Commit 51a20f2a authored by Florian Westphal's avatar Florian Westphal Committed by Zheng Zengkai
Browse files

netfilter: conntrack: re-fetch conntrack after insertion 

stable inclusion
from stable-v5.10.120
commit 91a36ec160ec1a0c8f5352b772dffcbb0b6023e3
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I5L6BR

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=91a36ec160ec1a0c8f5352b772dffcbb0b6023e3



--------------------------------

commit 56b14ece upstream.

In case the conntrack is clashing, insertion can free skb->_nfct and
set skb->_nfct to the already-confirmed entry.

This wasn't found before because the conntrack entry and the extension
space used to free'd after an rcu grace period, plus the race needs
events enabled to trigger.

Reported-by: default avatar <syzbot+793a590957d9c1b96620@syzkaller.appspotmail.com>
Fixes: 71d8c47f ("netfilter: conntrack: introduce clash resolution on insertion race")
Fixes: 2ad9d774 ("netfilter: conntrack: free extension area immediately")
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
Acked-by: default avatarXie XiuQi <xiexiuqi@huawei.com>
parent 449535f8
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment