netfilter: nftables: fix possible UAF over chains from packet path in netns (767d1216) · Commits · Mirrors / git.yoctoproject.org / linux-yocto · GitLab

Commit 767d1216 authored Feb 02, 2021 by

Pablo Neira Ayuso

netfilter: nftables: fix possible UAF over chains from packet path in netns



Although hooks are released via call_rcu(), chain and rule objects are
immediately released while packets are still walking over these bits.

This patch adds the .pre_exit callback which is invoked before
synchronize_rcu() in the netns framework to stay safe.

Remove a comment which is not valid anymore since the core does not use
synchronize_net() anymore since 8c873e21 ("netfilter: core: free
hooks with call_rcu").

Suggested-by: Florian Westphal <fw@strlen.de>
Fixes: df05ef87 ("netfilter: nf_tables: release objects on netns destruction")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent a3005b0f

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit e0c1b352
· Jun 06, 2023

mentioned in commit e0c1b352

mentioned in commit e0c1b35239d9bb98c3a356b930ca8f8eecef07ab

Toggle commit list
mirror @mirror
mentioned in commit 8b7454dd
· Jul 04, 2023

mentioned in commit 8b7454dd

mentioned in commit 8b7454dd984a75d0eaa6a02940c65cd3671fcddc

Toggle commit list
mirror @mirror
mentioned in commit b09e6ccf
· Dec 05, 2023

mentioned in commit b09e6ccf

mentioned in commit b09e6ccf0d12f9356e8e3508d3e3dce126298538

Toggle commit list

Please register or to comment