This is a note to let you know that I've just added the patch titled
netfilter: nft_limit: fix stateful object memory leak
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
netfilter-nft_limit-fix-stateful-object-memory-leak.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 1a58f84ea5df7f026bf92a0009f931bf547fe965 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@xxxxxxxxx>
Date: Fri, 18 Feb 2022 13:17:05 +0100
Subject: netfilter: nft_limit: fix stateful object memory leak
From: Florian Westphal <fw@xxxxxxxxx>
commit 1a58f84ea5df7f026bf92a0009f931bf547fe965 upstream.
We need to provide a destroy callback to release the extra fields.
Fixes: 3b9e2ea6c11b ("netfilter: nft_limit: move stateful fields out of expression data")
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/netfilter/nft_limit.c | 18 ++++++++++++++++++
1 file changed, 18 insertions(+)
--- a/net/netfilter/nft_limit.c
+++ b/net/netfilter/nft_limit.c
@@ -345,11 +345,20 @@ static int nft_limit_obj_pkts_dump(struc
return nft_limit_dump(skb, &priv->limit, NFT_LIMIT_PKTS);
}
+static void nft_limit_obj_pkts_destroy(const struct nft_ctx *ctx,
+ struct nft_object *obj)
+{
+ struct nft_limit_priv_pkts *priv = nft_obj_data(obj);
+
+ nft_limit_destroy(ctx, &priv->limit);
+}
+
static struct nft_object_type nft_limit_obj_type;
static const struct nft_object_ops nft_limit_obj_pkts_ops = {
.type = &nft_limit_obj_type,
.size = NFT_EXPR_SIZE(sizeof(struct nft_limit_priv_pkts)),
.init = nft_limit_obj_pkts_init,
+ .destroy = nft_limit_obj_pkts_destroy,
.eval = nft_limit_obj_pkts_eval,
.dump = nft_limit_obj_pkts_dump,
};
@@ -383,11 +392,20 @@ static int nft_limit_obj_bytes_dump(stru
return nft_limit_dump(skb, priv, NFT_LIMIT_PKT_BYTES);
}
+static void nft_limit_obj_bytes_destroy(const struct nft_ctx *ctx,
+ struct nft_object *obj)
+{
+ struct nft_limit_priv *priv = nft_obj_data(obj);
+
+ nft_limit_destroy(ctx, priv);
+}
+
static struct nft_object_type nft_limit_obj_type;
static const struct nft_object_ops nft_limit_obj_bytes_ops = {
.type = &nft_limit_obj_type,
.size = sizeof(struct nft_limit_priv),
.init = nft_limit_obj_bytes_init,
+ .destroy = nft_limit_obj_bytes_destroy,
.eval = nft_limit_obj_bytes_eval,
.dump = nft_limit_obj_bytes_dump,
};
Patches currently in stable-queue which might be from fw@xxxxxxxxx are
queue-5.15/mptcp-use-option_mptcp_mpj_syn-in-subflow_check_req.patch
queue-5.15/mptcp-strict-validation-before-using-mp_opt-hmac.patch
queue-5.15/mptcp-mptcp_parse_option-fix-for-mptcpopt_mp_join.patch
queue-5.15/netfilter-nft_limit-fix-stateful-object-memory-leak.patch
queue-5.15/netfilter-nf_tables-mark-newset-as-dead-on-transacti.patch
queue-5.15/mptcp-use-option_mptcp_mpj_synack-in-subflow_finish_.patch
