netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR (0a771f7b) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux · GitLab

Commit 0a771f7b authored Jul 23, 2023 by

Pablo Neira Ayuso Committed by Florian Westphal Jul 26, 2023

netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR

On error when building the rule, the immediate expression unbinds the
chain, hence objects can be deactivated by the transaction records.

Otherwise, it is possible to trigger the following warning:

 WARNING: CPU: 3 PID: 915 at net/netfilter/nf_tables_api.c:2013 nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]
 CPU: 3 PID: 915 Comm: chain-bind-err- Not tainted 6.1.39 #1
 RIP: 0010:nf_tables_chain_destroy+0x1f7/0x210 [nf_tables]

Fixes: 4bedf9ee

 ("netfilter: nf_tables: fix chain binding transaction logic")
Reported-by: Kevin Rich <kevinrich1337@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>

parent f718863a

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 98bcfcae
· Aug 04, 2023

mentioned in commit 98bcfcae

mentioned in commit 98bcfcaecc76c4be288278c213b47d36292f40fa

Toggle commit list

Please register or to comment