Commit 36e7f9b7 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Lu Wei
Browse files

netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR 

stable inclusion
from stable-v5.10.190
commit ab5a97a94b57324df76d659686ac2d30494170e6
bugzilla: https://gitee.com/openeuler/kernel/issues/I86JB6

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ab5a97a94b57324df76d659686ac2d30494170e6



--------------------------------

[ Upstream commit 0a771f7b ]

On error when building the rule, the immediate expression unbinds the
chain, hence objects can be deactivated by the transaction records.

Otherwise, it is possible to trigger the following warning:

 WARNING: CPU: 3 PID: 915 at net/netfilter/nf_tables_api.c:2013 nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
 CPU: 3 PID: 915 Comm: chain-bind-err- Not tainted 6.1.39 #1
 RIP: 0010:nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]

Fixes: 4bedf9ee ("netfilter: nf_tables: fix chain binding transaction logic")
Reported-by: default avatarKevin Rich <kevinrich1337@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarLu Wei <luwei32@huawei.com>
parent 17214237
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment