android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
7ce66afcaa
android_kernel_xiaomi_sm8450/include
History
Pablo Neira Ayuso d9c4da8cb7 netfilter: nf_tables: fix table flag updates 
commit 179d9ba5559a756f4322583388b3213fe4e391b0 upstream.

The dormant flag need to be updated from the preparation phase,
otherwise, two consecutive requests to dorm a table in the same batch
might try to remove the same hooks twice, resulting in the following
warning:

 hook not found, pf 3 num 0
 WARNING: CPU: 0 PID: 334 at net/netfilter/core.c:480 __nf_unregister_net_hook+0x1eb/0x610 net/netfilter/core.c:480
 Modules linked in:
 CPU: 0 PID: 334 Comm: kworker/u4:5 Not tainted 5.12.0-syzkaller #0
 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
 Workqueue: netns cleanup_net
 RIP: 0010:__nf_unregister_net_hook+0x1eb/0x610 net/netfilter/core.c:480

This patch is a partial revert of 0ce7cf4127f1 ("netfilter: nftables:
update table flags from the commit phase") to restore the previous
behaviour.

However, there is still another problem: A batch containing a series of
dorm-wakeup-dorm table and vice-versa also trigger the warning above
since hook unregistration happens from the preparation phase, while hook
registration occurs from the commit phase.

To fix this problem, this patch adds two internal flags to annotate the
original dormant flag status which are __NFT_TABLE_F_WAS_DORMANT and
__NFT_TABLE_F_WAS_AWAKEN, to restore it from the abort path.

The __NFT_TABLE_F_UPDATE bitmask allows to handle the dormant flag update
with one single transaction.

Reported-by: syzbot+7ad5cd1615f2d89c6e7e@syzkaller.appspotmail.com
Fixes: 0ce7cf4127f1 ("netfilter: nftables: update table flags from the commit phase")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-11-28 16:55:02 +00:00
..
acpi ACPI: APEI: explicit init of HEST and GHES in apci_init() 2023-09-19 12:20:28 +02:00
asm-generic word-at-a-time: use the same return type for has_zero regardless of endianness 2023-08-11 11:57:47 +02:00
clocksource clocksource/drivers/timer-ti-dm: Save and restore timer TIOCP_CFG 2021-07-14 16:56:12 +02:00
crypto crypto: api - Use work queue in crypto_destroy_instance 2023-09-19 12:20:08 +02:00
drm drm/connector: Add support for out-of-band hotplug notification (v3) 2023-10-25 11:54:22 +02:00
dt-bindings dt-bindings: iio: add AD74413R 2023-08-26 15:26:47 +02:00
keys certs: Add EFI_CERT_X509_GUID support for dbx entries 2021-06-30 08:47:30 -04:00
kunit kunit: fix display of failed expectations for strings 2020-11-10 13:45:15 -07:00
kvm ARM: 2020-10-23 11:17:56 -07:00
linux tracing: Have trace_event_file have ref counters 2023-11-28 16:55:02 +00:00
math-emu
media media: v4l2-mem2mem: add lock to protect parameter num_rdy 2023-08-26 15:26:44 +02:00
memory memory: renesas-rpc-if: Fix HF/OSPI data transfer in Manual Mode 2022-05-09 09:05:02 +02:00
misc
net netfilter: nf_tables: fix table flag updates 2023-11-28 16:55:02 +00:00
pcmcia
ras mm,hwpoison: introduce MF_MSG_UNSPLIT_THP 2020-10-16 11:11:17 -07:00
rdma RDMA/cma: Always set static rate to 0 for RoCE 2023-06-21 15:45:39 +02:00
scsi scsi: core: Use 32-bit hostnum in scsi_host_lookup() 2023-09-19 12:20:19 +02:00
soc firmware: raspberrypi: Introduce devm_rpi_firmware_get() 2023-05-17 11:48:02 +02:00
sound ASoC: soc-card: Add storage for PCI SSID 2023-11-28 16:54:51 +00:00
target scsi: target: Fix multiple LUN_RESET handling 2023-05-17 11:47:48 +02:00
trace neighbor: tracing: Move pin6 inside CONFIG_IPV6=y section 2023-10-25 11:54:20 +02:00
uapi netfilter: nf_tables: fix table flag updates 2023-11-28 16:55:02 +00:00
vdso
video video: of_display_timing.h: include errno.h 2022-07-12 16:32:19 +02:00
xen ACPI: processor: Fix evaluating _PDC method when running as Xen dom0 2023-05-17 11:47:42 +02:00