Commit 366f309c authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Zhengchao Shao
Browse files

netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain 

stable inclusion
from stable-v5.10.210
commit 9489e214ea8f2a90345516016aa51f2db3a8cc2f
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9E49K
CVE: CVE-2024-26808

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9489e214ea8f2a90345516016aa51f2db3a8cc2f



--------------------------------

commit 01acb2e8666a6529697141a6017edbf206921913 upstream.

Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER
event is reported, otherwise a stale reference to netdevice remains in
the hook list.

Fixes: 60a3815d ("netfilter: add inet ingress support")
Cc: stable@vger.kernel.org
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarZhengchao Shao <shaozhengchao@huawei.com>
parent 4134526a

net/netfilter/nft_chain_filter.c

+9 −2
Original line number Diff line number Diff line
@@ -358,9 +358,10 @@ static int nf_tables_netdev_event(struct notifier_block *this, 
				  unsigned long event, void *ptr)

{

	struct net_device *dev = netdev_notifier_info_to_dev(ptr);

	struct nft_base_chain *basechain;

	struct nftables_pernet *nft_net;

	struct nft_table *table;

	struct nft_chain *chain, *nr;

	struct nft_table *table;

	struct nft_ctx ctx = {

		.net	= dev_net(dev),

	};
@@ -372,7 +373,8 @@ static int nf_tables_netdev_event(struct notifier_block *this, 
	nft_net = net_generic(ctx.net, nf_tables_net_id);

	mutex_lock(&nft_net->commit_mutex);

	list_for_each_entry(table, &nft_net->tables, list) {

		if (table->family != NFPROTO_NETDEV)

		if (table->family != NFPROTO_NETDEV &&

		    table->family != NFPROTO_INET)

			continue;



		ctx.family = table->family;
@@ -381,6 +383,11 @@ static int nf_tables_netdev_event(struct notifier_block *this, 
			if (!nft_is_base_chain(chain))

				continue;



			basechain = nft_base_chain(chain);

			if (table->family == NFPROTO_INET &&

			    basechain->ops.hooknum != NF_INET_INGRESS)

				continue;



			ctx.chain = chain;

			nft_netdev_event(event, dev, &ctx);

		}