mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-28 13:22:57 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/netfilter
History
Pablo Neira Ayuso 7f609f6309 netfilter: nf_tables: discard table flag update with pending basechain deletion 
commit 1bc83a019b upstream.

Hook unregistration is deferred to the commit phase, same occurs with
hook updates triggered by the table dormant flag. When both commands are
combined, this results in deleting a basechain while leaving its hook
still registered in the core.

Fixes: 179d9ba555 ("netfilter: nf_tables: fix table flag updates")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-04-10 16:38:03 +02:00
..
ipset netfilter: ipset: Missing gc cancellations fixed 2024-02-08 12:09:23 +01:00
ipvs ipvs: avoid stat macros calls from preemptible context 2024-01-17 12:02:51 +01:00
core.c netfilter: make nftables drops visible in net dropmonitor 2023-10-18 10:26:43 +02:00
Kconfig bpf: add bpf_link support for BPF_NETFILTER programs 2023-04-21 11:34:14 -07:00
Makefile bpf: add bpf_link support for BPF_NETFILTER programs 2023-04-21 11:34:14 -07:00
nf_bpf_link.c Revert BPF token-related functionality 2023-12-19 08:23:03 -08:00
nf_conncount.c netfilter: nf_conncount: reduce unnecessary GC 2022-05-16 13:05:40 +02:00
nf_conntrack_acct.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_amanda.c
nf_conntrack_bpf.c bpf: Add __bpf_kfunc_{start,end}_defs macros 2023-11-01 22:33:53 -07:00
nf_conntrack_broadcast.c netfilter: add missing module descriptions 2023-11-08 13:52:32 +01:00
nf_conntrack_core.c netfilter: bridge: confirm multicast packets before passing them up the stack 2024-02-29 00:22:44 +01:00
nf_conntrack_ecache.c netfilter: ctnetlink: make event listener tracking global 2023-02-22 00:28:47 +01:00
nf_conntrack_expect.c netfilter: allow exp not to be removed in nf_ct_find_expectation 2023-07-20 10:06:36 +02:00
nf_conntrack_extend.c netfilter: conntrack: fix extension size table 2023-09-13 21:57:50 +02:00
nf_conntrack_ftp.c netfilter: nf_ct_ftp: fix deadlock when nat rewrite is needed 2022-09-20 23:50:03 +02:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: Add protection for bmp length out of range 2024-03-07 03:10:35 +01:00
nf_conntrack_h323_main.c netfilter: nf_ct_h323: cap packet size at 64k 2022-08-11 16:50:49 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: conntrack: simplify nf_conntrack_alter_reply 2023-10-10 16:34:28 +02:00
nf_conntrack_irc.c netfilter: nf_conntrack_irc: Tighten matching on DCC message 2022-09-07 15:55:23 +02:00
nf_conntrack_labels.c netfilter: conntrack: switch connlabels to atomic_t 2023-10-24 13:16:30 +02:00
nf_conntrack_netbios_ns.c netfilter: nf_conntrack_netbios_ns: fix helper module alias 2022-01-11 10:41:44 +01:00
nf_conntrack_netlink.c netfilter: ctnetlink: fix filtering for zone 0 2024-02-08 12:10:18 +01:00
nf_conntrack_ovs.c netfilter: use nf_ip6_check_hbh_len in nf_ct_skb_network_trim 2023-03-08 14:25:41 +01:00
nf_conntrack_pptp.c netfilter: nf_conntrack: add missing __rcu annotations 2022-07-11 16:25:15 +02:00
nf_conntrack_proto.c netfilter: add missing module descriptions 2023-11-08 13:52:32 +01:00
nf_conntrack_proto_dccp.c nf_conntrack: fix -Wunused-const-variable= 2023-07-27 13:45:51 +02:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c netfilter: conntrack: gre: don't set assured flag for clash entries 2023-07-05 14:42:15 +02:00
nf_conntrack_proto_icmp.c
nf_conntrack_proto_icmpv6.c netfilter: conntrack: set icmpv6 redirects as RELATED 2022-11-30 23:01:20 +01:00
nf_conntrack_proto_sctp.c netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new 2024-01-31 23:13:57 +01:00
nf_conntrack_proto_tcp.c netfilter: conntrack: correct window scaling with retransmitted SYN 2024-01-31 23:07:04 +01:00
nf_conntrack_proto_udp.c netfilter: conntrack: udp: fix seen-reply test 2023-02-01 12:18:51 +01:00
nf_conntrack_sane.c netfilter: nf_ct_sane: remove pseudo skb linearization 2022-08-11 16:50:25 +02:00
nf_conntrack_seqadj.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_sip.c netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. 2023-06-26 17:18:48 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: Update to register_net_sysctl_sz 2023-08-15 15:26:17 -07:00
nf_conntrack_tftp.c
nf_conntrack_timeout.c netfilter: nf_conntrack: use rcu accessors where needed 2022-07-11 16:25:15 +02:00
nf_conntrack_timestamp.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_dup_netdev.c netfilter: nf_dup_netdev: add and use recursion counter 2022-06-21 10:50:41 +02:00
nf_flow_table_core.c netfilter: nft_flow_offload: release dst in case direct xmit path is used 2024-02-22 00:14:54 +01:00
nf_flow_table_inet.c netfilter: flowtable: cache info of last offload 2023-02-03 09:31:24 +00:00
nf_flow_table_ip.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-06-15 22:19:41 -07:00
nf_flow_table_offload.c net: flow_dissector: Use 64bits for used_keys 2023-07-31 09:11:24 +01:00
nf_flow_table_procfs.c netfilter: nf_flow_table: count pending offload workqueue tasks 2022-07-11 16:25:14 +02:00
nf_hooks_lwtunnel.c
nf_internals.h
nf_log.c netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger 2024-01-31 23:14:13 +01:00
nf_log_syslog.c netfilter: propagate net to nf_bridge_get_physindev 2024-01-17 12:02:48 +01:00
nf_nat_amanda.c netfilter: nat: move repetitive nat port reserve loop to a helper 2022-09-07 16:46:04 +02:00
nf_nat_bpf.c bpf: Add __bpf_kfunc_{start,end}_defs macros 2023-11-01 22:33:53 -07:00
nf_nat_core.c netfilter: nat: restore default DNAT behavior 2024-02-15 00:20:00 +01:00
nf_nat_ftp.c netfilter: nat: move repetitive nat port reserve loop to a helper 2022-09-07 16:46:04 +02:00
nf_nat_helper.c treewide: use get_random_u32_below() instead of deprecated function 2022-11-18 02:15:15 +01:00
nf_nat_irc.c netfilter: nat: move repetitive nat port reserve loop to a helper 2022-09-07 16:46:04 +02:00
nf_nat_masquerade.c netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*() 2022-05-13 18:56:27 +02:00
nf_nat_ovs.c netfilter: nf_nat: fix action not being set for all ct states 2024-01-03 11:17:17 +01:00
nf_nat_proto.c ipsec-next-2023-10-28 2023-10-30 14:36:57 -07:00
nf_nat_redirect.c netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses 2023-11-08 16:40:30 +01:00
nf_nat_sip.c netfilter: nat: move repetitive nat port reserve loop to a helper 2022-09-07 16:46:04 +02:00
nf_nat_tftp.c
nf_queue.c netfilter: propagate net to nf_bridge_get_physindev 2024-01-17 12:02:48 +01:00
nf_sockopt.c
nf_synproxy_core.c tcp: Don't pass cookie to __cookie_v[46]_check(). 2023-11-29 20:16:19 -08:00
nf_tables_api.c netfilter: nf_tables: discard table flag update with pending basechain deletion 2024-04-10 16:38:03 +02:00
nf_tables_core.c netfilter: nf_tables: set transport offset from mac header for netdev/egress 2023-12-20 10:43:21 +01:00
nf_tables_offload.c net: flow_dissector: Use 64bits for used_keys 2023-07-31 09:11:24 +01:00
nf_tables_trace.c netfilter: nf_tables: mask out non-verdict bits when checking return value 2023-10-18 10:26:43 +02:00
nfnetlink.c netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM 2023-06-08 04:00:02 +02:00
nfnetlink_acct.c
nfnetlink_cthelper.c netfilter: nf_conntrack: use rcu accessors where needed 2022-07-11 16:25:15 +02:00
nfnetlink_cttimeout.c netfilter: cttimeout: fix slab-out-of-bounds read typo in cttimeout_net_exit 2022-06-17 23:31:20 +02:00
nfnetlink_hook.c netfilter: nfnetlink hook: dump bpf prog id 2023-04-21 11:34:14 -07:00
nfnetlink_log.c netfilter: nfnetlink_log: use proper helper for fetching physinif 2024-01-17 12:02:47 +01:00
nfnetlink_osf.c netfilter: add missing module descriptions 2023-11-08 13:52:32 +01:00
nfnetlink_queue.c netfilter: nfnetlink_queue: un-break NF_REPEAT 2024-02-08 12:10:19 +01:00
nft_bitwise.c netfilter pull request 23-06-26 2023-06-26 12:59:18 -07:00
nft_byteorder.c netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2023-11-14 16:16:21 +01:00
nft_chain_filter.c netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain 2024-01-24 19:50:21 +01:00
nft_chain_nat.c netfilter: add missing module descriptions 2023-11-08 13:52:32 +01:00
nft_chain_route.c
nft_cmp.c net: flow_dissector: Use 64bits for used_keys 2023-07-31 09:11:24 +01:00
nft_compat.c netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() 2024-02-28 23:52:55 +01:00
nft_connlimit.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_counter.c netfilter: nf_tables: Introduce NFT_MSG_GETRULE_RESET 2022-11-15 10:53:17 +01:00
nft_ct.c netfilter: nft_ct: fix l3num expectations with inet pseudo family 2024-03-07 00:12:34 +01:00
nft_ct_fast.c netfilter: nf_tables: fix ct untracked match breakage 2023-05-03 13:49:08 +02:00
nft_dup_netdev.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_dynset.c netfilter: nf_tables: bail out on mismatching dynset and set expressions 2023-12-06 17:15:43 +01:00
nft_exthdr.c netfilter: nf_tables: fix 'exist' matching on bigendian arches 2023-12-06 17:15:42 +01:00
nft_fib.c netfilter: nf_tables: fix 'exist' matching on bigendian arches 2023-12-06 17:15:42 +01:00
nft_fib_inet.c netfilter: nft_fib: add reduce support 2022-03-20 00:29:47 +01:00
nft_fib_netdev.c netfilter: nft_fib: add reduce support 2022-03-20 00:29:47 +01:00
nft_flow_offload.c netfilter: nf_tables: fix bidirectional offload regression 2024-02-15 00:20:00 +01:00
nft_fwd_netdev.c netfilter: add missing module descriptions 2023-11-08 13:52:32 +01:00
nft_hash.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_immediate.c netfilter: nft_immediate: drop chain reference counter on error 2024-01-03 11:17:17 +01:00
nft_inner.c nf_tables: fix NULL pointer dereference in nft_inner_init() 2023-10-12 10:28:45 +02:00
nft_last.c netfilter: nft_last: copy content when cloning expression 2023-03-01 17:23:23 +01:00
nft_limit.c netfilter: nft_limit: reject configurations that cause integer overflow 2024-01-24 20:01:16 +01:00
nft_log.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_lookup.c netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options 2023-07-27 13:45:51 +02:00
nft_masq.c netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options 2023-07-27 13:45:51 +02:00
nft_meta.c netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2023-11-14 16:16:21 +01:00
nft_nat.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-24 20:02:40 +01:00
nft_numgen.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_objref.c netfilter: nf_tables: report use refcount overflow 2023-07-05 14:42:15 +02:00
nft_osf.c netfilter: nft_osf: refactor deprecated strncpy 2023-08-22 15:13:21 +02:00
nft_payload.c netfilter: nft_payload: fix wrong mac header matching 2023-10-12 10:28:45 +02:00
nft_queue.c netfilter: nf_tables: Extend nft_expr_ops::dump callback parameters 2022-11-15 10:46:34 +01:00
nft_quota.c netfilter: nft_quota: copy content when cloning expression 2023-03-01 17:23:23 +01:00
nft_range.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_redir.c netfilter: nf_tables: use NLA_POLICY_MASK to test for valid flag options 2023-07-27 13:45:51 +02:00
nft_reject.c netfilter: nf_tables: limit allowed range via nla_policy 2023-06-26 08:05:57 +02:00
nft_reject_inet.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_reject_netdev.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_rt.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-24 20:02:40 +01:00
nft_set_bitmap.c netfilter: nf_tables: set->ops->insert returns opaque set element in case of EEXIST 2023-10-24 13:37:46 +02:00
nft_set_hash.c netfilter: nf_tables: use timestamp to check for set element timeout 2024-02-08 12:10:19 +01:00
nft_set_pipapo.c netfilter: nft_set_pipapo: release elements in clone only from destroy path 2024-03-26 18:17:37 -04:00
nft_set_pipapo.h netfilter: nft_set_pipapo: fix missing : in kdoc 2024-02-15 00:17:45 +01:00
nft_set_pipapo_avx2.c work around gcc bugs with 'asm goto' with outputs 2024-02-09 15:57:48 -08:00
nft_set_pipapo_avx2.h
nft_set_rbtree.c netfilter: nft_set_rbtree: skip end interval element from gc 2024-02-08 12:10:19 +01:00
nft_socket.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-24 20:02:40 +01:00
nft_synproxy.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-24 20:02:40 +01:00
nft_tproxy.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-24 20:02:40 +01:00
nft_tunnel.c netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV 2024-01-31 23:07:04 +01:00
nft_xfrm.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-24 20:02:40 +01:00
utils.c netfilter: move br_nf_check_hbh_len to utils 2023-03-08 14:25:40 +01:00
x_tables.c netfilter: x_tables: refactor deprecated strncpy 2023-08-22 15:13:21 +02:00
xt_addrtype.c
xt_AUDIT.c
xt_bpf.c
xt_cgroup.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c netfilter: x_tables: use correct integer types 2022-07-11 16:40:45 +02:00
xt_connmark.c netfilter: conntrack: Fix data-races around ct mark 2022-11-18 15:21:00 +01:00
xt_CONNSECMARK.c
xt_conntrack.c
xt_cpu.c
xt_CT.c netfilter: nf_conntrack: use rcu accessors where needed 2022-07-11 16:25:15 +02:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c netfilter: x_tables: use correct integer types 2022-07-11 16:40:45 +02:00
xt_ecn.c
xt_esp.c
xt_hashlimit.c proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
xt_helper.c
xt_hl.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c driver core: class: remove module * from class_create() 2023-03-17 15:16:33 +01:00
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_LED.c leds: Change led_trigger_blink[_oneshot]() delay parameters to pass-by-value 2023-05-25 12:16:27 +01:00
xt_length.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 2023-02-22 21:25:23 -08:00
xt_limit.c
xt_LOG.c netfilter: log: work around missing softdep backend module 2021-09-21 03:46:56 +02:00
xt_mac.c
xt_mark.c
xt_MASQUERADE.c
xt_multiport.c
xt_nat.c
xt_NETMAP.c
xt_nfacct.c
xt_NFLOG.c netfilter: log: work around missing softdep backend module 2021-09-21 03:46:56 +02:00
xt_NFQUEUE.c
xt_osf.c netfilter: nfnetlink_osf: fix module autoload 2023-06-20 22:43:42 +02:00
xt_owner.c netfilter: xt_owner: Fix for unsafe access of sk->sk_socket 2023-12-06 17:52:15 +01:00
xt_physdev.c netfilter: propagate net to nf_bridge_get_physindev 2024-01-17 12:02:48 +01:00
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_RATEEST.c netfilter: move from strlcpy with unused retval to strscpy 2022-09-07 16:46:03 +02:00
xt_rateest.c
xt_realm.c
xt_recent.c netfilter: xt_recent: fix (increase) ipv6 literal buffer length 2023-11-08 13:53:36 +01:00
xt_REDIRECT.c netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs 2023-03-22 21:48:59 +01:00
xt_repldata.h netfilter: xtables: refactor deprecated strncpy 2023-08-22 15:13:21 +02:00
xt_sctp.c netfilter: xt_sctp: validate the flag_info count 2023-08-30 17:34:01 +02:00
xt_SECMARK.c
xt_set.c
xt_socket.c net: annotate data-races around sk->sk_mark 2023-07-29 18:13:41 +01:00
xt_state.c
xt_statistic.c treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
xt_string.c
xt_TCPMSS.c netfilter: x_tables: use correct integer types 2022-07-11 16:40:45 +02:00
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c xtables: move icmp/icmpv6 logic to xt_tcpudp 2023-03-22 21:48:59 +01:00
xt_TEE.c
xt_time.c
xt_TPROXY.c netfilter: xt_TPROXY: remove pr_debug invocations 2022-07-21 00:56:00 +02:00
xt_TRACE.c
xt_u32.c netfilter: xt_u32: validate user space input 2023-08-30 17:34:01 +02:00