mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/netfilter
History
Pablo Neira Ayuso 2aeb805a1b netfilter: nf_tables: discard table flag update with pending basechain deletion 
commit 1bc83a019b upstream.

Hook unregistration is deferred to the commit phase, same occurs with
hook updates triggered by the table dormant flag. When both commands are
combined, this results in deleting a basechain while leaving its hook
still registered in the core.

Fixes: 179d9ba555 ("netfilter: nf_tables: fix table flag updates")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-04-13 13:05:22 +02:00
..
ipset netfilter: ipset: Missing gc cancellations fixed 2024-02-23 09:12:50 +01:00
ipvs ipvs: avoid stat macros calls from preemptible context 2024-01-25 15:27:51 -08:00
Kconfig
Makefile
core.c netfilter: let reset rules clean out conntrack entries 2024-03-06 14:45:08 +00:00
nf_conncount.c
nf_conntrack_acct.c
nf_conntrack_amanda.c
nf_conntrack_bpf.c netfilter, bpf: Adjust timeouts of non-confirmed CTs in bpf_ct_insert_entry() 2023-10-06 14:56:38 +02:00
nf_conntrack_broadcast.c
nf_conntrack_core.c netfilter: bridge: confirm multicast packets before passing them up the stack 2024-03-06 14:45:08 +00:00
nf_conntrack_ecache.c netfilter: ctnetlink: make event listener tracking global 2023-03-11 13:55:24 +01:00
nf_conntrack_expect.c
nf_conntrack_extend.c netfilter: conntrack: fix extension size table 2023-10-06 14:56:36 +02:00
nf_conntrack_ftp.c
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: Add protection for bmp length out of range 2024-03-15 10:48:16 -04:00
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: conntrack: Avoid nf_ct_helper_hash uses after free 2023-07-19 16:22:16 +02:00
nf_conntrack_irc.c
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT 2023-06-09 10:34:15 +02:00
nf_conntrack_pptp.c
nf_conntrack_proto.c
nf_conntrack_proto_dccp.c netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one 2023-07-19 16:21:13 +02:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c
nf_conntrack_proto_icmp.c
nf_conntrack_proto_icmpv6.c netfilter: conntrack: set icmpv6 redirects as RELATED 2022-12-31 13:32:19 +01:00
nf_conntrack_proto_sctp.c netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new 2024-03-01 13:26:27 +01:00
nf_conntrack_proto_tcp.c netfilter: let reset rules clean out conntrack entries 2024-03-06 14:45:08 +00:00
nf_conntrack_proto_udp.c
nf_conntrack_sane.c
nf_conntrack_seqadj.c
nf_conntrack_sip.c netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. 2023-07-19 16:21:13 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: conntrack: fix possible bug_on with enable_hooks=1 2023-05-24 17:32:32 +01:00
nf_conntrack_tftp.c
nf_conntrack_timeout.c
nf_conntrack_timestamp.c
nf_dup_netdev.c
nf_flow_table_core.c netfilter: nft_flow_offload: release dst in case direct xmit path is used 2024-03-01 13:26:37 +01:00
nf_flow_table_inet.c netfilter: flowtable: cache info of last offload 2024-01-10 17:10:34 +01:00
nf_flow_table_ip.c net/sched: act_ct: Fix promotion of offloaded unreplied tuple 2024-01-10 17:10:34 +01:00
nf_flow_table_offload.c netfilter: flowtable: cache info of last offload 2024-01-10 17:10:34 +01:00
nf_flow_table_procfs.c
nf_hooks_lwtunnel.c
nf_internals.h
nf_log.c netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger 2024-02-05 20:13:02 +00:00
nf_log_syslog.c netfilter: propagate net to nf_bridge_get_physindev 2024-01-25 15:27:51 -08:00
nf_nat_amanda.c
nf_nat_bpf.c
nf_nat_core.c netfilter: nf_nat: Fix possible memory leak in nf_nat_init() 2022-11-02 10:47:22 +01:00
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_masquerade.c
nf_nat_proto.c
nf_nat_redirect.c netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses 2023-11-20 11:52:17 +01:00
nf_nat_sip.c
nf_nat_tftp.c
nf_queue.c netfilter: propagate net to nf_bridge_get_physindev 2024-01-25 15:27:51 -08:00
nf_sockopt.c
nf_synproxy_core.c
nf_tables_api.c netfilter: nf_tables: discard table flag update with pending basechain deletion 2024-04-13 13:05:22 +02:00
nf_tables_core.c netfilter: nf_tables: set transport offset from mac header for netdev/egress 2024-01-10 17:10:21 +01:00
nf_tables_offload.c
nf_tables_trace.c
nfnetlink.c netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM 2023-06-21 16:00:58 +02:00
nfnetlink_acct.c
nfnetlink_cthelper.c
nfnetlink_cttimeout.c
nfnetlink_hook.c
nfnetlink_log.c netfilter: nfnetlink_log: use proper helper for fetching physinif 2024-01-25 15:27:50 -08:00
nfnetlink_osf.c netfilter: nfnetlink_osf: avoid OOB read 2023-09-19 12:28:03 +02:00
nfnetlink_queue.c
nft_bitwise.c netfilter: nft_bitwise: fix register tracking 2023-06-14 11:15:20 +02:00
nft_byteorder.c netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2023-11-28 17:07:05 +00:00
nft_chain_filter.c netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain 2024-01-31 16:17:07 -08:00
nft_chain_nat.c
nft_chain_route.c
nft_cmp.c
nft_compat.c netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() 2024-03-06 14:45:08 +00:00
nft_connlimit.c
nft_counter.c
nft_ct.c netfilter: nft_ct: fix l3num expectations with inet pseudo family 2024-03-15 10:48:16 -04:00
nft_dup_netdev.c
nft_dynset.c netfilter: nf_tables: bail out on mismatching dynset and set expressions 2023-12-13 18:39:11 +01:00
nft_exthdr.c netfilter: nf_tables: fix 'exist' matching on bigendian arches 2023-12-13 18:39:11 +01:00
nft_fib.c netfilter: nf_tables: fix 'exist' matching on bigendian arches 2023-12-13 18:39:11 +01:00
nft_fib_inet.c
nft_fib_netdev.c
nft_flow_offload.c netfilter: flowtable: simplify route logic 2024-03-01 13:26:37 +01:00
nft_fwd_netdev.c
nft_hash.c
nft_immediate.c netfilter: nft_immediate: drop chain reference counter on error 2024-01-10 17:10:24 +01:00
nft_last.c netfilter: nft_last: copy content when cloning expression 2023-03-17 08:50:23 +01:00
nft_limit.c netfilter: nft_limit: reject configurations that cause integer overflow 2024-01-31 16:17:05 -08:00
nft_log.c
nft_lookup.c netfilter: nf_tables: deactivate anonymous set from preparation phase 2023-05-11 23:03:42 +09:00
nft_masq.c netfilter: nft_masq: correct length for loading protocol registers 2023-03-22 13:33:42 +01:00
nft_meta.c netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2023-11-28 17:07:05 +00:00
nft_nat.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-31 16:17:06 -08:00
nft_numgen.c
nft_objref.c netfilter: nf_tables: report use refcount overflow 2023-08-16 18:27:30 +02:00
nft_osf.c
nft_payload.c netfilter: nft_payload: fix wrong mac header matching 2023-10-25 12:03:05 +02:00
nft_queue.c
nft_quota.c netfilter: nft_quota: copy content when cloning expression 2023-03-17 08:50:23 +01:00
nft_range.c
nft_redir.c netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate eval call-backs 2023-11-20 11:52:17 +01:00
nft_reject.c
nft_reject_inet.c
nft_reject_netdev.c
nft_rt.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-31 16:17:06 -08:00
nft_set_bitmap.c netfilter: nf_tables: drop map element references from preparation phase 2023-06-28 11:12:32 +02:00
nft_set_hash.c netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration 2023-10-06 14:56:35 +02:00
nft_set_pipapo.c netfilter: nft_set_pipapo: release elements in clone only from destroy path 2024-03-26 18:21:01 -04:00
nft_set_pipapo.h netfilter: nft_set_pipapo: remove scratch_aligned pointer 2024-02-16 19:06:28 +01:00
nft_set_pipapo_avx2.c work around gcc bugs with 'asm goto' with outputs 2024-02-23 09:12:28 +01:00
nft_set_pipapo_avx2.h
nft_set_rbtree.c netfilter: nft_set_rbtree: skip end interval element from gc 2024-02-16 19:06:32 +01:00
nft_socket.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-31 16:17:06 -08:00
nft_synproxy.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-31 16:17:06 -08:00
nft_tproxy.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-31 16:17:06 -08:00
nft_tunnel.c netfilter: nf_tables: restrict tunnel object to NFPROTO_NETDEV 2024-02-05 20:13:01 +00:00
nft_xfrm.c netfilter: nf_tables: validate NFPROTO_* family 2024-01-31 16:17:06 -08:00
utils.c
x_tables.c
xt_AUDIT.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_CONNSECMARK.c
xt_CT.c
xt_DSCP.c
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c
xt_LED.c
xt_LOG.c
xt_MASQUERADE.c
xt_NETMAP.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_RATEEST.c
xt_REDIRECT.c netfilter: nft_redir: use `struct nf_nat_range2` throughout and deduplicate eval call-backs 2023-11-20 11:52:17 +01:00
xt_SECMARK.c
xt_TCPMSS.c
xt_TCPOPTSTRIP.c
xt_TEE.c
xt_TPROXY.c
xt_TRACE.c
xt_addrtype.c
xt_bpf.c
xt_cgroup.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c
xt_connmark.c netfilter: conntrack: Fix data-races around ct mark 2022-11-18 15:21:00 +01:00
xt_conntrack.c
xt_cpu.c
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c
xt_helper.c
xt_hl.c
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_length.c netfilter: use skb_ip_totlen and iph_totlen 2024-01-10 17:10:21 +01:00
xt_limit.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c
xt_nfacct.c
xt_osf.c netfilter: nfnetlink_osf: fix module autoload 2023-06-28 11:12:33 +02:00
xt_owner.c netfilter: xt_owner: Fix for unsafe access of sk->sk_socket 2023-12-13 18:39:11 +01:00
xt_physdev.c netfilter: propagate net to nf_bridge_get_physindev 2024-01-25 15:27:51 -08:00
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_realm.c
xt_recent.c netfilter: xt_recent: fix (increase) ipv6 literal buffer length 2023-11-20 11:52:17 +01:00
xt_repldata.h
xt_sctp.c netfilter: xt_sctp: validate the flag_info count 2023-09-13 09:42:59 +02:00
xt_set.c
xt_socket.c net: annotate data-races around sk->sk_mark 2023-08-11 12:08:14 +02:00
xt_state.c
xt_statistic.c treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
xt_time.c
xt_u32.c netfilter: xt_u32: validate user space input 2023-09-13 09:42:59 +02:00