netfilter: nftables: fix possible UAF over chains from packet path in netns
Although hooks are released via call_rcu(), chain and rule objects are immediately released while packets are still walking over these bits. This patch adds the .pre_exit callback which is invoked before synchronize_rcu() in the netns framework to stay safe. Remove a comment which is not valid anymore since the core does not use synchronize_net() anymore since 8c873e21 ("netfilter: core: free hooks with call_rcu"). Suggested-by: Florian Westphal <fw@strlen.de> Fixes: df05ef87 ("netfilter: nf_tables: release objects on netns destruction") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
parent
a3005b0f
-
mentioned in commit 0a0e5d47
-
mentioned in commit b110391d
-
mentioned in commit f9a43007
-
mentioned in commit 3923b1e4
-
mentioned in commit 9ea55b9f
-
mentioned in commit 9c413a8c
-
mentioned in commit f2a489fa
-
mentioned in commit a3940dcf
-
mentioned in commit cc7c6e0a
-
mentioned in commit 86c0154f
-
mentioned in commit e0c1b352
-
mentioned in commit 8b7454dd
-
mentioned in commit b09e6ccf
-
mentioned in commit c73955a0
Please register or sign in to comment