mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-27 04:47:05 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/netfilter
History
Pablo Neira Ayuso b58d0ac35f netfilter: nf_tables: discard table flag update with pending basechain deletion 
commit 1bc83a019b upstream.

Hook unregistration is deferred to the commit phase, same occurs with
hook updates triggered by the table dormant flag. When both commands are
combined, this results in deleting a basechain while leaving its hook
still registered in the core.

Fixes: 179d9ba555 ("netfilter: nf_tables: fix table flag updates")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-04-13 12:59:54 +02:00
..
ipset netfilter: ipset: Missing gc cancellations fixed 2024-02-23 08:42:31 +01:00
ipvs ipvs: avoid stat macros calls from preemptible context 2024-01-25 14:37:56 -08:00
core.c Remove DECnet support from kernel 2023-06-21 15:45:38 +02:00
Kconfig netfilter: conntrack: NF_CONNTRACK_PROCFS should no longer default to y 2022-09-05 10:28:58 +02:00
Makefile x86: update AS_* macros to binutils >=2.23, supporting ADX and AVX2 2020-04-09 00:12:48 +09:00
nf_conncount.c
nf_conntrack_acct.c
nf_conntrack_amanda.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_broadcast.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_core.c netfilter: conntrack: fix NULL pointer dereference in nf_confirm_cthelper 2023-06-14 11:09:41 +02:00
nf_conntrack_ecache.c netfilter: ecache: don't look for ecache extension on dying/unconfirmed conntracks 2019-10-26 12:36:42 +02:00
nf_conntrack_expect.c netfilter: update include directives. 2019-09-13 12:33:06 +02:00
nf_conntrack_extend.c netfilter: conntrack: remove two export symbols 2019-12-17 22:59:31 +01:00
nf_conntrack_ftp.c treewide: Remove uninitialized_var() usage 2020-07-16 12:35:15 -07:00
nf_conntrack_h323_asn1.c netfilter: nf_conntrack_h323: Add protection for bmp length out of range 2024-03-15 10:48:15 -04:00
nf_conntrack_h323_main.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: conntrack: Avoid nf_ct_helper_hash uses after free 2023-07-27 08:44:17 +02:00
nf_conntrack_irc.c netfilter: nf_conntrack_irc: Tighten matching on DCC message 2022-09-28 11:10:30 +02:00
nf_conntrack_labels.c netfilter: not mark a spinlock as __read_mostly 2019-08-27 18:07:03 +02:00
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: conntrack: define variables exp_nat_nla_policy and any_addr with CONFIG_NF_NAT 2023-06-09 10:30:12 +02:00
nf_conntrack_pptp.c netfilter: delete repeated words 2020-08-28 20:11:38 +02:00
nf_conntrack_proto.c netfilter: conntrack: unregister ipv4 sockopts on error unwind 2021-06-10 13:39:13 +02:00
nf_conntrack_proto_dccp.c netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one 2023-07-27 08:43:43 +02:00
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c netfilter: conntrack: Fix gre tunneling over ipv6 2021-04-10 13:36:08 +02:00
nf_conntrack_proto_icmp.c netfilter: ctnetlink: add kernel side filtering for dump 2020-05-27 22:20:34 +02:00
nf_conntrack_proto_icmpv6.c netfilter: conntrack: set icmpv6 redirects as RELATED 2023-01-14 10:15:35 +01:00
nf_conntrack_proto_sctp.c netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new 2024-03-01 13:16:44 +01:00
nf_conntrack_proto_tcp.c netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state 2023-02-01 08:23:18 +01:00
nf_conntrack_proto_udp.c netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state 2021-11-18 14:04:01 +01:00
nf_conntrack_sane.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_seqadj.c
nf_conntrack_sip.c netfilter: nf_conntrack_sip: fix the ct_sip_parse_numerical_param() return value. 2023-07-27 08:43:43 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c netfilter: conntrack: fix possible bug_on with enable_hooks=1 2023-05-30 12:57:46 +01:00
nf_conntrack_tftp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_conntrack_timeout.c netfilter: update include directives. 2019-09-13 12:33:06 +02:00
nf_conntrack_timestamp.c
nf_dup_netdev.c netfilter: nf_fwd_netdev: clear timestamp in forwarding path 2020-10-22 14:49:36 +02:00
nf_flow_table_core.c netfilter: conntrack: annotate data-races around ct->timeout 2021-12-14 11:32:37 +01:00
nf_flow_table_inet.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nf_flow_table_ip.c netfilter: flowtable: reduce calls to pskb_may_pull() 2020-10-12 01:58:10 +02:00
nf_flow_table_offload.c netfilter: flowtable: really fix NAT IPv6 offload 2023-01-14 10:16:08 +01:00
nf_internals.h netfilter: ctnetlink: add kernel side filtering for dump 2020-05-27 22:20:34 +02:00
nf_log.c netfilter: nf_log: replace BUG_ON by WARN_ON_ONCE when putting logger 2024-02-23 08:42:17 +01:00
nf_log_common.c netfilter: nf_log: missing vlan offload tag and proto 2020-10-14 01:25:14 +02:00
nf_log_netdev.c
nf_nat_amanda.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_core.c netfilter: nf_nat: Fix memleak in nf_nat_init 2021-01-19 18:27:33 +01:00
nf_nat_ftp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_helper.c
nf_nat_irc.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_masquerade.c netfilter: nf_nat_masquerade: defer conntrack walk to work queue 2021-10-17 10:43:32 +02:00
nf_nat_proto.c netfilter: nf_nat: undo erroneous tcp edemux lookup 2021-03-17 17:06:12 +01:00
nf_nat_redirect.c netfilter: nat: fix ipv6 nat redirect with mapped and scoped addresses 2023-11-20 11:06:56 +01:00
nf_nat_sip.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_nat_tftp.c netfilter: nf_conntrack_sip: fix expectation clash 2019-07-16 13:16:59 +02:00
nf_queue.c netfilter: nf_queue: handle socket prefetch 2022-03-08 19:09:33 +01:00
nf_sockopt.c netfilter: switch nf_setsockopt to sockptr_t 2020-07-24 15:41:54 -07:00
nf_synproxy_core.c lsm,selinux: pass flowi_common instead of flowi to the LSM hooks 2022-06-09 10:21:09 +02:00
nf_tables_api.c netfilter: nf_tables: discard table flag update with pending basechain deletion 2024-04-13 12:59:54 +02:00
nf_tables_core.c netfilter: nf_tables: add and use nft_thoff helper 2023-10-10 21:53:29 +02:00
nf_tables_offload.c netfilter: nf_tables: use net_generic infra for transaction data 2023-07-27 08:44:15 +02:00
nf_tables_trace.c netfilter: nf_tables: add and use nft_thoff helper 2023-10-10 21:53:29 +02:00
nfnetlink.c netfilter: nfnetlink: skip error delivery on batch in case of ENOMEM 2023-06-21 15:45:38 +02:00
nfnetlink_acct.c netfilter: add helper function to set up the nfnetlink header and use it 2022-08-25 11:38:11 +02:00
nfnetlink_cthelper.c netfilter: add helper function to set up the nfnetlink header and use it 2022-08-25 11:38:11 +02:00
nfnetlink_cttimeout.c netfilter: add helper function to set up the nfnetlink header and use it 2022-08-25 11:38:11 +02:00
nfnetlink_log.c netfilter: nfnetlink_log: silence bogus compiler warning 2023-11-08 17:30:49 +01:00
nfnetlink_osf.c netfilter: nfnetlink_osf: avoid OOB read 2023-09-19 12:20:27 +02:00
nfnetlink_queue.c netfilter: add helper function to set up the nfnetlink header and use it 2022-08-25 11:38:11 +02:00
nft_bitwise.c netfilter: nf_tables: upfront validation of data via nft_data_init() 2022-08-31 17:15:18 +02:00
nft_byteorder.c netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2024-02-23 08:42:32 +01:00
nft_chain_filter.c netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain 2024-02-23 08:41:58 +01:00
nft_chain_nat.c netfilter: nft_chain_nat: inet family is missing module ownership 2020-03-06 18:00:43 +01:00
nft_chain_route.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-10-30 12:57:39 +01:00
nft_cmp.c netfilter: nf_tables: upfront validation of data via nft_data_init() 2022-08-31 17:15:18 +02:00
nft_compat.c netfilter: nf_tables: allow NFPROTO_INET in nft_(match/target)_validate() 2024-03-06 14:37:49 +00:00
nft_connlimit.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_counter.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_ct.c netfilter: nft_ct: fix l3num expectations with inet pseudo family 2024-03-15 10:48:15 -04:00
nft_dup_netdev.c netfilter: nftables: add nft_parse_register_load() and use it 2022-06-29 08:59:46 +02:00
nft_dynset.c netfilter: nft_dynset: disallow object maps 2023-08-26 15:26:52 +02:00
nft_exthdr.c netfilter: nf_tables: fix 'exist' matching on bigendian arches 2023-12-20 15:44:26 +01:00
nft_fib.c netfilter: nf_tables: fix 'exist' matching on bigendian arches 2023-12-20 15:44:26 +01:00
nft_fib_inet.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_fib_netdev.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_flow_offload.c netfilter: nf_tables: validate NFPROTO_* family 2024-02-23 08:41:57 +01:00
nft_fwd_netdev.c netfilter: nftables: add nft_parse_register_load() and use it 2022-06-29 08:59:46 +02:00
nft_hash.c netfilter: nftables: add nft_parse_register_store() and use it 2022-06-29 08:59:46 +02:00
nft_immediate.c netfilter: nft_immediate: drop chain reference counter on error 2024-01-15 18:48:04 +01:00
nft_limit.c netfilter: nft_limit: avoid possible divide error in nft_limit_init 2021-04-21 13:00:56 +02:00
nft_log.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_lookup.c netfilter: nf_tables: deactivate anonymous set from preparation phase 2023-05-17 11:48:08 +02:00
nft_masq.c netfilter: nft_masq: correct length for loading protocol registers 2023-03-22 13:29:56 +01:00
nft_meta.c netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() 2024-02-23 08:42:32 +01:00
nft_nat.c netfilter: nf_tables: validate NFPROTO_* family 2024-02-23 08:41:57 +01:00
nft_numgen.c netfilter: use get_random_u32 instead of prandom 2022-06-29 08:59:46 +02:00
nft_objref.c netfilter: nf_tables: report use refcount overflow 2023-08-16 18:21:03 +02:00
nft_osf.c netfilter: nft_osf: restrict osf to ipv4, ipv6 and inet families 2022-08-31 17:15:18 +02:00
nft_payload.c netfilter: nft_payload: fix wrong mac header matching 2023-10-25 11:54:19 +02:00
nft_queue.c netfilter: nftables: add nft_parse_register_load() and use it 2022-06-29 08:59:46 +02:00
nft_quota.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
nft_range.c netfilter: nf_tables: upfront validation of data via nft_data_init() 2022-08-31 17:15:18 +02:00
nft_redir.c netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs 2023-11-20 11:06:56 +01:00
nft_reject.c netfilter: introduce support for reject at prerouting stage 2020-06-30 18:21:02 +02:00
nft_reject_inet.c netfilter: nf_tables: add and use nft_sk helper 2023-10-10 21:53:29 +02:00
nft_rt.c netfilter: nf_tables: validate NFPROTO_* family 2024-02-23 08:41:57 +01:00
nft_set_bitmap.c netfilter: nf_tables: drop map element references from preparation phase 2023-07-27 08:44:17 +02:00
nft_set_hash.c netfilter: nft_set_hash: try later when GC hits EAGAIN on iteration 2023-10-10 21:53:26 +02:00
nft_set_pipapo.c netfilter: nft_set_pipapo: release elements in clone only from destroy path 2024-03-26 18:22:03 -04:00
nft_set_pipapo.h netfilter: nft_set_pipapo: remove scratch_aligned pointer 2024-02-23 08:42:21 +01:00
nft_set_pipapo_avx2.c netfilter: nft_set_pipapo: remove scratch_aligned pointer 2024-02-23 08:42:21 +01:00
nft_set_pipapo_avx2.h x86: update AS_* macros to binutils >=2.23, supporting ADX and AVX2 2020-04-09 00:12:48 +09:00
nft_set_rbtree.c netfilter: nft_set_rbtree: skip end interval element from gc 2024-02-23 08:42:22 +01:00
nft_socket.c netfilter: nf_tables: validate NFPROTO_* family 2024-02-23 08:41:57 +01:00
nft_synproxy.c netfilter: nf_tables: validate NFPROTO_* family 2024-02-23 08:41:57 +01:00
nft_tproxy.c netfilter: nf_tables: validate NFPROTO_* family 2024-02-23 08:41:57 +01:00
nft_tunnel.c netfilter: nft_tunnel: restrict it to netdev family 2022-08-31 17:15:18 +02:00
nft_xfrm.c netfilter: nf_tables: validate NFPROTO_* family 2024-02-23 08:41:57 +01:00
utils.c netfilter: use actual socket sk rather than skb sk when routing harder 2020-10-30 12:57:39 +01:00
x_tables.c netfilter: x_tables: fix compat match/target pad out-of-bound write 2021-04-16 11:43:21 +02:00
xt_addrtype.c
xt_AUDIT.c
xt_bpf.c
xt_cgroup.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c netfilter: update include directives. 2019-09-13 12:33:06 +02:00
xt_connmark.c netfilter: conntrack: Fix data-races around ct mark 2022-12-02 17:40:00 +01:00
xt_CONNSECMARK.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_conntrack.c
xt_cpu.c
xt_CT.c
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c netfilter: Replace zero-length array with flexible-array member 2020-03-15 15:20:16 +01:00
xt_helper.c
xt_HL.c
xt_hl.c
xt_HMARK.c netfilter: xt_HMARK: Use ip_is_fragment() helper 2020-08-28 19:55:51 +02:00
xt_IDLETIMER.c netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value 2021-10-27 09:56:47 +02:00
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_LED.c
xt_length.c
xt_limit.c
xt_LOG.c
xt_mac.c
xt_mark.c
xt_MASQUERADE.c
xt_multiport.c
xt_nat.c netfilter: Add MODULE_DESCRIPTION entries to kernel modules 2020-06-25 00:50:31 +02:00
xt_NETMAP.c
xt_nfacct.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_NFLOG.c
xt_NFQUEUE.c
xt_osf.c netfilter: nfnetlink_osf: fix module autoload 2023-06-28 10:28:13 +02:00
xt_owner.c netfilter: xt_owner: Fix for unsafe access of sk->sk_socket 2023-12-13 18:27:00 +01:00
xt_physdev.c netfilter: inline xt_hashlimit, ebt_802_3 and xt_physdev headers 2019-09-13 12:32:48 +02:00
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_RATEEST.c netfilter: xt_RATEEST: reject non-null terminated string from userspace 2021-01-12 20:18:26 +01:00
xt_realm.c
xt_recent.c netfilter: xt_recent: fix (increase) ipv6 literal buffer length 2023-11-20 11:06:56 +01:00
xt_REDIRECT.c netfilter: nft_redir: use struct nf_nat_range2 throughout and deduplicate eval call-backs 2023-11-20 11:06:56 +01:00
xt_repldata.h
xt_sctp.c netfilter: xt_sctp: validate the flag_info count 2023-09-19 12:20:20 +02:00
xt_SECMARK.c netfilter: xt_SECMARK: add new revision to fix structure layout 2021-05-19 10:13:06 +02:00
xt_set.c netfilter: inline four headers files into another one. 2019-08-13 12:14:26 +02:00
xt_socket.c
xt_state.c
xt_statistic.c
xt_string.c
xt_TCPMSS.c
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c
xt_time.c netfilter: Replace HTTP links with HTTPS ones 2020-07-29 20:09:18 +02:00
xt_TPROXY.c
xt_TRACE.c
xt_u32.c netfilter: xt_u32: validate user space input 2023-09-19 12:20:20 +02:00