream.

Otherwise a dangling reference to a rule object that is gone remains
in the set binding list.

Fixes: 26b5a5712eb8 ("netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/netfilter/nf_tables_api.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5042,6 +5042,8 @@ void nf_tables_deactivate_set(const stru
 		nft_set_trans_unbind(ctx, set);
 		if (nft_set_is_anonymous(set))
 			nft_deactivate_next(ctx->net, set);
+		else
+			list_del_rcu(&binding->list);
 
 		set->use--;
 		break;


Patches currently in stable-queue which might be from pablo@xxxxxxxxxxxxx are

queue-5.15/netfilter-nf_tables-drop-map-element-references-from-preparation-phase.patch
queue-5.15/netfilter-conntrack-dccp-copy-entire-header-to-stack.patch
queue-5.15/gtp-fix-use-after-free-in-__gtp_encap_destroy.patch
queue-5.15/lib-ts_bm-reset-initial-match-offset-for-every-block.patch
queue-5.15/netfilter-nf_conntrack_sip-fix-the-ct_sip_parse_nume.patch
queue-5.15/netfilter-nf_tables-unbind-non-anonymous-set-if-rule-construction-fails.patch
queue-5.15/ipvs-increase-ip_vs_conn_tab_bits-range-for-64bit.patch
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux