From d118d29e68761b7512a1e83bd0afd534d5ee930b Mon Sep 17 00:00:00 2001
From: Sasha Levin <sashal@kernel.org>
Date: Thu, 27 Jun 2024 20:21:23 -0400
Subject: [PATCH] Fixes for 5.10

Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 ...les-validate-family-when-identifying.patch | 53 +++++++++++++++++++
 queue-5.10/series                             |  1 +
 2 files changed, 54 insertions(+)
 create mode 100644 queue-5.10/netfilter-nf_tables-validate-family-when-identifying.patch

diff --git a/queue-5.10/netfilter-nf_tables-validate-family-when-identifying.patch b/queue-5.10/netfilter-nf_tables-validate-family-when-identifying.patch
new file mode 100644
index 00000000000..5137d5330e9
--- /dev/null
+++ b/queue-5.10/netfilter-nf_tables-validate-family-when-identifying.patch
@@ -0,0 +1,53 @@
+From 860e48741a8172c4c0f2539f9f674fa53d36eea0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 27 Jun 2024 02:41:13 +0200
+Subject: netfilter: nf_tables: validate family when identifying table via
+ handle
+
+From: Pablo Neira Ayuso <pablo@netfilter.org>
+
+[ Upstream commit f6e1532a2697b81da00bfb184e99d15e01e9d98c ]
+
+Validate table family when looking up for it via NFTA_TABLE_HANDLE.
+
+Fixes: 3ecbfd65f50e ("netfilter: nf_tables: allocate handle and delete objects via handle")
+Reported-by: Xingyuan Mo <hdthky0@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/netfilter/nf_tables_api.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
+index f3cb5c9202760..754278b857068 100644
+--- a/net/netfilter/nf_tables_api.c
++++ b/net/netfilter/nf_tables_api.c
+@@ -713,7 +713,7 @@ static struct nft_table *nft_table_lookup(const struct net *net,
+ 
+ static struct nft_table *nft_table_lookup_byhandle(const struct net *net,
+ 						   const struct nlattr *nla,
+-						   u8 genmask)
++						   int family, u8 genmask)
+ {
+ 	struct nftables_pernet *nft_net;
+ 	struct nft_table *table;
+@@ -721,6 +721,7 @@ static struct nft_table *nft_table_lookup_byhandle(const struct net *net,
+ 	nft_net = net_generic(net, nf_tables_net_id);
+ 	list_for_each_entry(table, &nft_net->tables, list) {
+ 		if (be64_to_cpu(nla_get_be64(nla)) == table->handle &&
++		    table->family == family &&
+ 		    nft_active_genmask(table, genmask))
+ 			return table;
+ 	}
+@@ -1440,7 +1441,7 @@ static int nf_tables_deltable(struct net *net, struct sock *nlsk,
+ 
+ 	if (nla[NFTA_TABLE_HANDLE]) {
+ 		attr = nla[NFTA_TABLE_HANDLE];
+-		table = nft_table_lookup_byhandle(net, attr, genmask);
++		table = nft_table_lookup_byhandle(net, attr, family, genmask);
+ 	} else {
+ 		attr = nla[NFTA_TABLE_NAME];
+ 		table = nft_table_lookup(net, attr, family, genmask);
+-- 
+2.43.0
+
diff --git a/queue-5.10/series b/queue-5.10/series
index 727cc43f603..394321e3c16 100644
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -262,3 +262,4 @@ pinctrl-rockchip-separate-struct-rockchip_pin_bank-t.patch
 pinctrl-rockchip-use-dedicated-pinctrl-type-for-rk33.patch
 pinctrl-rockchip-fix-pinmux-reset-in-rockchip_pmx_se.patch
 drm-amdgpu-fix-ubsan-warning-in-kv_dpm.c.patch
+netfilter-nf_tables-validate-family-when-identifying.patch
-- 
2.47.3