queue-5.4/netfilter-nf_tables-discard-table-flag-update-with-p.patch

   1 From 324d2cef4bf9cc6d6a6d43761142151960d72901 Mon Sep 17 00:00:00 2001
   2 From: Sasha Levin <sashal@kernel.org>
   3 Date: Mon, 8 Apr 2024 23:21:42 +0200
   4 Subject: netfilter: nf_tables: discard table flag update with pending
   5  basechain deletion
   6
   7 From: Pablo Neira Ayuso <pablo@netfilter.org>
   8
   9 commit 1bc83a019bbe268be3526406245ec28c2458a518 upstream.
  10
  11 Hook unregistration is deferred to the commit phase, same occurs with
  12 hook updates triggered by the table dormant flag. When both commands are
  13 combined, this results in deleting a basechain while leaving its hook
  14 still registered in the core.
  15
  16 Fixes: 179d9ba5559a ("netfilter: nf_tables: fix table flag updates")
  17 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  18 Signed-off-by: Sasha Levin <sashal@kernel.org>
  19 ---
  20  net/netfilter/nf_tables_api.c | 20 +++++++++++++++++++-
  21  1 file changed, 19 insertions(+), 1 deletion(-)
  22
  23 diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
  24 index 8dd7efb3b8f7b..b4bb93b9aafc7 100644
  25 --- a/net/netfilter/nf_tables_api.c
  26 +++ b/net/netfilter/nf_tables_api.c
  27 @@ -903,6 +903,24 @@ static void nf_tables_table_disable(struct net *net, struct nft_table *table)
  28  #define __NFT_TABLE_F_UPDATE           (__NFT_TABLE_F_WAS_DORMANT | \
  29                                          __NFT_TABLE_F_WAS_AWAKEN)
  30
  31 +static bool nft_table_pending_update(const struct nft_ctx *ctx)
  32 +{
  33 +       struct nftables_pernet *nft_net = net_generic(ctx->net, nf_tables_net_id);
  34 +       struct nft_trans *trans;
  35 +
  36 +       if (ctx->table->flags & __NFT_TABLE_F_UPDATE)
  37 +               return true;
  38 +
  39 +       list_for_each_entry(trans, &nft_net->commit_list, list) {
  40 +               if (trans->ctx.table == ctx->table &&
  41 +                   trans->msg_type == NFT_MSG_DELCHAIN &&
  42 +                   nft_is_base_chain(trans->ctx.chain))
  43 +                       return true;
  44 +       }
  45 +
  46 +       return false;
  47 +}
  48 +
  49  static int nf_tables_updtable(struct nft_ctx *ctx)
  50  {
  51         struct nft_trans *trans;
  52 @@ -920,7 +938,7 @@ static int nf_tables_updtable(struct nft_ctx *ctx)
  53                 return 0;
  54
  55         /* No dormant off/on/off/on games in single transaction */
  56 -       if (ctx->table->flags & __NFT_TABLE_F_UPDATE)
  57 +       if (nft_table_pending_update(ctx))
  58                 return -EINVAL;
  59
  60         trans = nft_trans_alloc(ctx, NFT_MSG_NEWTABLE,
  61 --
  62 2.43.0
  63