This is a note to let you know that I've just added the patch titled
netfilter: nf_tables: disable toggling dormant table state more than once
to the 5.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
netfilter-nf_tables-disable-toggling-dormant-table-state-more-than-once.patch
and it can be found in the queue-5.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From stable-owner@xxxxxxxxxxxxxxx Tue Nov 21 12:14:05 2023
From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Tue, 21 Nov 2023 13:13:32 +0100
Subject: netfilter: nf_tables: disable toggling dormant table state more than once
To: netfilter-devel@xxxxxxxxxxxxxxx
Cc: gregkh@xxxxxxxxxxxxxxxxxxx, sashal@xxxxxxxxxx, stable@xxxxxxxxxxxxxxx
Message-ID: <20231121121333.294238-26-pablo@xxxxxxxxxxxxx>
From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
commit c9bd26513b3a11b3adb3c2ed8a31a01a87173ff1 upstream.
nft -f -<<EOF
add table ip t
add table ip t { flags dormant; }
add chain ip t c { type filter hook input priority 0; }
add table ip t
EOF
Triggers a splat from nf core on next table delete because we lose
track of right hook register state:
WARNING: CPU: 2 PID: 1597 at net/netfilter/core.c:501 __nf_unregister_net_hook
RIP: 0010:__nf_unregister_net_hook+0x41b/0x570
nf_unregister_net_hook+0xb4/0xf0
__nf_tables_unregister_hook+0x160/0x1d0
[..]
The above should have table in *active* state, but in fact no
hooks were registered.
Reject on/off/on games rather than attempting to fix this.
Fixes: 179d9ba5559a ("netfilter: nf_tables: fix table flag updates")
Reported-by: "Lee, Cherie-Anne" <cherie.lee@xxxxxxxxxxx>
Cc: Bing-Jhong Billy Jheng <billy@xxxxxxxxxxx>
Cc: info@xxxxxxxxxxx
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/netfilter/nf_tables_api.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1099,6 +1099,10 @@ static int nf_tables_updtable(struct nft
if (flags == ctx->table->flags)
return 0;
+ /* No dormant off/on/off/on games in single transaction */
+ if (ctx->table->flags & __NFT_TABLE_F_UPDATE)
+ return -EINVAL;
+
trans = nft_trans_alloc(ctx, NFT_MSG_NEWTABLE,
sizeof(struct nft_trans_table));
if (trans == NULL)
Patches currently in stable-queue which might be from stable-owner@xxxxxxxxxxxxxxx are
queue-5.10/netfilter-nf_tables-disable-toggling-dormant-table-state-more-than-once.patch
queue-5.10/netfilter-nftables-update-table-flags-from-the-commit-phase.patch
queue-5.10/netfilter-nf_tables-fix-table-flag-updates.patch
