git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 2 Jan 2025 12:01:13 +0000 (13:01 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 17 Jan 2025 12:34:39 +0000 (13:34 +0100)
commit	d470b9259310f83787e7899830dfc43c9aa94e71
tree	0f3c94686bdbaf2993c1bd0ec6e87a751c902755	tree
parent	636d7b95c229a9bebd8aaf433efa2bfdb14df1ea	commit \| diff

netfilter: nf_tables: imbalance in flowtable binding

[ Upstream commit 13210fc63f353fe78584048079343413a3cdf819 ]

All these cases cause imbalance between BIND and UNBIND calls:

- Delete an interface from a flowtable with multiple interfaces

- Add a (device to a) flowtable with --check flag

- Delete a netns containing a flowtable

- In an interactive nft session, create a table with owner flag and
flowtable inside, then quit.

Fix it by calling FLOW_BLOCK_UNBIND when unregistering hooks, then
remove late FLOW_BLOCK_UNBIND call when destroying flowtable.

Fixes: ff4bf2f42a40 ("netfilter: nf_tables: add nft_unregister_flowtable_hook()")
Reported-by: Phil Sutter <phil@nwl.cc>
Tested-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>