Commit fd2a55e7 authored by Jakub Kicinski's avatar Jakub Kicinski
Browse files

Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 

Pablo Neira Ayuso says:

====================
Netfilter fixes for net

1) Fix broken listing of set elements when table has an owner.

2) Fix conntrack refcount leak in ctnetlink with related conntrack
   entries, from Hangyu Hua.

3) Fix use-after-free/double-free in ctnetlink conntrack insert path,
   from Florian Westphal.

4) Fix ip6t_rpfilter with VRF, from Phil Sutter.

5) Fix use-after-free in ebtables reported by syzbot, also from Florian.

6) Use skb->len in xt_length to deal with IPv6 jumbo packets,
   from Xin Long.

7) Fix NETLINK_LISTEN_ALL_NSID with ctnetlink, from Florian Westphal.

8) Fix memleak in {ip_,ip6_,arp_}tables in ENOMEM error case,
   from Pavel Tikhomirov.

* git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf:
  netfilter: x_tables: fix percpu counter block leak on error path when creating new netns
  netfilter: ctnetlink: make event listener tracking global
  netfilter: xt_length: use skb len to match in length_mt6
  netfilter: ebtables: fix table blob use-after-free
  netfilter: ip6t_rpfilter: Fix regression with VRF interfaces
  netfilter: conntrack: fix rmmod double-free race
  netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
  netfilter: nf_tables: allow to fetch set elements when table has an owner
====================

Link: https://lore.kernel.org/r/20230222092137.88637-1-pablo@netfilter.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents 67d93ffc 0af8c09c

include/linux/netfilter.h

+5 −0
Original line number Diff line number Diff line
@@ -491,4 +491,9 @@ extern const struct nfnl_ct_hook __rcu *nfnl_ct_hook; 
 */

DECLARE_PER_CPU(bool, nf_skb_duplicated);



/**

 * Contains bitmask of ctnetlink event subscribers, if any.

 * Can't be pernet due to NETLINK_LISTEN_ALL_NSID setsockopt flag.

 */

extern u8 nf_ctnetlink_has_listener;

#endif /*__LINUX_NETFILTER_H*/

include/net/netns/conntrack.h

+0 −1
Original line number Diff line number Diff line
@@ -95,7 +95,6 @@ struct nf_ip_net { 


struct netns_ct {

#ifdef CONFIG_NF_CONNTRACK_EVENTS

	u8 ctnetlink_has_listener;

	bool ecache_dwork_pending;

#endif

	u8			sysctl_log_invalid; /* Log invalid packets */

net/bridge/netfilter/ebtables.c

+1 −1
Original line number Diff line number Diff line
@@ -1090,7 +1090,7 @@ static int do_replace_finish(struct net *net, struct ebt_replace *repl, 


	audit_log_nfcfg(repl->name, AF_BRIDGE, repl->nentries,

			AUDIT_XT_OP_REPLACE, GFP_KERNEL);

	return ret;

	return 0;



free_unlock:

	mutex_unlock(&ebt_mutex);

net/ipv4/netfilter/arp_tables.c

+4 −0
Original line number Diff line number Diff line
@@ -1525,6 +1525,10 @@ int arpt_register_table(struct net *net, 


	new_table = xt_register_table(net, table, &bootstrap, newinfo);

	if (IS_ERR(new_table)) {

		struct arpt_entry *iter;



		xt_entry_foreach(iter, loc_cpu_entry, newinfo->size)

			cleanup_entry(iter, net);

		xt_free_table_info(newinfo);

		return PTR_ERR(new_table);

	}

net/ipv4/netfilter/ip_tables.c

+5 −2
Original line number Diff line number Diff line
@@ -1045,7 +1045,6 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks, 
	struct xt_counters *counters;

	struct ipt_entry *iter;



	ret = 0;

	counters = xt_counters_alloc(num_counters);

	if (!counters) {

		ret = -ENOMEM;
@@ -1091,7 +1090,7 @@ __do_replace(struct net *net, const char *name, unsigned int valid_hooks, 
		net_warn_ratelimited("iptables: counters copy to user failed while replacing table\n");

	}

	vfree(counters);

	return ret;

	return 0;



 put_module:

	module_put(t->me);
@@ -1742,6 +1741,10 @@ int ipt_register_table(struct net *net, const struct xt_table *table, 


	new_table = xt_register_table(net, table, &bootstrap, newinfo);

	if (IS_ERR(new_table)) {

		struct ipt_entry *iter;



		xt_entry_foreach(iter, loc_cpu_entry, newinfo->size)

			cleanup_entry(iter, net);

		xt_free_table_info(newinfo);

		return PTR_ERR(new_table);

	}