mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-29 22:02:02 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/netfilter
History
Pablo Neira Ayuso 9827a0e6e2 netfilter: nft_set_pipapo: release elements in clone from abort path 
New elements that reside in the clone are not released in case that the
transaction is aborted.

[16302.231754] ------------[ cut here ]------------
[16302.231756] WARNING: CPU: 0 PID: 100509 at net/netfilter/nf_tables_api.c:1864 nf_tables_chain_destroy+0x26/0x127 [nf_tables]
[...]
[16302.231882] CPU: 0 PID: 100509 Comm: nft Tainted: G        W         5.19.0-rc3+ #155
[...]
[16302.231887] RIP: 0010:nf_tables_chain_destroy+0x26/0x127 [nf_tables]
[16302.231899] Code: f3 fe ff ff 41 55 41 54 55 53 48 8b 6f 10 48 89 fb 48 c7 c7 82 96 d9 a0 8b 55 50 48 8b 75 58 e8 de f5 92 e0 83 7d 50 00 74 09 <0f> 0b 5b 5d 41 5c 41 5d c3 4c 8b 65 00 48 8b 7d 08 49 39 fc 74 05
[...]
[16302.231917] Call Trace:
[16302.231919]  <TASK>
[16302.231921]  __nf_tables_abort.cold+0x23/0x28 [nf_tables]
[16302.231934]  nf_tables_abort+0x30/0x50 [nf_tables]
[16302.231946]  nfnetlink_rcv_batch+0x41a/0x840 [nfnetlink]
[16302.231952]  ? __nla_validate_parse+0x48/0x190
[16302.231959]  nfnetlink_rcv+0x110/0x129 [nfnetlink]
[16302.231963]  netlink_unicast+0x211/0x340
[16302.231969]  netlink_sendmsg+0x21e/0x460

Add nft_set_pipapo_match_destroy() helper function to release the
elements in the lookup tables.

Stefano Brivio says: "We additionally look for elements pointers in the
cloned matching data if priv->dirty is set, because that means that
cloned data might point to additional elements we did not commit to the
working copy yet (such as the abort path case, but perhaps not limited
to it)."

Fixes: 3c4287f620 ("nf_tables: Add set type for arbitrary concatenation of ranges")
Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2022-07-02 21:04:19 +02:00
..
ipset netfilter: ipset: Fix oversized kvmalloc() calls 2021-09-14 00:50:01 +02:00
ipvs net: sysctl: introduce sysctl SYSCTL_THREE 2022-05-03 10:15:06 +02:00
core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 2022-03-28 08:57:10 -07:00
Kconfig netfilter: nf_tables: make counter support built-in 2021-12-23 01:07:35 +01:00
Makefile net/netfilter: Add unstable CT lookup helpers for XDP and TC-BPF 2022-01-18 14:26:42 -08:00
nf_conncount.c netfilter: nf_conncount: reduce unnecessary GC 2022-05-16 13:05:40 +02:00
nf_conntrack_acct.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_amanda.c
nf_conntrack_bpf.c net: netfilter: Reports ct direction in CT lookup helpers for XDP and TC-BPF 2022-04-06 09:58:30 -07:00
nf_conntrack_broadcast.c
nf_conntrack_core.c netfilter: conntrack: add nf_conntrack_events autodetect mode 2022-05-13 18:56:28 +02:00
nf_conntrack_ecache.c netfilter: conntrack: add nf_conntrack_events autodetect mode 2022-05-13 18:56:28 +02:00
nf_conntrack_expect.c netfilter: conntrack: convert to refcount_t api 2022-01-09 23:30:13 +01:00
nf_conntrack_extend.c netfilter: extensions: introduce extension genid count 2022-05-13 18:52:16 +02:00
nf_conntrack_ftp.c
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c netfilter: conntrack: remove __nf_ct_unconfirmed_destroy 2022-05-13 18:52:17 +02:00
nf_conntrack_irc.c
nf_conntrack_labels.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_netbios_ns.c netfilter: nf_conntrack_netbios_ns: fix helper module alias 2022-01-11 10:41:44 +01:00
nf_conntrack_netlink.c netfilter: ctnetlink: fix up for "netfilter: conntrack: remove unconfirmed list" 2022-05-18 09:21:59 +02:00
nf_conntrack_pptp.c netfilter: conntrack: pptp: use single option structure 2022-02-04 06:30:28 +01:00
nf_conntrack_proto.c netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*() 2022-05-13 18:56:27 +02:00
nf_conntrack_proto_dccp.c
nf_conntrack_proto_generic.c
nf_conntrack_proto_gre.c
nf_conntrack_proto_icmp.c
nf_conntrack_proto_icmpv6.c
nf_conntrack_proto_sctp.c netfilter: conntrack: don't refresh sctp entries in closed state 2022-02-04 05:38:15 +01:00
nf_conntrack_proto_tcp.c netfilter: conntrack: remove pr_debug callsites from tcp tracker 2022-05-16 13:09:51 +02:00
nf_conntrack_proto_udp.c Revert "netfilter: conntrack: mark UDP zero checksum as CHECKSUM_UNNECESSARY" 2022-03-03 13:35:22 +01:00
nf_conntrack_sane.c
nf_conntrack_seqadj.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_conntrack_sip.c
nf_conntrack_snmp.c
nf_conntrack_standalone.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next 2022-05-16 10:10:37 +01:00
nf_conntrack_tftp.c
nf_conntrack_timeout.c netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*() 2022-05-13 18:56:27 +02:00
nf_conntrack_timestamp.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_dup_netdev.c netfilter: nf_dup_netdev: add and use recursion counter 2022-06-21 10:50:41 +02:00
nf_flow_table_core.c netfilter: flowtable: move dst_check to packet path 2022-05-18 17:34:26 +02:00
nf_flow_table_inet.c netfilter: flowtable: Fix QinQ and pppoe support for inet table 2022-03-16 11:25:04 +01:00
nf_flow_table_ip.c netfilter: flowtable: move dst_check to packet path 2022-05-18 17:34:26 +02:00
nf_flow_table_offload.c netfilter: flowtable: remove redundant field in flow_offload_work struct 2022-03-20 00:29:47 +01:00
nf_hooks_lwtunnel.c netfilter: add netfilter hooks to SRv6 data plane 2021-08-30 01:51:36 +02:00
nf_internals.h
nf_log.c
nf_log_syslog.c netfilter: nf_log_syslog: Consolidate entry checks 2022-04-08 14:36:06 +02:00
nf_nat_amanda.c
nf_nat_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-17 13:56:58 -07:00
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c
nf_nat_masquerade.c netfilter: conntrack: add nf_ct_iter_data object for nf_ct_iterate_cleanup*() 2022-05-13 18:56:27 +02:00
nf_nat_proto.c
nf_nat_redirect.c
nf_nat_sip.c
nf_nat_tftp.c
nf_queue.c netfilter: nf_queue: handle socket prefetch 2022-03-01 11:51:15 +01:00
nf_sockopt.c
nf_synproxy_core.c netfilter: conntrack: remove extension register api 2022-02-04 06:30:28 +01:00
nf_tables_api.c netfilter: nf_tables: stricter validation of element data 2022-07-02 21:04:10 +02:00
nf_tables_core.c netfilter: nf_tables: avoid skb access on nf_stolen 2022-06-27 19:22:54 +02:00
nf_tables_offload.c netfilter: nf_tables: bail out early if hardware offload is not supported 2022-06-06 19:19:15 +02:00
nf_tables_trace.c netfilter: nf_tables: avoid skb access on nf_stolen 2022-06-27 19:22:54 +02:00
nfnetlink.c netfilter: nfnetlink: fix warn in nfnetlink_unbind 2022-05-27 11:16:33 +02:00
nfnetlink_acct.c
nfnetlink_cthelper.c
nfnetlink_cttimeout.c netfilter: cttimeout: fix slab-out-of-bounds read typo in cttimeout_net_exit 2022-06-17 23:31:20 +02:00
nfnetlink_hook.c net: Don't include filter.h from net/sock.h 2021-12-29 08:48:14 -08:00
nfnetlink_log.c net: Get rcv tstamp if needed in nfnetlink_{log, queue}.c 2022-03-03 14:38:48 +00:00
nfnetlink_osf.c
nfnetlink_queue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-03 11:55:12 -08:00
nft_bitwise.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next 2022-04-11 11:47:58 +01:00
nft_byteorder.c netfilter: nf_tables: cancel tracking for clobbered destination registers 2022-03-20 00:29:46 +01:00
nft_chain_filter.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-10-22 11:41:16 +01:00
nft_chain_nat.c
nft_chain_route.c
nft_cmp.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_compat.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_connlimit.c netfilter: nf_tables: memcg accounting for dynamically allocated objects 2022-04-05 11:55:46 +02:00
nft_counter.c netfilter: nf_tables: memcg accounting for dynamically allocated objects 2022-04-05 11:55:46 +02:00
nft_ct.c netfilter: nft_ct: track register operations 2022-03-20 00:29:46 +01:00
nft_dup_netdev.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_dynset.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_exthdr.c netfilter: nft_exthdr: add reduce support 2022-03-20 00:29:47 +01:00
nft_fib.c netfilter: nft_fib: reverse path filter for policy-based routing on iif 2022-04-11 12:10:09 +02:00
nft_fib_inet.c netfilter: nft_fib: add reduce support 2022-03-20 00:29:47 +01:00
nft_fib_netdev.c netfilter: nft_fib: add reduce support 2022-03-20 00:29:47 +01:00
nft_flow_offload.c netfilter: flowtable: fix nft_flow_route source address for nat case 2022-05-31 23:32:53 +02:00
nft_fwd_netdev.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_hash.c netfilter: nft_hash: track register operations 2022-03-20 00:29:47 +01:00
nft_immediate.c netfilter: nft_immediate: cancel register tracking for data destination register 2022-03-20 00:29:47 +01:00
nft_last.c netfilter: nf_tables: memcg accounting for dynamically allocated objects 2022-04-05 11:55:46 +02:00
nft_limit.c netfilter: nft_limit: Clone packet limits' cost value 2022-05-26 22:50:34 +02:00
nft_log.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_lookup.c netfilter: nft_lookup: only cancel tracking for clobbered dregs 2022-03-20 00:29:46 +01:00
nft_masq.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_meta.c netfilter: use get_random_u32 instead of prandom 2022-06-08 12:30:59 +02:00
nft_nat.c netfilter: nat: really support inet nat without l3 address 2022-06-01 15:53:39 +02:00
nft_numgen.c netfilter: use get_random_u32 instead of prandom 2022-06-08 12:30:59 +02:00
nft_objref.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_osf.c netfilter: nft_osf: track register operations 2022-03-20 00:29:47 +01:00
nft_payload.c netfilter: nf_tables: cancel tracking for clobbered destination registers 2022-03-20 00:29:46 +01:00
nft_queue.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_quota.c netfilter: nf_tables: memcg accounting for dynamically allocated objects 2022-04-05 11:55:46 +02:00
nft_range.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_redir.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_reject.c
nft_reject_inet.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_reject_netdev.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_rt.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_set_bitmap.c
nft_set_hash.c netfilter: nft_dynset: restore set element counter when failing to update 2022-06-27 19:03:37 +02:00
nft_set_pipapo.c netfilter: nft_set_pipapo: release elements in clone from abort path 2022-07-02 21:04:19 +02:00
nft_set_pipapo.h
nft_set_pipapo_avx2.c netfilter: nft_set_pipapo_avx2: remove redundant pointer lt 2021-12-24 16:58:17 +01:00
nft_set_pipapo_avx2.h
nft_set_rbtree.c netfilter: nft_set_rbtree: overlap detection with element re-addition after deletion 2022-04-22 15:49:15 +02:00
nft_socket.c netfilter: nft_socket: only do sk lookups when indev is available 2022-04-28 16:15:23 +02:00
nft_synproxy.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_tproxy.c netfilter: nf_tables: do not reduce read-only expressions 2022-03-20 00:29:46 +01:00
nft_tunnel.c netfilter: nft_tunnel: track register operations 2022-03-20 00:29:47 +01:00
nft_xfrm.c netfilter: nft_xfrm: track register operations 2022-03-20 00:29:47 +01:00
utils.c
x_tables.c proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
xt_addrtype.c
xt_AUDIT.c
xt_bpf.c bpf: Refactor BPF_PROG_RUN into a function 2021-08-17 00:45:07 +02:00
xt_cgroup.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c
xt_connmark.c
xt_CONNSECMARK.c
xt_conntrack.c
xt_cpu.c
xt_CT.c netfilter: conntrack: convert to refcount_t api 2022-01-09 23:30:13 +01:00
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_DSCP.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
xt_helper.c
xt_HL.c
xt_hl.c
xt_HMARK.c
xt_IDLETIMER.c netfilter: xt_IDLETIMER: replace snprintf in show functions with sysfs_emit 2021-11-08 12:14:05 +01:00
xt_ipcomp.c
xt_iprange.c
xt_ipvs.c
xt_l2tp.c
xt_LED.c
xt_length.c
xt_limit.c
xt_LOG.c netfilter: log: work around missing softdep backend module 2021-09-21 03:46:56 +02:00
xt_mac.c
xt_mark.c
xt_MASQUERADE.c
xt_multiport.c
xt_nat.c
xt_NETMAP.c
xt_nfacct.c
xt_NFLOG.c netfilter: log: work around missing softdep backend module 2021-09-21 03:46:56 +02:00
xt_NFQUEUE.c
xt_osf.c
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_quota.c
xt_rateest.c
xt_RATEEST.c net: sched: Merge Qdisc::bstats and Qdisc::cpu_bstats data types 2021-10-18 12:54:41 +01:00
xt_realm.c
xt_recent.c proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
xt_REDIRECT.c
xt_repldata.h
xt_sctp.c
xt_SECMARK.c
xt_set.c
xt_socket.c netfilter: xt_socket: missing ifdef CONFIG_IP6_NF_IPTABLES dependency 2022-02-13 23:55:48 +01:00
xt_state.c
xt_statistic.c
xt_string.c
xt_TCPMSS.c
xt_tcpmss.c
xt_TCPOPTSTRIP.c
xt_tcpudp.c
xt_TEE.c
xt_time.c
xt_TPROXY.c
xt_TRACE.c
xt_u32.c