git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 2 Jan 2025 12:01:13 +0000 (13:01 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 23 Jan 2025 16:15:50 +0000 (17:15 +0100)
commit	2f2c1ce86708cfd1929355f74fc766f502470e7e
tree	28780cdb3dc447a7698614dea7e9ef79e6d28437	tree
parent	6d6ce5f75d0e4fe1f9501e978d4b543263f384e2	commit \| diff

netfilter: nf_tables: imbalance in flowtable binding

[ Upstream commit 13210fc63f353fe78584048079343413a3cdf819 ]

All these cases cause imbalance between BIND and UNBIND calls:

- Delete an interface from a flowtable with multiple interfaces

- Add a (device to a) flowtable with --check flag

- Delete a netns containing a flowtable

- In an interactive nft session, create a table with owner flag and
flowtable inside, then quit.

Fix it by calling FLOW_BLOCK_UNBIND when unregistering hooks, then
remove late FLOW_BLOCK_UNBIND call when destroying flowtable.

Fixes: ff4bf2f42a40 ("netfilter: nf_tables: add nft_unregister_flowtable_hook()")
Reported-by: Phil Sutter <phil@nwl.cc>
Tested-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>