netfilter: nftables: fix possible UAF over chains from packet path in netns (767d1216) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux

Commit 767d1216 authored Feb 02, 2021 by

Pablo Neira Ayuso

netfilter: nftables: fix possible UAF over chains from packet path in netns

Although hooks are released via call_rcu(), chain and rule objects are
immediately released while packets are still walking over these bits.

This patch adds the .pre_exit callback which is invoked before
synchronize_rcu() in the netns framework to stay safe.

Remove a comment which is not valid anymore since the core does not use
synchronize_net() anymore since 8c873e21

 ("netfilter: core: free
hooks with call_rcu").

Suggested-by: Florian Westphal <fw@strlen.de>
Fixes: df05ef87

 ("netfilter: nf_tables: release objects on netns destruction")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent a3005b0f

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 0a0e5d47
· Feb 23, 2021

mentioned in commit 0a0e5d47

mentioned in commit 0a0e5d47670b753d3dbf88f3c77a97a30864d9bd

Toggle commit list
mirror @mirror
mentioned in commit b110391d
· Feb 23, 2021

mentioned in commit b110391d

mentioned in commit b110391d1e806167254d3c7ae5d637191d913175

Toggle commit list
mirror @mirror
mentioned in commit f9a43007
· Jun 04, 2022

mentioned in commit f9a43007

mentioned in commit f9a43007d3f7ba76d5e7f9421094f00f2ef202f8

Toggle commit list
mirror @mirror
mentioned in commit 3923b1e4
· Jun 04, 2022

mentioned in commit 3923b1e4

mentioned in commit 3923b1e4406680d57da7e873da77b1683035d83f

Toggle commit list
mirror @mirror
mentioned in commit 9ea55b9f
· Jun 07, 2022

mentioned in commit 9ea55b9f

mentioned in commit 9ea55b9f43533d30168aae0dfdc5c230b561ef69

Toggle commit list
mirror @mirror
mentioned in commit 9c413a8c
· Jun 07, 2022

mentioned in commit 9c413a8c

mentioned in commit 9c413a8c8bb49cc16796371805ecb260e885bb2b

Toggle commit list
mirror @mirror
mentioned in commit f2a489fa
· Jun 07, 2022

mentioned in commit f2a489fa

mentioned in commit f2a489faa5c67836a0a051644c86b1f1346f0f02

Toggle commit list
mirror @mirror
mentioned in commit a3940dcf
· Jun 07, 2022

mentioned in commit a3940dcf

mentioned in commit a3940dcf552f2393d1e8f263b386593f98abe829

Toggle commit list
mirror @mirror
mentioned in commit cc7c6e0a
· Jun 07, 2022

mentioned in commit cc7c6e0a

mentioned in commit cc7c6e0a8e1d45955b976943dbd4ba98448ceb46

Toggle commit list
mirror @mirror
mentioned in commit 86c0154f
· Jun 07, 2022

mentioned in commit 86c0154f

mentioned in commit 86c0154f4c3a56c5db8b9dd09e3ce885382c2c19

Toggle commit list
mirror @mirror
mentioned in commit e0c1b352
· May 31, 2023

mentioned in commit e0c1b352

mentioned in commit e0c1b35239d9bb98c3a356b930ca8f8eecef07ab

Toggle commit list
mirror @mirror
mentioned in commit 8b7454dd
· Jun 29, 2023

mentioned in commit 8b7454dd

mentioned in commit 8b7454dd984a75d0eaa6a02940c65cd3671fcddc

Toggle commit list
mirror @mirror
mentioned in commit b09e6ccf
· Nov 29, 2023

mentioned in commit b09e6ccf

mentioned in commit b09e6ccf0d12f9356e8e3508d3e3dce126298538

Toggle commit list
mirror @mirror
mentioned in commit c73955a0
· Jun 17, 2024

mentioned in commit c73955a0

mentioned in commit c73955a09408e7374d9abfd0e78ce3de9cda0635

Toggle commit list

Please register or to comment