diff options
| author | Florian Westphal <fw@strlen.de> | 2024-02-19 16:58:04 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-02-22 00:14:54 +0100 |
| commit | bccebf64701735533c8db37773eeacc6566cc8ec (patch) | |
| tree | 944245466e377ff05502e58159cdbd588df00d86 | |
| parent | 40b9385dd8e6a0515e1c9cd06a277483556b7286 (diff) | |
| download | linux-bccebf64701735533c8db37773eeacc6566cc8ec.tar.gz | |
netfilter: nf_tables: set dormant flag on hook register failure
We need to set the dormant flag again if we fail to register
the hooks.
During memory pressure hook registration can fail and we end up
with a table marked as active but no registered hooks.
On table/base chain deletion, nf_tables will attempt to unregister
the hook again which yields a warn splat from the nftables core.
Reported-and-tested-by: syzbot+de4025c006ec68ac56fc@syzkaller.appspotmail.com
Fixes: 179d9ba5559a ("netfilter: nf_tables: fix table flag updates")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Notes
Fixes: 179d9ba5559a ("netfilter: nf_tables: fix table flag updates") # v5.13-rc5
Fixes-stable: d9c4da8cb74e ("netfilter: nf_tables: fix table flag updates") # v5.10.202
Fixes-stable: e10f661adc55 ("netfilter: nf_tables: fix table flag updates") # v5.4.262
Stable: f2135bbf1494 # v6.6.19
Stable: 0c9302a6da26 # v6.1.80
Stable: 664264a5c55b # v5.15.150
Stable: 31ea574aeca1 # v5.10.211
Stable: ae4360cbd385 # v5.4.270
Lore: https://lore.kernel.org/r/20240219155809.9651-1-fw@strlen.de # netfilter-devel
Lore: https://lore.kernel.org/r/20240222000843.146665-2-pablo@netfilter.org # netdev, netfilter-devel
Lore: https://lore.kernel.org/r/20240227131555.477222132@linuxfoundation.org # linux-patches, stable
Lore: https://lore.kernel.org/r/20240227131602.466379837@linuxfoundation.org # linux-patches, stable
Lore: https://lore.kernel.org/r/20240227131615.987753526@linuxfoundation.org # linux-patches, stable
Lore: https://lore.kernel.org/r/20240227131622.689067738@linuxfoundation.org # linux-patches, stable
Lore: https://lore.kernel.org/r/20240227131634.405853804@linuxfoundation.org # linux-patches, stable
Lore: https://lore.kernel.org/r/20240227131640.933121095@linuxfoundation.org # linux-patches, stable
Syzbot: https://syzkaller.appspot.com/bug?extid=de4025c006ec68ac56fc
| -rw-r--r-- | net/netfilter/nf_tables_api.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c index f8e3f70c35bd55..90038d778f373f 100644 --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -1251,6 +1251,7 @@ static int nf_tables_updtable(struct nft_ctx *ctx) return 0; err_register_hooks: + ctx->table->flags |= NFT_TABLE_F_DORMANT; nft_trans_destroy(trans); return ret; } |