linux-stable

History

Florian Westphal 7824d5a993 netfilter: arp_tables: add pre_exit hook for table unregister commit `d163a925eb` upstream. Same problem that also existed in iptables/ip(6)tables, when arptable_filter is removed there is no longer a wait period before the table/ruleset is free'd. Unregister the hook in pre_exit, then remove the table in the exit function. This used to work correctly because the old nf_hook_unregister API did unconditional synchronize_net. The per-net hook unregister function uses call_rcu instead. Fixes: `b9e69e1273` ("netfilter: xtables: don't hook tables by default") Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2021-04-21 13:00:56 +02:00
..
arp_tables.h	netfilter: arp_tables: add pre_exit hook for table unregister	2021-04-21 13:00:56 +02:00

Florian Westphal 7824d5a993 netfilter: arp_tables: add pre_exit hook for table unregister

commit d163a925eb upstream.

Same problem that also existed in iptables/ip(6)tables, when
arptable_filter is removed there is no longer a wait period before the
table/ruleset is free'd.

Unregister the hook in pre_exit, then remove the table in the exit
function.
This used to work correctly because the old nf_hook_unregister API
did unconditional synchronize_net.

The per-net hook unregister function uses call_rcu instead.

Fixes: b9e69e1273 ("netfilter: xtables: don't hook tables by default")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2021-04-21 13:00:56 +02:00

arp_tables.h netfilter: arp_tables: add pre_exit hook for table unregister 2021-04-21 13:00:56 +02:00