queue-6.6/netfilter-nf_tables-discard-table-flag-update-with-pending-basechain-deletion.patch

   1 From 1bc83a019bbe268be3526406245ec28c2458a518 Mon Sep 17 00:00:00 2001
   2 From: Pablo Neira Ayuso <pablo@netfilter.org>
   3 Date: Wed, 3 Apr 2024 19:35:30 +0200
   4 Subject: netfilter: nf_tables: discard table flag update with pending basechain deletion
   5
   6 From: Pablo Neira Ayuso <pablo@netfilter.org>
   7
   8 commit 1bc83a019bbe268be3526406245ec28c2458a518 upstream.
   9
  10 Hook unregistration is deferred to the commit phase, same occurs with
  11 hook updates triggered by the table dormant flag. When both commands are
  12 combined, this results in deleting a basechain while leaving its hook
  13 still registered in the core.
  14
  15 Fixes: 179d9ba5559a ("netfilter: nf_tables: fix table flag updates")
  16 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  17 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  18 ---
  19  net/netfilter/nf_tables_api.c |    9 +++++----
  20  1 file changed, 5 insertions(+), 4 deletions(-)
  21
  22 --- a/net/netfilter/nf_tables_api.c
  23 +++ b/net/netfilter/nf_tables_api.c
  24 @@ -1209,10 +1209,11 @@ static bool nft_table_pending_update(con
  25                 return true;
  26
  27         list_for_each_entry(trans, &nft_net->commit_list, list) {
  28 -               if ((trans->msg_type == NFT_MSG_NEWCHAIN ||
  29 -                    trans->msg_type == NFT_MSG_DELCHAIN) &&
  30 -                   trans->ctx.table == ctx->table &&
  31 -                   nft_trans_chain_update(trans))
  32 +               if (trans->ctx.table == ctx->table &&
  33 +                   ((trans->msg_type == NFT_MSG_NEWCHAIN &&
  34 +                     nft_trans_chain_update(trans)) ||
  35 +                    (trans->msg_type == NFT_MSG_DELCHAIN &&
  36 +                     nft_is_base_chain(trans->ctx.chain))))
  37                         return true;
  38         }
  39