diff mbox series

[net,1/3] netfilter: nf_tables: disable toggling dormant table state more than once

Message ID 20230920084156.4192-2-fw@strlen.de (mailing list archive)
State Accepted
Commit c9bd26513b3a11b3adb3c2ed8a31a01a87173ff1
Delegated to: Netdev Maintainers
Headers show
Series [net,1/3] netfilter: nf_tables: disable toggling dormant table state more than once | expand

Checks

Context Check Description
netdev/series_format success Pull request is its own cover letter
netdev/tree_selection success Clearly marked for net
netdev/fixes_present success Fixes tag present in non-next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 1356 this patch: 1356
netdev/cc_maintainers fail 1 blamed authors not CCed: pablo@netfilter.org; 3 maintainers not CCed: kadlec@netfilter.org pablo@netfilter.org coreteam@netfilter.org
netdev/build_clang success Errors and warnings before: 1363 this patch: 1363
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success Fixes tag looks correct
netdev/build_allmodconfig_warn success Errors and warnings before: 1379 this patch: 1379
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 10 lines checked
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0

Commit Message

Florian Westphal Sept. 20, 2023, 8:41 a.m. UTC 
nft -f -<<EOF
add table ip t
add table ip t { flags dormant; }
add chain ip t c { type filter hook input priority 0; }
add table ip t
EOF

Triggers a splat from nf core on next table delete because we lose
track of right hook register state:

WARNING: CPU: 2 PID: 1597 at net/netfilter/core.c:501 __nf_unregister_net_hook
RIP: 0010:__nf_unregister_net_hook+0x41b/0x570
 nf_unregister_net_hook+0xb4/0xf0
 __nf_tables_unregister_hook+0x160/0x1d0
[..]

The above should have table in *active* state, but in fact no
hooks were registered.

Reject on/off/on games rather than attempting to fix this.

Fixes: 179d9ba5559a ("netfilter: nf_tables: fix table flag updates")
Reported-by: "Lee, Cherie-Anne" <cherie.lee@starlabs.sg>
Cc: Bing-Jhong Billy Jheng <billy@starlabs.sg>
Cc: info@starlabs.sg
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 net/netfilter/nf_tables_api.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

patchwork-bot+netdevbpf@kernel.org Sept. 21, 2023, 9:20 a.m. UTC | #1 
Hello:

This series was applied to netdev/net.git (main)
by Florian Westphal <fw@strlen.de>:

On Wed, 20 Sep 2023 10:41:49 +0200 you wrote:
> nft -f -<<EOF
> add table ip t
> add table ip t { flags dormant; }
> add chain ip t c { type filter hook input priority 0; }
> add table ip t
> EOF
> 
> [...]

Here is the summary with links:
  - [net,1/3] netfilter: nf_tables: disable toggling dormant table state more than once
    https://git.kernel.org/netdev/net/c/c9bd26513b3a
  - [net,2/3] netfilter: nf_tables: fix memleak when more than 255 elements expired
    https://git.kernel.org/netdev/net/c/cf5000a7787c
  - [net,3/3] netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP
    https://git.kernel.org/netdev/net/c/7433b6d2afd5

You are awesome, thank you!
diff mbox series

Patch

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index d819b4d42962..a3680638ec60 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -1219,6 +1219,10 @@  static int nf_tables_updtable(struct nft_ctx *ctx)
 	     flags & NFT_TABLE_F_OWNER))
 		return -EOPNOTSUPP;
 
+	/* No dormant off/on/off/on games in single transaction */
+	if (ctx->table->flags & __NFT_TABLE_F_UPDATE)
+		return -EINVAL;
+
 	trans = nft_trans_alloc(ctx, NFT_MSG_NEWTABLE,
 				sizeof(struct nft_trans_table));
 	if (trans == NULL)