This is a note to let you know that I've just added the patch titled
netfilter: nf_tables: __nft_expr_type_get() selects specific family type
to the 4.19-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
netfilter-nf_tables-__nft_expr_type_get-selects-spec.patch
and it can be found in the queue-4.19 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit f65bed74378019b4bae50803821a36668fff99f2
Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Fri Jul 5 22:59:05 2019 +0200
netfilter: nf_tables: __nft_expr_type_get() selects specific family type
[ Upstream commit 9cff126f73a7025bcb0883189b2bed90010a57d4 ]
In case that there are two types, prefer the family specify extension.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Stable-dep-of: f969eb84ce48 ("netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()")
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index dc40222a9e66b..79d0545badcab 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -2081,14 +2081,17 @@ EXPORT_SYMBOL_GPL(nft_unregister_expr);
static const struct nft_expr_type *__nft_expr_type_get(u8 family,
struct nlattr *nla)
{
- const struct nft_expr_type *type;
+ const struct nft_expr_type *type, *candidate = NULL;
list_for_each_entry(type, &nf_tables_expressions, list) {
- if (!nla_strcmp(nla, type->name) &&
- (!type->family || type->family == family))
- return type;
+ if (!nla_strcmp(nla, type->name)) {
+ if (!type->family && !candidate)
+ candidate = type;
+ else if (type->family == family)
+ candidate = type;
+ }
}
- return NULL;
+ return candidate;
}
static const struct nft_expr_type *nft_expr_type_get(struct net *net,
