Commit 9e08dcef authored by David S. Miller's avatar David S. Miller
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 



Pablo Neir Ayuso says:

====================

The following patchset contains Netfilter fixes for net:

1) Hit ENOENT when trying to update an unexisting base chain.

2) Fix libmnl pkg-config usage in selftests, from Jeremy Sowden.

3) KASAN reports use-after-free when deleting a set element for an
   anonymous set that was already removed in the same transaction,
   reported by P. Sondej and P. Krysiuk.
====================

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parents c6d96df9 c1592a89

include/net/netfilter/nf_tables.h

+1 −0
Original line number Diff line number Diff line
@@ -619,6 +619,7 @@ struct nft_set_binding { 
};



enum nft_trans_phase;

void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set);

void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,

			      struct nft_set_binding *binding,

			      enum nft_trans_phase phase);

net/netfilter/nf_tables_api.c

+29 −12
Original line number Diff line number Diff line
@@ -2075,8 +2075,10 @@ static int nft_chain_parse_hook(struct net *net, 


	if (!basechain) {

		if (!ha[NFTA_HOOK_HOOKNUM] ||

		    !ha[NFTA_HOOK_PRIORITY])

			return -EINVAL;

		    !ha[NFTA_HOOK_PRIORITY]) {

			NL_SET_BAD_ATTR(extack, nla[NFTA_CHAIN_NAME]);

			return -ENOENT;

		}



		hook->num = ntohl(nla_get_be32(ha[NFTA_HOOK_HOOKNUM]));

		hook->priority = ntohl(nla_get_be32(ha[NFTA_HOOK_PRIORITY]));
@@ -5125,12 +5127,24 @@ static void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set, 
	}

}



void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set)

{

	if (nft_set_is_anonymous(set))

		nft_clear(ctx->net, set);



	set->use++;

}

EXPORT_SYMBOL_GPL(nf_tables_activate_set);



void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,

			      struct nft_set_binding *binding,

			      enum nft_trans_phase phase)

{

	switch (phase) {

	case NFT_TRANS_PREPARE:

		if (nft_set_is_anonymous(set))

			nft_deactivate_next(ctx->net, set);



		set->use--;

		return;

	case NFT_TRANS_ABORT:
@@ -7693,7 +7707,7 @@ static const struct nla_policy nft_flowtable_hook_policy[NFTA_FLOWTABLE_HOOK_MAX 
};



static int nft_flowtable_parse_hook(const struct nft_ctx *ctx,

				    const struct nlattr *attr,

				    const struct nlattr * const nla[],

				    struct nft_flowtable_hook *flowtable_hook,

				    struct nft_flowtable *flowtable,

				    struct netlink_ext_ack *extack, bool add)
@@ -7705,15 +7719,18 @@ static int nft_flowtable_parse_hook(const struct nft_ctx *ctx, 


	INIT_LIST_HEAD(&flowtable_hook->list);



	err = nla_parse_nested_deprecated(tb, NFTA_FLOWTABLE_HOOK_MAX, attr,

	err = nla_parse_nested_deprecated(tb, NFTA_FLOWTABLE_HOOK_MAX,

					  nla[NFTA_FLOWTABLE_HOOK],

					  nft_flowtable_hook_policy, NULL);

	if (err < 0)

		return err;



	if (add) {

		if (!tb[NFTA_FLOWTABLE_HOOK_NUM] ||

		    !tb[NFTA_FLOWTABLE_HOOK_PRIORITY])

			return -EINVAL;

		    !tb[NFTA_FLOWTABLE_HOOK_PRIORITY]) {

			NL_SET_BAD_ATTR(extack, nla[NFTA_FLOWTABLE_NAME]);

			return -ENOENT;

		}



		hooknum = ntohl(nla_get_be32(tb[NFTA_FLOWTABLE_HOOK_NUM]));

		if (hooknum != NF_NETDEV_INGRESS)
@@ -7898,8 +7915,8 @@ static int nft_flowtable_update(struct nft_ctx *ctx, const struct nlmsghdr *nlh, 
	u32 flags;

	int err;



	err = nft_flowtable_parse_hook(ctx, nla[NFTA_FLOWTABLE_HOOK],

				       &flowtable_hook, flowtable, extack, false);

	err = nft_flowtable_parse_hook(ctx, nla, &flowtable_hook, flowtable,

				       extack, false);

	if (err < 0)

		return err;
@@ -8044,8 +8061,8 @@ static int nf_tables_newflowtable(struct sk_buff *skb, 
	if (err < 0)

		goto err3;



	err = nft_flowtable_parse_hook(&ctx, nla[NFTA_FLOWTABLE_HOOK],

				       &flowtable_hook, flowtable, extack, true);

	err = nft_flowtable_parse_hook(&ctx, nla, &flowtable_hook, flowtable,

				       extack, true);

	if (err < 0)

		goto err4;
@@ -8107,8 +8124,8 @@ static int nft_delflowtable_hook(struct nft_ctx *ctx, 
	struct nft_trans *trans;

	int err;



	err = nft_flowtable_parse_hook(ctx, nla[NFTA_FLOWTABLE_HOOK],

				       &flowtable_hook, flowtable, extack, false);

	err = nft_flowtable_parse_hook(ctx, nla, &flowtable_hook, flowtable,

				       extack, false);

	if (err < 0)

		return err;

net/netfilter/nft_dynset.c

+1 −1
Original line number Diff line number Diff line
@@ -342,7 +342,7 @@ static void nft_dynset_activate(const struct nft_ctx *ctx, 
{

	struct nft_dynset *priv = nft_expr_priv(expr);



	priv->set->use++;

	nf_tables_activate_set(ctx, priv->set);

}



static void nft_dynset_destroy(const struct nft_ctx *ctx,

net/netfilter/nft_lookup.c

+1 −1
Original line number Diff line number Diff line
@@ -167,7 +167,7 @@ static void nft_lookup_activate(const struct nft_ctx *ctx, 
{

	struct nft_lookup *priv = nft_expr_priv(expr);



	priv->set->use++;

	nf_tables_activate_set(ctx, priv->set);

}



static void nft_lookup_destroy(const struct nft_ctx *ctx,

net/netfilter/nft_objref.c

+1 −1
Original line number Diff line number Diff line
@@ -185,7 +185,7 @@ static void nft_objref_map_activate(const struct nft_ctx *ctx, 
{

	struct nft_objref_map *priv = nft_expr_priv(expr);



	priv->set->use++;

	nf_tables_activate_set(ctx, priv->set);

}



static void nft_objref_map_destroy(const struct nft_ctx *ctx,