queue-6.1/netfilter-nf_tables-release-batch-on-table-validatio.patch

   1 From 1bcc57ba8d1bfd4fd44578a4d97e8a7a2490f9e3 Mon Sep 17 00:00:00 2001
   2 From: Sasha Levin <sashal@kernel.org>
   3 Date: Mon, 8 Apr 2024 23:18:32 +0200
   4 Subject: netfilter: nf_tables: release batch on table validation from abort
   5  path
   6
   7 From: Pablo Neira Ayuso <pablo@netfilter.org>
   8
   9 commit a45e6889575c2067d3c0212b6bc1022891e65b91 upstream.
  10
  11 Unlike early commit path stage which triggers a call to abort, an
  12 explicit release of the batch is required on abort, otherwise mutex is
  13 released and commit_list remains in place.
  14
  15 Add WARN_ON_ONCE to ensure commit_list is empty from the abort path
  16 before releasing the mutex.
  17
  18 After this patch, commit_list is always assumed to be empty before
  19 grabbing the mutex, therefore
  20
  21   03c1f1ef1584 ("netfilter: Cleanup nft_net->module_list from nf_tables_exit_net()")
  22
  23 only needs to release the pending modules for registration.
  24
  25 Cc: stable@vger.kernel.org
  26 Fixes: c0391b6ab810 ("netfilter: nf_tables: missing validation from the abort path")
  27 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  28 Signed-off-by: Sasha Levin <sashal@kernel.org>
  29 ---
  30  net/netfilter/nf_tables_api.c | 14 +++++++++-----
  31  1 file changed, 9 insertions(+), 5 deletions(-)
  32
  33 diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
  34 index 8d38cd5047692..6b032a90e2b15 100644
  35 --- a/net/netfilter/nf_tables_api.c
  36 +++ b/net/netfilter/nf_tables_api.c
  37 @@ -9902,10 +9902,11 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
  38         struct nft_trans *trans, *next;
  39         LIST_HEAD(set_update_list);
  40         struct nft_trans_elem *te;
  41 +       int err = 0;
  42
  43         if (action == NFNL_ABORT_VALIDATE &&
  44             nf_tables_validate(net) < 0)
  45 -               return -EAGAIN;
  46 +               err = -EAGAIN;
  47
  48         list_for_each_entry_safe_reverse(trans, next, &nft_net->commit_list,
  49                                          list) {
  50 @@ -10081,7 +10082,7 @@ static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
  51         else
  52                 nf_tables_module_autoload_cleanup(net);
  53
  54 -       return 0;
  55 +       return err;
  56  }
  57
  58  static int nf_tables_abort(struct net *net, struct sk_buff *skb,
  59 @@ -10095,6 +10096,8 @@ static int nf_tables_abort(struct net *net, struct sk_buff *skb,
  60         ret = __nf_tables_abort(net, action);
  61         nft_gc_seq_end(nft_net, gc_seq);
  62
  63 +       WARN_ON_ONCE(!list_empty(&nft_net->commit_list));
  64 +
  65         mutex_unlock(&nft_net->commit_mutex);
  66
  67         return ret;
  68 @@ -10892,9 +10895,10 @@ static void __net_exit nf_tables_exit_net(struct net *net)
  69
  70         gc_seq = nft_gc_seq_begin(nft_net);
  71
  72 -       if (!list_empty(&nft_net->commit_list) ||
  73 -           !list_empty(&nft_net->module_list))
  74 -               __nf_tables_abort(net, NFNL_ABORT_NONE);
  75 +       WARN_ON_ONCE(!list_empty(&nft_net->commit_list));
  76 +
  77 +       if (!list_empty(&nft_net->module_list))
  78 +               nf_tables_module_autoload_cleanup(net);
  79
  80         __nft_release_tables(net);
  81
  82 --
  83 2.43.0
  84