Commit f99c5f56 authored by Paolo Abeni's avatar Paolo Abeni

Merge tag 'nf-24-03-21' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

The following patchset contains Netfilter fixes for net. There is a
larger batch of fixes still pending that will follow up asap, this is
what I deemed to be more urgent at this time:

1) Use clone view in pipapo set backend to release elements from destroy
   path, otherwise it is possible to destroy elements twice.

2) Incorrect check for internal table flags lead to bogus transaction
   objects.

3) Fix counters memleak in netdev basechain update error path,
   from Quan Tian.

netfilter pull request 24-03-21

* tag 'nf-24-03-21' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: nf_tables: Fix a memory leak in nf_tables_updchain
  netfilter: nf_tables: do not compare internal table flags on updates
  netfilter: nft_set_pipapo: release elements in clone only from destroy path
====================

Link: https://lore.kernel.org/r/20240321112117.36737-1-pablo@netfilter.orgSigned-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parents f411e250 7eaf837a
...@@ -1213,7 +1213,7 @@ static int nf_tables_updtable(struct nft_ctx *ctx) ...@@ -1213,7 +1213,7 @@ static int nf_tables_updtable(struct nft_ctx *ctx)
if (flags & ~NFT_TABLE_F_MASK) if (flags & ~NFT_TABLE_F_MASK)
return -EOPNOTSUPP; return -EOPNOTSUPP;
if (flags == ctx->table->flags) if (flags == (ctx->table->flags & NFT_TABLE_F_MASK))
return 0; return 0;
if ((nft_table_has_owner(ctx->table) && if ((nft_table_has_owner(ctx->table) &&
...@@ -2631,19 +2631,6 @@ static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy, ...@@ -2631,19 +2631,6 @@ static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy,
} }
} }
if (nla[NFTA_CHAIN_COUNTERS]) {
if (!nft_is_base_chain(chain)) {
err = -EOPNOTSUPP;
goto err_hooks;
}
stats = nft_stats_alloc(nla[NFTA_CHAIN_COUNTERS]);
if (IS_ERR(stats)) {
err = PTR_ERR(stats);
goto err_hooks;
}
}
if (!(table->flags & NFT_TABLE_F_DORMANT) && if (!(table->flags & NFT_TABLE_F_DORMANT) &&
nft_is_base_chain(chain) && nft_is_base_chain(chain) &&
!list_empty(&hook.list)) { !list_empty(&hook.list)) {
...@@ -2658,6 +2645,20 @@ static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy, ...@@ -2658,6 +2645,20 @@ static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy,
} }
unregister = true; unregister = true;
if (nla[NFTA_CHAIN_COUNTERS]) {
if (!nft_is_base_chain(chain)) {
err = -EOPNOTSUPP;
goto err_hooks;
}
stats = nft_stats_alloc(nla[NFTA_CHAIN_COUNTERS]);
if (IS_ERR(stats)) {
err = PTR_ERR(stats);
goto err_hooks;
}
}
err = -ENOMEM; err = -ENOMEM;
trans = nft_trans_alloc(ctx, NFT_MSG_NEWCHAIN, trans = nft_trans_alloc(ctx, NFT_MSG_NEWCHAIN,
sizeof(struct nft_trans_chain)); sizeof(struct nft_trans_chain));
......
...@@ -2329,8 +2329,6 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx, ...@@ -2329,8 +2329,6 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,
if (m) { if (m) {
rcu_barrier(); rcu_barrier();
nft_set_pipapo_match_destroy(ctx, set, m);
for_each_possible_cpu(cpu) for_each_possible_cpu(cpu)
pipapo_free_scratch(m, cpu); pipapo_free_scratch(m, cpu);
free_percpu(m->scratch); free_percpu(m->scratch);
...@@ -2342,8 +2340,7 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx, ...@@ -2342,8 +2340,7 @@ static void nft_pipapo_destroy(const struct nft_ctx *ctx,
if (priv->clone) { if (priv->clone) {
m = priv->clone; m = priv->clone;
if (priv->dirty) nft_set_pipapo_match_destroy(ctx, set, m);
nft_set_pipapo_match_destroy(ctx, set, m);
for_each_possible_cpu(cpu) for_each_possible_cpu(cpu)
pipapo_free_scratch(priv->clone, cpu); pipapo_free_scratch(priv->clone, cpu);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment