Fixes for 5.10

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-5.10/netfilter-nf_tables-validate-family-when-identifying.patch b/queue-5.10/netfilter-nf_tables-validate-family-when-identifying.patch
new file mode 100644 (file)
index 0000000..5137d53
--- /dev/null
+++ b/queue-5.10/netfilter-nf_tables-validate-family-when-identifying.patch
@@ -0,0 +1,53 @@
+From 860e48741a8172c4c0f2539f9f674fa53d36eea0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 27 Jun 2024 02:41:13 +0200
+Subject: netfilter: nf_tables: validate family when identifying table via
+ handle
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+[ Upstream commit f6e1532a2697b81da00bfb184e99d15e01e9d98c ]
+
+Validate table family when looking up for it via NFTA_TABLE_HANDLE.
+
+Fixes: 3ecbfd65f50e ("netfilter: nf_tables: allocate handle and delete objects via handle")
+Reported-by: Xingyuan Mo <hdthky0@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/netfilter/nf_tables_api.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
+index f3cb5c9202760..754278b857068 100644
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -713,7 +713,7 @@ static struct nft_table *nft_table_lookup(const struct net *net,
+ 
+ static struct nft_table *nft_table_lookup_byhandle(const struct net *net,
+                                                  const struct nlattr *nla,
+-                                                 u8 genmask)
++                                                 int family, u8 genmask)
+ {
+       struct nftables_pernet *nft_net;
+       struct nft_table *table;
+@@ -721,6 +721,7 @@ static struct nft_table *nft_table_lookup_byhandle(const struct net *net,
+       nft_net = net_generic(net, nf_tables_net_id);
+       list_for_each_entry(table, &nft_net->tables, list) {
+               if (be64_to_cpu(nla_get_be64(nla)) == table->handle &&
++                  table->family == family &&
+                   nft_active_genmask(table, genmask))
+                       return table;
+       }
+@@ -1440,7 +1441,7 @@ static int nf_tables_deltable(struct net *net, struct sock *nlsk,
+ 
+       if (nla[NFTA_TABLE_HANDLE]) {
+               attr = nla[NFTA_TABLE_HANDLE];
+-              table = nft_table_lookup_byhandle(net, attr, genmask);
++              table = nft_table_lookup_byhandle(net, attr, family, genmask);
+       } else {
+               attr = nla[NFTA_TABLE_NAME];
+               table = nft_table_lookup(net, attr, family, genmask);
+-- 
+2.43.0
+

diff --git a/queue-5.10/series b/queue-5.10/series
index 727cc43f603812bc29040e3aab236c6840facc7f..394321e3c1602b8c65777f281f359b0a2ceba2dc 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -262,3 +262,4 @@ pinctrl-rockchip-separate-struct-rockchip_pin_bank-t.patch
 pinctrl-rockchip-use-dedicated-pinctrl-type-for-rk33.patch
 pinctrl-rockchip-fix-pinmux-reset-in-rockchip_pmx_se.patch
 drm-amdgpu-fix-ubsan-warning-in-kv_dpm.c.patch
+netfilter-nf_tables-validate-family-when-identifying.patch