Commit 67710c25 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso Committed by Lu Wei
Browse files

netfilter: nf_tables: reject unbound chain set before commit phase 

stable inclusion
from stable-v5.10.188
commit 237f37f7b9f075c34bf0468c390cdd7e2725d8b0
bugzilla: https://gitee.com/openeuler/kernel/issues/I86JB6

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=237f37f7b9f075c34bf0468c390cdd7e2725d8b0



--------------------------------

[ Upstream commit 62e1e94b ]

Use binding list to track set transaction and to check for unbound
chains before entering the commit phase.

Bail out if chain binding remain unused before entering the commit
step.

Fixes: d0e2c7de ("netfilter: nf_tables: add NFT_CHAIN_BINDING")
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarLu Wei <luwei32@huawei.com>
parent 31dc954c
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment