Commit 36e7f9b7 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Lu Wei
Browse files

netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR 

stable inclusion
from stable-v5.10.190
commit ab5a97a94b57324df76d659686ac2d30494170e6
bugzilla: https://gitee.com/openeuler/kernel/issues/I86JB6

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ab5a97a94b57324df76d659686ac2d30494170e6



--------------------------------

[ Upstream commit 0a771f7b ]

On error when building the rule, the immediate expression unbinds the
chain, hence objects can be deactivated by the transaction records.

Otherwise, it is possible to trigger the following warning:

 WARNING: CPU: 3 PID: 915 at net/netfilter/nf_tables_api.c:2013 nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
 CPU: 3 PID: 915 Comm: chain-bind-err- Not tainted 6.1.39 #1
 RIP: 0010:nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]

Fixes: 4bedf9ee ("netfilter: nf_tables: fix chain binding transaction logic")
Reported-by: default avatarKevin Rich <kevinrich1337@gmail.com>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarLu Wei <luwei32@huawei.com>
parent 17214237

net/netfilter/nft_immediate.c

+18 −9
Original line number Diff line number Diff line
@@ -125,15 +125,27 @@ static void nft_immediate_activate(const struct nft_ctx *ctx, 
	return nft_data_hold(&priv->data, nft_dreg_to_type(priv->dreg));

}



static void nft_immediate_chain_deactivate(const struct nft_ctx *ctx,

					   struct nft_chain *chain,

					   enum nft_trans_phase phase)

{

	struct nft_ctx chain_ctx;

	struct nft_rule *rule;



	chain_ctx = *ctx;

	chain_ctx.chain = chain;



	list_for_each_entry(rule, &chain->rules, list)

		nft_rule_expr_deactivate(&chain_ctx, rule, phase);

}



static void nft_immediate_deactivate(const struct nft_ctx *ctx,

				     const struct nft_expr *expr,

				     enum nft_trans_phase phase)

{

	const struct nft_immediate_expr *priv = nft_expr_priv(expr);

	const struct nft_data *data = &priv->data;

	struct nft_ctx chain_ctx;

	struct nft_chain *chain;

	struct nft_rule *rule;



	if (priv->dreg == NFT_REG_VERDICT) {

		switch (data->verdict.code) {
@@ -143,20 +155,17 @@ static void nft_immediate_deactivate(const struct nft_ctx *ctx, 
			if (!nft_chain_binding(chain))

				break;



			chain_ctx = *ctx;

			chain_ctx.chain = chain;



			list_for_each_entry(rule, &chain->rules, list)

				nft_rule_expr_deactivate(&chain_ctx, rule, phase);



			switch (phase) {

			case NFT_TRANS_PREPARE_ERROR:

				nf_tables_unbind_chain(ctx, chain);

				fallthrough;

				nft_deactivate_next(ctx->net, chain);

				break;

			case NFT_TRANS_PREPARE:

				nft_immediate_chain_deactivate(ctx, chain, phase);

				nft_deactivate_next(ctx->net, chain);

				break;

			default:

				nft_immediate_chain_deactivate(ctx, chain, phase);

				nft_chain_del(chain);

				chain->bound = false;

				chain->table->use--;