git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Florian Westphal <fw@strlen.de>
	Wed, 29 Apr 2026 06:21:35 +0000 (08:21 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 30 Apr 2026 06:03:22 +0000 (08:03 +0200)
commit	63bac027860308d1344f761cb47aabb3b30973fd
tree	912a0f2415b60262501a36e17e853e1d5be320af	tree \| snapshot
parent	8bedb6c46945752a688d9b0cf2021e0e68b1876c	commit \| diff

netfilter: nf_tables: fix netdev hook allocation memleak with dormant tables

sashiko says:
could the related code in __nf_tables_abort() leak the struct nft_hook objects when the table is dormant?

In __nf_tables_abort(), when rolling back a NEWCHAIN transaction that
updates hooks, the code conditionally unregisters and frees the hooks only
if the table is not dormant [..]
            if (!(table->flags & NFT_TABLE_F_DORMANT)) {
                nft_netdev_unregister_hooks(net,
                                            &nft_trans_chain_hooks(trans),
                                            true);
            }
            ...
            nft_trans_destroy(trans);

Unfortunately netdev family mixes hook registration and allocation.
Push table struct down and only check for the flag to unregister.

Fixes: 216e7bf7402c ("netfilter: nf_tables: skip netdev hook unregistration if table is dormant")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>