netfilter: nf_tables: discard table flag update with pending basechain deletion (5afcd3b6) · Commits · EulixOS / Software / Kernel

net/netfilter/nf_tables_api.c

+19 −1

Original line number	Diff line number	Diff line
		@@ -1084,6 +1084,24 @@ static void nf_tables_table_disable(struct net net, struct nft_table table)
		#define __NFT_TABLE_F_UPDATE (__NFT_TABLE_F_WAS_DORMANT \| \
		__NFT_TABLE_F_WAS_AWAKEN)

		static bool nft_table_pending_update(const struct nft_ctx *ctx)
		{
		struct nftables_pernet *nft_net = net_generic(ctx->net, nf_tables_net_id);
		struct nft_trans *trans;

		if (ctx->table->flags & __NFT_TABLE_F_UPDATE)
		return true;

		list_for_each_entry(trans, &nft_net->commit_list, list) {
		if (trans->ctx.table == ctx->table &&
		trans->msg_type == NFT_MSG_DELCHAIN &&
		nft_is_base_chain(trans->ctx.chain))
		return true;
		}

		return false;
		}

		static int nf_tables_updtable(struct nft_ctx *ctx)
		{
		struct nft_trans *trans;
		@@ -1101,7 +1119,7 @@ static int nf_tables_updtable(struct nft_ctx *ctx)
		return 0;

		/* No dormant off/on/off/on games in single transaction */
		if (ctx->table->flags & __NFT_TABLE_F_UPDATE)
		if (nft_table_pending_update(ctx))
		return -EINVAL;

		trans = nft_trans_alloc(ctx, NFT_MSG_NEWTABLE,