mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/netfilter
History
Pablo Neira Ayuso e75faf01e2 netfilter: nf_tables: discard table flag update with pending basechain deletion 
commit 1bc83a019b upstream.

Hook unregistration is deferred to the commit phase, same occurs with
hook updates triggered by the table dormant flag. When both commands are
combined, this results in deleting a basechain while leaving its hook
still registered in the core.

Fixes: 179d9ba555 ("netfilter: nf_tables: fix table flag updates")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2024-06-16 13:23:44 +02:00
..
ipset netfilter: ipset: fix race condition between swap/destroy and kernel side add/del/test 2023-12-13 17:42:15 +01:00
ipvs ipvs: Fix checksumming on GSO of SCTP packets 2024-05-02 16:17:12 +02:00
Kconfig netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y 2022-09-05 10:26:34 +02:00
Makefile netfilter: nf_tables: add tunnel support 2018-08-03 21:12:12 +02:00
core.c Remove DECnet support from kernel 2023-06-21 15:39:57 +02:00
nf_conncount.c netfilter: nf_conncount: fix argument order to find_next_bit 2019-01-22 21:40:29 +01:00
nf_conntrack_acct.c
nf_conntrack_amanda.c
nf_conntrack_broadcast.c
nf_conntrack_core.c netfilter: conntrack: collect all entries in one cycle 2021-09-03 09:58:00 +02:00
nf_conntrack_ecache.c
nf_conntrack_expect.c netfilter: use kvmalloc_array to allocate memory for hashtable 2018-08-03 18:37:55 +02:00
nf_conntrack_extend.c
nf_conntrack_ftp.c treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: Add protection for bmp length out of range 2024-03-15 10:48:14 -04:00
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: conntrack: Avoid nf_ct_helper_hash uses after free 2023-08-11 11:45:17 +02:00
nf_conntrack_irc.c netfilter: nf_conntrack_irc: Tighten matching on DCC message 2022-09-28 11:02:55 +02:00
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nf_conntrack_pptp.c netfilter: nf_conntrack_pptp: fix compilation warning with W=1 build 2020-06-03 08:19:49 +02:00
nf_conntrack_proto.c netfilter: fix nf_l4proto_log_invalid to log invalid packets 2019-05-16 19:41:24 +02:00
nf_conntrack_proto_dccp.c netfilter: conntrack: dccp, sctp: handle null timeout argument 2020-01-14 20:07:08 +01:00
nf_conntrack_proto_generic.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_gre.c netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too 2019-04-17 08:38:46 +02:00
nf_conntrack_proto_icmp.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_icmpv6.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_proto_sctp.c netfilter: set default timeout to 3 secs for sctp shutdown send and recv state 2023-08-30 16:31:50 +02:00
nf_conntrack_proto_tcp.c netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state 2023-02-06 07:49:40 +01:00
nf_conntrack_proto_udp.c netfilter: conntrack: timeout interface depend on CONFIG_NF_CONNTRACK_TIMEOUT 2018-09-11 01:30:25 +02:00
nf_conntrack_sane.c
nf_conntrack_seqadj.c netfilter: seqadj: re-load tcp header pointer after possible head reallocation 2019-01-13 09:50:57 +01:00
nf_conntrack_sip.c netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. 2023-08-11 11:45:07 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: conntrack: Make global sysctls readonly in non-init netns 2021-05-22 10:59:47 +02:00
nf_conntrack_tftp.c
nf_conntrack_timeout.c netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object 2018-08-07 17:14:15 +02:00
nf_conntrack_timestamp.c
nf_dup_netdev.c netfilter: nf_fwd_netdev: clear timestamp in forwarding path 2020-10-30 10:38:24 +01:00
nf_flow_table_core.c netfilter: flowtable: fix tcp and udp header checksum update 2021-02-23 15:00:57 +01:00
nf_flow_table_inet.c
nf_flow_table_ip.c netfilter: flowtable: reload ip{v6}h in nf_flow_tuple_ip{v6} 2020-04-02 15:28:19 +02:00
nf_internals.h
nf_log.c netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger 2024-02-23 08:12:52 +01:00
nf_log_common.c netfilter: nf_log: missing vlan offload tag and proto 2020-10-29 09:55:15 +01:00
nf_log_netdev.c
nf_nat_amanda.c
nf_nat_core.c netfilter: nf_nat: Fix memleak in nf_nat_init 2021-01-19 18:22:38 +01:00
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_proto_common.c netfilter: nat: limit port clash resolution attempts 2022-02-08 18:23:11 +01:00
nf_nat_proto_dccp.c netfilter: nat: remove l4 protocol port rovers 2022-02-08 18:23:11 +01:00
nf_nat_proto_sctp.c netfilter: nat: remove l4 protocol port rovers 2022-02-08 18:23:11 +01:00
nf_nat_proto_tcp.c netfilter: nat: remove l4 protocol port rovers 2022-02-08 18:23:11 +01:00
nf_nat_proto_udp.c netfilter: nat: remove l4 protocol port rovers 2022-02-08 18:23:11 +01:00
nf_nat_proto_unknown.c
nf_nat_redirect.c
nf_nat_sip.c netfilter: nf_nat_sip: fix RTP/RTCP source port translations 2019-12-05 09:20:31 +01:00
nf_nat_tftp.c
nf_queue.c netfilter: nf_queue: fix socket leak 2023-08-30 16:31:56 +02:00
nf_sockopt.c
nf_synproxy_core.c netfilter: synproxy: Fix out of bounds when parsing TCP options 2021-06-30 08:48:17 -04:00
nf_tables_api.c netfilter: nf_tables: discard table flag update with pending basechain deletion 2024-06-16 13:23:44 +02:00
nf_tables_core.c netfilter: nf_tables: initialize registers in nft_do_chain() 2022-03-28 08:41:44 +02:00
nf_tables_set_core.c netfilter: nf_tables: place all set backends in one single module 2018-07-06 19:31:53 +02:00
nf_tables_trace.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nfnetlink.c netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM 2023-06-21 15:39:58 +02:00
nfnetlink_acct.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nfnetlink_cthelper.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nfnetlink_cttimeout.c netfilter: add helper function to set up the nfnetlink header and use it 2023-08-11 11:45:16 +02:00
nfnetlink_log.c netfilter: nfnetlink_log: silence bogus compiler warning 2023-11-08 11:22:20 +01:00
nfnetlink_osf.c netfilter: nfnetlink_osf: avoid OOB read 2023-09-23 10:48:14 +02:00
nfnetlink_queue.c netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() 2024-06-16 13:23:36 +02:00
nft_bitwise.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_byteorder.c netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2024-02-23 08:12:58 +01:00
nft_chain_filter.c netfilter: nf_tables: double hook unregistration in netns path 2024-06-16 13:23:42 +02:00
nft_cmp.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_compat.c netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() 2024-06-16 13:23:43 +02:00
nft_connlimit.c netfilter: nft_connlimit: disable bh on garbage collection 2019-10-29 09:19:34 +01:00
nft_counter.c
nft_ct.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_dup_netdev.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_dynset.c netfilter: nft_dynset: relax superfluous check on set updates 2024-06-16 13:23:43 +02:00
nft_exthdr.c netfilter: nftables: exthdr: fix 4-byte stack OOB write 2024-06-16 13:23:43 +02:00
nft_fib.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_fib_inet.c
nft_fib_netdev.c
nft_flow_offload.c netfilter: nf_tables: validate NFPROTO_* family 2024-06-16 13:23:43 +02:00
nft_fwd_netdev.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_hash.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_immediate.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_limit.c netfilter: nft_limit: avoid possible divide error in nft_limit_init 2021-04-28 13:16:50 +02:00
nft_log.c
nft_lookup.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_masq.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_meta.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_nat.c netfilter: nf_tables: validate NFPROTO_* family 2024-06-16 13:23:43 +02:00
nft_numgen.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_objref.c netfilter: nf_tables: report use refcount overflow 2023-08-16 18:13:01 +02:00
nft_osf.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
nft_payload.c netfilter: nft_payload: fix wrong mac header matching 2023-10-25 11:16:43 +02:00
nft_queue.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_quota.c
nft_range.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_redir.c netfilter: nftables: add nft_parse_register_load() and use it 2023-05-30 12:42:12 +01:00
nft_reject.c netfilter: nf_tables: avoid BUG_ON usage 2019-11-20 18:46:50 +01:00
nft_reject_inet.c
nft_rt.c netfilter: nf_tables: validate NFPROTO_* family 2024-06-16 13:23:43 +02:00
nft_set_bitmap.c netfilter: nf_tables: drop map element references from preparation phase 2024-06-16 13:23:40 +02:00
nft_set_hash.c netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration 2024-06-16 13:23:41 +02:00
nft_set_rbtree.c netfilter: nft_set_rbtree: skip end interval element from gc 2024-06-16 13:23:43 +02:00
nft_socket.c netfilter: nf_tables: validate NFPROTO_* family 2024-06-16 13:23:43 +02:00
nft_tproxy.c netfilter: nf_tables: validate NFPROTO_* family 2024-06-16 13:23:43 +02:00
nft_tunnel.c netfilter: nftables: add nft_parse_register_store() and use it 2023-05-30 12:42:12 +01:00
utils.c netfilter: utils: move nf_ip6_checksum* from ipv6 to utils 2018-07-16 17:51:48 +02:00
x_tables.c netfilter: x_tables: fix compat match/target pad out-of-bound write 2021-04-16 11:49:31 +02:00
xt_AUDIT.c
xt_CHECKSUM.c netfilter: xt_checksum: ignore gso skbs 2018-08-24 09:58:16 +02:00
xt_CLASSIFY.c
xt_CONNSECMARK.c
xt_CT.c netfilter: cttimeout: decouple timeout policy from nfnetlink_cttimeout object 2018-08-07 17:14:15 +02:00
xt_DSCP.c
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c netfilter: xt_IDLETIMER: add sysfs filename checking routine 2018-11-27 16:13:03 +01:00
xt_LED.c
xt_LOG.c
xt_NETMAP.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_RATEEST.c netfilter: xt_RATEEST: reject non-null terminated string from userspace 2021-01-12 20:10:24 +01:00
xt_REDIRECT.c
xt_SECMARK.c netfilter: xt_SECMARK: add new revision to fix structure layout 2021-05-22 10:59:43 +02:00
xt_TCPMSS.c
xt_TCPOPTSTRIP.c
xt_TEE.c netfilter: xt_TEE: add missing code to get interface index in checkentry. 2019-03-13 14:02:40 -07:00
xt_TPROXY.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2018-07-20 22:28:28 -07:00
xt_TRACE.c
xt_addrtype.c
xt_bpf.c
xt_cgroup.c netfilter: xt_cgroup: shrink size of v2 path 2019-04-20 09:16:00 +02:00
xt_cluster.c netfilter: xt_cluster: add dependency on conntrack module 2018-08-23 20:26:53 +02:00
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c netfilter: use PTR_ERR_OR_ZERO() 2018-07-30 14:07:09 +02:00
xt_connmark.c
xt_conntrack.c
xt_cpu.c
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c netfilter: xt_hashlimit: limit the max size of hashtable 2020-02-28 16:39:00 +01:00
xt_helper.c
xt_hl.c
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_length.c
xt_limit.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c netfilter: xt_nat: fix DNAT target for shifted portmap ranges 2018-11-13 11:08:20 -08:00
xt_nfacct.c netfilter: xt_nfacct: Fix alignment mismatch in xt_nfacct_match_info 2019-09-21 07:16:55 +02:00
xt_osf.c netfilter: nfnetlink_osf: fix module autoload 2023-06-28 10:15:30 +02:00
xt_owner.c netfilter: xt_owner: Fix for unsafe access of sk->sk_socket 2023-12-13 17:42:17 +01:00
xt_physdev.c netfilter: xt_physdev: Fix spurious error message in physdev_mt_check 2019-09-21 07:17:01 +02:00
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_realm.c
xt_recent.c netfilter: xt_recent: fix (increase) ipv6 literal buffer length 2023-11-20 10:29:21 +01:00
xt_repldata.h
xt_sctp.c netfilter: xt_sctp: validate the flag_info count 2023-09-23 10:48:09 +02:00
xt_set.c
xt_socket.c netfilter: xt_socket: check sk before checking for netns. 2018-09-28 14:47:41 +02:00
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
xt_time.c
xt_u32.c netfilter: xt_u32: validate user space input 2023-09-23 10:48:09 +02:00