android/android_kernel_asus_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
598c902649
android_kernel_asus_sm8350/net
History
Florian Westphal 598c902649 netfilter: nf_tables: mark newset as dead on transaction abort 
[ Upstream commit 08e4c8c5919fd405a4d709b4ba43d836894a26eb ]

If a transaction is aborted, we should mark the to-be-released NEWSET dead,
just like commit path does for DEL and DESTROYSET commands.

In both cases all remaining elements will be released via
set->ops->destroy().

The existing abort code does NOT post the actual release to the work queue.
Also the entire __nf_tables_abort() function is wrapped in gc_seq
begin/end pair.

Therefore, async gc worker will never try to release the pending set
elements, as gc sequence is always stale.

It might be possible to speed up transaction aborts via work queue too,
this would result in a race and a possible use-after-free.

So fix this before it becomes an issue.

Fixes: 5f68718b34a5 ("netfilter: nf_tables: GC transaction API to avoid race with control plane")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-01-25 14:34:26 -08:00
..
6lowpan 6lowpan: iphc: Fix an off-by-one check of array index 2021-09-15 09:47:31 +02:00
9p net: 9p: avoid freeing uninit memory in p9pdu_vreadf 2024-01-08 11:29:47 +01:00
802 mrp: introduce active flags to prevent UAF when applicant uninit 2023-01-18 11:41:37 +01:00
8021q net: check vlan filter feature in vlan_vids_add_by_dev() and vlan_vids_del_by_dev() 2024-01-08 11:29:44 +01:00
appletalk appletalk: Fix Use-After-Free in atalk_ioctl 2023-12-20 15:41:18 +01:00
atm atm: Fix Use-After-Free in do_vcc_ioctl 2023-12-20 15:41:15 +01:00
ax25 ax25: Fix UAF bugs in ax25 timers 2022-04-20 09:19:40 +02:00
batman-adv batman-adv: Hold rtnl lock during MTU update via netlink 2023-08-30 16:27:25 +02:00
bluetooth Bluetooth: hci_event: Fix not checking if HCI_OP_INQUIRY has been sent 2024-01-08 11:29:47 +01:00
bpf bpf: Move skb->len == 0 checks into __bpf_redirect 2023-01-18 11:41:04 +01:00
bpfilter bpfilter: Specify the log level for the kmsg message 2021-07-14 16:53:33 +02:00
bridge netfilter: nf_conntrack_bridge: initialize err to 0 2023-11-28 16:50:17 +00:00
caif net: caif: Fix use-after-free in cfusbl_device_notify() 2023-03-17 08:32:51 +01:00
can can: raw: add support for SO_MARK 2024-01-15 18:25:25 +01:00
ceph libceph: use kernel_connect() 2023-10-25 11:53:19 +02:00
core neighbour: Don't let neigh_forced_gc() disable preemption for long 2024-01-25 14:34:20 -08:00
dcb net: dcb: choose correct policy to parse DCB_ATTR_BCN 2023-08-11 11:53:57 +02:00
dccp dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2023-11-20 10:30:15 +01:00
decnet Remove DECnet support from kernel 2023-06-21 15:44:10 +02:00
dns_resolver KEYS: Don't write out to userspace while holding key semaphore 2020-04-23 10:36:45 +02:00
dsa net: dsa: tag_sja1105: fix MAC DA patching from meta frames 2023-07-27 08:37:24 +02:00
ethernet net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:20:06 +01:00
hsr hsr: Avoid double remove of a node. 2023-01-18 11:41:09 +01:00
ieee802154 net: ieee802154: fix error return code in dgram_bind() 2022-11-03 23:56:54 +09:00
ife net: sched: ife: fix potential use-after-free 2024-01-08 11:29:44 +01:00
ipv4 net-timestamp: extend SOF_TIMESTAMPING_OPT_ID to HW timestamps 2024-01-15 18:25:26 +01:00
ipv6 ipv6: remove max_size check inline with ipv4 2024-01-15 18:25:29 +01:00
iucv treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD() 2023-04-20 12:07:32 +02:00
kcm kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). 2023-09-23 11:00:02 +02:00
key net: af_key: fix sadb_x_filter validation 2023-08-30 16:27:16 +02:00
l2tp ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() 2023-10-10 21:46:44 +02:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-27 13:50:47 +02:00
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:25:28 +01:00
llc llc: verify mac len before reading mac header 2023-11-20 10:30:15 +01:00
mac80211 wifi: mac80211: mesh_plink: fix matches_local logic 2024-01-08 11:29:43 +01:00
mac802154 mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() 2022-12-14 11:30:45 +01:00
mpls net: mpls: fix stale pointer if allocation fails during device rename 2023-02-22 12:50:41 +01:00
ncsi net/ncsi: Fix netlink major/minor version numbers 2024-01-25 14:34:25 -08:00
netfilter netfilter: nf_tables: mark newset as dead on transaction abort 2024-01-25 14:34:26 -08:00
netlabel calipso: fix memory leak in netlbl_calipso_add_pass() 2024-01-25 14:34:23 -08:00
netlink drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group 2023-12-13 18:18:17 +01:00
netrom netrom: Deny concurrent connect(). 2023-09-23 10:59:43 +02:00
nfc nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local 2024-01-15 18:25:25 +01:00
nsh net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() 2023-05-30 12:44:05 +01:00
openvswitch net: openvswitch: fix flow memory leak in ovs_flow_cmd_new 2023-02-22 12:50:25 +01:00
packet packet: Move reference count in packet_sock to atomic_long_t 2023-12-13 18:18:14 +01:00
phonet phonet: refcount leak in pep_sock_accep 2022-01-11 15:23:33 +01:00
psample psample: Require 'CAP_NET_ADMIN' when joining "packets" group 2023-12-13 18:18:17 +01:00
qrtr net: qrtr: fix another OOB Read in qrtr_endpoint_post 2021-09-03 10:08:12 +02:00
rds net: prevent address rewrite in kernel_bind() 2023-10-25 11:53:18 +02:00
rfkill net: rfkill: gpio: set GPIO direction 2024-01-08 11:29:47 +01:00
rose net/rose: fix races in rose_kill_by_device() 2024-01-08 11:29:44 +01:00
rxrpc rxrpc: Fix hard call timeout units 2023-05-17 11:35:59 +02:00
sched net: sched: em_text: fix possible memory leak in em_text_destroy() 2024-01-15 18:25:25 +01:00
sctp sctp: update hb timer immediately after users change hb_interval 2023-10-10 21:46:45 +02:00
smc net/smc: fix dangling sock under state SMC_APPFINCLOSEWAIT 2023-11-20 10:30:16 +01:00
strparser bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2021-11-17 09:48:48 +01:00
sunrpc SUNRPC: Mark the cred for revalidation if the server rejects it 2023-10-10 21:46:35 +02:00
switchdev net: switchdev: do not propagate bridge updates across bridges 2021-10-27 09:54:24 +02:00
tipc tipc: Fix kernel-infoleak due to uninitialized TLV value 2023-11-28 16:50:16 +00:00
tls net: tls, update curr on splice as well 2024-01-15 18:25:29 +01:00
unix af_unix: Fix data-race around unix_tot_inflight. 2023-09-23 10:59:58 +02:00
vmw_vsock virtio/vsock: fix logic which reduces credit update messages 2024-01-25 14:34:25 -08:00
wimax
wireless wifi: cfg80211: fix certs build to not depend on file order 2024-01-08 11:29:46 +01:00
x25 net/x25: Fix to not accept on connected socket 2023-02-22 12:50:26 +01:00
xdp xsk: Honor SO_BINDTODEVICE on bind 2023-07-27 08:37:23 +02:00
xfrm xfrm: interface: use DEV_STATS_INC() 2023-10-25 11:53:21 +02:00
compat.c net: Return the correct errno code 2021-06-18 09:59:00 +02:00
Kconfig Remove DECnet support from kernel 2023-06-21 15:44:10 +02:00
Makefile Remove DECnet support from kernel 2023-06-21 15:44:10 +02:00
socket.c net: Save and restore msg_namelen in sock_sendmsg 2024-01-15 18:25:26 +01:00
sysctl_net.c